Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/oIjBL5e880EWedTq2vb_sMY15G0.roa
File:                     oIjBL5e880EWedTq2vb_sMY15G0.roa (raw, json)
Hash identifier:          DfTR/S0m/sE9tghAHzlkJtuyCxMpNOwUcjZAll878YQ=
Subject key identifier:   A0:88:C1:2F:97:BC:F3:41:16:79:D4:EA:DA:F6:FF:B0:C6:35:E4:6D
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0188DF5962D6CA512E8372B5CFC037CE3C21
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/oIjBL5e880EWedTq2vb_sMY15G0.roa
Signing time:             Wed 21 Jun 2023 19:05:57 +0000
ROA not before:           Wed 21 Jun 2023 19:05:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205320
IP address blocks:        185.149.14.0/24 maxlen: 24
                          185.149.12.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:df:59:62:d6:ca:51:2e:83:72:b5:cf:c0:37:ce:3c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jun 21 19:05:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a088c12f97bcf3411679d4eadaf6ffb0c635e46d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:41:88:8d:83:57:cf:f7:53:41:e0:b7:48:40:
                    0b:80:a0:a1:5e:09:7d:a9:99:09:07:d1:dd:f4:10:
                    96:c4:fc:12:95:53:65:28:84:ff:0a:e7:03:46:ff:
                    1c:3a:c6:5e:46:46:4e:c5:e4:0e:f1:ff:1a:f7:cf:
                    56:59:2f:00:21:36:8d:5b:c6:d2:02:33:72:ff:7e:
                    79:60:3d:62:21:39:66:f9:3c:0c:11:69:90:15:a2:
                    d3:7e:73:74:38:2a:bc:93:dc:3f:59:ca:60:c4:eb:
                    c8:14:39:b2:5b:9d:57:53:37:3f:8e:41:9b:33:36:
                    36:c3:86:cd:56:24:a0:ab:a3:ac:09:29:dd:34:f0:
                    f4:2d:3c:6f:ba:09:67:d9:a8:7d:fc:3c:f3:dd:44:
                    33:98:25:77:a5:39:0f:93:48:e8:2b:5b:90:5c:d8:
                    b4:7e:d3:be:3f:a7:fb:b5:b4:45:d2:64:75:1d:6f:
                    1d:97:ba:60:7b:5a:c1:0a:46:f1:9a:c3:cc:3d:9c:
                    d5:26:5e:89:f5:7c:80:b8:43:65:5a:00:8c:79:da:
                    1b:67:76:b3:a4:3d:27:56:ac:99:6c:a2:b8:13:2e:
                    3e:52:34:dd:8a:e6:56:af:4d:7f:1b:d1:86:d0:fe:
                    25:c0:63:7c:e5:d7:97:3b:32:2f:ed:47:c3:e1:7e:
                    5f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:88:C1:2F:97:BC:F3:41:16:79:D4:EA:DA:F6:FF:B0:C6:35:E4:6D
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/oIjBL5e880EWedTq2vb_sMY15G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.12.0/24
                  185.149.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:44:c2:3d:59:e7:8a:e9:db:bd:f3:64:e5:5d:14:e3:1e:cf:
         47:bb:52:60:50:22:28:5c:00:80:3c:78:9d:ed:f4:3c:bb:56:
         69:31:8f:74:7d:2e:37:38:a7:67:84:af:41:b2:6a:5b:34:c2:
         c5:1c:03:50:2b:c1:f1:33:34:a6:61:8c:8a:f8:08:4b:94:78:
         e4:84:aa:7b:2b:45:9e:38:b2:7f:2b:c9:d1:71:b4:26:62:a7:
         e2:b8:a5:d2:73:62:c5:4f:44:4f:31:04:9a:02:bc:95:f6:f4:
         2b:60:5e:f0:65:0f:1f:ff:f6:9c:f1:3c:b2:2c:5d:af:fe:76:
         e1:a4:4c:51:a1:99:5d:32:9b:f3:3c:b2:d1:b7:9a:17:51:2e:
         37:ea:1a:0a:45:97:59:f0:97:19:0c:1c:9d:07:7c:7e:28:1b:
         a7:5e:39:62:44:ce:87:0f:5a:12:62:72:2c:74:75:f0:7f:cb:
         14:c6:f4:a1:89:c3:64:68:7b:15:d9:69:2f:6d:3d:9f:b3:0e:
         af:f5:1d:11:fb:5d:1f:ab:ad:0b:02:79:c3:cd:d9:c6:13:b1:
         65:d4:99:e4:78:d6:da:18:2e:72:d1:a7:28:84:1f:33:ba:f7:
         33:89:8f:3b:2f:51:6e:60:bf:da:f7:53:03:6f:29:1b:a1:7e:
         d5:3e:a0:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYjfWWLWylEug3K1z8A3zjwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNjIxMTkwNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDg4YzEyZjk3YmNmMzQxMTY3OWQ0ZWFkYWY2ZmZiMGM2MzVlNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EGIjYNXz/dTQeC3SEALgKChXgl9
qZkJB9Hd9BCWxPwSlVNlKIT/CucDRv8cOsZeRkZOxeQO8f8a989WWS8AITaNW8bS
AjNy/355YD1iITlm+TwMEWmQFaLTfnN0OCq8k9w/WcpgxOvIFDmyW51XUzc/jkGb
MzY2w4bNViSgq6OsCSndNPD0LTxvugln2ah9/Dzz3UQzmCV3pTkPk0joK1uQXNi0
ftO+P6f7tbRF0mR1HW8dl7pge1rBCkbxmsPMPZzVJl6J9XyAuENlWgCMedobZ3az
pD0nVqyZbKK4Ey4+UjTdiuZWr01/G9GG0P4lwGN85deXOzIv7UfD4X5fkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKCIwS+XvPNBFnnU6tr2/7DGNeRtMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvb0lqQkw1ZTg4MEVXZWRUcTJ2Yl9zTVkxNUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZUMAwQA
uZUOMA0GCSqGSIb3DQEBCwUAA4IBAQCBRMI9WeeK6du982TlXRTjHs9Hu1JgUCIo
XACAPHid7fQ8u1ZpMY90fS43OKdnhK9BsmpbNMLFHANQK8HxMzSmYYyK+AhLlHjk
hKp7K0WeOLJ/K8nRcbQmYqfiuKXSc2LFT0RPMQSaAryV9vQrYF7wZQ8f//ac8Tyy
LF2v/nbhpExRoZldMpvzPLLRt5oXUS436hoKRZdZ8JcZDBydB3x+KBunXjliRM6H
D1oSYnIsdHXwf8sUxvShicNkaHsV2WkvbT2fsw6v9R0R+10fq60LAnnDzdnGE7Fl
1JnkeNbaGC5y0acohB8zuvcziY87L1FuYL/a91MDbykboX7VPqBd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org