Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/uzeIyvhaO08s2iEoxFRbls3wKQE.roa
File:                     uzeIyvhaO08s2iEoxFRbls3wKQE.roa (raw, json)
Hash identifier:          eckJtjyfBugGanrlfNQNWEpLLtB5JiuOKTpRPuhHv9E=
Subject key identifier:   BB:37:88:CA:F8:5A:3B:4F:2C:DA:21:28:C4:54:5B:96:CD:F0:29:01
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0184A4A39A828A4F3BDD3B8B9EE97B87DCCD
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/uzeIyvhaO08s2iEoxFRbls3wKQE.roa
Signing time:             Wed 23 Nov 2022 13:18:15 +0000
ROA not before:           Wed 23 Nov 2022 13:18:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        185.149.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:a4:a3:9a:82:8a:4f:3b:dd:3b:8b:9e:e9:7b:87:dc:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Nov 23 13:18:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bb3788caf85a3b4f2cda2128c4545b96cdf02901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ce:b1:0d:27:b6:68:88:82:62:77:d4:f1:1f:
                    a3:15:d9:32:78:37:7d:dd:55:13:4e:35:c4:75:3b:
                    88:77:54:e4:62:9c:9a:ed:71:a5:f2:a6:e9:f5:12:
                    33:61:ef:06:08:9e:4a:71:f1:1c:36:63:93:21:01:
                    68:c2:49:93:45:ef:2a:1a:5a:f0:bf:cd:08:d1:d9:
                    b8:8c:58:46:b8:bd:ea:25:65:63:1c:ff:f0:59:5c:
                    e4:09:b9:64:cd:d4:f7:95:8c:50:8b:3e:99:af:2e:
                    8a:ba:f8:39:00:14:51:80:92:ab:e5:78:ed:c6:12:
                    2d:1c:37:17:73:c3:70:07:4d:5f:9e:1d:4c:ca:df:
                    70:d6:e7:b1:6c:0c:fb:8e:0b:29:de:05:d1:ff:6e:
                    67:08:7f:aa:9a:fe:18:13:4f:1d:a1:18:9c:74:02:
                    d5:f2:2a:f4:75:cb:03:e5:ec:0a:24:91:13:8f:ad:
                    f7:af:66:e3:fb:76:e4:3e:36:a8:4a:7c:d8:df:81:
                    b9:07:3b:a8:e6:64:d1:23:69:5e:94:de:8e:aa:f0:
                    5b:65:d5:c2:a3:10:5c:b4:c8:ee:d1:9e:09:0e:ad:
                    b9:01:b8:b0:a8:8f:c0:55:ac:42:22:82:c7:8b:4a:
                    76:19:ce:4f:e0:7f:88:66:40:66:e2:bb:21:c4:79:
                    6c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:37:88:CA:F8:5A:3B:4F:2C:DA:21:28:C4:54:5B:96:CD:F0:29:01
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/uzeIyvhaO08s2iEoxFRbls3wKQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ae:ff:5d:d9:da:4a:d5:75:84:04:66:24:75:86:80:ab:71:
         bb:b7:a8:eb:c1:27:4e:28:5b:37:34:68:22:6b:93:fa:de:99:
         3e:97:a1:c4:d8:c6:e0:ea:d8:ef:a9:8f:00:2c:62:9c:01:49:
         3b:6b:0c:a2:16:ac:07:35:a0:c2:74:b5:cd:2f:4c:26:71:c7:
         b7:31:f9:c8:0c:6e:bb:73:20:17:98:ed:aa:b0:94:8c:f1:3f:
         38:69:28:ec:56:cc:b3:a5:e4:a0:4e:5d:1e:de:22:e6:25:cb:
         5d:fd:f9:68:4a:1d:3f:aa:37:0a:0b:5c:a4:2f:01:ed:b9:79:
         fb:13:08:62:23:25:ff:78:55:7f:2d:f2:85:90:85:39:37:3b:
         bb:46:82:21:30:52:bd:5a:96:03:17:ab:74:82:dc:bb:63:7c:
         2f:51:b5:7b:00:42:49:06:b8:83:e6:61:28:40:9a:ea:96:68:
         33:94:c8:9d:09:58:05:fa:b9:d5:9c:ff:b1:d3:d3:6b:ca:3a:
         3e:35:e2:87:25:c3:73:24:93:9e:9a:76:5c:cd:cf:47:0b:31:
         0c:3c:36:99:3f:5a:19:2b:7d:de:61:93:60:00:8a:a4:00:de:
         e9:93:05:4d:58:49:20:56:2c:81:08:03:99:10:8b:90:e9:64:
         78:47:9f:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSko5qCik873TuLnul7h9zNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjIxMTIzMTMxODE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM3ODhjYWY4NWEzYjRmMmNkYTIxMjhjNDU0NWI5NmNkZjAyOTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu86xDSe2aIiCYnfU8R+jFdkyeDd9
3VUTTjXEdTuId1TkYpya7XGl8qbp9RIzYe8GCJ5KcfEcNmOTIQFowkmTRe8qGlrw
v80I0dm4jFhGuL3qJWVjHP/wWVzkCblkzdT3lYxQiz6Zry6Kuvg5ABRRgJKr5Xjt
xhItHDcXc8NwB01fnh1Myt9w1uexbAz7jgsp3gXR/25nCH+qmv4YE08doRicdALV
8ir0dcsD5ewKJJETj633r2bj+3bkPjaoSnzY34G5Bzuo5mTRI2lelN6OqvBbZdXC
oxBctMju0Z4JDq25AbiwqI/AVaxCIoLHi0p2Gc5P4H+IZkBm4rshxHls7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLs3iMr4WjtPLNohKMRUW5bN8CkBMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvdXplSXl2aGFPMDhzMmlFb3hGUmJsczN3S1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZUOMA0G
CSqGSIb3DQEBCwUAA4IBAQBSrv9d2dpK1XWEBGYkdYaAq3G7t6jrwSdOKFs3NGgi
a5P63pk+l6HE2Mbg6tjvqY8ALGKcAUk7awyiFqwHNaDCdLXNL0wmcce3MfnIDG67
cyAXmO2qsJSM8T84aSjsVsyzpeSgTl0e3iLmJctd/floSh0/qjcKC1ykLwHtuXn7
EwhiIyX/eFV/LfKFkIU5Nzu7RoIhMFK9WpYDF6t0gty7Y3wvUbV7AEJJBriD5mEo
QJrqlmgzlMidCVgF+rnVnP+x09Nryjo+NeKHJcNzJJOemnZczc9HCzEMPDaZP1oZ
K33eYZNgAIqkAN7pkwVNWEkgViyBCAOZEIuQ6WR4R5/c
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org