Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vTgyg17rYB6sOyk4iw-zESi-EoE.roa
File:                     vTgyg17rYB6sOyk4iw-zESi-EoE.roa (raw, json)
Hash identifier:          enblnKR3Dq8YmfQf+12JnPX6J2CG1MShNJRRGxvj45Q=
Subject key identifier:   BD:38:32:83:5E:EB:60:1E:AC:3B:29:38:8B:0F:B3:11:28:BE:12:81
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       018B4291DEB69455A478204ACFB9DA2EE82F
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vTgyg17rYB6sOyk4iw-zESi-EoE.roa
Signing time:             Wed 18 Oct 2023 11:35:37 +0000
ROA not before:           Wed 18 Oct 2023 11:35:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        171.22.144.0/24 maxlen: 24
                          171.22.146.0/24 maxlen: 24
                          91.103.120.0/21 maxlen: 24
                          31.43.174.0/24 maxlen: 24
                          185.235.71.0/24 maxlen: 24
                          95.111.128.0/20 maxlen: 20
                          95.111.144.0/20 maxlen: 20
                          185.149.14.0/23 maxlen: 24
                          185.149.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:42:91:de:b6:94:55:a4:78:20:4a:cf:b9:da:2e:e8:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Oct 18 11:35:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd3832835eeb601eac3b29388b0fb31128be1281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:65:cb:20:ce:81:8e:1c:b7:66:c0:06:db:fe:
                    d8:59:4f:e5:2d:86:3f:37:68:0b:c7:01:9e:74:99:
                    c4:f8:52:37:e2:0e:70:00:3f:38:9c:ad:78:50:b9:
                    1f:5e:94:b5:3b:4b:83:cc:c4:10:fc:ce:3b:0e:88:
                    c9:02:a9:b1:da:e6:8b:19:10:27:5a:4a:2f:c4:45:
                    2a:15:f0:35:43:4f:dd:25:61:aa:9e:99:da:07:f8:
                    99:b5:66:db:ed:ba:03:8d:3c:fd:ab:b1:85:66:de:
                    1e:2e:a3:db:03:90:4f:53:ec:d9:4c:d2:5b:1e:61:
                    b8:d5:0c:a5:92:4f:68:40:03:14:e7:a3:9a:93:eb:
                    e3:56:04:f0:6e:64:e8:99:87:de:b6:31:cd:50:cb:
                    a8:cf:4f:0d:c5:fa:b8:61:c8:98:4a:4e:c6:27:de:
                    4a:f5:19:0d:66:6f:a9:b7:ad:4b:21:a7:75:4b:65:
                    c6:c6:bf:d8:7e:92:63:b8:78:8d:45:d4:92:51:12:
                    ae:94:d9:87:51:d7:74:58:be:61:48:86:56:87:62:
                    7a:dd:58:ed:3d:97:be:2d:bd:ce:5a:05:ea:27:29:
                    a3:cf:af:16:21:87:08:64:8e:e5:bc:7b:ee:f3:cf:
                    f1:23:76:04:dc:63:12:ad:7b:cc:95:11:10:9b:db:
                    5c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:38:32:83:5E:EB:60:1E:AC:3B:29:38:8B:0F:B3:11:28:BE:12:81
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vTgyg17rYB6sOyk4iw-zESi-EoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.174.0/24
                  91.103.120.0/21
                  95.111.128.0/19
                  171.22.144.0/24
                  171.22.146.0/24
                  185.149.14.0/23
                  185.235.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:f8:4f:de:4f:a4:c1:47:40:c5:0b:e2:d5:ab:2a:67:e0:51:
         40:3e:f1:79:47:66:2a:e4:29:a6:eb:a8:32:12:79:3d:8f:f6:
         d7:3e:43:55:15:f6:ff:ed:41:55:52:25:16:ed:a4:e0:77:b2:
         b7:a8:10:d3:db:d0:df:e8:f1:8e:c9:8c:74:65:08:fe:fb:5d:
         67:38:44:c9:75:f7:c2:a5:38:73:23:8c:e0:0c:76:3c:98:16:
         4a:14:e3:04:69:1b:b9:92:35:8c:96:ba:1c:a6:75:7b:a3:2f:
         dd:b9:12:f4:30:65:f2:89:6a:86:1d:03:2d:32:e1:00:1b:43:
         98:6b:04:18:5f:8c:34:24:ba:79:58:2e:41:39:9a:b9:90:16:
         e0:ec:45:77:3c:51:90:22:52:14:cb:0b:58:ef:fd:da:39:ed:
         12:b6:14:03:26:b4:4c:d3:49:48:88:d6:a1:cc:42:ad:5a:d9:
         60:f3:e2:46:77:09:a9:b2:4f:ad:bb:48:fc:03:dd:90:5d:83:
         35:af:a1:f1:2a:47:2c:f6:21:e4:36:5c:22:60:9e:4e:80:04:
         45:d7:4c:80:2e:13:00:c6:be:0c:7b:8e:4c:b2:aa:a6:6d:ef:
         cb:46:2f:56:76:78:2e:d6:ad:33:71:67:28:5e:cd:86:16:ec:
         c0:de:1f:1b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYtCkd62lFWkeCBKz7naLugvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMxMDE4MTEzNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDM4MzI4MzVlZWI2MDFlYWMzYjI5Mzg4YjBmYjMxMTI4YmUxMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGXLIM6Bjhy3ZsAG2/7YWU/lLYY/
N2gLxwGedJnE+FI34g5wAD84nK14ULkfXpS1O0uDzMQQ/M47DojJAqmx2uaLGRAn
WkovxEUqFfA1Q0/dJWGqnpnaB/iZtWbb7boDjTz9q7GFZt4eLqPbA5BPU+zZTNJb
HmG41Qylkk9oQAMU56Oak+vjVgTwbmTomYfetjHNUMuoz08Nxfq4YciYSk7GJ95K
9RkNZm+pt61LIad1S2XGxr/YfpJjuHiNRdSSURKulNmHUdd0WL5hSIZWh2J63Vjt
PZe+Lb3OWgXqJymjz68WIYcIZI7lvHvu88/xI3YE3GMSrXvMlREQm9tcmQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFL04MoNe62AerDspOIsPsxEovhKBMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvdlRneWcxN3JZQjZzT3lrNGl3LXpFU2ktRW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAHyuuAwQD
W2d4AwQFX2+AAwQAqxaQAwQAqxaSAwQBuZUOAwQAuetHMA0GCSqGSIb3DQEBCwUA
A4IBAQAx+E/eT6TBR0DFC+LVqypn4FFAPvF5R2Yq5Cmm66gyEnk9j/bXPkNVFfb/
7UFVUiUW7aTgd7K3qBDT29Df6PGOyYx0ZQj++11nOETJdffCpThzI4zgDHY8mBZK
FOMEaRu5kjWMlrocpnV7oy/duRL0MGXyiWqGHQMtMuEAG0OYawQYX4w0JLp5WC5B
OZq5kBbg7EV3PFGQIlIUywtY7/3aOe0SthQDJrRM00lIiNahzEKtWtlg8+JGdwmp
sk+tu0j8A92QXYM1r6HxKkcs9iHkNlwiYJ5OgARF10yALhMAxr4Me45Msqqmbe/L
Ri9Wdngu1q0zcWcoXs2GFuzA3h8b
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org