Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vrEXYdozOOsYN_FK4oFhB3UjrnQ.roa
File:                     vrEXYdozOOsYN_FK4oFhB3UjrnQ.roa (raw, json)
Hash identifier:          Yt0uqLNxSf+sdG+5EJRJXSRC2rvyMvXXz61BFT0vXlk=
Subject key identifier:   BE:B1:17:61:DA:33:38:EB:18:37:F1:4A:E2:81:61:07:75:23:AE:74
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0189539EF01E0D800B75644251D7135F9F14
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vrEXYdozOOsYN_FK4oFhB3UjrnQ.roa
Signing time:             Fri 14 Jul 2023 08:57:52 +0000
ROA not before:           Fri 14 Jul 2023 08:57:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        171.22.146.0/24 maxlen: 24
                          91.103.120.0/21 maxlen: 24
                          185.235.71.0/24 maxlen: 24
                          95.111.128.0/20 maxlen: 20
                          95.111.144.0/20 maxlen: 20
                          185.149.12.0/23 maxlen: 24
                          185.149.13.0/24 maxlen: 24
                          185.149.14.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:53:9e:f0:1e:0d:80:0b:75:64:42:51:d7:13:5f:9f:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jul 14 08:57:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=beb11761da3338eb1837f14ae28161077523ae74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2f:93:03:7c:59:2e:3e:af:86:39:39:90:63:
                    9f:27:f4:d5:40:66:e0:7d:b5:d2:3e:45:58:4d:d0:
                    e5:41:2e:12:20:22:1c:60:cd:e3:55:1c:41:5a:f8:
                    c9:62:3c:90:05:eb:5b:78:30:15:df:19:95:4c:82:
                    e6:9c:26:39:92:48:dc:16:f5:62:21:51:15:a0:bf:
                    d5:86:7a:9a:e8:57:25:5f:2d:62:57:53:89:b5:2a:
                    43:28:fd:9a:0c:fa:06:ed:92:0f:41:1d:e5:a0:c1:
                    7a:08:65:25:2e:a5:45:a2:e6:7a:f7:d0:6c:5d:3f:
                    05:02:6f:e3:d8:39:05:00:b0:e1:49:04:5c:cb:41:
                    d9:d5:07:1d:01:3c:53:48:95:6a:77:a4:59:09:3c:
                    12:d0:f4:a5:b2:cc:02:62:12:86:37:38:65:f3:5d:
                    29:57:63:04:a6:58:33:9a:4a:54:af:7b:d0:8d:08:
                    b0:ec:03:4a:c9:df:48:85:43:19:35:14:fa:9a:bb:
                    2d:a1:a1:08:cf:a3:86:41:28:be:df:71:d2:79:69:
                    53:f5:f4:12:6c:4d:f6:9f:f9:1d:a5:21:f9:a2:d3:
                    07:22:58:9d:bf:8f:57:8f:f7:49:0f:f7:b4:93:3c:
                    fe:d3:29:31:a5:da:e8:a8:d4:1f:27:07:ad:80:7e:
                    1a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B1:17:61:DA:33:38:EB:18:37:F1:4A:E2:81:61:07:75:23:AE:74
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vrEXYdozOOsYN_FK4oFhB3UjrnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.120.0/21
                  95.111.128.0/19
                  171.22.146.0/24
                  185.149.12.0/22
                  185.235.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:db:92:41:4e:bb:a2:56:c6:e9:7f:67:50:3a:cc:85:d9:d1:
         5c:0f:d5:11:89:2d:8c:98:bc:8a:be:41:20:ff:6d:2e:47:ab:
         ce:bd:45:be:20:83:0c:29:bf:2f:8d:85:d4:8d:47:63:a4:3b:
         b7:49:e5:17:1c:c6:22:86:c7:82:22:49:f5:3f:55:9b:04:51:
         56:8b:93:4d:62:1b:f2:1a:8d:8c:28:7f:c8:cb:b6:d6:53:e8:
         c7:8d:1d:30:7e:75:25:1e:1f:dc:da:71:cb:ec:8b:66:5f:a2:
         3d:2a:85:f0:3c:73:b3:69:46:a5:08:99:fc:b8:01:f8:42:8e:
         82:66:b0:62:41:61:22:66:20:14:45:ba:72:f3:ba:4b:76:0b:
         01:1b:c7:b6:d4:58:c2:09:c1:cf:08:93:d5:56:54:35:e4:3a:
         cb:6e:06:0b:0a:f3:67:38:23:57:87:83:09:c2:98:42:b2:bf:
         42:05:fc:61:fc:86:c7:d6:91:1e:53:64:b3:e0:ff:86:ef:cd:
         4f:31:49:35:e8:c2:46:3c:bb:a9:95:9d:69:6c:b6:1c:bc:fc:
         4b:a5:7b:0b:74:d4:a4:ae:fe:d3:a7:f5:5d:4f:99:47:91:a5:
         9c:02:2f:da:51:f2:3e:7c:1b:ec:1d:4b:56:97:4b:a8:77:22:
         2d:da:3c:da
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYlTnvAeDYALdWRCUdcTX58UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNzE0MDg1NzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWIxMTc2MWRhMzMzOGViMTgzN2YxNGFlMjgxNjEwNzc1MjNhZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji+TA3xZLj6vhjk5kGOfJ/TVQGbg
fbXSPkVYTdDlQS4SICIcYM3jVRxBWvjJYjyQBetbeDAV3xmVTILmnCY5kkjcFvVi
IVEVoL/Vhnqa6FclXy1iV1OJtSpDKP2aDPoG7ZIPQR3loMF6CGUlLqVFouZ699Bs
XT8FAm/j2DkFALDhSQRcy0HZ1QcdATxTSJVqd6RZCTwS0PSlsswCYhKGNzhl810p
V2MEplgzmkpUr3vQjQiw7ANKyd9IhUMZNRT6mrstoaEIz6OGQSi+33HSeWlT9fQS
bE32n/kdpSH5otMHIlidv49Xj/dJD/e0kzz+0ykxpdroqNQfJwetgH4aBQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFL6xF2HaMzjrGDfxSuKBYQd1I650MB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvdnJFWFlkb3pPT3NZTl9GSzRvRmhCM1Vqcm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDW2d4AwQF
X2+AAwQAqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQB125JBTrui
Vsbpf2dQOsyF2dFcD9URiS2MmLyKvkEg/20uR6vOvUW+IIMMKb8vjYXUjUdjpDu3
SeUXHMYihseCIkn1P1WbBFFWi5NNYhvyGo2MKH/Iy7bWU+jHjR0wfnUlHh/c2nHL
7ItmX6I9KoXwPHOzaUalCJn8uAH4Qo6CZrBiQWEiZiAURbpy87pLdgsBG8e21FjC
CcHPCJPVVlQ15DrLbgYLCvNnOCNXh4MJwphCsr9CBfxh/IbH1pEeU2Sz4P+G781P
MUk16MJGPLuplZ1pbLYcvPxLpXsLdNSkrv7Tp/VdT5lHkaWcAi/aUfI+fBvsHUtW
l0uodyIt2jza
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org