Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/FxSVzdtMTwfwWwOo6vUq_vk2s0c.roa
File:                     FxSVzdtMTwfwWwOo6vUq_vk2s0c.roa (raw, json)
Hash identifier:          4/eKMuYcmHuamKmhgLHae7eUkmgcvkPlnNKDi4L2tg0=
Subject key identifier:   17:14:95:CD:DB:4C:4F:07:F0:5B:03:A8:EA:F5:2A:FE:F9:36:B3:47
Certificate issuer:       /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial:       018AB2B9849884E1417E2549502E08558D10
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/FxSVzdtMTwfwWwOo6vUq_vk2s0c.roa
Signing time:             Wed 20 Sep 2023 13:13:37 +0000
ROA not before:           Wed 20 Sep 2023 13:13:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.182.170.0/24 maxlen: 24
                          194.15.153.0/24 maxlen: 24
                          194.15.154.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b2:b9:84:98:84:e1:41:7e:25:49:50:2e:08:55:8d:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
        Validity
            Not Before: Sep 20 13:13:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=171495cddb4c4f07f05b03a8eaf52afef936b347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:2b:bc:13:2e:6d:d8:b3:cb:3b:b0:d5:7a:
                    31:d1:78:b8:72:5d:37:a3:e3:9f:8e:ad:85:ac:5b:
                    ff:ef:79:85:3b:8b:ce:2f:75:ee:c8:1a:8c:a6:10:
                    01:46:91:05:e1:d1:b8:b6:74:96:ed:42:bd:9a:c5:
                    7d:11:6a:d7:f6:e0:f4:d5:63:e3:d5:18:e3:35:eb:
                    80:73:25:4b:1d:b7:ff:0f:89:d4:12:9c:f3:95:bc:
                    63:c7:be:b6:b8:c2:b6:5d:68:40:8e:49:f5:9c:1b:
                    aa:08:ae:c1:78:80:c7:ec:0b:8b:38:87:66:a1:35:
                    20:76:d9:49:6d:74:11:bb:a3:fa:35:78:e7:25:a7:
                    8b:da:ea:03:4b:35:3a:51:f7:4d:da:34:38:30:f2:
                    9e:12:65:f5:1b:72:b7:c8:81:71:ea:58:74:67:19:
                    e9:44:b0:9d:f0:2a:0a:cd:b3:8e:80:3a:2c:95:f1:
                    82:a6:c9:1d:b0:38:77:9a:7e:14:bd:36:eb:cc:a1:
                    e1:a6:c4:64:e4:02:7b:d3:98:fd:c5:f4:d8:a8:09:
                    26:68:99:b8:84:80:ee:7a:de:a9:6d:4c:75:b0:92:
                    7c:8b:65:a7:37:03:e3:2f:9b:95:c6:98:e6:43:1b:
                    a8:23:0d:43:da:6b:54:aa:69:71:95:97:25:46:c4:
                    8c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:14:95:CD:DB:4C:4F:07:F0:5B:03:A8:EA:F5:2A:FE:F9:36:B3:47
            X509v3 Authority Key Identifier:
                keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/FxSVzdtMTwfwWwOo6vUq_vk2s0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.170.0/24
                  194.15.153.0-194.15.154.255

    Signature Algorithm: sha256WithRSAEncryption
         46:4e:84:3c:a7:87:7c:6c:ae:40:de:12:49:e3:58:f7:28:c6:
         ce:d4:e6:c3:06:c3:66:ce:e3:15:42:f7:40:15:44:c5:e1:10:
         25:0d:e0:71:07:5f:8e:dc:a8:72:5d:19:97:38:e4:3b:53:97:
         58:b0:a9:df:9e:0d:8a:0e:ca:88:de:26:71:eb:4c:9d:1b:33:
         39:a5:0d:cf:1c:a4:44:a6:ba:5b:6a:10:ed:ac:2b:18:bb:7f:
         e3:7d:10:db:6e:3c:65:e8:e9:57:f8:89:01:35:8b:3a:d6:e7:
         04:7d:da:ec:7d:de:f2:69:60:4a:da:a2:80:09:63:ce:35:fc:
         6e:81:9a:7d:56:08:e5:5d:7d:bd:23:39:21:a2:99:b5:a6:b4:
         c1:78:51:dc:78:5d:63:4f:dc:45:0b:f8:c5:7a:c8:3b:d1:b2:
         2f:03:2b:33:36:b7:a0:60:a7:c2:04:c2:c8:3a:0b:16:23:b0:
         e3:78:58:89:9e:57:81:1c:97:f7:bd:79:ee:8c:1f:05:77:51:
         4a:49:3f:f1:25:77:43:64:57:9c:9a:d6:9d:e8:4e:75:fd:a6:
         5c:c4:24:be:9e:da:93:53:5a:26:d1:55:eb:22:d8:6f:f2:db:
         4d:c6:45:b8:26:f6:7d:27:53:52:61:ce:e7:5b:bb:6d:65:41:
         c7:91:11:90
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYqyuYSYhOFBfiVJUC4IVY0QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwOTIwMTMxMzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzE0OTVjZGRiNGM0ZjA3ZjA1YjAzYThlYWY1MmFmZWY5MzZiMzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzYrvBMubdizyzuw1Xox0Xi4cl03
o+Ofjq2FrFv/73mFO4vOL3XuyBqMphABRpEF4dG4tnSW7UK9msV9EWrX9uD01WPj
1RjjNeuAcyVLHbf/D4nUEpzzlbxjx762uMK2XWhAjkn1nBuqCK7BeIDH7AuLOIdm
oTUgdtlJbXQRu6P6NXjnJaeL2uoDSzU6UfdN2jQ4MPKeEmX1G3K3yIFx6lh0Zxnp
RLCd8CoKzbOOgDoslfGCpskdsDh3mn4UvTbrzKHhpsRk5AJ705j9xfTYqAkmaJm4
hIDuet6pbUx1sJJ8i2WnNwPjL5uVxpjmQxuoIw1D2mtUqmlxlZclRsSMZwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBcUlc3bTE8H8FsDqOr1Kv75NrNHMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvRnhTVnpkdE1Ud2Z3V3dPbzZ2VXFfdmsyczBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAPraqMAwD
BADCD5kDBADCD5owDQYJKoZIhvcNAQELBQADggEBAEZOhDynh3xsrkDeEknjWPco
xs7U5sMGw2bO4xVC90AVRMXhECUN4HEHX47cqHJdGZc45DtTl1iwqd+eDYoOyoje
JnHrTJ0bMzmlDc8cpESmultqEO2sKxi7f+N9ENtuPGXo6Vf4iQE1izrW5wR92ux9
3vJpYEraooAJY841/G6Bmn1WCOVdfb0jOSGimbWmtMF4Udx4XWNP3EUL+MV6yDvR
si8DKzM2t6Bgp8IEwsg6CxYjsON4WImeV4Ecl/e9ee6MHwV3UUpJP/Eld0NkV5ya
1p3oTnX9plzEJL6e2pNTWibRVesi2G/y203GRbgm9n0nU1Jhzudbu21lQceREZA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:09 2024 by rpki-client on console-ams.rpki-client.org