Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/HshkLIIOKfuAro6L-sEhGldS_vY.roa
File:                     HshkLIIOKfuAro6L-sEhGldS_vY.roa (raw, json)
Hash identifier:          zuMmPx7XUBVBKnAvAPa9Oady0Pqgo61LAq/Xx4zau04=
Subject key identifier:   1E:C8:64:2C:82:0E:29:FB:80:AE:8E:8B:FA:C1:21:1A:57:52:FE:F6
Certificate issuer:       /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial:       0188911F602B16CFEE1CC77FA62FACD6D363
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/HshkLIIOKfuAro6L-sEhGldS_vY.roa
Signing time:             Tue 06 Jun 2023 14:32:12 +0000
ROA not before:           Tue 06 Jun 2023 14:32:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.182.170.0/24 maxlen: 24
                          62.182.171.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:91:1f:60:2b:16:cf:ee:1c:c7:7f:a6:2f:ac:d6:d3:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
        Validity
            Not Before: Jun  6 14:32:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ec8642c820e29fb80ae8e8bfac1211a5752fef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:40:86:f1:6a:7f:13:6f:d5:5d:20:a6:23:4b:
                    ff:56:5e:86:ec:4e:73:79:6b:8a:10:41:d8:72:34:
                    aa:39:02:c1:ca:c7:e2:2f:9c:9b:00:e9:a8:6f:4d:
                    cf:b0:8f:8d:21:92:09:01:1a:8c:8f:56:8e:36:48:
                    37:8c:4e:32:0e:4c:d3:61:54:92:9f:4a:0a:6e:83:
                    b4:ac:d5:4c:e9:a3:23:83:52:db:94:d0:c3:70:73:
                    1b:7c:5b:14:5f:8b:c0:80:06:60:22:79:83:d0:31:
                    db:f3:d0:a3:37:f6:9d:c2:52:66:3c:54:b6:67:5d:
                    76:8b:12:7a:29:1c:a2:81:37:4a:a0:e1:cb:87:3c:
                    0d:59:ba:41:8f:ef:d7:0d:72:2e:7e:4e:8b:72:ad:
                    e3:c4:ac:95:a4:1e:e3:30:60:f8:e0:4a:1a:5c:71:
                    07:2d:d2:95:7c:16:4d:38:da:4e:68:72:b2:72:a3:
                    34:d7:00:da:f3:d2:b4:87:56:c4:50:f1:75:25:0c:
                    01:13:77:34:81:bb:c1:d8:00:d7:20:05:ba:85:7b:
                    9c:07:55:f1:fe:cc:d8:ed:2b:50:49:56:4d:3a:50:
                    c9:29:0b:66:e3:1a:0d:c6:bd:43:07:90:d7:91:c7:
                    ef:84:a4:27:c1:06:d6:48:43:98:07:8f:db:11:23:
                    34:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:C8:64:2C:82:0E:29:FB:80:AE:8E:8B:FA:C1:21:1A:57:52:FE:F6
            X509v3 Authority Key Identifier:
                keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/HshkLIIOKfuAro6L-sEhGldS_vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:81:09:ec:59:35:d8:3a:28:cf:77:55:71:c9:8c:06:b4:ab:
         1a:de:39:86:1d:b8:41:6a:2a:a1:bc:14:94:03:b1:d8:8f:c2:
         52:8c:92:a4:6a:51:68:9f:53:4a:d6:9b:52:d6:81:42:ad:b9:
         80:c2:aa:a6:12:66:f5:40:a9:53:1e:86:e3:4d:4d:4f:49:9f:
         1b:78:77:f7:6d:75:72:ab:fd:bc:8f:1c:50:1f:65:15:f6:59:
         fb:cf:0f:2c:4a:d4:df:39:16:af:f4:53:3e:12:38:70:ea:84:
         ef:a8:c3:07:c8:24:81:77:11:52:fc:5b:6f:92:c0:6e:2a:49:
         99:3c:aa:68:1d:98:57:07:ff:63:68:fd:5b:22:9b:03:1a:61:
         53:d2:b5:e1:46:7c:cd:33:ff:ed:3e:ea:ac:65:61:88:f9:32:
         53:1e:37:63:d3:d2:e5:eb:1e:4b:8e:90:c2:40:9d:18:c6:f8:
         a4:64:f3:38:4e:d9:b9:07:12:ef:40:7f:03:38:07:64:25:e5:
         02:a8:d1:15:0b:ed:bb:83:70:06:91:e4:b0:d3:af:13:63:08:
         15:c9:cc:04:cf:93:2e:d1:54:21:ec:39:e0:fa:0a:47:df:1b:
         b4:ee:59:98:27:7b:20:6d:42:e3:ff:84:e0:2f:1d:92:ff:ad:
         1a:d4:ff:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYiRH2ArFs/uHMd/pi+s1tNjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNjA2MTQzMjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWM4NjQyYzgyMGUyOWZiODBhZThlOGJmYWMxMjExYTU3NTJmZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUCG8Wp/E2/VXSCmI0v/Vl6G7E5z
eWuKEEHYcjSqOQLBysfiL5ybAOmob03PsI+NIZIJARqMj1aONkg3jE4yDkzTYVSS
n0oKboO0rNVM6aMjg1LblNDDcHMbfFsUX4vAgAZgInmD0DHb89CjN/adwlJmPFS2
Z112ixJ6KRyigTdKoOHLhzwNWbpBj+/XDXIufk6Lcq3jxKyVpB7jMGD44EoaXHEH
LdKVfBZNONpOaHKycqM01wDa89K0h1bEUPF1JQwBE3c0gbvB2ADXIAW6hXucB1Xx
/szY7StQSVZNOlDJKQtm4xoNxr1DB5DXkcfvhKQnwQbWSEOYB4/bESM0bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7IZCyCDin7gK6Oi/rBIRpXUv72MB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvSHNoa0xJSU9LZnVBcm82TC1zRWhHbGRTX3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPraqMA0G
CSqGSIb3DQEBCwUAA4IBAQBsgQnsWTXYOijPd1VxyYwGtKsa3jmGHbhBaiqhvBSU
A7HYj8JSjJKkalFon1NK1ptS1oFCrbmAwqqmEmb1QKlTHobjTU1PSZ8beHf3bXVy
q/28jxxQH2UV9ln7zw8sStTfORav9FM+Ejhw6oTvqMMHyCSBdxFS/FtvksBuKkmZ
PKpoHZhXB/9jaP1bIpsDGmFT0rXhRnzNM//tPuqsZWGI+TJTHjdj09Ll6x5LjpDC
QJ0YxvikZPM4Ttm5BxLvQH8DOAdkJeUCqNEVC+27g3AGkeSw068TYwgVycwEz5Mu
0VQh7Dng+gpH3xu07lmYJ3sgbULj/4TgLx2S/60a1P+a
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:09 2024 by rpki-client on console-ams.rpki-client.org