Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Jpp5DCKZhq0qhwqWN1xaI3G7P_Y.roa
File:                     Jpp5DCKZhq0qhwqWN1xaI3G7P_Y.roa (raw, json)
Hash identifier:          7rlqWznUYFXxisgG31u//YJ0TM4Kfzvs3DgboFgWqpw=
Subject key identifier:   26:9A:79:0C:22:99:86:AD:2A:87:0A:96:37:5C:5A:23:71:BB:3F:F6
Certificate issuer:       /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial:       01845CFAAFCED7B415A621574B01F338AD88
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Jpp5DCKZhq0qhwqWN1xaI3G7P_Y.roa
Signing time:             Wed 09 Nov 2022 15:20:43 +0000
ROA not before:           Wed 09 Nov 2022 15:20:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209260
IP address blocks:        194.15.152.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:5c:fa:af:ce:d7:b4:15:a6:21:57:4b:01:f3:38:ad:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
        Validity
            Not Before: Nov  9 15:20:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=269a790c229986ad2a870a96375c5a2371bb3ff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:ea:fc:58:e2:fd:fe:b7:4c:ff:73:77:51:
                    24:95:99:75:e4:43:bd:be:c4:3a:94:be:06:e3:f9:
                    24:04:4e:c9:10:33:48:7b:94:bd:bd:b8:33:44:0f:
                    8b:42:70:30:aa:fb:f9:95:57:8e:7d:0e:ea:1f:88:
                    34:5d:84:df:66:57:bd:ed:d8:01:f6:0c:9f:ad:f5:
                    d2:f6:52:dd:34:f5:20:22:48:5c:d0:9a:b2:87:8a:
                    73:90:54:4e:83:15:c1:a3:88:83:88:7f:8d:de:a8:
                    3d:b8:82:d3:ff:ff:78:ab:25:f5:65:76:a6:d4:55:
                    fd:f9:08:78:33:0d:65:29:8e:50:76:a0:85:b0:03:
                    b4:4d:b7:85:81:47:29:b4:94:f3:0a:5b:9c:32:30:
                    71:e1:a1:a8:28:ba:48:6b:a7:65:3b:62:54:01:11:
                    b6:d0:d1:97:18:57:aa:e6:4b:64:59:11:ea:94:10:
                    ee:35:a9:7e:70:32:1e:a9:82:32:8e:54:6c:36:15:
                    9a:1a:14:f8:04:c9:e2:d3:f1:28:69:d5:9d:28:b1:
                    d4:ce:ce:b7:01:b6:5c:ac:36:21:f0:9f:3e:17:e4:
                    1d:a4:7c:11:8e:68:db:92:6b:15:00:6d:1d:02:ac:
                    ac:34:5f:f5:2b:a0:78:88:f1:18:69:d1:72:ff:53:
                    76:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:9A:79:0C:22:99:86:AD:2A:87:0A:96:37:5C:5A:23:71:BB:3F:F6
            X509v3 Authority Key Identifier:
                keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Jpp5DCKZhq0qhwqWN1xaI3G7P_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:74:28:c7:fe:ee:a6:66:be:8b:a4:9a:11:b3:6f:44:45:d9:
         eb:b7:c8:d7:ef:f3:19:76:6a:ff:c7:7d:e3:5e:c1:2d:8d:01:
         2a:49:58:01:2f:0f:25:c3:5f:e8:84:d3:7b:94:e7:83:8f:d0:
         f8:6e:b0:9d:f3:0d:55:63:64:cb:6d:1b:f7:9f:7c:c8:30:2e:
         47:0e:36:20:ee:48:66:70:e9:3c:db:dd:27:79:3d:0b:b2:66:
         71:87:bb:28:f6:30:66:63:13:d1:88:82:3b:4a:d1:21:0f:97:
         4e:5e:1c:98:12:22:bf:46:bd:26:95:98:1d:ea:a9:b5:bf:8a:
         41:8d:24:1f:e0:36:17:91:ae:f2:d0:7d:e1:4f:1a:2f:65:f1:
         38:d4:02:3f:10:59:ad:3d:8a:74:05:de:79:9a:be:7f:c3:26:
         03:6f:ea:21:74:8d:b9:e6:a6:95:a7:5f:41:21:23:c8:a2:d1:
         23:15:37:e2:f6:ef:fb:1c:8e:e0:17:c2:b4:46:00:28:54:9f:
         08:b0:ac:d3:0e:0a:70:06:61:43:6c:fe:b6:7a:9f:ea:67:e5:
         74:6b:92:12:48:88:9a:54:c0:5e:59:24:0d:89:04:32:62:2c:
         f9:16:d8:a2:dc:b8:30:54:80:7b:30:f8:65:e4:32:6b:e5:07:
         bb:33:89:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYRc+q/O17QVpiFXSwHzOK2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjIxMTA5MTUyMDQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjlhNzkwYzIyOTk4NmFkMmE4NzBhOTYzNzVjNWEyMzcxYmIzZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwLq/Fji/f63TP9zd1EklZl15EO9
vsQ6lL4G4/kkBE7JEDNIe5S9vbgzRA+LQnAwqvv5lVeOfQ7qH4g0XYTfZle97dgB
9gyfrfXS9lLdNPUgIkhc0Jqyh4pzkFROgxXBo4iDiH+N3qg9uILT//94qyX1ZXam
1FX9+Qh4Mw1lKY5QdqCFsAO0TbeFgUcptJTzClucMjBx4aGoKLpIa6dlO2JUARG2
0NGXGFeq5ktkWRHqlBDuNal+cDIeqYIyjlRsNhWaGhT4BMni0/EoadWdKLHUzs63
AbZcrDYh8J8+F+QdpHwRjmjbkmsVAG0dAqysNF/1K6B4iPEYadFy/1N28wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCaaeQwimYatKocKljdcWiNxuz/2MB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvSnBwNURDS1pocTBxaHdxV04xeGFJM0c3UF9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg+YMA0G
CSqGSIb3DQEBCwUAA4IBAQBRdCjH/u6mZr6LpJoRs29ERdnrt8jX7/MZdmr/x33j
XsEtjQEqSVgBLw8lw1/ohNN7lOeDj9D4brCd8w1VY2TLbRv3n3zIMC5HDjYg7khm
cOk8290neT0LsmZxh7so9jBmYxPRiII7StEhD5dOXhyYEiK/Rr0mlZgd6qm1v4pB
jSQf4DYXka7y0H3hTxovZfE41AI/EFmtPYp0Bd55mr5/wyYDb+ohdI255qaVp19B
ISPIotEjFTfi9u/7HI7gF8K0RgAoVJ8IsKzTDgpwBmFDbP62ep/qZ+V0a5ISSIia
VMBeWSQNiQQyYiz5Ftii3LgwVIB7MPhl5DJr5Qe7M4kk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:09 2024 by rpki-client on console-ams.rpki-client.org