Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PiMWrQbQrA0DSj94O8twGRTIwk8.roa
File:                     PiMWrQbQrA0DSj94O8twGRTIwk8.roa (raw, json)
Hash identifier:          qCU8pF/k0cw4fVWhV1xACwpfWwI/QMaYF8HVKiOKf6M=
Subject key identifier:   3E:23:16:AD:06:D0:AC:0D:03:4A:3F:78:3B:CB:70:19:14:C8:C2:4F
Certificate issuer:       /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial:       0185719544264AB23D4BACA7F3D0C8558F6B
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PiMWrQbQrA0DSj94O8twGRTIwk8.roa
Signing time:             Mon 02 Jan 2023 08:24:45 +0000
ROA not before:           Mon 02 Jan 2023 08:24:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        83.97.100.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:44:26:4a:b2:3d:4b:ac:a7:f3:d0:c8:55:8f:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
        Validity
            Not Before: Jan  2 08:24:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e2316ad06d0ac0d034a3f783bcb701914c8c24f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:0c:9e:d8:e3:2f:f2:89:69:45:c0:da:6e:61:
                    45:2d:5a:6b:10:85:bf:79:d3:a2:f7:e2:48:cd:cf:
                    c1:1a:0b:2d:62:d6:f2:0a:5c:bd:ec:16:b2:ad:11:
                    f4:67:61:7d:87:a2:fa:4a:d0:ee:26:a1:f3:0f:6e:
                    fa:85:ed:7f:83:b6:66:7c:dd:4a:a3:ef:1f:43:98:
                    05:9e:f6:30:e8:20:61:b9:b7:17:69:d9:68:a1:e8:
                    2d:52:5c:72:67:42:58:a2:1a:49:95:46:64:1e:78:
                    ba:0c:2c:d6:26:20:4a:27:dd:bf:22:22:7e:c1:ce:
                    06:ef:ae:8b:c7:d3:cb:53:73:68:0e:64:6c:c6:ca:
                    2a:14:d8:4d:af:40:53:0a:93:23:f2:00:17:15:b6:
                    ce:0c:71:9b:da:5f:09:af:46:6c:18:e3:63:3f:e9:
                    22:28:43:71:59:d8:1c:c4:7c:57:16:b2:68:c5:7d:
                    a0:ce:a2:48:ab:dd:c8:88:82:c4:4c:ee:f2:5e:94:
                    ea:81:5a:c0:6f:60:23:a9:24:81:93:9a:6f:d9:f0:
                    24:2a:5f:a3:13:28:06:00:63:60:7f:84:68:57:97:
                    b9:93:fe:a3:40:fd:ba:52:03:e7:2f:d3:be:8a:79:
                    e6:b2:51:d6:8b:0a:9a:d7:c7:32:a6:db:9f:f0:ee:
                    58:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:23:16:AD:06:D0:AC:0D:03:4A:3F:78:3B:CB:70:19:14:C8:C2:4F
            X509v3 Authority Key Identifier:
                keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PiMWrQbQrA0DSj94O8twGRTIwk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:f9:0e:6b:cf:cf:88:63:bb:15:bc:a8:c3:32:9d:2e:70:99:
         a1:e0:f4:eb:db:7c:4e:16:db:c9:0a:4d:e8:c8:63:59:25:f6:
         c0:d6:42:35:0f:dd:f5:e7:dc:8f:74:97:5f:f1:bd:3f:5b:f6:
         94:32:d8:ef:49:97:aa:2f:2c:76:6b:1a:c0:f8:19:79:25:71:
         ef:9b:b9:f3:5f:be:15:4c:35:90:f2:f6:09:88:18:90:a7:75:
         e2:03:ba:ed:15:d1:1c:83:09:59:b3:d3:c7:f0:6e:b6:f7:73:
         ef:6d:c6:29:02:83:3d:9d:7e:80:93:f7:96:de:bb:4c:3d:f7:
         1f:b6:b4:d0:9b:32:c2:4a:f8:90:07:98:81:aa:ef:42:06:90:
         3e:66:bc:a9:c1:80:7e:59:4a:a8:b2:2c:86:74:95:bf:43:50:
         1b:53:7b:5a:17:36:72:17:a1:2a:d6:a3:45:2e:84:65:f2:d2:
         5d:ab:84:6c:10:5d:c3:54:46:85:14:75:e9:9d:53:f3:07:3f:
         85:62:3c:9b:60:a5:cb:cc:8d:d8:b7:ed:72:27:6f:4f:de:0f:
         05:82:82:79:51:b1:3e:12:c5:de:51:12:ce:1f:f3:e0:30:5d:
         e6:48:cd:79:6f:b9:48:04:fb:48:83:63:15:2a:2b:76:16:54:
         44:bd:8b:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxlUQmSrI9S6yn89DIVY9rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwMTAyMDgyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTIzMTZhZDA2ZDBhYzBkMDM0YTNmNzgzYmNiNzAxOTE0YzhjMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wye2OMv8olpRcDabmFFLVprEIW/
edOi9+JIzc/BGgstYtbyCly97BayrRH0Z2F9h6L6StDuJqHzD276he1/g7ZmfN1K
o+8fQ5gFnvYw6CBhubcXadlooegtUlxyZ0JYohpJlUZkHni6DCzWJiBKJ92/IiJ+
wc4G766Lx9PLU3NoDmRsxsoqFNhNr0BTCpMj8gAXFbbODHGb2l8Jr0ZsGONjP+ki
KENxWdgcxHxXFrJoxX2gzqJIq93IiILETO7yXpTqgVrAb2AjqSSBk5pv2fAkKl+j
EygGAGNgf4RoV5e5k/6jQP26UgPnL9O+innmslHWiwqa18cyptuf8O5YfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4jFq0G0KwNA0o/eDvLcBkUyMJPMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvUGlNV3JRYlFyQTBEU2o5NE84dHdHUlRJd2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU2FkMA0G
CSqGSIb3DQEBCwUAA4IBAQCp+Q5rz8+IY7sVvKjDMp0ucJmh4PTr23xOFtvJCk3o
yGNZJfbA1kI1D93159yPdJdf8b0/W/aUMtjvSZeqLyx2axrA+Bl5JXHvm7nzX74V
TDWQ8vYJiBiQp3XiA7rtFdEcgwlZs9PH8G6293PvbcYpAoM9nX6Ak/eW3rtMPfcf
trTQmzLCSviQB5iBqu9CBpA+ZrypwYB+WUqosiyGdJW/Q1AbU3taFzZyF6Eq1qNF
LoRl8tJdq4RsEF3DVEaFFHXpnVPzBz+FYjybYKXLzI3Yt+1yJ29P3g8FgoJ5UbE+
EsXeURLOH/PgMF3mSM15b7lIBPtIg2MVKit2FlREvYtg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:09 2024 by rpki-client on console-ams.rpki-client.org