Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/Y1przju6kuLC5enSnlAPo6uP8LE.roa
File:                     Y1przju6kuLC5enSnlAPo6uP8LE.roa (raw, json)
Hash identifier:          5QtxEt7s8D5klGbrIuiFB5snLgaLZDOLcGfOPxqUNOs=
Subject key identifier:   63:5A:6B:CE:3B:BA:92:E2:C2:E5:E9:D2:9E:50:0F:A3:AB:8F:F0:B1
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       0186EABE5476FD998AB4E9EDA7F5D9FD1F12
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/Y1przju6kuLC5enSnlAPo6uP8LE.roa
Signing time:             Thu 16 Mar 2023 14:06:27 +0000
ROA not before:           Thu 16 Mar 2023 14:06:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62563
IP address blocks:        185.225.236.0/24 maxlen: 24
                          77.104.187.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ea:be:54:76:fd:99:8a:b4:e9:ed:a7:f5:d9:fd:1f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Mar 16 14:06:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=635a6bce3bba92e2c2e5e9d29e500fa3ab8ff0b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:7b:29:c7:ca:6d:9c:bf:be:de:d9:91:a9:40:
                    7c:e2:4f:d9:bf:31:b3:03:ce:41:02:16:cd:0e:84:
                    df:83:f8:66:1b:41:34:56:7b:51:7b:69:2b:ce:66:
                    53:a6:e1:e3:ce:3d:de:aa:d9:66:9f:3a:c9:bb:54:
                    cd:23:cb:40:27:ac:dd:e2:0d:df:0d:16:2c:04:fd:
                    7f:29:de:d7:25:6e:99:18:73:c3:25:13:01:55:70:
                    71:f4:02:22:42:60:c1:c8:5e:b6:8d:a5:9b:3f:9c:
                    df:61:60:54:ea:d2:e3:f6:51:60:f2:4b:66:77:da:
                    0f:a9:5a:dd:cc:c4:f1:f6:f9:82:a3:c8:47:b2:1d:
                    d6:21:7a:4d:f2:10:bc:5c:86:02:26:4e:d3:af:ec:
                    e3:a5:37:5f:02:55:53:4e:ac:d2:fd:d5:33:9b:a2:
                    fe:10:d8:ef:ca:05:95:9d:f1:90:c3:94:61:22:20:
                    db:e7:f5:3f:fc:3b:7c:8d:a4:bd:35:10:a2:fb:6a:
                    dd:96:3b:e2:06:56:1f:2f:67:13:2c:71:dd:79:e8:
                    d2:9d:7f:0c:84:8e:cf:75:db:81:3c:b5:ac:1c:0b:
                    32:75:37:06:ec:49:00:c5:5c:82:6d:8d:1c:76:7b:
                    93:74:f0:e2:fa:6a:fa:ec:22:90:c7:20:7a:9b:e1:
                    df:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:5A:6B:CE:3B:BA:92:E2:C2:E5:E9:D2:9E:50:0F:A3:AB:8F:F0:B1
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/Y1przju6kuLC5enSnlAPo6uP8LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.104.187.0/24
                  185.225.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:fa:3e:d3:1d:9f:b9:35:92:81:7a:b0:39:6b:98:9c:7e:9d:
         56:09:4d:ac:a9:ab:7a:75:d2:87:77:b2:1b:21:5a:32:2c:07:
         e4:bd:a5:ec:e8:ac:74:45:eb:e8:42:6d:dd:62:16:24:44:b2:
         db:6a:f7:96:06:70:44:9e:41:f8:5b:80:e3:a9:47:bc:0d:10:
         84:fe:50:f8:fe:de:93:41:a7:ab:aa:91:7e:85:c4:36:e9:ef:
         2e:d3:b9:05:cb:3b:bb:a0:4d:9b:2a:2a:3e:67:a7:3e:7d:38:
         f9:bc:0e:31:42:b0:e5:51:60:42:1f:ba:43:f5:74:43:13:04:
         fc:a3:10:05:1a:14:6a:b1:fa:f6:e6:9c:dc:14:c4:a2:1b:30:
         ad:93:9b:3f:4f:f6:e9:98:54:1c:0c:f2:a6:c5:51:8e:7c:06:
         48:3d:6e:96:9b:4e:59:c7:1f:65:cc:c8:01:88:ef:61:18:44:
         94:6f:6f:57:8c:01:aa:f5:19:6d:b3:ca:f7:f2:82:e0:37:f2:
         9d:bb:06:69:4e:4b:cd:df:69:56:8d:22:e0:2b:9f:f9:74:44:
         98:fb:48:49:2b:4d:1e:26:20:c6:e4:7c:e0:bd:75:eb:13:2a:
         cd:5d:93:ff:d1:75:a8:9a:2d:8b:ef:45:c6:44:03:9a:29:b4:
         d2:c6:4d:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYbqvlR2/ZmKtOntp/XZ/R8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMzE2MTQwNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVhNmJjZTNiYmE5MmUyYzJlNWU5ZDI5ZTUwMGZhM2FiOGZmMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Hspx8ptnL++3tmRqUB84k/ZvzGz
A85BAhbNDoTfg/hmG0E0VntRe2krzmZTpuHjzj3eqtlmnzrJu1TNI8tAJ6zd4g3f
DRYsBP1/Kd7XJW6ZGHPDJRMBVXBx9AIiQmDByF62jaWbP5zfYWBU6tLj9lFg8ktm
d9oPqVrdzMTx9vmCo8hHsh3WIXpN8hC8XIYCJk7Tr+zjpTdfAlVTTqzS/dUzm6L+
ENjvygWVnfGQw5RhIiDb5/U//Dt8jaS9NRCi+2rdljviBlYfL2cTLHHdeejSnX8M
hI7PdduBPLWsHAsydTcG7EkAxVyCbY0cdnuTdPDi+mr67CKQxyB6m+Hf/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGNaa847upLiwuXp0p5QD6Orj/CxMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvWTFwcnpqdTZrdUxDNWVuU25sQVBvNnVQOExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATWi7AwQA
ueHsMA0GCSqGSIb3DQEBCwUAA4IBAQBT+j7THZ+5NZKBerA5a5icfp1WCU2sqat6
ddKHd7IbIVoyLAfkvaXs6Kx0RevoQm3dYhYkRLLbaveWBnBEnkH4W4DjqUe8DRCE
/lD4/t6TQaerqpF+hcQ26e8u07kFyzu7oE2bKio+Z6c+fTj5vA4xQrDlUWBCH7pD
9XRDEwT8oxAFGhRqsfr25pzcFMSiGzCtk5s/T/bpmFQcDPKmxVGOfAZIPW6Wm05Z
xx9lzMgBiO9hGESUb29XjAGq9Rlts8r38oLgN/KduwZpTkvN32lWjSLgK5/5dESY
+0hJK00eJiDG5HzgvXXrEyrNXZP/0XWomi2L70XGRAOaKbTSxk0X
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:14 2024 by rpki-client on console-ams.rpki-client.org