Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/6WKAQDQbKnGhdvMH9o8zKD7fB2Q.roa
File:                     6WKAQDQbKnGhdvMH9o8zKD7fB2Q.roa (raw, json)
Hash identifier:          XhqzSKzPBwxaQqZFeu5A+uEfAby3M4slNwD49G32ByY=
Subject key identifier:   E9:62:80:40:34:1B:2A:71:A1:76:F3:07:F6:8F:33:28:3E:DF:07:64
Certificate issuer:       /CN=43668474e7bb3dbdb26adc01838ce7062d70c498
Certificate serial:       0185720C4208AC6B03EA50DC948CAFAB3C74
Authority key identifier: 43:66:84:74:E7:BB:3D:BD:B2:6A:DC:01:83:8C:E7:06:2D:70:C4:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2aEdOe7Pb2yatwBg4znBi1wxJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/6WKAQDQbKnGhdvMH9o8zKD7fB2Q.roa
Signing time:             Mon 02 Jan 2023 10:34:43 +0000
ROA not before:           Mon 02 Jan 2023 10:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209425
IP address blocks:        147.78.163.0/24 maxlen: 24
                          147.78.160.0/24 maxlen: 24
                          147.78.161.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:0c:42:08:ac:6b:03:ea:50:dc:94:8c:af:ab:3c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43668474e7bb3dbdb26adc01838ce7062d70c498
        Validity
            Not Before: Jan  2 10:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9628040341b2a71a176f307f68f33283edf0764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:29:41:a9:b1:9a:73:e9:04:13:a3:42:15:cf:
                    02:1f:a3:18:c8:09:04:3a:95:e1:fb:00:59:4a:8c:
                    f1:9e:1e:a8:ff:62:3f:b8:83:c8:ae:cd:64:ba:8a:
                    1b:d5:f0:78:8f:e9:f8:08:d6:81:10:33:6a:06:28:
                    eb:24:b7:4a:4e:09:4d:34:93:61:f0:bd:11:5c:33:
                    04:a7:f2:7b:3c:52:23:56:8b:ea:90:29:8c:40:0c:
                    51:80:ea:00:fe:6c:c8:82:c4:3f:5f:59:77:37:c6:
                    30:7d:54:c4:e1:4d:45:ad:3c:6e:a1:f4:5b:52:f8:
                    c1:01:09:4f:00:09:8c:44:ad:13:6b:74:27:34:51:
                    d4:68:25:f1:d2:22:a8:c1:b0:34:18:c0:de:e7:8e:
                    cf:78:71:01:ac:e2:7d:fe:77:72:bd:67:77:c3:f3:
                    e6:0b:17:ae:12:0c:95:2a:1c:66:aa:11:a1:73:6c:
                    ef:2d:ae:5c:16:91:4f:28:a1:69:80:ed:68:61:1b:
                    de:fb:4a:61:41:72:bb:df:54:bc:5d:ee:3c:40:80:
                    51:af:e0:01:f7:38:99:ca:6e:1f:74:0f:f1:af:bb:
                    d9:83:01:24:ad:79:15:f1:41:b4:64:1a:8f:4d:b9:
                    4c:66:b4:21:ed:50:2a:92:3f:1a:b1:e9:77:af:ec:
                    10:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:62:80:40:34:1B:2A:71:A1:76:F3:07:F6:8F:33:28:3E:DF:07:64
            X509v3 Authority Key Identifier:
                keyid:43:66:84:74:E7:BB:3D:BD:B2:6A:DC:01:83:8C:E7:06:2D:70:C4:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2aEdOe7Pb2yatwBg4znBi1wxJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/6WKAQDQbKnGhdvMH9o8zKD7fB2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/Q2aEdOe7Pb2yatwBg4znBi1wxJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.160.0/23
                  147.78.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3b:30:75:d2:13:cd:82:e4:d1:c0:cd:29:80:f9:2a:fd:b7:
         66:61:d4:c9:97:cd:8a:1d:fb:9c:ce:f8:80:96:58:87:11:b9:
         b0:80:64:4c:ec:39:f9:57:35:75:3f:6c:30:e4:0f:ac:3d:22:
         dc:f8:82:24:6a:04:41:e4:1c:3f:25:aa:a5:4d:1d:b2:55:9a:
         82:21:a7:97:56:be:8a:3f:bb:d0:47:60:96:00:da:34:95:1b:
         1a:f2:2d:df:77:fa:55:d1:82:ec:25:92:ce:69:43:0f:08:14:
         f4:ac:49:30:9f:78:d9:9c:9a:9c:09:7b:05:54:65:5b:3f:eb:
         ed:0e:e5:c1:9e:25:4b:d6:c9:7a:1a:2d:93:69:b9:4a:f0:9c:
         c2:5c:53:cb:ca:6c:f4:53:7d:e7:76:c2:c2:6f:30:0a:1c:9e:
         be:11:9c:a8:dd:6d:52:ef:77:a2:13:ea:64:f4:86:26:56:80:
         e7:6c:4a:69:3c:fc:d7:98:b3:56:79:9a:5c:86:d2:df:d9:e6:
         b9:7f:9e:de:22:18:5c:53:83:72:a7:37:a6:5c:31:a1:c2:ff:
         d9:1e:2b:e9:f9:1c:0f:2d:f0:59:07:11:3e:88:e7:2c:5a:b9:
         ec:f5:0a:7d:03:07:1c:b6:bc:64:c3:b6:58:a8:75:62:3b:18:
         54:df:56:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyDEIIrGsD6lDclIyvqzx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjY4NDc0ZTdiYjNkYmRiMjZhZGMwMTgzOGNlNzA2MmQ3
MGM0OTgwHhcNMjMwMTAyMTAzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTYyODA0MDM0MWIyYTcxYTE3NmYzMDdmNjhmMzMyODNlZGYwNzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSlBqbGac+kEE6NCFc8CH6MYyAkE
OpXh+wBZSozxnh6o/2I/uIPIrs1kuoob1fB4j+n4CNaBEDNqBijrJLdKTglNNJNh
8L0RXDMEp/J7PFIjVovqkCmMQAxRgOoA/mzIgsQ/X1l3N8YwfVTE4U1FrTxuofRb
UvjBAQlPAAmMRK0Ta3QnNFHUaCXx0iKowbA0GMDe547PeHEBrOJ9/ndyvWd3w/Pm
CxeuEgyVKhxmqhGhc2zvLa5cFpFPKKFpgO1oYRve+0phQXK731S8Xe48QIBRr+AB
9ziZym4fdA/xr7vZgwEkrXkV8UG0ZBqPTblMZrQh7VAqkj8asel3r+wQ+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOligEA0GypxoXbzB/aPMyg+3wdkMB8GA1UdIwQY
MBaAFENmhHTnuz29smrcAYOM5wYtcMSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJhRWRPZTdQYjJ5YXR3Qmc0em5CaTF3eEpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9hNGE1NzctMTkyNS00ZGYzLTkyMGQt
ZmEyMDg4Y2M1MDE0LzEvNldLQVFEUWJLbkdoZHZNSDlvOHpLRDdmQjJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9hNGE1NzctMTkyNS00ZGYzLTkyMGQtZmEyMDg4Y2M1MDE0
LzEvUTJhRWRPZTdQYjJ5YXR3Qmc0em5CaTF3eEpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBk06gAwQA
k06jMA0GCSqGSIb3DQEBCwUAA4IBAQB6OzB10hPNguTRwM0pgPkq/bdmYdTJl82K
HfuczviAlliHEbmwgGRM7Dn5VzV1P2ww5A+sPSLc+IIkagRB5Bw/JaqlTR2yVZqC
IaeXVr6KP7vQR2CWANo0lRsa8i3fd/pV0YLsJZLOaUMPCBT0rEkwn3jZnJqcCXsF
VGVbP+vtDuXBniVL1sl6Gi2TablK8JzCXFPLymz0U33ndsLCbzAKHJ6+EZyo3W1S
73eiE+pk9IYmVoDnbEppPPzXmLNWeZpchtLf2ea5f57eIhhcU4NypzemXDGhwv/Z
Hivp+RwPLfBZBxE+iOcsWrns9Qp9Awcctrxkw7ZYqHViOxhU31bD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:07 2024 by rpki-client on console-fra.rpki-client.org