Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1-D44zZZKER5XVMuJe9SXhlMcfw8.roa
File:                     1-D44zZZKER5XVMuJe9SXhlMcfw8.roa (raw, json)
Hash identifier:          iCdh3wOigAPAYB+GbEBtLuhnBX23RySghdCQ1dyxuEY=
Subject key identifier:   F8:3E:38:CD:96:4A:11:1E:57:54:CB:89:7B:D4:97:86:53:1C:7F:0F
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01852A37EC0793CC8D54E73A37F03B09E205
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1-D44zZZKER5XVMuJe9SXhlMcfw8.roa
Signing time:             Mon 19 Dec 2022 11:49:46 +0000
ROA not before:           Mon 19 Dec 2022 11:49:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211975
IP address blocks:        91.213.189.0/24 maxlen: 24
                          194.156.150.0/24 maxlen: 24
                          91.208.104.0/24 maxlen: 24
                          91.208.109.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2a:37:ec:07:93:cc:8d:54:e7:3a:37:f0:3b:09:e2:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Dec 19 11:49:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f83e38cd964a111e5754cb897bd49786531c7f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b1:c3:5e:b0:93:20:ef:f9:b1:36:01:f7:fd:
                    0e:e5:51:54:07:fe:31:60:98:a5:bc:63:73:84:c8:
                    88:b2:bf:cd:2f:98:22:dd:60:d8:c7:4b:2d:01:5a:
                    a1:07:8a:eb:64:1f:fe:18:3d:06:6e:8f:f0:5e:21:
                    ac:aa:c4:a2:ba:de:31:0f:db:e9:9f:12:18:2b:30:
                    97:15:0f:0d:84:cc:8f:51:c5:db:24:98:e3:fd:c7:
                    45:05:73:24:55:8d:e7:2d:17:56:df:12:f3:87:bf:
                    6f:de:9a:8d:ec:d8:0d:a7:86:e0:1a:f0:95:89:c2:
                    2e:9b:bd:0c:db:9c:be:d7:1d:ba:8a:cc:ba:cf:40:
                    33:8e:ff:e1:41:09:60:fc:9d:5c:bc:4c:15:cb:2e:
                    00:39:9e:4f:c8:1c:b5:d0:78:80:98:72:a8:9d:7c:
                    0c:c0:28:9c:32:59:23:95:e2:8b:46:d4:61:4c:9f:
                    a2:d0:86:34:7c:5e:ed:9d:75:e6:cc:72:b5:7a:38:
                    09:47:be:62:a0:cd:5e:47:ae:25:ab:33:e5:69:dd:
                    af:06:d8:be:76:68:6f:33:7f:1e:bc:85:6e:73:83:
                    97:32:b2:d0:d1:6c:d8:43:70:59:0a:9c:ae:62:4f:
                    62:0b:1d:2e:e9:e4:8c:30:a4:e7:5d:03:78:f6:e1:
                    7f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3E:38:CD:96:4A:11:1E:57:54:CB:89:7B:D4:97:86:53:1C:7F:0F
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1-D44zZZKER5XVMuJe9SXhlMcfw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.104.0/24
                  91.208.109.0/24
                  91.213.189.0/24
                  194.156.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c9:ab:00:aa:36:22:ec:72:1a:77:58:ce:89:fd:ea:4a:f7:
         27:d4:21:e0:fd:de:7c:41:5b:e1:81:57:2d:16:01:06:97:ee:
         88:1c:45:af:f6:8e:f4:13:cc:fc:46:89:f1:8a:a4:68:fa:4e:
         19:ae:65:f7:84:6c:ee:4c:f5:e0:85:02:95:5b:1a:b3:8f:58:
         38:8c:50:8d:67:da:e0:38:da:a2:53:b9:d6:7e:d6:00:80:e0:
         1a:dc:f0:fc:83:a8:dc:31:01:6d:16:21:d2:e3:46:68:74:db:
         47:cc:f5:47:67:7f:e4:f1:cc:eb:20:2c:dd:d1:f1:ea:e2:52:
         89:89:6b:05:db:80:af:9c:fb:e5:ff:cf:40:fc:d1:f2:a0:94:
         06:00:f3:73:41:5e:31:dc:68:4f:5f:7f:63:b0:21:10:cc:d2:
         24:15:ac:88:88:80:fc:65:7e:83:0d:24:bf:7c:b9:c8:5c:6b:
         ac:0c:aa:34:ad:3b:90:57:1c:6c:de:c8:9d:d1:a3:e7:7d:04:
         36:79:0c:71:b8:21:4f:f4:d8:5e:49:fb:de:fc:f1:06:13:82:
         da:09:95:ae:db:b6:c0:71:ba:ca:21:ca:40:30:4c:06:9c:d5:
         81:1d:d6:be:6a:6d:c1:91:2f:84:f6:ac:47:5b:65:a3:b1:ec:
         44:fe:fc:84
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYUqN+wHk8yNVOc6N/A7CeIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjIxMjE5MTE0OTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODNlMzhjZDk2NGExMTFlNTc1NGNiODk3YmQ0OTc4NjUzMWM3ZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7HDXrCTIO/5sTYB9/0O5VFUB/4x
YJilvGNzhMiIsr/NL5gi3WDYx0stAVqhB4rrZB/+GD0Gbo/wXiGsqsSiut4xD9vp
nxIYKzCXFQ8NhMyPUcXbJJjj/cdFBXMkVY3nLRdW3xLzh79v3pqN7NgNp4bgGvCV
icIum70M25y+1x26isy6z0Azjv/hQQlg/J1cvEwVyy4AOZ5PyBy10HiAmHKonXwM
wCicMlkjleKLRtRhTJ+i0IY0fF7tnXXmzHK1ejgJR75ioM1eR64lqzPlad2vBti+
dmhvM38evIVuc4OXMrLQ0WzYQ3BZCpyuYk9iCx0u6eSMMKTnXQN49uF/cQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPg+OM2WShEeV1TLiXvUl4ZTHH8PMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMS1ENDR6WlpLRVI1WFZNdUplOVNYaGxNY2Z3OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzUvNTE3Njk0LWM4YTEtNDU4Yi05Y2YyLTZjN2U1Njg1ODkw
Yy8xL0gwYzRPSnl6dVpqc1Q2YlVKeS1OMTVuN3hLay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFvQaAME
AFvQbQMEAFvVvQMEAMKcljANBgkqhkiG9w0BAQsFAAOCAQEAocmrAKo2IuxyGndY
zon96kr3J9Qh4P3efEFb4YFXLRYBBpfuiBxFr/aO9BPM/EaJ8YqkaPpOGa5l94Rs
7kz14IUClVsas49YOIxQjWfa4DjaolO51n7WAIDgGtzw/IOo3DEBbRYh0uNGaHTb
R8z1R2d/5PHM6yAs3dHx6uJSiYlrBduAr5z75f/PQPzR8qCUBgDzc0FeMdxoT19/
Y7AhEMzSJBWsiIiA/GV+gw0kv3y5yFxrrAyqNK07kFccbN7IndGj530ENnkMcbgh
T/TYXkn73vzxBhOC2gmVrtu2wHG6yiHKQDBMBpzVgR3WvmptwZEvhPasR1tlo7Hs
RP78hA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org