Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/2ZXQAcrcGmtOk4a4K8gjzDKQpho.roa
File:                     2ZXQAcrcGmtOk4a4K8gjzDKQpho.roa (raw, json)
Hash identifier:          x6NowIoro5momkCcmEgpWY1gCPIIEGyK/wZ6rChPHKI=
Subject key identifier:   D9:95:D0:01:CA:DC:1A:6B:4E:93:86:B8:2B:C8:23:CC:32:90:A6:1A
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       0188F8E5002DA85CED85AE8061B6F5E78C38
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/2ZXQAcrcGmtOk4a4K8gjzDKQpho.roa
Signing time:             Mon 26 Jun 2023 18:08:57 +0000
ROA not before:           Mon 26 Jun 2023 18:08:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201670
IP address blocks:        194.156.150.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f8:e5:00:2d:a8:5c:ed:85:ae:80:61:b6:f5:e7:8c:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jun 26 18:08:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d995d001cadc1a6b4e9386b82bc823cc3290a61a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b9:e7:e5:42:d7:d4:d1:fa:9a:9c:45:af:dc:
                    de:de:5b:bc:19:e7:2a:3c:6a:66:08:9f:a7:0a:45:
                    bf:a5:f2:71:8e:4a:56:8b:fa:fd:c3:1b:03:a4:e8:
                    16:d6:f7:fd:bf:d9:a6:63:c5:75:70:5c:11:99:58:
                    50:5f:bb:62:ab:5e:4a:db:52:e5:99:c9:d4:53:68:
                    b8:ec:2d:c1:d6:fc:04:51:b9:fb:29:0b:b9:73:46:
                    1a:e9:ea:1f:25:d6:10:a6:2f:e9:01:54:a1:05:84:
                    0d:82:32:7d:5d:54:7a:06:da:3e:53:5b:01:df:eb:
                    08:28:4f:32:ce:06:a2:82:48:9c:71:05:f7:a3:9b:
                    fe:50:16:2e:8b:ec:d2:ba:a8:6b:52:fb:ea:0e:eb:
                    af:7c:6a:bf:e4:d4:19:20:f6:e5:ca:ab:cc:58:2a:
                    f8:68:fd:a0:ee:6c:e0:f4:83:7a:84:cd:77:09:54:
                    51:88:11:41:8f:2b:2a:bb:7f:29:7a:ab:0a:22:e9:
                    99:0e:0b:04:90:8b:e8:ea:e7:16:5b:74:6a:b7:bb:
                    b4:49:65:ac:0f:92:1a:e4:ab:c3:da:13:9b:5b:f0:
                    e7:3c:a3:8c:9b:c7:49:89:0b:30:87:37:09:cc:dd:
                    aa:0b:a0:60:99:c8:4d:17:bf:36:91:01:84:f7:ed:
                    d5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:95:D0:01:CA:DC:1A:6B:4E:93:86:B8:2B:C8:23:CC:32:90:A6:1A
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/2ZXQAcrcGmtOk4a4K8gjzDKQpho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:01:5d:75:af:29:93:75:77:cb:67:21:6b:1c:c0:a7:a6:8e:
         07:7b:aa:e0:fe:b1:52:26:20:00:b7:21:63:41:80:97:d2:46:
         38:74:52:a9:14:97:b8:d5:07:35:bf:36:7e:4b:43:56:30:3c:
         31:6e:d5:7e:28:95:cc:83:ba:d1:3c:ca:da:85:19:83:15:d3:
         c5:53:b2:26:c3:2e:fe:34:e6:3f:89:8a:87:08:67:1c:89:66:
         e2:a2:0c:40:7c:21:ab:4b:1d:72:f2:56:bd:4f:4f:c2:26:05:
         11:44:41:6f:f6:20:e4:06:a3:0f:83:42:9f:99:65:6d:44:84:
         82:64:98:78:7e:fc:01:69:ac:36:43:c7:d0:ce:26:83:17:1c:
         49:44:04:4c:96:8c:43:b6:fe:b5:ee:38:67:e2:1f:38:64:08:
         bc:9e:33:26:c3:57:2c:54:52:04:96:75:98:f4:8b:75:05:21:
         12:1b:cc:5a:9a:75:29:48:24:d4:0e:9e:89:12:55:8a:cc:9a:
         2d:da:6d:a7:64:38:58:20:13:3a:b3:47:21:ed:5a:93:ca:b0:
         3d:0c:26:65:51:24:6e:a7:eb:b1:63:82:04:9a:27:c5:5a:d4:
         8d:3e:a1:8e:29:b6:02:75:64:da:77:fa:90:8f:27:ca:26:e0:
         c9:f5:44:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYj45QAtqFztha6AYbb154w4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNjI2MTgwODU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTk1ZDAwMWNhZGMxYTZiNGU5Mzg2YjgyYmM4MjNjYzMyOTBhNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7nn5ULX1NH6mpxFr9ze3lu8Gecq
PGpmCJ+nCkW/pfJxjkpWi/r9wxsDpOgW1vf9v9mmY8V1cFwRmVhQX7tiq15K21Ll
mcnUU2i47C3B1vwEUbn7KQu5c0Ya6eofJdYQpi/pAVShBYQNgjJ9XVR6Bto+U1sB
3+sIKE8yzgaigkiccQX3o5v+UBYui+zSuqhrUvvqDuuvfGq/5NQZIPblyqvMWCr4
aP2g7mzg9IN6hM13CVRRiBFBjysqu38peqsKIumZDgsEkIvo6ucWW3Rqt7u0SWWs
D5Ia5KvD2hObW/DnPKOMm8dJiQswhzcJzN2qC6BgmchNF782kQGE9+3VwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmV0AHK3BprTpOGuCvII8wykKYaMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMlpYUUFjcmNHbXRPazRhNEs4Z2p6REtRcGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpyWMA0G
CSqGSIb3DQEBCwUAA4IBAQAiAV11rymTdXfLZyFrHMCnpo4He6rg/rFSJiAAtyFj
QYCX0kY4dFKpFJe41Qc1vzZ+S0NWMDwxbtV+KJXMg7rRPMrahRmDFdPFU7Imwy7+
NOY/iYqHCGcciWbiogxAfCGrSx1y8la9T0/CJgURREFv9iDkBqMPg0KfmWVtRISC
ZJh4fvwBaaw2Q8fQziaDFxxJRARMloxDtv617jhn4h84ZAi8njMmw1csVFIElnWY
9It1BSESG8xamnUpSCTUDp6JElWKzJot2m2nZDhYIBM6s0ch7VqTyrA9DCZlUSRu
p+uxY4IEmifFWtSNPqGOKbYCdWTad/qQjyfKJuDJ9UQs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org