Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/YDxa5SR4XEd9K6awQ2EJliSDWsg.roa
File:                     YDxa5SR4XEd9K6awQ2EJliSDWsg.roa (raw, json)
Hash identifier:          Qu6/+1DL08TPkqfTkMyKcq03w6iHoydF3rZwvbAkNO4=
Subject key identifier:   60:3C:5A:E5:24:78:5C:47:7D:2B:A6:B0:43:61:09:96:24:83:5A:C8
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       05075C41
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/YDxa5SR4XEd9K6awQ2EJliSDWsg.roa
Signing time:             Tue 10 May 2022 12:10:23 +0000
ROA not before:           Tue 10 May 2022 12:10:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     134526
IP address blocks:        194.156.150.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 84368449 (0x5075c41)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: May 10 12:10:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=603c5ae524785c477d2ba6b04361099624835ac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:02:ca:60:bf:06:55:0b:2d:ba:4c:34:f1:8d:
                    47:32:5d:41:27:88:a3:54:13:fb:e2:e5:50:e5:71:
                    5d:09:af:ca:73:16:07:d5:c4:8f:e4:bd:a3:c5:41:
                    b1:13:ed:aa:a1:57:b0:9e:a2:37:f2:d7:20:7e:8b:
                    4d:52:46:3f:b7:57:49:40:13:e3:59:2a:e7:19:28:
                    86:0b:37:81:e2:f0:5a:5a:a3:66:f5:ca:f8:43:ae:
                    eb:0d:1b:cc:98:b4:ff:39:ad:38:49:47:bf:6b:a6:
                    23:95:b8:6e:4b:f9:e0:51:e2:1b:81:17:5e:4e:67:
                    43:25:be:ae:24:b6:04:ec:a1:db:b6:a3:b5:82:3e:
                    be:12:3d:d2:3a:c0:0d:2f:37:1a:26:20:cd:5d:33:
                    c3:a9:fe:82:74:1d:97:89:42:9c:b1:86:19:e8:7b:
                    58:08:ed:83:5d:0a:27:19:18:81:0a:8f:b7:e4:8b:
                    27:ae:ff:e6:5e:7b:da:d7:1b:b6:f3:48:33:48:27:
                    0c:b6:e0:70:70:62:dc:72:a3:ce:95:27:8a:8d:ab:
                    9a:bf:bb:6c:21:53:4a:30:c8:d2:d3:78:e5:da:4b:
                    8e:d2:4d:f2:08:8f:1f:3b:bc:4a:8e:d9:96:34:e6:
                    04:0e:56:f8:f4:55:51:7c:04:88:70:7c:2b:c2:91:
                    69:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:3C:5A:E5:24:78:5C:47:7D:2B:A6:B0:43:61:09:96:24:83:5A:C8
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/YDxa5SR4XEd9K6awQ2EJliSDWsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:29:51:9b:a5:eb:b3:61:7f:52:db:a7:c5:08:c3:ea:9f:e4:
         c1:15:e4:8b:bd:82:46:e0:b0:ce:df:ee:8f:57:77:64:d2:a5:
         1f:1a:93:48:0e:f7:bf:96:55:46:04:04:c7:cb:ce:95:2a:3d:
         ca:1b:07:68:85:08:e1:4c:4c:29:d6:2e:a8:ad:ee:e9:66:80:
         8c:be:3b:55:ec:84:8d:bd:6b:85:e7:87:b7:22:af:14:be:d9:
         0d:c4:42:48:4c:f0:67:c6:35:e2:06:ab:d4:60:ce:4c:72:a1:
         71:03:49:f3:a3:75:0d:fc:52:9c:e1:1f:32:ca:9b:66:c6:9a:
         12:77:11:56:f2:cc:84:3f:de:ac:f2:30:b5:7e:1c:19:03:f7:
         5d:3e:f8:5b:08:89:2c:1d:c7:cd:b6:41:46:01:b0:38:38:07:
         51:be:90:cd:8b:47:19:33:50:27:b5:a5:08:fe:6b:2b:f1:66:
         66:f4:be:d0:2c:61:ed:3b:09:49:a9:26:33:05:16:22:9f:59:
         a7:42:af:2a:3a:78:b1:1a:63:2e:94:3e:e3:80:d4:06:af:35:
         84:05:53:cc:5b:20:17:37:3f:24:ea:f2:5d:ca:d0:72:9c:30:
         a5:bc:f9:59:2d:17:63:df:11:19:1d:ee:ba:cc:2a:03:b4:f9:
         bb:a8:f8:40
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBQdcQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjQ3MzgzODljYjNiOTk4ZWM0ZmE2ZDQyNzJmOGRkNzk5ZmJjNGE5MB4XDTIyMDUx
MDEyMTAyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjAzYzVhZTUyNDc4
NWM0NzdkMmJhNmIwNDM2MTA5OTYyNDgzNWFjODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANMCymC/BlULLbpMNPGNRzJdQSeIo1QT++LlUOVxXQmvynMW
B9XEj+S9o8VBsRPtqqFXsJ6iN/LXIH6LTVJGP7dXSUAT41kq5xkohgs3geLwWlqj
ZvXK+EOu6w0bzJi0/zmtOElHv2umI5W4bkv54FHiG4EXXk5nQyW+riS2BOyh27aj
tYI+vhI90jrADS83GiYgzV0zw6n+gnQdl4lCnLGGGeh7WAjtg10KJxkYgQqPt+SL
J67/5l572tcbtvNIM0gnDLbgcHBi3HKjzpUnio2rmr+7bCFTSjDI0tN45dpLjtJN
8giPHzu8So7ZljTmBA5W+PRVUXwEiHB8K8KRaWsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRgPFrlJHhcR30rprBDYQmWJINayDAfBgNVHSMEGDAWgBQfRzg4nLO5mOxP
ptQnL43XmfvEqTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gwYzRPSnl6dVpqc1Q2YlVKeS1OMTVuN3hLay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzUvNTE3Njk0LWM4YTEtNDU4Yi05Y2YyLTZjN2U1Njg1ODkwYy8x
L1lEeGE1U1I0WEVkOUs2YXdRMkVKbGlTRFdzZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUv
NTE3Njk0LWM4YTEtNDU4Yi05Y2YyLTZjN2U1Njg1ODkwYy8xL0gwYzRPSnl6dVpq
c1Q2YlVKeS1OMTVuN3hLay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMKcljANBgkqhkiG9w0BAQsFAAOC
AQEAVilRm6Xrs2F/UtunxQjD6p/kwRXki72CRuCwzt/uj1d3ZNKlHxqTSA73v5ZV
RgQEx8vOlSo9yhsHaIUI4UxMKdYuqK3u6WaAjL47VeyEjb1rheeHtyKvFL7ZDcRC
SEzwZ8Y14gar1GDOTHKhcQNJ86N1DfxSnOEfMsqbZsaaEncRVvLMhD/erPIwtX4c
GQP3XT74WwiJLB3HzbZBRgGwODgHUb6QzYtHGTNQJ7WlCP5rK/FmZvS+0Cxh7TsJ
SakmMwUWIp9Zp0KvKjp4sRpjLpQ+44DUBq81hAVTzFsgFzc/JOryXcrQcpwwpbz5
WS0XY98RGR3uuswqA7T5u6j4QA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org