Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/eHVRjRIUSOT34pFxcnENdDVN9Uc.roa
File:                     eHVRjRIUSOT34pFxcnENdDVN9Uc.roa (raw, json)
Hash identifier:          h33ohKH6L31rdrE50tWMblxA0QF4cJoAFtWxbRlA3BQ=
Subject key identifier:   78:75:51:8D:12:14:48:E4:F7:E2:91:71:72:71:0D:74:35:4D:F5:47
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018AB31A912F6B8EC1175DECE0832AD16E92
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/eHVRjRIUSOT34pFxcnENdDVN9Uc.roa
Signing time:             Wed 20 Sep 2023 14:59:37 +0000
ROA not before:           Wed 20 Sep 2023 14:59:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        91.213.174.0/24 maxlen: 24
                          91.213.186.0/24 maxlen: 24
                          194.156.151.0/24 maxlen: 24
                          45.150.197.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b3:1a:91:2f:6b:8e:c1:17:5d:ec:e0:83:2a:d1:6e:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Sep 20 14:59:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7875518d121448e4f7e2917172710d74354df547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:42:ac:ab:72:23:a2:53:05:73:18:02:4d:8d:
                    a2:e6:fa:db:00:b9:e7:b3:08:cc:ec:57:d5:fb:98:
                    b7:3c:97:c4:56:7a:18:02:5a:1b:da:12:8d:d6:27:
                    22:56:b3:a5:ec:2e:14:59:43:73:8e:cf:07:85:99:
                    7e:46:48:77:17:30:1f:eb:dc:71:fe:05:b1:96:47:
                    09:c1:f8:41:ac:c1:bf:6d:e4:b7:15:02:b3:bf:1e:
                    5b:62:d6:5a:1b:9a:6e:e4:9a:2d:c1:8f:d5:be:35:
                    78:ba:49:08:23:73:6c:55:10:60:ea:61:b2:1b:84:
                    d4:5d:0c:b9:1a:00:a9:4e:45:d9:5e:f2:67:bf:99:
                    25:31:79:6e:c1:28:80:ee:d3:9f:77:f3:da:19:98:
                    ba:a8:44:25:db:35:ef:62:6e:e6:79:90:bb:ec:71:
                    de:59:e0:49:df:e4:04:86:7c:c2:e7:46:05:2c:f5:
                    6d:53:15:c5:1d:f7:0f:9c:87:92:59:4f:35:62:f8:
                    bf:e9:b5:eb:f5:ed:5f:9a:95:f9:cf:c9:3d:b3:3a:
                    11:08:71:66:ea:34:60:98:50:21:88:65:8c:1f:65:
                    e8:8e:eb:64:57:65:51:20:9a:92:d0:16:1f:4c:59:
                    44:97:4d:df:8c:ab:1e:6f:a7:6d:a8:d1:0f:ce:84:
                    18:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:75:51:8D:12:14:48:E4:F7:E2:91:71:72:71:0D:74:35:4D:F5:47
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/eHVRjRIUSOT34pFxcnENdDVN9Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.197.0/24
                  91.213.174.0/24
                  91.213.186.0/24
                  194.156.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:c2:52:41:e4:c7:fb:ec:74:75:6d:a4:ec:6e:4f:59:72:2d:
         3b:46:8a:56:50:79:52:f9:34:f7:58:c7:e1:17:49:f2:87:d4:
         5d:75:f8:3e:a2:24:ca:a4:8c:61:9e:ad:14:e2:18:b8:a7:fa:
         56:46:a6:c0:78:10:ba:de:a5:cf:27:68:5f:a4:41:f2:0e:26:
         63:19:d7:2f:81:85:e2:57:67:2e:00:00:1e:56:28:4d:be:67:
         88:e2:4b:08:b5:bd:0d:05:5c:32:a6:32:97:db:c4:54:fb:6b:
         19:8a:57:5b:6b:51:8f:8a:34:9e:19:2e:5d:85:3e:36:e2:8c:
         7a:6f:11:ac:f9:aa:33:1a:9a:cf:fa:20:fa:03:59:05:8a:07:
         f9:79:04:aa:fa:23:1f:38:6f:a9:af:a3:f3:85:f5:d6:43:9a:
         3b:cf:66:39:76:2e:3e:98:c0:34:07:6d:1d:92:75:a8:f3:f8:
         6a:6d:6b:c9:50:f8:87:a1:19:d6:dc:41:d1:48:d5:f0:9e:ce:
         42:98:5e:c9:df:77:f6:e5:25:3e:44:a7:ed:90:42:1e:eb:2d:
         29:12:26:2b:44:b4:e2:ad:01:90:bf:16:4f:15:a4:fb:76:4b:
         68:70:ad:06:d8:76:12:d0:2d:73:a3:f7:b2:77:15:ba:b1:1e:
         c1:ab:ef:b9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYqzGpEva47BF13s4IMq0W6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwOTIwMTQ1OTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODc1NTE4ZDEyMTQ0OGU0ZjdlMjkxNzE3MjcxMGQ3NDM1NGRmNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskKsq3IjolMFcxgCTY2i5vrbALnn
swjM7FfV+5i3PJfEVnoYAlob2hKN1iciVrOl7C4UWUNzjs8HhZl+Rkh3FzAf69xx
/gWxlkcJwfhBrMG/beS3FQKzvx5bYtZaG5pu5JotwY/VvjV4ukkII3NsVRBg6mGy
G4TUXQy5GgCpTkXZXvJnv5klMXluwSiA7tOfd/PaGZi6qEQl2zXvYm7meZC77HHe
WeBJ3+QEhnzC50YFLPVtUxXFHfcPnIeSWU81Yvi/6bXr9e1fmpX5z8k9szoRCHFm
6jRgmFAhiGWMH2XojutkV2VRIJqS0BYfTFlEl03fjKseb6dtqNEPzoQYgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHh1UY0SFEjk9+KRcXJxDXQ1TfVHMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvZUhWUmpSSVVTT1QzNHBGeGNuRU5kRFZOOVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALZbFAwQA
W9WuAwQAW9W6AwQAwpyXMA0GCSqGSIb3DQEBCwUAA4IBAQAkwlJB5Mf77HR1baTs
bk9Zci07RopWUHlS+TT3WMfhF0nyh9Rddfg+oiTKpIxhnq0U4hi4p/pWRqbAeBC6
3qXPJ2hfpEHyDiZjGdcvgYXiV2cuAAAeVihNvmeI4ksItb0NBVwypjKX28RU+2sZ
ildba1GPijSeGS5dhT424ox6bxGs+aozGprP+iD6A1kFigf5eQSq+iMfOG+pr6Pz
hfXWQ5o7z2Y5di4+mMA0B20dknWo8/hqbWvJUPiHoRnW3EHRSNXwns5CmF7J33f2
5SU+RKftkEIe6y0pEiYrRLTirQGQvxZPFaT7dktocK0G2HYS0C1zo/eydxW6sR7B
q++5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org