Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/lMQ7V2Q5qDewtvchWL990almh5k.roa
File:                     lMQ7V2Q5qDewtvchWL990almh5k.roa (raw, json)
Hash identifier:          T4CKmbREHg5Rcg/N9/Z57xGSDYIuhJmE2fpAr7liSEk=
Subject key identifier:   94:C4:3B:57:64:39:A8:37:B0:B6:F7:21:58:BF:7D:D1:A9:66:87:99
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       0189592AE81E25D6D9E6935EBB5AF63A7618
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/lMQ7V2Q5qDewtvchWL990almh5k.roa
Signing time:             Sat 15 Jul 2023 10:48:51 +0000
ROA not before:           Sat 15 Jul 2023 10:48:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        91.213.174.0/24 maxlen: 24
                          91.213.186.0/24 maxlen: 24
                          194.156.151.0/24 maxlen: 24
                          45.150.197.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:59:2a:e8:1e:25:d6:d9:e6:93:5e:bb:5a:f6:3a:76:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jul 15 10:48:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=94c43b576439a837b0b6f72158bf7dd1a9668799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7a:c0:93:58:93:a3:34:78:b1:75:6e:46:94:
                    91:17:fd:50:0e:aa:64:1e:42:7b:d2:4b:9d:6f:74:
                    99:89:48:7a:bd:76:1e:b5:61:39:a2:2b:f4:6d:e1:
                    3f:3b:43:a8:29:37:b5:94:59:a8:da:07:9a:63:af:
                    81:46:3e:a5:31:60:57:ce:73:2d:4b:d2:52:68:a7:
                    51:4b:eb:7d:e7:fa:24:14:43:3b:52:5e:87:7a:f1:
                    ae:49:24:b9:dc:a4:f7:09:ea:79:84:1d:03:b0:b4:
                    ce:88:97:eb:01:19:56:9b:c9:20:1b:77:43:bf:49:
                    5f:b1:bc:57:b0:98:0a:c9:c5:5b:c7:f8:47:f7:cf:
                    1e:77:f8:b9:c9:c0:4c:f8:16:02:52:c1:b8:97:41:
                    30:65:2a:78:b5:70:fa:c3:9c:a5:5e:a7:90:f7:80:
                    c2:33:09:99:2c:01:11:15:46:50:ae:d0:ac:e9:fa:
                    e0:aa:39:45:a3:82:c6:6c:69:79:e0:87:26:3e:a6:
                    19:d1:a5:6d:5f:41:41:98:01:8d:8a:b0:a9:6e:bb:
                    b8:9c:62:d3:64:d1:ef:df:f1:fc:65:8f:46:ce:18:
                    05:65:01:fc:e2:35:1b:ed:a5:f2:14:36:e0:65:31:
                    4e:b8:23:11:0b:0c:fb:9f:94:b2:20:01:11:86:ec:
                    41:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C4:3B:57:64:39:A8:37:B0:B6:F7:21:58:BF:7D:D1:A9:66:87:99
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/lMQ7V2Q5qDewtvchWL990almh5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.197.0/24
                  91.213.174.0/24
                  91.213.186.0/24
                  194.156.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:8e:fc:d9:1b:d4:3d:38:ed:b3:89:f1:e5:4c:ae:a7:e2:fe:
         3f:f9:04:64:34:30:d8:a5:98:56:d4:c9:98:19:99:fe:7a:cf:
         ac:51:ab:35:ce:61:57:cd:46:f7:47:c7:27:61:6c:e4:f2:19:
         7b:be:d9:48:ab:d0:23:d2:49:f5:b9:e0:02:28:32:5c:2c:4d:
         43:7c:e8:e4:b6:f4:b8:ca:99:29:c9:01:bf:28:19:1e:04:b6:
         d3:cc:d3:96:09:82:5f:9e:9d:d3:60:f0:63:60:ff:07:23:5f:
         82:3d:24:1b:1b:d7:32:27:67:47:39:41:13:5e:cf:88:a2:7c:
         f5:75:71:93:8a:cd:a7:b7:cc:ff:93:7e:12:fc:9b:60:3d:25:
         17:65:be:34:5a:7b:61:d5:e4:56:9b:b3:ac:7b:25:54:bf:48:
         17:a1:ec:99:cf:c8:81:33:33:77:c6:32:c0:2d:3e:c0:0d:20:
         cb:8f:95:1d:5b:b5:76:9c:b7:4b:e6:37:c3:4e:a5:e6:dc:c7:
         21:f0:8d:81:55:ce:2e:5c:88:80:65:a1:5c:f7:5d:c5:6a:4d:
         b5:93:e1:cd:f0:35:e8:e5:05:70:70:36:45:da:97:68:25:76:
         c5:88:b1:27:b2:f8:64:79:06:fc:34:5b:5e:e1:6c:4f:20:d4:
         75:e6:7d:ac
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYlZKugeJdbZ5pNeu1r2OnYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNzE1MTA0ODUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGM0M2I1NzY0MzlhODM3YjBiNmY3MjE1OGJmN2RkMWE5NjY4Nzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHrAk1iTozR4sXVuRpSRF/1QDqpk
HkJ70kudb3SZiUh6vXYetWE5oiv0beE/O0OoKTe1lFmo2geaY6+BRj6lMWBXznMt
S9JSaKdRS+t95/okFEM7Ul6HevGuSSS53KT3Cep5hB0DsLTOiJfrARlWm8kgG3dD
v0lfsbxXsJgKycVbx/hH988ed/i5ycBM+BYCUsG4l0EwZSp4tXD6w5ylXqeQ94DC
MwmZLAERFUZQrtCs6frgqjlFo4LGbGl54IcmPqYZ0aVtX0FBmAGNirCpbru4nGLT
ZNHv3/H8ZY9GzhgFZQH84jUb7aXyFDbgZTFOuCMRCwz7n5SyIAERhuxB8QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJTEO1dkOag3sLb3IVi/fdGpZoeZMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvbE1RN1YyUTVxRGV3dHZjaFdMOTkwYWxtaDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALZbFAwQA
W9WuAwQAW9W6AwQAwpyXMA0GCSqGSIb3DQEBCwUAA4IBAQAJjvzZG9Q9OO2zifHl
TK6n4v4/+QRkNDDYpZhW1MmYGZn+es+sUas1zmFXzUb3R8cnYWzk8hl7vtlIq9Aj
0kn1ueACKDJcLE1DfOjktvS4ypkpyQG/KBkeBLbTzNOWCYJfnp3TYPBjYP8HI1+C
PSQbG9cyJ2dHOUETXs+Ionz1dXGTis2nt8z/k34S/JtgPSUXZb40Wnth1eRWm7Os
eyVUv0gXoeyZz8iBMzN3xjLALT7ADSDLj5UdW7V2nLdL5jfDTqXm3Mch8I2BVc4u
XIiAZaFc913Fak21k+HN8DXo5QVwcDZF2pdoJXbFiLEnsvhkeQb8NFte4WxPINR1
5n2s
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org