Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/mIqyifTtovE3Ru7t1o7n2IT_SP8.roa
File:                     mIqyifTtovE3Ru7t1o7n2IT_SP8.roa (raw, json)
Hash identifier:          tgzA+80uiEvqhA26IguNXyyQUiHVVk0GNZfBLbAgKVY=
Subject key identifier:   98:8A:B2:89:F4:ED:A2:F1:37:46:EE:ED:D6:8E:E7:D8:84:FF:48:FF
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018AFE7A89B37D46C17D767AD3F2F1821459
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/mIqyifTtovE3Ru7t1o7n2IT_SP8.roa
Signing time:             Thu 05 Oct 2023 06:15:58 +0000
ROA not before:           Thu 05 Oct 2023 06:15:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42055
IP address blocks:        194.156.151.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:fe:7a:89:b3:7d:46:c1:7d:76:7a:d3:f2:f1:82:14:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Oct  5 06:15:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=988ab289f4eda2f13746eeedd68ee7d884ff48ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4d:0a:3b:f0:52:da:90:d8:19:ad:4c:cd:af:
                    db:f8:ee:17:66:2a:57:56:e0:7f:d5:cf:5a:b6:98:
                    20:69:ed:1d:c8:dc:2f:1f:49:65:2f:7f:09:9f:c1:
                    6d:2f:d2:47:9a:ae:6e:62:ac:09:00:d2:06:65:9d:
                    00:4f:73:78:db:39:07:14:90:62:6c:63:75:51:93:
                    0b:fe:4f:ee:d5:7d:89:7b:af:ce:83:46:82:25:80:
                    bf:08:81:5e:7c:4d:df:10:c7:2b:4c:61:af:c8:48:
                    73:84:56:e3:60:74:fc:9e:26:ad:d5:59:ba:f7:7e:
                    bb:59:e8:d9:d6:88:8b:6b:3e:77:0b:08:22:55:43:
                    9c:d2:64:a4:eb:db:71:19:3c:e3:73:fa:fb:fd:fa:
                    10:1c:8d:98:3b:80:49:79:ef:f1:bb:48:34:ac:8a:
                    bd:3d:81:10:03:6a:53:56:45:75:68:81:27:78:94:
                    9b:c6:b4:f0:77:d4:c7:4b:68:08:ac:91:e2:04:1a:
                    88:9e:d4:5e:27:24:c4:6f:1e:6c:d0:7f:af:5c:53:
                    5a:ae:03:ac:be:2e:da:06:f5:18:01:50:46:0e:32:
                    6f:16:a1:3e:56:9c:64:9b:d1:70:ec:d9:23:5a:c0:
                    50:29:d2:18:4b:1a:9c:56:2e:d4:75:42:65:b6:b6:
                    a9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8A:B2:89:F4:ED:A2:F1:37:46:EE:ED:D6:8E:E7:D8:84:FF:48:FF
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/mIqyifTtovE3Ru7t1o7n2IT_SP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:67:27:99:06:3f:11:ea:c3:b4:77:ec:ed:68:fc:61:9a:01:
         5b:64:11:59:2d:93:9d:2b:a1:89:41:ef:e9:bf:11:22:05:0d:
         4f:71:1f:14:c9:02:46:60:ab:b4:62:d3:0a:db:42:36:5a:bd:
         24:80:52:a2:64:fb:09:b0:8b:88:b9:ff:1d:2c:2d:67:bc:37:
         03:c2:f4:b8:8f:c1:ed:be:97:7f:91:71:6f:b4:ab:ed:5f:a2:
         0d:03:d8:26:df:e0:30:53:b2:08:41:64:fd:8c:10:b4:e3:b4:
         7d:68:04:ad:1f:e4:b1:61:35:35:52:db:0d:7f:86:38:84:c3:
         64:23:cf:0d:54:b7:26:10:70:c4:6e:28:56:fa:14:fd:46:a4:
         52:04:30:5b:74:91:5c:4d:f3:b6:fa:bf:50:ae:17:37:85:af:
         ff:f6:6d:d6:d6:06:08:50:a3:8b:75:a3:5e:bf:b3:ac:bc:27:
         85:ac:af:f8:af:f0:b5:1b:b8:b3:05:79:7e:b2:50:58:83:5b:
         53:a5:2d:f3:df:e7:cf:2f:87:9d:6f:9d:a8:74:05:b7:fe:8d:
         4a:ee:23:2c:99:1f:87:c0:c6:55:c1:59:a5:24:9b:72:b5:b9:
         e4:ed:31:ec:55:bd:1c:e8:34:14:bd:d5:08:0c:64:b5:4a:a3:
         65:03:d7:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYr+eomzfUbBfXZ60/LxghRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMxMDA1MDYxNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhhYjI4OWY0ZWRhMmYxMzc0NmVlZWRkNjhlZTdkODg0ZmY0OGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlU0KO/BS2pDYGa1Mza/b+O4XZipX
VuB/1c9atpggae0dyNwvH0llL38Jn8FtL9JHmq5uYqwJANIGZZ0AT3N42zkHFJBi
bGN1UZML/k/u1X2Je6/Og0aCJYC/CIFefE3fEMcrTGGvyEhzhFbjYHT8niat1Vm6
9367WejZ1oiLaz53CwgiVUOc0mSk69txGTzjc/r7/foQHI2YO4BJee/xu0g0rIq9
PYEQA2pTVkV1aIEneJSbxrTwd9THS2gIrJHiBBqIntReJyTEbx5s0H+vXFNargOs
vi7aBvUYAVBGDjJvFqE+Vpxkm9Fw7NkjWsBQKdIYSxqcVi7UdUJltrapDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiKson07aLxN0bu7daO59iE/0j/MB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvbUlxeWlmVHRvdkUzUnU3dDFvN24ySVRfU1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpyXMA0G
CSqGSIb3DQEBCwUAA4IBAQBKZyeZBj8R6sO0d+ztaPxhmgFbZBFZLZOdK6GJQe/p
vxEiBQ1PcR8UyQJGYKu0YtMK20I2Wr0kgFKiZPsJsIuIuf8dLC1nvDcDwvS4j8Ht
vpd/kXFvtKvtX6INA9gm3+AwU7IIQWT9jBC047R9aAStH+SxYTU1UtsNf4Y4hMNk
I88NVLcmEHDEbihW+hT9RqRSBDBbdJFcTfO2+r9Qrhc3ha//9m3W1gYIUKOLdaNe
v7OsvCeFrK/4r/C1G7izBXl+slBYg1tTpS3z3+fPL4edb52odAW3/o1K7iMsmR+H
wMZVwVmlJJtytbnk7THsVb0c6DQUvdUIDGS1SqNlA9eL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org