Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/pPVv4l4Dn_YMzflhJSU6Bqg5PCs.roa
File:                     pPVv4l4Dn_YMzflhJSU6Bqg5PCs.roa (raw, json)
Hash identifier:          HWlSRrE0V+XKplSKSHfG3jHz6RUWJ/9SYS5JjK53Zqo=
Subject key identifier:   A4:F5:6F:E2:5E:03:9F:F6:0C:CD:F9:61:25:25:3A:06:A8:39:3C:2B
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01856D9D38CD0AC701D4D37D5EF311F975A4
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/pPVv4l4Dn_YMzflhJSU6Bqg5PCs.roa
Signing time:             Sun 01 Jan 2023 13:54:58 +0000
ROA not before:           Sun 01 Jan 2023 13:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     40065
IP address blocks:        194.156.132.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:9d:38:cd:0a:c7:01:d4:d3:7d:5e:f3:11:f9:75:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 13:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4f56fe25e039ff60ccdf96125253a06a8393c2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:71:ca:ce:ce:0c:19:bc:10:d7:a6:fa:e8:0f:
                    8a:02:7c:cc:2f:fb:db:95:d0:22:f9:48:66:7e:6d:
                    d2:9d:1b:c3:b2:dd:e5:d6:24:98:b9:8f:20:f0:a7:
                    8a:f9:a8:16:f4:07:0a:f1:66:85:11:89:32:7d:40:
                    2b:dd:37:47:ed:b8:05:a8:3c:80:2f:24:e2:75:a5:
                    81:67:3f:f4:66:82:dd:d5:22:35:de:bf:a7:92:7c:
                    52:8a:40:99:cd:14:d5:17:c3:37:06:e1:be:18:c8:
                    3a:53:b1:75:4b:05:e0:cd:d6:7f:95:d9:15:0f:d0:
                    94:45:36:99:73:b7:2c:22:e4:32:64:cf:d9:cd:84:
                    bd:0f:a5:02:da:91:3f:22:ac:bb:c5:1c:59:02:57:
                    7e:c5:65:81:c2:60:ab:de:60:ab:e0:5b:d5:fd:19:
                    7e:21:9a:59:13:af:94:53:5b:7d:d3:86:42:e0:5e:
                    dc:98:b9:2c:1d:81:54:7f:b5:9a:8a:38:15:e5:ee:
                    37:dd:98:3b:c9:61:25:26:94:f8:18:13:f3:84:f7:
                    a3:e6:72:a3:1a:7e:e9:0c:92:47:ae:1c:36:d9:25:
                    59:4d:9c:b5:08:07:64:29:ad:62:50:60:3d:37:89:
                    f7:c0:86:33:60:63:fd:f2:42:a3:5e:7b:c2:6d:3e:
                    46:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F5:6F:E2:5E:03:9F:F6:0C:CD:F9:61:25:25:3A:06:A8:39:3C:2B
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/pPVv4l4Dn_YMzflhJSU6Bqg5PCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:f5:4c:59:35:3a:fa:10:a1:9c:aa:0d:d1:aa:d4:d6:a5:08:
         2f:24:9c:2e:95:7c:b9:7e:e8:de:f6:f0:ed:1c:9f:60:c0:06:
         91:9e:33:0f:a7:08:00:b6:e6:97:42:23:d7:51:9b:a7:3c:52:
         46:07:4e:12:a8:49:46:6c:3d:f3:56:84:49:d3:5b:b2:9e:46:
         66:fb:04:9f:1a:ab:7b:9e:cb:0b:a3:ca:84:44:c1:59:db:50:
         0f:96:9c:b1:41:c4:7f:88:08:12:42:39:b0:99:59:df:ef:af:
         f5:a3:aa:c3:88:89:88:ea:e6:7c:58:88:e0:d0:f2:50:c4:ae:
         dc:45:63:c3:78:87:d6:37:e5:d6:c1:7e:f2:cf:64:66:e8:1d:
         be:d2:8a:95:9a:c6:de:25:50:0a:2a:be:92:4b:5b:d8:2b:99:
         eb:67:e7:20:12:cf:80:19:3b:e1:f3:63:ff:e3:07:81:70:47:
         53:e4:e9:00:57:f3:d1:60:53:14:14:d5:97:4b:ed:6b:47:9a:
         b7:14:47:31:77:de:69:48:d3:77:c2:ed:97:86:db:a4:0b:12:
         5b:68:5a:25:f4:84:ea:9c:95:77:79:dc:01:2d:d8:bf:e9:89:
         fb:29:13:e0:99:e5:06:b0:b6:6d:02:e3:21:a1:d7:7c:a5:39:
         ff:40:0e:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtnTjNCscB1NN9XvMR+XWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwMTAxMTM1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY1NmZlMjVlMDM5ZmY2MGNjZGY5NjEyNTI1M2EwNmE4MzkzYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXHKzs4MGbwQ16b66A+KAnzML/vb
ldAi+Uhmfm3SnRvDst3l1iSYuY8g8KeK+agW9AcK8WaFEYkyfUAr3TdH7bgFqDyA
LyTidaWBZz/0ZoLd1SI13r+nknxSikCZzRTVF8M3BuG+GMg6U7F1SwXgzdZ/ldkV
D9CURTaZc7csIuQyZM/ZzYS9D6UC2pE/Iqy7xRxZAld+xWWBwmCr3mCr4FvV/Rl+
IZpZE6+UU1t904ZC4F7cmLksHYFUf7WaijgV5e433Zg7yWElJpT4GBPzhPej5nKj
Gn7pDJJHrhw22SVZTZy1CAdkKa1iUGA9N4n3wIYzYGP98kKjXnvCbT5GIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKT1b+JeA5/2DM35YSUlOgaoOTwrMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvcFBWdjRsNERuX1lNemZsaEpTVTZCcWc1UENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpyEMA0G
CSqGSIb3DQEBCwUAA4IBAQA49UxZNTr6EKGcqg3RqtTWpQgvJJwulXy5fuje9vDt
HJ9gwAaRnjMPpwgAtuaXQiPXUZunPFJGB04SqElGbD3zVoRJ01uynkZm+wSfGqt7
nssLo8qERMFZ21APlpyxQcR/iAgSQjmwmVnf76/1o6rDiImI6uZ8WIjg0PJQxK7c
RWPDeIfWN+XWwX7yz2Rm6B2+0oqVmsbeJVAKKr6SS1vYK5nrZ+cgEs+AGTvh82P/
4weBcEdT5OkAV/PRYFMUFNWXS+1rR5q3FEcxd95pSNN3wu2XhtukCxJbaFol9ITq
nJV3edwBLdi/6Yn7KRPgmeUGsLZtAuMhodd8pTn/QA6l
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org