Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/83OKivzR4xN_z7XEM8-K7A4xr6g.roa
File:                     83OKivzR4xN_z7XEM8-K7A4xr6g.roa (raw, json)
Hash identifier:          xbCd2QytEsCvhLelIvfh5D7PvitoYJ9li6uKbRcTU8I=
Subject key identifier:   F3:73:8A:8A:FC:D1:E3:13:7F:CF:B5:C4:33:CF:8A:EC:0E:31:AF:A8
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       0573F890
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/83OKivzR4xN_z7XEM8-K7A4xr6g.roa
Signing time:             Tue 05 Jul 2022 04:53:25 +0000
ROA not before:           Tue 05 Jul 2022 04:53:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31715
IP address blocks:        155.193.15.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 91486352 (0x573f890)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jul  5 04:53:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f3738a8afcd1e3137fcfb5c433cf8aec0e31afa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c1:3e:49:31:b0:c2:0f:a0:25:3f:92:3f:32:
                    17:61:0d:fc:48:ff:cf:bf:17:20:45:cf:33:45:f1:
                    14:d8:20:4b:65:0e:58:22:c1:9a:5e:c3:87:1c:92:
                    31:c2:e1:b6:34:be:d5:4e:77:36:99:f3:4f:8d:e2:
                    c2:cf:2b:82:b7:fe:4c:7c:f5:e9:4a:1f:b7:29:3f:
                    9a:73:9b:1f:b8:3c:7d:bb:f3:d7:74:58:2d:23:72:
                    66:0c:11:13:4d:58:cd:9e:80:53:f3:6d:74:62:27:
                    94:e4:8e:c1:6c:3f:19:d6:e1:24:8d:f7:92:f8:c5:
                    41:48:1a:85:8e:b4:b4:84:36:13:b1:20:18:f1:59:
                    91:79:6f:0a:b7:df:1f:0b:3c:36:46:8b:2b:95:94:
                    19:9f:e7:78:72:50:89:8a:61:9e:77:b2:7f:1a:4c:
                    85:6f:03:38:e9:05:7d:65:92:2c:25:80:e1:39:6e:
                    2f:84:f5:86:05:78:50:92:cb:85:5a:b3:28:5a:25:
                    ed:12:35:0d:5f:64:bc:ba:0b:27:52:34:11:fb:26:
                    b5:f0:4f:54:ea:89:4c:09:a3:c1:62:5b:d6:b4:89:
                    92:56:84:8e:1d:26:1f:c8:75:c6:0e:61:e8:da:77:
                    5c:60:22:73:71:38:f5:e1:e8:60:d5:20:26:ce:9b:
                    1c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:73:8A:8A:FC:D1:E3:13:7F:CF:B5:C4:33:CF:8A:EC:0E:31:AF:A8
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/83OKivzR4xN_z7XEM8-K7A4xr6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e0:89:4d:70:65:fd:7c:ac:3c:75:a4:68:32:ea:60:17:a4:
         9a:3e:80:7c:cc:33:3f:10:0a:91:29:9c:49:f5:09:e3:7b:9b:
         7b:e3:61:a3:e8:28:41:b6:37:62:49:53:1f:e8:b8:1e:70:16:
         14:96:aa:6b:1b:da:f7:e5:d4:a1:8c:57:30:de:c9:ad:fe:8c:
         44:f9:0d:5e:7d:6f:f4:66:5d:c4:59:b3:0d:18:a9:6f:79:31:
         e0:11:99:8e:61:2a:83:b9:9c:9c:d5:7f:64:3b:8c:be:10:2e:
         3f:2f:73:d4:0b:1d:90:94:40:a2:90:9c:9d:da:1c:db:19:06:
         4a:c9:64:97:9a:30:db:cc:27:04:38:29:83:a9:eb:91:12:d7:
         ad:5c:9f:95:82:c0:77:9a:7d:67:e1:8a:a2:a6:5d:86:e2:99:
         6a:d5:af:aa:17:3d:98:17:61:d8:5b:76:62:a4:5e:8e:20:cc:
         b0:57:46:4e:b5:3e:f4:d9:dc:a6:76:bf:86:2b:fb:c4:85:cc:
         14:f5:a8:15:95:e9:4a:e9:b6:dd:e6:65:98:e9:4a:bb:d3:e3:
         af:01:6a:0f:bf:80:b6:c2:91:9b:61:b7:84:34:63:c9:7f:61:
         14:1e:e1:29:5b:94:c5:07:0f:75:7e:5c:98:a9:77:91:84:f2:
         d7:76:d4:d6
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBXP4kDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NDNlNDQ3ZWRiOGE1ZTBlMWIxZDdmNWNkYzI4N2MzNjRhNWZiMGI1MB4XDTIyMDcw
NTA0NTMyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjM3MzhhOGFmY2Qx
ZTMxMzdmY2ZiNWM0MzNjZjhhZWMwZTMxYWZhODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALDBPkkxsMIPoCU/kj8yF2EN/Ej/z78XIEXPM0XxFNggS2UO
WCLBml7DhxySMcLhtjS+1U53NpnzT43iws8rgrf+THz16Uoftyk/mnObH7g8fbvz
13RYLSNyZgwRE01YzZ6AU/NtdGInlOSOwWw/GdbhJI33kvjFQUgahY60tIQ2E7Eg
GPFZkXlvCrffHws8NkaLK5WUGZ/neHJQiYphnneyfxpMhW8DOOkFfWWSLCWA4Tlu
L4T1hgV4UJLLhVqzKFol7RI1DV9kvLoLJ1I0EfsmtfBPVOqJTAmjwWJb1rSJklaE
jh0mH8h1xg5h6Np3XGAic3E49eHoYNUgJs6bHG8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTzc4qK/NHjE3/PtcQzz4rsDjGvqDAfBgNVHSMEGDAWgBR0PkR+24peDhsd
f1zcKHw2Sl+wtTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RENUVmdHVLWGc0YkhYOWMzQ2g4TmtwZnNMVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzUvYTFhZTcwLTc5OTYtNDY4Ny1hMGQ3LTVlMGY0YWI4MDliYi8x
LzgzT0tpdnpSNHhOX3o3WEVNOC1LN0E0eHI2Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUv
YTFhZTcwLTc5OTYtNDY4Ny1hMGQ3LTVlMGY0YWI4MDliYi8xL2RENUVmdHVLWGc0
YkhYOWMzQ2g4TmtwZnNMVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJvBDzANBgkqhkiG9w0BAQsFAAOC
AQEAjeCJTXBl/XysPHWkaDLqYBekmj6AfMwzPxAKkSmcSfUJ43ube+Nho+goQbY3
YklTH+i4HnAWFJaqaxva9+XUoYxXMN7Jrf6MRPkNXn1v9GZdxFmzDRipb3kx4BGZ
jmEqg7mcnNV/ZDuMvhAuPy9z1AsdkJRAopCcndoc2xkGSslkl5ow28wnBDgpg6nr
kRLXrVyflYLAd5p9Z+GKoqZdhuKZatWvqhc9mBdh2Ft2YqRejiDMsFdGTrU+9Nnc
pna/hiv7xIXMFPWoFZXpSum23eZlmOlKu9PjrwFqD7+AtsKRm2G3hDRjyX9hFB7h
KVuUxQcPdX5cmKl3kYTy13bU1g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org