Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/QN_Exd_d9zGPDUDEKOru26v_lZQ.roa
File:                     QN_Exd_d9zGPDUDEKOru26v_lZQ.roa (raw, json)
Hash identifier:          nfCvWlNtDd2D8U99bC83HqNXuL9n4zOE4ztSvtY/8tw=
Subject key identifier:   40:DF:C4:C5:DF:DD:F7:31:8F:0D:40:C4:28:EA:EE:DB:AB:FF:95:94
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       018570FBD50CF0BFC32BD5E2FEF969897716
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/QN_Exd_d9zGPDUDEKOru26v_lZQ.roa
Signing time:             Mon 02 Jan 2023 05:37:10 +0000
ROA not before:           Mon 02 Jan 2023 05:37:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29066
IP address blocks:        155.193.0.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:d5:0c:f0:bf:c3:2b:d5:e2:fe:f9:69:89:77:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jan  2 05:37:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40dfc4c5dfddf7318f0d40c428eaeedbabff9594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d9:18:bb:06:16:f3:4a:21:af:77:1e:ad:14:
                    2c:06:0a:1d:6f:af:3d:cb:26:90:cc:3e:7c:29:71:
                    78:a1:0b:dc:c4:b3:d7:0a:42:33:23:15:76:00:d9:
                    a7:a2:87:ee:f7:38:8c:de:71:4c:25:59:ca:18:3b:
                    cd:b9:e4:22:fa:48:4c:0b:76:14:6c:52:a3:88:86:
                    35:8f:8b:51:81:0e:32:72:36:ae:be:f7:f0:86:36:
                    1b:27:86:c9:a4:1b:dc:fb:0c:4f:42:62:b9:7a:08:
                    07:5f:11:ee:d5:68:f9:0a:c0:cf:a5:5b:27:db:6a:
                    39:7f:45:cf:be:da:77:91:5a:65:6a:c2:6c:35:27:
                    9e:d9:6d:38:58:e9:45:82:79:13:bc:4e:0c:62:c9:
                    b8:3e:39:76:17:cc:77:d4:f0:57:43:8b:29:8d:23:
                    29:e1:55:d3:00:35:5f:f7:41:a8:52:e7:2b:a0:d2:
                    f9:cc:f9:14:37:d6:92:4e:12:30:bf:c8:4a:40:b7:
                    0d:2b:d0:b9:f9:13:3b:d0:1b:ad:8b:c4:0f:0d:48:
                    70:df:fd:80:de:b9:0d:22:e6:59:aa:af:33:09:d8:
                    e4:14:83:c1:42:3d:76:2a:50:52:ef:11:ba:8c:66:
                    00:c1:41:e2:df:65:5e:fd:5d:29:9b:60:d4:6c:0e:
                    e4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DF:C4:C5:DF:DD:F7:31:8F:0D:40:C4:28:EA:EE:DB:AB:FF:95:94
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/QN_Exd_d9zGPDUDEKOru26v_lZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:e4:b3:ca:da:db:7f:81:09:4a:08:31:6c:6a:20:47:0d:f6:
         f1:63:7b:74:4e:3e:52:78:e8:6d:2e:90:9d:85:f4:cd:41:fa:
         34:80:4c:f9:fe:44:fc:37:f7:bc:b3:fc:a1:da:6c:a5:fb:fa:
         77:f5:51:1f:d4:0a:bf:45:1e:45:ec:61:89:64:4e:b7:f6:e1:
         e6:9a:80:64:55:1f:3b:4a:79:73:e5:8e:0c:64:79:3e:84:7a:
         dd:40:40:2f:6d:a3:e7:cd:57:3b:52:e1:c1:b5:f0:10:9a:57:
         d7:01:e0:d3:16:92:3d:f9:c3:60:17:2b:11:64:71:aa:97:97:
         4f:f1:41:5c:54:51:07:17:30:52:cf:d5:80:4d:e8:8e:58:e9:
         5a:94:2e:18:83:47:98:8b:1d:74:c9:63:e4:f0:6f:ac:40:10:
         cc:c9:a1:82:f0:19:7e:27:0b:7d:2c:68:82:37:44:09:fc:61:
         d6:6e:63:09:45:f5:67:aa:80:53:65:ee:29:aa:15:79:e9:91:
         b1:8e:1c:d0:74:70:1d:9b:ca:e0:9f:95:99:38:c7:08:48:47:
         91:f9:bf:73:65:5b:58:bf:60:83:81:e1:de:a8:8a:aa:49:ec:
         82:3b:a3:21:58:42:8d:54:ff:05:58:5e:8b:1e:3b:cb:16:97:
         7c:3d:be:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVw+9UM8L/DK9Xi/vlpiXcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwMTAyMDUzNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRmYzRjNWRmZGRmNzMxOGYwZDQwYzQyOGVhZWVkYmFiZmY5NTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNkYuwYW80ohr3cerRQsBgodb689
yyaQzD58KXF4oQvcxLPXCkIzIxV2ANmnoofu9ziM3nFMJVnKGDvNueQi+khMC3YU
bFKjiIY1j4tRgQ4ycjauvvfwhjYbJ4bJpBvc+wxPQmK5eggHXxHu1Wj5CsDPpVsn
22o5f0XPvtp3kVplasJsNSee2W04WOlFgnkTvE4MYsm4Pjl2F8x31PBXQ4spjSMp
4VXTADVf90GoUucroNL5zPkUN9aSThIwv8hKQLcNK9C5+RM70Buti8QPDUhw3/2A
3rkNIuZZqq8zCdjkFIPBQj12KlBS7xG6jGYAwUHi32Ve/V0pm2DUbA7kCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDfxMXf3fcxjw1AxCjq7tur/5WUMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvUU5fRXhkX2Q5ekdQRFVERUtPcnUyNnZfbFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm8EAMA0G
CSqGSIb3DQEBCwUAA4IBAQAd5LPK2tt/gQlKCDFsaiBHDfbxY3t0Tj5SeOhtLpCd
hfTNQfo0gEz5/kT8N/e8s/yh2myl+/p39VEf1Aq/RR5F7GGJZE639uHmmoBkVR87
Snlz5Y4MZHk+hHrdQEAvbaPnzVc7UuHBtfAQmlfXAeDTFpI9+cNgFysRZHGql5dP
8UFcVFEHFzBSz9WATeiOWOlalC4Yg0eYix10yWPk8G+sQBDMyaGC8Bl+Jwt9LGiC
N0QJ/GHWbmMJRfVnqoBTZe4pqhV56ZGxjhzQdHAdm8rgn5WZOMcISEeR+b9zZVtY
v2CDgeHeqIqqSeyCO6MhWEKNVP8FWF6LHjvLFpd8Pb5d
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org