Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/XcHhfkz5ZXGTgXSUmeDBRrnqUus.roa
File:                     XcHhfkz5ZXGTgXSUmeDBRrnqUus.roa (raw, json)
Hash identifier:          mS6MiBhA94Z//VP9VdSRa80nFyjvrnCMv18N3M2GLzY=
Subject key identifier:   5D:C1:E1:7E:4C:F9:65:71:93:81:74:94:99:E0:C1:46:B9:EA:52:EB
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       0185F0DEBEF07C5668A690A32C820F8F7562
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/XcHhfkz5ZXGTgXSUmeDBRrnqUus.roa
Signing time:             Fri 27 Jan 2023 01:36:47 +0000
ROA not before:           Fri 27 Jan 2023 01:36:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        166.108.4.0/22 maxlen: 22
                          166.108.0.0/22 maxlen: 22
                          166.108.8.0/22 maxlen: 22
                          166.108.12.0/22 maxlen: 22
                          192.53.136.0/21 maxlen: 21
                          155.193.2.0/23 maxlen: 23
                          192.53.64.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:f0:de:be:f0:7c:56:68:a6:90:a3:2c:82:0f:8f:75:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jan 27 01:36:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5dc1e17e4cf965719381749499e0c146b9ea52eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:61:a1:2a:dd:97:7f:d3:ce:17:8d:a1:d4:04:
                    a4:5b:c6:43:e7:77:82:d0:1a:94:32:6a:b5:d8:68:
                    19:85:75:75:21:ba:89:4f:8a:fd:ce:2f:63:4a:46:
                    69:5e:fe:b9:22:17:93:ca:14:37:38:d5:4e:c9:a3:
                    1e:53:5f:ca:86:1e:86:2b:64:8f:7e:2c:c2:9c:96:
                    94:8b:52:1c:e3:d4:31:ab:73:a5:5e:d8:8e:32:c5:
                    3c:ed:47:5e:12:ac:82:1c:bc:95:f5:aa:a5:35:e9:
                    7c:0f:c9:d3:88:1b:8b:a1:91:33:26:61:31:a2:ca:
                    0a:f9:8d:f7:ee:1b:10:19:69:6f:69:16:2d:60:43:
                    07:93:bf:e7:5f:ed:6b:c0:bf:52:a9:c2:21:d0:09:
                    c0:ec:1e:7d:37:64:64:58:ef:c8:46:c4:8c:49:67:
                    8e:32:97:6c:3b:60:df:b8:9e:b2:f9:85:39:f7:97:
                    e0:45:39:f7:67:9a:84:45:f6:af:6d:88:9d:28:fb:
                    13:e3:be:7c:1e:cc:8f:e9:1d:06:a8:1c:15:db:47:
                    15:ad:08:41:ce:1a:17:29:c8:dd:53:74:f8:91:72:
                    af:ff:f7:0b:d0:fa:99:02:69:5b:40:42:58:85:53:
                    dd:84:95:9d:4c:f3:e2:b3:a3:55:7b:4d:95:e7:7b:
                    88:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C1:E1:7E:4C:F9:65:71:93:81:74:94:99:E0:C1:46:B9:EA:52:EB
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/XcHhfkz5ZXGTgXSUmeDBRrnqUus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.2.0/23
                  166.108.0.0/20
                  192.53.64.0/21
                  192.53.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:9f:bb:a8:84:94:65:61:10:7b:36:51:4e:8e:f5:c5:ec:2d:
         36:c7:b0:99:5e:2c:04:24:c6:90:80:23:cc:1e:a9:c6:38:5f:
         ed:b7:24:6c:ab:b5:c4:ca:83:9c:77:db:62:7a:8b:9e:c0:74:
         82:8f:c2:97:28:cf:b3:89:1b:f7:7a:f1:a4:3d:fe:48:50:9c:
         d6:55:d6:2a:d2:ee:cd:68:82:69:51:91:33:1d:f0:f4:24:ec:
         b1:94:b1:ce:ea:a2:14:a4:7b:ef:1c:bf:5e:ee:0b:46:db:43:
         75:92:21:74:87:62:a7:e9:d6:5c:41:e8:2f:2e:d8:d4:b3:ce:
         e6:1d:ea:05:31:38:88:2e:6a:30:44:b7:5d:31:d6:69:a9:c6:
         5a:d6:64:0e:b7:b0:dc:1d:5f:35:d8:dc:ba:27:51:63:b7:87:
         08:9a:d5:73:2f:0c:fb:f0:bf:4c:d9:80:4a:77:84:f6:42:69:
         43:de:70:d2:78:69:2f:21:dc:d2:7e:e1:ad:27:87:60:8c:ef:
         5b:6d:b5:db:05:a5:f6:f9:ff:1b:fd:69:2c:bd:b1:15:57:a4:
         01:a9:99:56:94:2d:e7:07:96:84:7d:1b:f3:26:ce:b4:da:9e:
         21:c2:9e:b9:0e:4d:af:79:fa:f2:62:fd:66:08:b3:09:4f:5b:
         6b:0a:a9:ed
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYXw3r7wfFZoppCjLIIPj3ViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwMTI3MDEzNjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGMxZTE3ZTRjZjk2NTcxOTM4MTc0OTQ5OWUwYzE0NmI5ZWE1MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWGhKt2Xf9POF42h1ASkW8ZD53eC
0BqUMmq12GgZhXV1IbqJT4r9zi9jSkZpXv65IheTyhQ3ONVOyaMeU1/Khh6GK2SP
fizCnJaUi1Ic49Qxq3OlXtiOMsU87UdeEqyCHLyV9aqlNel8D8nTiBuLoZEzJmEx
osoK+Y337hsQGWlvaRYtYEMHk7/nX+1rwL9SqcIh0AnA7B59N2RkWO/IRsSMSWeO
MpdsO2DfuJ6y+YU595fgRTn3Z5qERfavbYidKPsT4758HsyP6R0GqBwV20cVrQhB
zhoXKcjdU3T4kXKv//cL0PqZAmlbQEJYhVPdhJWdTPPis6NVe02V53uIhQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF3B4X5M+WVxk4F0lJngwUa56lLrMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvWGNIaGZrejVaWEdUZ1hTVW1lREJScm5xVXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBm8ECAwQE
pmwAAwQDwDVAAwQDwDWIMA0GCSqGSIb3DQEBCwUAA4IBAQCcn7uohJRlYRB7NlFO
jvXF7C02x7CZXiwEJMaQgCPMHqnGOF/ttyRsq7XEyoOcd9tieouewHSCj8KXKM+z
iRv3evGkPf5IUJzWVdYq0u7NaIJpUZEzHfD0JOyxlLHO6qIUpHvvHL9e7gtG20N1
kiF0h2Kn6dZcQegvLtjUs87mHeoFMTiILmowRLddMdZpqcZa1mQOt7DcHV812Ny6
J1Fjt4cImtVzLwz78L9M2YBKd4T2QmlD3nDSeGkvIdzSfuGtJ4dgjO9bbbXbBaX2
+f8b/WksvbEVV6QBqZlWlC3nB5aEfRvzJs602p4hwp65Dk2vefryYv1mCLMJT1tr
Cqnt
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org