Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/aBEDH2M7yOvrtAMWmFnmdSljZ9U.roa
File:                     aBEDH2M7yOvrtAMWmFnmdSljZ9U.roa (raw, json)
Hash identifier:          z6eeeOg7VkhRbcHqjBqC02XI0losp+K5koCZspMyY2Y=
Subject key identifier:   68:11:03:1F:63:3B:C8:EB:EB:B4:03:16:98:59:E6:75:29:63:67:D5
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       018570FBD68A9D5E2464BC7DA883F7F54AC5
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/aBEDH2M7yOvrtAMWmFnmdSljZ9U.roa
Signing time:             Mon 02 Jan 2023 05:37:10 +0000
ROA not before:           Mon 02 Jan 2023 05:37:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        155.193.16.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:d6:8a:9d:5e:24:64:bc:7d:a8:83:f7:f5:4a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jan  2 05:37:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6811031f633bc8ebebb403169859e675296367d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e6:22:f8:18:58:25:35:75:b9:a6:0d:15:c6:
                    1e:02:55:55:9a:00:dc:ca:a6:30:6f:69:cf:2d:74:
                    ea:eb:4b:80:20:2a:1a:7f:bd:b9:cd:39:a1:68:1d:
                    28:75:df:63:6d:b9:69:7f:3e:78:76:87:d6:ff:cc:
                    35:f9:8d:49:73:87:c1:e1:01:a1:0f:a7:72:54:fc:
                    91:eb:e0:d5:35:f1:be:53:37:ea:e2:e8:7b:23:e5:
                    f4:e7:e6:8c:ce:b9:a7:9c:43:04:15:c8:3e:74:51:
                    fc:70:26:d3:68:76:24:5a:80:b7:1d:d2:d7:e4:89:
                    15:f7:fd:10:fc:76:05:0c:92:67:11:fa:e6:b8:45:
                    d9:f1:40:7a:f9:fd:31:9c:7b:3a:03:7f:61:a3:d2:
                    d1:ce:52:06:78:06:60:70:6b:6b:98:d2:8f:02:bc:
                    2c:fa:98:a2:e7:81:6a:8c:f2:e4:8b:3a:88:b1:8a:
                    ce:39:05:36:6b:78:ad:f8:a6:94:1a:78:65:fa:dc:
                    d4:8c:fb:6a:3d:c9:c6:8a:4d:21:e0:10:cc:e4:be:
                    b9:7a:dd:cb:df:2f:85:20:ae:6b:c3:b2:06:9b:f4:
                    04:3e:73:e6:74:9d:e1:42:d3:cf:26:df:fa:a0:30:
                    3b:63:2e:cd:a2:3d:83:5f:c4:85:1a:3a:35:8c:bd:
                    01:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:11:03:1F:63:3B:C8:EB:EB:B4:03:16:98:59:E6:75:29:63:67:D5
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/aBEDH2M7yOvrtAMWmFnmdSljZ9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6a:06:9e:f7:48:52:12:7f:6c:cb:13:cc:4f:58:41:f8:d4:af:
         6a:27:57:02:ba:be:12:e3:74:0a:08:ea:4c:f9:9b:a3:ca:d5:
         d5:fe:00:7d:51:22:77:b0:a8:f0:2f:6e:87:ca:47:09:08:bc:
         6a:56:ce:48:57:0f:46:bf:2b:cf:b0:89:16:0c:ee:95:0d:0d:
         3b:6c:14:d6:8a:87:32:57:ee:ce:87:7f:f0:08:f7:a6:c4:d5:
         62:9e:40:66:56:c5:ec:e3:e0:ed:ac:b6:3e:47:f3:fd:19:89:
         86:0c:a0:09:97:61:12:ef:09:bf:b6:1d:28:b0:c4:6e:30:d2:
         83:c7:af:b4:39:75:60:83:42:4a:78:f6:f9:b9:14:15:c8:02:
         a9:75:0d:77:46:79:52:ad:e1:ff:00:8e:00:f3:0f:76:6c:34:
         01:c0:32:b7:71:e5:e9:48:2d:82:d1:a0:ef:c4:a2:2c:4b:41:
         27:ae:13:8b:a4:ea:d1:78:ae:0e:0f:7c:fe:3e:df:05:b7:fd:
         9e:7f:a8:1e:72:db:67:5a:6d:cd:d7:ab:ec:81:58:94:59:0e:
         2e:1d:81:d4:60:87:81:4e:5b:6e:00:8b:49:4c:df:2a:08:bf:
         c3:03:32:88:61:4d:7e:23:79:3d:77:3a:19:6a:32:2a:96:52:
         34:69:eb:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVw+9aKnV4kZLx9qIP39UrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwMTAyMDUzNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODExMDMxZjYzM2JjOGViZWJiNDAzMTY5ODU5ZTY3NTI5NjM2N2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeYi+BhYJTV1uaYNFcYeAlVVmgDc
yqYwb2nPLXTq60uAICoaf725zTmhaB0odd9jbblpfz54dofW/8w1+Y1Jc4fB4QGh
D6dyVPyR6+DVNfG+Uzfq4uh7I+X05+aMzrmnnEMEFcg+dFH8cCbTaHYkWoC3HdLX
5IkV9/0Q/HYFDJJnEfrmuEXZ8UB6+f0xnHs6A39ho9LRzlIGeAZgcGtrmNKPArws
+pii54FqjPLkizqIsYrOOQU2a3it+KaUGnhl+tzUjPtqPcnGik0h4BDM5L65et3L
3y+FIK5rw7IGm/QEPnPmdJ3hQtPPJt/6oDA7Yy7Noj2DX8SFGjo1jL0B4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgRAx9jO8jr67QDFphZ5nUpY2fVMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvYUJFREgyTTd5T3ZydEFNV21Gbm1kU2xqWjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEm8EQMA0G
CSqGSIb3DQEBCwUAA4IBAQBqBp73SFISf2zLE8xPWEH41K9qJ1cCur4S43QKCOpM
+ZujytXV/gB9USJ3sKjwL26HykcJCLxqVs5IVw9GvyvPsIkWDO6VDQ07bBTWiocy
V+7Oh3/wCPemxNVinkBmVsXs4+DtrLY+R/P9GYmGDKAJl2ES7wm/th0osMRuMNKD
x6+0OXVgg0JKePb5uRQVyAKpdQ13RnlSreH/AI4A8w92bDQBwDK3ceXpSC2C0aDv
xKIsS0EnrhOLpOrReK4OD3z+Pt8Ft/2ef6gecttnWm3N16vsgViUWQ4uHYHUYIeB
TltuAItJTN8qCL/DAzKIYU1+I3k9dzoZajIqllI0aevZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org