Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/kx7zrBZiMHjVZarrBjJd5TlI-d8.roa
File:                     kx7zrBZiMHjVZarrBjJd5TlI-d8.roa (raw, json)
Hash identifier:          or6+EspqU5FgCbHHaGWT81W4VNlSJ6hiZkwq98tcN2o=
Subject key identifier:   93:1E:F3:AC:16:62:30:78:D5:65:AA:EB:06:32:5D:E5:39:48:F9:DF
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       018570FBD35F1C180C4950453CAD4E36FEEC
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/kx7zrBZiMHjVZarrBjJd5TlI-d8.roa
Signing time:             Mon 02 Jan 2023 05:37:09 +0000
ROA not before:           Mon 02 Jan 2023 05:37:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        155.193.229.0/24 maxlen: 24
                          192.6.252.0/22 maxlen: 22
                          155.193.32.0/19 maxlen: 19
                          155.193.250.0/24 maxlen: 24
                          155.193.251.0/24 maxlen: 24
                          155.193.248.0/24 maxlen: 24
                          155.193.249.0/24 maxlen: 24
                          192.6.64.0/22 maxlen: 22
                          192.25.232.0/22 maxlen: 22
                          192.137.24.0/22 maxlen: 22
                          192.25.244.0/22 maxlen: 22
                          192.6.172.0/22 maxlen: 22
                          155.193.163.0/24 maxlen: 24
                          155.193.161.0/24 maxlen: 24
                          155.193.162.0/24 maxlen: 24
                          155.193.160.0/24 maxlen: 24
                          192.25.180.0/22 maxlen: 22
                          192.25.200.0/22 maxlen: 22
                          192.25.208.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:d3:5f:1c:18:0c:49:50:45:3c:ad:4e:36:fe:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jan  2 05:37:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=931ef3ac16623078d565aaeb06325de53948f9df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:28:1e:df:4f:59:29:ec:3a:ab:3e:a4:d3:c9:
                    85:96:51:33:9b:31:c0:22:ed:18:be:54:50:d4:d4:
                    ad:15:d6:a5:f8:ab:3d:9f:79:d0:15:14:b9:fe:66:
                    f9:8f:35:9f:73:93:f4:f0:11:a2:13:b1:05:9c:4b:
                    d8:93:bb:e8:91:33:52:35:92:a5:0e:81:97:6a:96:
                    b8:22:4f:44:c5:d0:15:dc:72:7b:05:d8:7d:91:24:
                    ef:48:4d:8a:6b:af:41:92:85:14:d4:73:ad:0f:e5:
                    fa:2b:14:54:df:1b:c1:ff:07:4a:bb:bb:38:83:12:
                    ec:25:17:08:55:1c:07:09:77:c2:b5:e5:27:0d:a0:
                    30:b9:f8:61:87:55:2b:a4:9a:7a:16:1d:82:0b:ae:
                    19:8e:aa:9c:8a:3a:79:10:3b:e8:64:27:96:13:19:
                    22:f0:aa:95:95:af:d1:69:8e:8c:43:6b:46:15:38:
                    be:b2:f1:d0:8d:93:1f:f5:4d:9d:12:18:25:4d:73:
                    b6:8a:9f:24:40:01:94:c7:bc:b8:12:72:34:70:25:
                    74:9d:b6:56:0d:68:bd:9b:a0:f8:eb:77:40:65:79:
                    ed:ec:ea:81:09:e4:95:07:40:da:57:ef:5c:d6:d5:
                    12:db:86:2b:30:29:61:73:a1:38:f0:19:f6:07:f2:
                    ef:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:1E:F3:AC:16:62:30:78:D5:65:AA:EB:06:32:5D:E5:39:48:F9:DF
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/kx7zrBZiMHjVZarrBjJd5TlI-d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.32.0/19
                  155.193.160.0/22
                  155.193.229.0/24
                  155.193.248.0/22
                  192.6.64.0/22
                  192.6.172.0/22
                  192.6.252.0/22
                  192.25.180.0/22
                  192.25.200.0/22
                  192.25.208.0/22
                  192.25.232.0/22
                  192.25.244.0/22
                  192.137.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:ea:12:17:03:66:03:90:e6:c5:ce:b0:19:99:65:dd:43:03:
         3c:5f:dd:de:62:b3:0a:76:76:ec:84:08:75:1d:95:42:84:fe:
         dd:dd:bf:0a:52:60:e4:14:d6:11:3c:34:49:fb:53:de:4e:f1:
         4a:e0:3b:22:d0:79:0d:8d:13:07:71:75:d3:31:ce:6b:7b:2e:
         62:ae:81:e8:6e:ca:94:34:ff:70:e7:93:b7:6c:3b:f6:a7:b2:
         e9:ab:b7:d9:30:18:3e:9f:7a:c7:bb:24:47:3b:88:94:2a:57:
         4f:00:d4:d5:f5:df:0b:8c:23:a1:80:fb:55:24:bf:11:07:68:
         13:e9:9d:79:dc:22:f4:92:e1:bc:f2:1b:69:84:20:06:b6:bb:
         97:e3:2b:ff:19:dd:16:c7:1c:28:a7:ec:e6:0a:09:b8:27:cb:
         1e:b3:a5:e0:79:ff:62:88:01:8e:46:9f:fa:23:07:94:af:17:
         d4:4e:b1:a8:d1:bc:c8:88:e8:b6:da:bf:aa:55:cb:35:91:da:
         78:2b:40:be:3c:9f:3c:c6:b0:28:d8:cb:86:90:d4:8d:d1:39:
         55:6d:ba:4e:0c:37:0b:db:a5:c3:ed:21:81:05:11:88:bb:49:
         e8:fe:95:35:0a:3c:74:40:a2:6e:b8:b5:21:39:5d:db:60:51:
         1f:4a:7c:34
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVw+9NfHBgMSVBFPK1ONv7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwMTAyMDUzNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFlZjNhYzE2NjIzMDc4ZDU2NWFhZWIwNjMyNWRlNTM5NDhmOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCge309ZKew6qz6k08mFllEzmzHA
Iu0YvlRQ1NStFdal+Ks9n3nQFRS5/mb5jzWfc5P08BGiE7EFnEvYk7vokTNSNZKl
DoGXapa4Ik9ExdAV3HJ7Bdh9kSTvSE2Ka69BkoUU1HOtD+X6KxRU3xvB/wdKu7s4
gxLsJRcIVRwHCXfCteUnDaAwufhhh1UrpJp6Fh2CC64Zjqqcijp5EDvoZCeWExki
8KqVla/RaY6MQ2tGFTi+svHQjZMf9U2dEhglTXO2ip8kQAGUx7y4EnI0cCV0nbZW
DWi9m6D463dAZXnt7OqBCeSVB0DaV+9c1tUS24YrMClhc6E48Bn2B/LvpwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFJMe86wWYjB41WWq6wYyXeU5SPnfMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEva3g3enJCWmlNSGpWWmFyckJqSmQ1VGxJLWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQFm8EgAwQC
m8GgAwQAm8HlAwQCm8H4AwQCwAZAAwQCwAasAwQCwAb8AwQCwBm0AwQCwBnIAwQC
wBnQAwQCwBnoAwQCwBn0AwQCwIkYMA0GCSqGSIb3DQEBCwUAA4IBAQCF6hIXA2YD
kObFzrAZmWXdQwM8X93eYrMKdnbshAh1HZVChP7d3b8KUmDkFNYRPDRJ+1PeTvFK
4Dsi0HkNjRMHcXXTMc5rey5iroHobsqUNP9w55O3bDv2p7Lpq7fZMBg+n3rHuyRH
O4iUKldPANTV9d8LjCOhgPtVJL8RB2gT6Z153CL0kuG88htphCAGtruX4yv/Gd0W
xxwop+zmCgm4J8ses6Xgef9iiAGORp/6IweUrxfUTrGo0bzIiOi22r+qVcs1kdp4
K0C+PJ88xrAo2MuGkNSN0TlVbbpODDcL26XD7SGBBRGIu0no/pU1Cjx0QKJuuLUh
OV3bYFEfSnw0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org