Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/tpk3r3esvMrdo72uZVqOQeWm4jM.roa
File:                     tpk3r3esvMrdo72uZVqOQeWm4jM.roa (raw, json)
Hash identifier:          XO+Qxeh+2JLR89T2KAzLdsgUTSBOx3iMhm2JNe9udLs=
Subject key identifier:   B6:99:37:AF:77:AC:BC:CA:DD:A3:BD:AE:65:5A:8E:41:E5:A6:E2:33
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       018A19F86BD41F8467A0C30267A403FE19C6
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/tpk3r3esvMrdo72uZVqOQeWm4jM.roa
Signing time:             Mon 21 Aug 2023 21:20:25 +0000
ROA not before:           Mon 21 Aug 2023 21:20:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6079
IP address blocks:        155.193.16.0/20 maxlen: 20
                          192.46.184.0/22 maxlen: 22
                          192.46.184.0/21 maxlen: 21
                          198.151.95.0/24 maxlen: 24
                          198.151.93.0/24 maxlen: 24
                          192.46.188.0/24 maxlen: 24
                          192.46.200.0/22 maxlen: 22
                          198.151.71.0/24 maxlen: 24
                          198.151.67.0/24 maxlen: 24
                          198.151.65.0/24 maxlen: 24
                          198.151.69.0/24 maxlen: 24
                          198.151.73.0/24 maxlen: 24
                          198.151.77.0/24 maxlen: 24
                          198.151.75.0/24 maxlen: 24
                          198.151.81.0/24 maxlen: 24
                          198.151.79.0/24 maxlen: 24
                          198.151.83.0/24 maxlen: 24
                          198.151.85.0/24 maxlen: 24
                          198.151.87.0/24 maxlen: 24
                          198.151.91.0/24 maxlen: 24
                          198.151.89.0/24 maxlen: 24
                          158.120.53.0/24 maxlen: 24
                          158.120.57.0/24 maxlen: 24
                          158.120.55.0/24 maxlen: 24
                          158.120.61.0/24 maxlen: 24
                          158.120.59.0/24 maxlen: 24
                          158.120.63.0/24 maxlen: 24
                          158.120.51.0/24 maxlen: 24
                          158.120.49.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:19:f8:6b:d4:1f:84:67:a0:c3:02:67:a4:03:fe:19:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Aug 21 21:20:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b69937af77acbccadda3bdae655a8e41e5a6e233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:86:9a:41:b3:49:04:92:e0:46:38:b1:82:87:
                    9a:18:d3:33:83:a1:d4:ed:57:35:3a:0f:f0:27:7a:
                    c6:bf:85:b0:f2:c2:62:d9:97:a7:97:20:34:bd:93:
                    11:f3:da:8d:32:a7:da:1a:49:39:4b:22:d2:83:c4:
                    37:6d:1a:0a:6e:74:04:d4:bd:cc:56:28:45:59:e8:
                    29:9a:00:a7:df:a9:99:bf:b7:82:a6:4b:7a:c0:24:
                    40:13:63:c6:58:db:27:84:06:14:3d:72:42:b6:e8:
                    19:31:e3:9d:23:56:f8:f4:68:51:37:5b:30:6f:a0:
                    e9:18:9d:14:70:e7:8b:ce:a5:cb:8d:1a:22:d0:97:
                    64:2e:fb:56:06:0f:8d:ff:f5:d5:bd:3d:e5:88:57:
                    bc:07:7c:6b:da:a4:33:1e:c1:06:88:c0:e7:3e:da:
                    d0:a7:c4:02:a6:14:29:01:4c:7b:f6:44:c7:90:36:
                    2b:3a:7b:8e:8c:b7:f7:52:e6:13:0f:cd:da:c5:b2:
                    7b:fb:02:0b:0b:61:a0:63:4a:81:d3:1d:9b:1e:be:
                    6b:77:20:8f:61:01:bf:3f:0f:f9:4e:86:67:00:1e:
                    13:04:41:f9:12:33:ed:0e:ab:96:01:58:85:04:08:
                    b0:b4:74:0c:e2:a2:59:76:20:45:b2:f6:b1:f6:92:
                    99:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:99:37:AF:77:AC:BC:CA:DD:A3:BD:AE:65:5A:8E:41:E5:A6:E2:33
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/tpk3r3esvMrdo72uZVqOQeWm4jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.16.0/20
                  158.120.49.0/24
                  158.120.51.0/24
                  158.120.53.0/24
                  158.120.55.0/24
                  158.120.57.0/24
                  158.120.59.0/24
                  158.120.61.0/24
                  158.120.63.0/24
                  192.46.184.0/21
                  192.46.200.0/22
                  198.151.65.0/24
                  198.151.67.0/24
                  198.151.69.0/24
                  198.151.71.0/24
                  198.151.73.0/24
                  198.151.75.0/24
                  198.151.77.0/24
                  198.151.79.0/24
                  198.151.81.0/24
                  198.151.83.0/24
                  198.151.85.0/24
                  198.151.87.0/24
                  198.151.89.0/24
                  198.151.91.0/24
                  198.151.93.0/24
                  198.151.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ac:33:69:37:b4:29:5a:22:42:16:34:3d:98:de:8d:40:59:
         73:a6:c0:a6:04:b2:19:40:b2:ff:eb:13:18:c2:8c:7d:e6:a7:
         2f:7e:d7:87:a2:c3:3e:23:e3:5c:ab:1d:84:77:d0:56:68:ed:
         cc:1d:cf:44:da:b1:5d:2c:1e:c3:9c:8b:e3:d3:d5:45:21:2f:
         e1:2a:f8:18:f8:fa:49:c8:57:af:e7:f3:87:70:b8:34:e4:80:
         5c:1a:ba:68:d8:24:a8:6a:8f:5a:7e:87:71:25:0d:da:70:2e:
         17:2d:b2:86:64:70:a2:0b:56:b8:ca:59:63:c5:fa:99:a2:f8:
         b3:fc:7d:d7:25:e3:16:07:57:38:6c:b1:f0:ff:b0:1d:48:5a:
         7c:ff:e2:c8:33:74:90:a4:a8:53:12:d8:67:96:16:25:af:1e:
         d9:73:19:7c:5d:d8:fc:9a:03:ef:ec:81:c6:59:dd:4a:4f:d6:
         e1:7e:92:75:40:a4:c9:fc:a8:11:4d:af:cc:a7:90:c6:1f:5c:
         18:0c:12:35:bc:20:46:56:72:7c:b5:ce:bf:eb:20:f7:4c:4b:
         b3:1c:07:fc:38:3b:f4:e4:d7:69:33:d0:1b:59:6b:0d:e4:c1:
         40:4c:c9:cd:2a:f2:f7:a2:c9:67:12:2b:7a:4b:01:6f:fb:09:
         3b:f8:4b:a5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISAYoZ+GvUH4RnoMMCZ6QD/hnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwODIxMjEyMDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjk5MzdhZjc3YWNiY2NhZGRhM2JkYWU2NTVhOGU0MWU1YTZlMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIaaQbNJBJLgRjixgoeaGNMzg6HU
7Vc1Og/wJ3rGv4Ww8sJi2ZenlyA0vZMR89qNMqfaGkk5SyLSg8Q3bRoKbnQE1L3M
VihFWegpmgCn36mZv7eCpkt6wCRAE2PGWNsnhAYUPXJCtugZMeOdI1b49GhRN1sw
b6DpGJ0UcOeLzqXLjRoi0JdkLvtWBg+N//XVvT3liFe8B3xr2qQzHsEGiMDnPtrQ
p8QCphQpAUx79kTHkDYrOnuOjLf3UuYTD83axbJ7+wILC2GgY0qB0x2bHr5rdyCP
YQG/Pw/5ToZnAB4TBEH5EjPtDquWAViFBAiwtHQM4qJZdiBFsvax9pKZCwIDAQAB
o4ICqjCCAqYwHQYDVR0OBBYEFLaZN693rLzK3aO9rmVajkHlpuIzMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvdHBrM3IzZXN2TXJkbzcydVpWcU9RZVdtNGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG/BggrBgEFBQcBBwEB/wSBrzCBrDCBqQQCAAEwgaIDBASb
wRADBACeeDEDBACeeDMDBACeeDUDBACeeDcDBACeeDkDBACeeDsDBACeeD0DBACe
eD8DBAPALrgDBALALsgDBADGl0EDBADGl0MDBADGl0UDBADGl0cDBADGl0kDBADG
l0sDBADGl00DBADGl08DBADGl1EDBADGl1MDBADGl1UDBADGl1cDBADGl1kDBADG
l1sDBADGl10DBADGl18wDQYJKoZIhvcNAQELBQADggEBABCsM2k3tClaIkIWND2Y
3o1AWXOmwKYEshlAsv/rExjCjH3mpy9+14eiwz4j41yrHYR30FZo7cwdz0TasV0s
HsOci+PT1UUhL+Eq+Bj4+knIV6/n84dwuDTkgFwaumjYJKhqj1p+h3ElDdpwLhct
soZkcKILVrjKWWPF+pmi+LP8fdcl4xYHVzhssfD/sB1IWnz/4sgzdJCkqFMS2GeW
FiWvHtlzGXxd2PyaA+/sgcZZ3UpP1uF+knVApMn8qBFNr8ynkMYfXBgMEjW8IEZW
cny1zr/rIPdMS7McB/w4O/Tk12kz0BtZaw3kwUBMyc0q8veiyWcSK3pLAW/7CTv4
S6U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org