Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/uJKTnXbxehQc3zih1_tWBhtpwNM.roa
File:                     uJKTnXbxehQc3zih1_tWBhtpwNM.roa (raw, json)
Hash identifier:          ZkgkNwag/eBwQvceS4EJw0DrqooROYZEAzBPKr7JBoA=
Subject key identifier:   B8:92:93:9D:76:F1:7A:14:1C:DF:38:A1:D7:FB:56:06:1B:69:C0:D3
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       0184C6C3F1EBB2A51207CFA132DD6124B1FD
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/uJKTnXbxehQc3zih1_tWBhtpwNM.roa
Signing time:             Wed 30 Nov 2022 04:20:40 +0000
ROA not before:           Wed 30 Nov 2022 04:20:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3257
IP address blocks:        155.193.80.0/22 maxlen: 22
                          155.193.8.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c6:c3:f1:eb:b2:a5:12:07:cf:a1:32:dd:61:24:b1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Nov 30 04:20:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b892939d76f17a141cdf38a1d7fb56061b69c0d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:aa:d4:d3:b8:15:7c:1c:76:1a:f7:da:d5:80:
                    34:8e:ab:2a:d5:5d:76:32:e4:16:46:19:02:86:23:
                    d9:a0:d8:b6:b8:f5:9e:39:db:a1:d7:5d:31:27:93:
                    15:2e:ee:0f:94:f3:d6:de:ab:b7:68:e1:a5:1d:e9:
                    37:05:61:f4:99:93:00:94:ed:d5:55:2e:fd:08:ba:
                    01:a5:95:24:f0:c2:c5:f3:d7:13:d3:c1:fc:42:cc:
                    42:fd:65:8d:c2:ad:80:4e:2d:84:66:a0:31:6f:36:
                    f3:6f:21:71:31:ec:e6:69:34:55:64:0e:43:2b:31:
                    28:52:4a:4d:94:71:5e:f5:47:5b:86:0c:a1:64:85:
                    9a:ab:6c:a7:76:78:ab:73:f1:18:51:ae:29:55:98:
                    bf:37:39:36:9d:b4:32:db:84:9a:ea:99:b3:65:a6:
                    59:5d:5e:b7:fe:cc:9c:47:55:a3:bd:4c:3d:5d:09:
                    9f:2c:ba:f8:8e:b5:00:55:e1:03:f3:49:c1:c1:7f:
                    df:84:68:27:bb:23:09:39:f5:c2:ca:df:d0:36:86:
                    e8:27:22:42:e5:9a:64:a2:94:25:4e:53:e3:62:e1:
                    c0:5b:3f:b0:98:51:99:43:18:16:5a:ed:d4:db:5c:
                    28:14:53:e7:75:12:f6:9d:fb:da:1c:7e:93:e9:9a:
                    47:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:92:93:9D:76:F1:7A:14:1C:DF:38:A1:D7:FB:56:06:1B:69:C0:D3
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/uJKTnXbxehQc3zih1_tWBhtpwNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.8.0/22
                  155.193.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:49:82:9f:08:9a:1a:fb:6d:61:53:69:2e:e8:5b:57:3a:09:
         75:eb:fb:89:5c:3d:97:d1:fd:9b:f6:bd:4c:8f:cb:19:4b:f1:
         ef:0d:99:85:ca:60:7c:cd:db:6b:e1:7e:36:a1:57:de:2f:ef:
         95:75:0b:b7:e9:1a:23:78:48:f0:bc:76:ca:7e:ba:3c:09:1c:
         f1:4a:d7:54:e1:ef:5d:c2:1e:e8:df:b1:fe:76:9e:9d:64:6a:
         6c:75:8d:e2:45:6b:0f:f5:ab:24:4d:30:85:2d:f8:90:b9:57:
         69:cb:36:36:3a:47:50:3f:f9:db:85:57:df:84:b3:01:d7:78:
         ca:12:cf:db:0e:ee:95:90:34:c8:00:cc:1e:fb:83:31:07:53:
         80:65:32:e3:ef:ba:d3:6b:d8:33:ac:bd:d3:45:0e:f8:4b:d2:
         b4:24:14:92:41:e6:b1:f9:0c:3f:9f:83:4a:54:97:88:a3:04:
         b2:73:76:02:49:08:30:f6:5d:3f:26:96:3b:31:08:1e:d4:fb:
         c2:49:91:eb:c4:f9:94:d1:de:e3:98:9e:e8:42:cd:4a:85:f5:
         a6:9c:5b:7e:97:cf:2a:4f:0d:1b:14:21:c4:f3:e5:b9:e7:13:
         11:9c:10:07:94:b5:d8:d2:f6:16:3a:e2:1b:35:97:6d:82:25:
         09:86:4c:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYTGw/HrsqUSB8+hMt1hJLH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjIxMTMwMDQyMDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODkyOTM5ZDc2ZjE3YTE0MWNkZjM4YTFkN2ZiNTYwNjFiNjljMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoarU07gVfBx2Gvfa1YA0jqsq1V12
MuQWRhkChiPZoNi2uPWeOduh110xJ5MVLu4PlPPW3qu3aOGlHek3BWH0mZMAlO3V
VS79CLoBpZUk8MLF89cT08H8QsxC/WWNwq2ATi2EZqAxbzbzbyFxMezmaTRVZA5D
KzEoUkpNlHFe9UdbhgyhZIWaq2yndnirc/EYUa4pVZi/Nzk2nbQy24Sa6pmzZaZZ
XV63/sycR1WjvUw9XQmfLLr4jrUAVeED80nBwX/fhGgnuyMJOfXCyt/QNoboJyJC
5ZpkopQlTlPjYuHAWz+wmFGZQxgWWu3U21woFFPndRL2nfvaHH6T6ZpHqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLiSk5128XoUHN84odf7VgYbacDTMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvdUpLVG5YYnhlaFFjM3ppaDFfdFdCaHRwd05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCm8EIAwQC
m8FQMA0GCSqGSIb3DQEBCwUAA4IBAQCPSYKfCJoa+21hU2ku6FtXOgl16/uJXD2X
0f2b9r1Mj8sZS/HvDZmFymB8zdtr4X42oVfeL++VdQu36RojeEjwvHbKfro8CRzx
StdU4e9dwh7o37H+dp6dZGpsdY3iRWsP9askTTCFLfiQuVdpyzY2OkdQP/nbhVff
hLMB13jKEs/bDu6VkDTIAMwe+4MxB1OAZTLj77rTa9gzrL3TRQ74S9K0JBSSQeax
+Qw/n4NKVJeIowSyc3YCSQgw9l0/JpY7MQge1PvCSZHrxPmU0d7jmJ7oQs1KhfWm
nFt+l88qTw0bFCHE8+W55xMRnBAHlLXY0vYWOuIbNZdtgiUJhkwA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org