Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/wXT_mOrykIeqI3iBWOfxvMFWUaE.roa
File:                     wXT_mOrykIeqI3iBWOfxvMFWUaE.roa (raw, json)
Hash identifier:          8duaFykEwtSIStTf9HFETdLdejJTfmBsECC8GfiAD9M=
Subject key identifier:   C1:74:FF:98:EA:F2:90:87:AA:23:78:81:58:E7:F1:BC:C1:56:51:A1
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       03CEF1C0
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/wXT_mOrykIeqI3iBWOfxvMFWUaE.roa
Signing time:             Sat 01 Jan 2022 08:04:25 +0000
ROA not before:           Sat 01 Jan 2022 08:04:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        155.193.32.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63893952 (0x3cef1c0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jan  1 08:04:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c174ff98eaf29087aa23788158e7f1bcc15651a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b4:31:b4:66:ad:6f:a6:44:bb:d4:04:de:d6:
                    b7:1e:54:38:2e:ce:e1:7d:22:af:25:42:fa:e7:51:
                    1b:7e:d3:0d:b8:37:4e:a6:4d:fd:50:7e:46:2d:01:
                    0e:47:88:8a:0b:2f:1c:26:a6:7b:15:bf:ce:46:fc:
                    a0:a3:d9:10:49:96:7a:7f:2f:96:ef:fd:af:47:10:
                    46:b6:ca:eb:e8:e6:19:d9:fb:40:70:6b:e7:7a:41:
                    a7:46:dd:85:96:26:83:42:11:c2:40:f9:c4:5b:55:
                    b5:b4:ab:5a:7f:44:56:88:c1:9c:51:30:29:50:42:
                    fb:bc:0e:c2:f1:97:02:0c:a4:e0:b4:08:44:6b:7e:
                    3a:b6:bd:63:37:a0:02:81:d2:57:ee:58:37:b9:b3:
                    df:c3:fd:90:54:90:d9:34:33:66:f2:41:b7:c5:b2:
                    a7:04:c0:d2:2d:06:fb:2d:9c:c8:28:04:e8:1c:9a:
                    39:fd:e5:77:f4:82:82:29:17:c4:d1:33:e4:c3:5d:
                    25:2c:f0:0e:31:6a:3c:50:3b:a9:1c:58:71:e4:bf:
                    3e:59:b1:dd:aa:ed:e7:a2:56:1c:21:ee:13:53:51:
                    fc:29:ba:03:01:5c:75:c8:1c:9a:ac:f8:8e:9e:5d:
                    21:3f:7d:4d:a1:78:a6:f0:49:02:84:90:51:86:79:
                    1f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:74:FF:98:EA:F2:90:87:AA:23:78:81:58:E7:F1:BC:C1:56:51:A1
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/wXT_mOrykIeqI3iBWOfxvMFWUaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4b:c4:b5:c1:29:78:0e:42:9b:d3:07:cd:2b:e8:14:78:98:d4:
         19:48:a6:45:be:90:f6:3e:ca:f6:1a:12:b6:08:e3:24:eb:94:
         84:cb:ed:3f:ac:01:ac:f2:3a:df:15:17:5f:54:3c:3f:d3:81:
         cb:ac:22:df:db:99:c2:92:8a:64:d6:e9:9f:8b:dc:d0:59:de:
         4b:9d:ac:2c:73:f7:87:29:15:a7:f7:dd:e3:da:5e:23:84:e1:
         bb:1a:cf:54:ad:4f:c0:fb:a4:e7:bd:30:a0:17:43:0d:c8:cb:
         1e:e7:cb:c8:ce:9b:b5:a7:04:e2:36:18:27:5c:e2:6c:69:4a:
         9d:e6:6b:3c:4c:4e:43:86:46:7e:01:f2:7a:af:b6:f7:37:f3:
         f8:d6:d2:6f:0d:5a:2c:dc:1f:d1:db:eb:c6:d5:d3:e5:ce:9e:
         09:9a:ab:c9:5b:fa:79:9d:d6:6a:79:bd:f4:c0:7e:5b:29:09:
         77:4c:e2:a5:a0:b8:5f:8a:94:8b:28:f3:92:c1:62:c9:9c:31:
         81:74:c6:56:6a:1e:08:3c:3e:42:7f:33:66:f0:23:2c:be:ee:
         ef:aa:ec:d3:4f:21:c2:8a:a1:be:8f:90:78:d3:42:0a:cc:44:
         17:5b:dc:e8:7c:14:bf:b2:d9:e7:d3:72:7e:26:4c:bf:2a:5a:
         f1:d0:b3:94
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA87xwDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NDNlNDQ3ZWRiOGE1ZTBlMWIxZDdmNWNkYzI4N2MzNjRhNWZiMGI1MB4XDTIyMDEw
MTA4MDQyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzE3NGZmOThlYWYy
OTA4N2FhMjM3ODgxNThlN2YxYmNjMTU2NTFhMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALG0MbRmrW+mRLvUBN7Wtx5UOC7O4X0iryVC+udRG37TDbg3
TqZN/VB+Ri0BDkeIigsvHCamexW/zkb8oKPZEEmWen8vlu/9r0cQRrbK6+jmGdn7
QHBr53pBp0bdhZYmg0IRwkD5xFtVtbSrWn9EVojBnFEwKVBC+7wOwvGXAgyk4LQI
RGt+Ora9YzegAoHSV+5YN7mz38P9kFSQ2TQzZvJBt8WypwTA0i0G+y2cyCgE6Bya
Of3ld/SCgikXxNEz5MNdJSzwDjFqPFA7qRxYceS/Plmx3art56JWHCHuE1NR/Cm6
AwFcdcgcmqz4jp5dIT99TaF4pvBJAoSQUYZ5H0ECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTBdP+Y6vKQh6ojeIFY5/G8wVZRoTAfBgNVHSMEGDAWgBR0PkR+24peDhsd
f1zcKHw2Sl+wtTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RENUVmdHVLWGc0YkhYOWMzQ2g4TmtwZnNMVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzUvYTFhZTcwLTc5OTYtNDY4Ny1hMGQ3LTVlMGY0YWI4MDliYi8x
L3dYVF9tT3J5a0llcUkzaUJXT2Z4dk1GV1VhRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUv
YTFhZTcwLTc5OTYtNDY4Ny1hMGQ3LTVlMGY0YWI4MDliYi8xL2RENUVmdHVLWGc0
YkhYOWMzQ2g4TmtwZnNMVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBZvBIDANBgkqhkiG9w0BAQsFAAOC
AQEAS8S1wSl4DkKb0wfNK+gUeJjUGUimRb6Q9j7K9hoStgjjJOuUhMvtP6wBrPI6
3xUXX1Q8P9OBy6wi39uZwpKKZNbpn4vc0FneS52sLHP3hykVp/fd49peI4ThuxrP
VK1PwPuk570woBdDDcjLHufLyM6btacE4jYYJ1zibGlKneZrPExOQ4ZGfgHyeq+2
9zfz+NbSbw1aLNwf0dvrxtXT5c6eCZqryVv6eZ3Wanm99MB+WykJd0zipaC4X4qU
iyjzksFiyZwxgXTGVmoeCDw+Qn8zZvAjLL7u76rs008hwoqhvo+QeNNCCsxEF1vc
6HwUv7LZ59NyfiZMvypa8dCzlA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org