Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/ziDWiV8lBArGas_oil_rBwcM2js.roa
File:                     ziDWiV8lBArGas_oil_rBwcM2js.roa (raw, json)
Hash identifier:          MrKe6idv4OkTsNsLDn3t4cksO9Rpl9qyJpzwRdPUfVg=
Subject key identifier:   CE:20:D6:89:5F:25:04:0A:C6:6A:CF:E8:8A:5F:EB:07:07:0C:DA:3B
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       018570FBD25BB33D6E4220A4B7F1D014A8B3
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/ziDWiV8lBArGas_oil_rBwcM2js.roa
Signing time:             Mon 02 Jan 2023 05:37:09 +0000
ROA not before:           Mon 02 Jan 2023 05:37:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6079
IP address blocks:        155.193.16.0/20 maxlen: 20
                          155.193.128.0/17 maxlen: 17
                          192.46.184.0/22 maxlen: 22
                          192.46.184.0/21 maxlen: 21
                          192.46.188.0/24 maxlen: 24
                          192.46.200.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:d2:5b:b3:3d:6e:42:20:a4:b7:f1:d0:14:a8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jan  2 05:37:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce20d6895f25040ac66acfe88a5feb07070cda3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:70:38:bb:a3:9a:b3:db:c2:8b:65:97:35:77:
                    fd:6e:7b:c9:f2:3f:02:a5:61:6d:d1:81:46:38:72:
                    57:30:32:9e:18:9e:9c:5e:f6:03:c5:e8:f7:8f:ca:
                    cc:ee:7c:f2:d2:70:a8:f3:a8:8a:63:88:6d:27:d6:
                    34:95:35:26:0b:6d:88:b2:2a:d5:46:56:14:8c:db:
                    3f:82:49:5d:0c:7f:d2:9c:c5:4a:d6:4a:bb:8a:9f:
                    90:48:99:47:40:52:ff:85:00:c4:61:69:49:97:8e:
                    f1:bb:b4:d1:1f:4a:f7:18:90:51:f8:c5:fa:52:2c:
                    cd:b0:d4:2b:06:97:81:01:3f:08:05:67:af:a7:6d:
                    2c:9e:03:e0:d6:c6:1f:aa:24:f0:02:43:e4:5f:57:
                    cc:6d:77:cd:02:d1:a8:7f:ee:7c:ce:e0:60:38:7b:
                    63:6b:6a:08:cc:26:c2:da:8f:33:36:da:0e:0b:e6:
                    fe:7d:f5:95:3f:98:f3:11:6a:4c:0f:55:f4:8d:06:
                    4d:08:0c:c6:cb:e9:d4:fa:d8:57:ca:fd:8a:fc:64:
                    70:42:fe:33:66:8a:01:c3:11:67:ab:72:b5:28:96:
                    12:cb:4e:79:02:a9:6b:36:ad:aa:9b:a8:25:95:73:
                    be:01:3a:54:17:96:1b:7e:77:3f:0a:6e:67:c8:1f:
                    28:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:20:D6:89:5F:25:04:0A:C6:6A:CF:E8:8A:5F:EB:07:07:0C:DA:3B
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/ziDWiV8lBArGas_oil_rBwcM2js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.16.0/20
                  155.193.128.0/17
                  192.46.184.0/21
                  192.46.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:ad:ec:4d:d8:b5:8d:2c:d1:f4:6a:0e:c7:9d:85:4f:02:ac:
         4c:0d:2b:2e:0d:1e:b0:ca:02:95:a6:62:5d:62:aa:a4:51:4c:
         d3:8a:33:46:a9:37:37:6b:9c:74:92:e2:4f:2e:f8:21:c7:8e:
         bf:fd:7a:75:2b:c1:d3:16:44:c0:52:61:ed:68:75:46:b7:eb:
         96:57:5b:c3:c3:dc:80:aa:ce:98:78:7e:48:89:30:3d:54:0d:
         d9:e1:27:2e:fd:e5:6c:fa:d4:d2:5e:36:b8:d8:77:7a:fa:45:
         cf:6b:3d:ea:68:97:eb:da:6d:08:97:93:58:8b:70:27:0a:72:
         a6:b5:2f:cf:b8:a8:bc:ea:8d:bc:df:2a:8a:61:7c:b0:59:5d:
         08:6d:13:3a:7c:9b:01:9b:e8:c0:f9:e9:f3:c6:bc:62:1e:ef:
         cc:45:5f:13:2b:56:05:a2:30:dd:5a:f1:6f:15:77:90:00:d1:
         8a:ab:c9:1b:75:7c:e9:64:1b:be:8f:ac:02:e5:06:8e:fb:6f:
         60:38:ea:8f:4d:ba:5c:b6:b9:4c:1a:27:46:ed:f7:8e:d9:18:
         cc:00:80:c5:12:86:88:5c:32:d5:14:d3:17:6c:07:a0:bf:05:
         54:b3:d1:17:92:de:2e:dc:a1:b0:e3:3e:78:10:ac:b0:10:95:
         82:cb:2d:f7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVw+9Jbsz1uQiCkt/HQFKizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwMTAyMDUzNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTIwZDY4OTVmMjUwNDBhYzY2YWNmZTg4YTVmZWIwNzA3MGNkYTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnA4u6Oas9vCi2WXNXf9bnvJ8j8C
pWFt0YFGOHJXMDKeGJ6cXvYDxej3j8rM7nzy0nCo86iKY4htJ9Y0lTUmC22IsirV
RlYUjNs/gkldDH/SnMVK1kq7ip+QSJlHQFL/hQDEYWlJl47xu7TRH0r3GJBR+MX6
UizNsNQrBpeBAT8IBWevp20sngPg1sYfqiTwAkPkX1fMbXfNAtGof+58zuBgOHtj
a2oIzCbC2o8zNtoOC+b+ffWVP5jzEWpMD1X0jQZNCAzGy+nU+thXyv2K/GRwQv4z
ZooBwxFnq3K1KJYSy055AqlrNq2qm6gllXO+ATpUF5Ybfnc/Cm5nyB8oIwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM4g1olfJQQKxmrP6Ipf6wcHDNo7MB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvemlEV2lWOGxCQXJHYXNfb2lsX3JCd2NNMmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQEm8EQAwQH
m8GAAwQDwC64AwQCwC7IMA0GCSqGSIb3DQEBCwUAA4IBAQAzrexN2LWNLNH0ag7H
nYVPAqxMDSsuDR6wygKVpmJdYqqkUUzTijNGqTc3a5x0kuJPLvghx46//Xp1K8HT
FkTAUmHtaHVGt+uWV1vDw9yAqs6YeH5IiTA9VA3Z4Scu/eVs+tTSXja42Hd6+kXP
az3qaJfr2m0Il5NYi3AnCnKmtS/PuKi86o283yqKYXywWV0IbRM6fJsBm+jA+enz
xrxiHu/MRV8TK1YFojDdWvFvFXeQANGKq8kbdXzpZBu+j6wC5QaO+29gOOqPTbpc
trlMGidG7feO2RjMAIDFEoaIXDLVFNMXbAegvwVUs9EXkt4u3KGw4z54EKywEJWC
yy33
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:18 2024 by rpki-client on console-ams.rpki-client.org