Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/GynfyfomZCO5RuqDf7BgdSDUPgg.roa
File:                     GynfyfomZCO5RuqDf7BgdSDUPgg.roa (raw, json)
Hash identifier:          jb64OzOJPlG3AMhcADV80f8CLaMqR9uLib+WVcTg9l0=
Subject key identifier:   1B:29:DF:C9:FA:26:64:23:B9:46:EA:83:7F:B0:60:75:20:D4:3E:08
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       0183EA55C6CEDEA5C9AF01DA4ABB05D63714
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/GynfyfomZCO5RuqDf7BgdSDUPgg.roa
Signing time:             Tue 18 Oct 2022 09:03:53 +0000
ROA not before:           Tue 18 Oct 2022 09:03:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210636
IP address blocks:        93.185.163.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ea:55:c6:ce:de:a5:c9:af:01:da:4a:bb:05:d6:37:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Oct 18 09:03:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1b29dfc9fa266423b946ea837fb0607520d43e08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ac:d3:6f:5f:31:ac:a5:bd:9a:57:8e:8a:90:
                    98:82:5e:2a:4b:98:d8:05:98:58:60:d3:21:66:4e:
                    2d:ff:7f:d7:ec:21:14:64:b3:1b:18:29:d5:0e:e5:
                    f5:17:6c:3f:7f:7b:af:79:65:f9:f1:d6:27:4b:83:
                    09:8e:43:aa:60:22:4b:20:69:7b:64:78:eb:78:3e:
                    7a:ef:ee:ed:e6:cd:ec:e3:4a:db:1b:d6:f7:cb:9b:
                    9b:af:fe:db:25:42:7f:39:9d:ef:ed:2c:04:be:01:
                    85:7d:43:db:eb:61:eb:c8:76:6a:ed:e6:9c:31:db:
                    52:64:ef:22:f2:5a:40:44:73:d1:bf:f4:6f:2b:e8:
                    fd:71:0a:ec:a0:8f:51:f8:98:c8:31:85:15:2c:97:
                    28:f4:b9:60:0a:92:89:02:a2:f2:cb:ca:7c:0d:5a:
                    b6:d8:97:14:7c:f4:16:95:fa:ab:5b:72:ef:51:61:
                    e8:01:08:6d:7c:f6:07:6e:b5:4a:df:67:b3:e5:7a:
                    dd:b7:ca:33:f9:ec:68:7f:43:d2:77:ef:c3:c3:52:
                    c7:40:8a:59:6b:7d:cf:5d:f1:1f:4b:90:80:3b:6f:
                    55:5c:12:9c:9a:ba:5d:62:a8:28:f6:37:f3:d6:f4:
                    98:0b:f5:de:f6:3f:ea:59:53:4c:4e:5e:a4:bc:b6:
                    fe:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:29:DF:C9:FA:26:64:23:B9:46:EA:83:7F:B0:60:75:20:D4:3E:08
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/GynfyfomZCO5RuqDf7BgdSDUPgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:b6:07:9b:a5:2a:37:cb:4e:ac:a1:7f:14:ee:16:08:0a:d8:
         d2:83:2d:1c:97:66:fd:4a:34:16:92:f5:ac:b4:d2:57:e9:aa:
         27:3e:1b:7b:de:8c:b0:e5:89:f8:d9:e4:ee:21:d2:43:db:c8:
         ad:26:76:a2:d9:d2:35:8b:2c:f0:b2:8a:77:40:3f:2d:e5:3e:
         e2:32:4d:60:25:eb:2c:3a:f3:6c:6c:7e:0f:4f:b6:5a:2a:fb:
         85:ab:e3:88:89:26:ab:4e:4d:3e:26:9f:28:94:2e:0b:6f:3a:
         d6:6c:a9:6a:d1:62:e5:d6:a1:40:bb:bd:0c:23:9a:8d:7b:0c:
         24:76:98:b6:4c:3c:d5:c3:06:b8:9e:92:03:b6:90:de:30:b0:
         d1:cf:b7:e9:9c:cf:53:86:1f:77:16:b4:f4:40:e7:12:39:90:
         49:e4:5f:e9:b1:eb:f5:8f:2d:9e:cc:3c:4c:74:24:84:d6:cd:
         23:58:59:0d:a9:e2:a5:6d:5d:e3:a7:79:fe:cc:92:85:41:60:
         c3:a5:54:6c:42:3a:ab:3c:b3:5e:3c:20:a4:42:b4:51:ed:28:
         4c:95:9c:40:d7:5e:54:37:87:07:36:6d:16:19:d2:38:c1:84:
         46:d0:3d:97:eb:14:4c:aa:14:ca:eb:6c:57:e3:b3:a5:dd:a3:
         c8:0c:3f:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYPqVcbO3qXJrwHaSrsF1jcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjIxMDE4MDkwMzUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjI5ZGZjOWZhMjY2NDIzYjk0NmVhODM3ZmIwNjA3NTIwZDQzZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqzTb18xrKW9mleOipCYgl4qS5jY
BZhYYNMhZk4t/3/X7CEUZLMbGCnVDuX1F2w/f3uveWX58dYnS4MJjkOqYCJLIGl7
ZHjreD567+7t5s3s40rbG9b3y5ubr/7bJUJ/OZ3v7SwEvgGFfUPb62HryHZq7eac
MdtSZO8i8lpARHPRv/RvK+j9cQrsoI9R+JjIMYUVLJco9LlgCpKJAqLyy8p8DVq2
2JcUfPQWlfqrW3LvUWHoAQhtfPYHbrVK32ez5Xrdt8oz+exof0PSd+/Dw1LHQIpZ
a33PXfEfS5CAO29VXBKcmrpdYqgo9jfz1vSYC/Xe9j/qWVNMTl6kvLb+qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsp38n6JmQjuUbqg3+wYHUg1D4IMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvR3luZnlmb21aQ081UnVxRGY3QmdkU0RVUGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbmjMA0G
CSqGSIb3DQEBCwUAA4IBAQBktgebpSo3y06soX8U7hYICtjSgy0cl2b9SjQWkvWs
tNJX6aonPht73oyw5Yn42eTuIdJD28itJnai2dI1iyzwsop3QD8t5T7iMk1gJess
OvNsbH4PT7ZaKvuFq+OIiSarTk0+Jp8olC4LbzrWbKlq0WLl1qFAu70MI5qNewwk
dpi2TDzVwwa4npIDtpDeMLDRz7fpnM9Thh93FrT0QOcSOZBJ5F/psev1jy2ezDxM
dCSE1s0jWFkNqeKlbV3jp3n+zJKFQWDDpVRsQjqrPLNePCCkQrRR7ShMlZxA115U
N4cHNm0WGdI4wYRG0D2X6xRMqhTK62xX47Ol3aPIDD9/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:29 2024 by rpki-client on console-fra.rpki-client.org