Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/_uzPQ2FmNzK_z9IJxWwbpz7lp2c.roa
File:                     _uzPQ2FmNzK_z9IJxWwbpz7lp2c.roa (raw, json)
Hash identifier:          Sw3ENMjrYQuVtkkYKcAM7uKpc8zemSi5i9NbuWru3pM=
Subject key identifier:   FE:EC:CF:43:61:66:37:32:BF:CF:D2:09:C5:6C:1B:A7:3E:E5:A7:67
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       01856DAF6DDBAC9BAB0892FBF4D0F97B6817
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/_uzPQ2FmNzK_z9IJxWwbpz7lp2c.roa
Signing time:             Sun 01 Jan 2023 14:14:51 +0000
ROA not before:           Sun 01 Jan 2023 14:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209854
IP address blocks:        93.185.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:af:6d:db:ac:9b:ab:08:92:fb:f4:d0:f9:7b:68:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 14:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=feeccf4361663732bfcfd209c56c1ba73ee5a767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:f4:47:83:02:8c:a0:62:75:b4:24:c3:c9:
                    43:59:c9:15:e2:79:df:1f:8e:58:d3:d3:b1:3d:5c:
                    af:02:81:79:e7:3c:e0:03:66:bc:1a:05:56:54:67:
                    c4:b4:20:bf:f1:72:6e:d4:ae:23:39:66:05:15:e3:
                    d0:03:2b:c2:7c:39:42:7e:eb:51:c3:c3:77:ca:b0:
                    68:a7:1b:03:6e:1c:25:bc:a8:be:35:c9:d1:53:33:
                    ab:3a:7d:6b:00:0e:b2:cf:14:88:c1:37:de:9d:28:
                    21:a1:3c:16:19:fb:51:d6:de:f8:22:68:bf:02:21:
                    43:82:a5:e9:eb:8b:3f:79:4a:da:fd:8a:5b:33:00:
                    8a:e5:90:ef:fe:04:eb:77:11:f8:c6:b9:11:08:c3:
                    ed:f8:70:82:1d:c7:ed:7b:a2:7a:dd:ed:c7:ec:e2:
                    bd:c8:cb:cf:3d:b0:55:05:28:52:d7:3f:7f:a9:fa:
                    ab:77:c3:ea:98:b2:3f:04:d9:d4:db:01:b1:53:49:
                    9c:d7:a4:75:77:7f:a9:71:de:6a:81:57:c3:c7:2b:
                    96:21:27:de:94:c0:72:0f:3b:ef:d4:95:d7:c5:6e:
                    15:05:45:92:09:69:96:b1:e2:93:95:11:0c:a0:64:
                    f5:06:c0:0c:1f:44:12:9a:41:0b:65:0a:36:07:b8:
                    e9:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:EC:CF:43:61:66:37:32:BF:CF:D2:09:C5:6C:1B:A7:3E:E5:A7:67
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/_uzPQ2FmNzK_z9IJxWwbpz7lp2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:fb:17:4a:9f:ee:82:05:62:14:28:29:da:c8:78:5a:46:84:
         98:b6:02:a9:a9:49:30:d1:04:34:1f:33:00:66:d2:22:01:38:
         01:48:f8:bc:d0:f5:60:29:8d:d6:f1:26:be:4a:3e:a0:37:d6:
         ef:d2:0d:c2:92:cc:f2:43:03:9d:14:7b:ab:d8:f8:05:76:f5:
         24:e3:a9:32:fa:fd:03:89:86:ac:c5:b0:dd:a4:63:b3:20:6c:
         5b:fb:88:ff:97:51:36:ea:cf:7e:5b:d5:27:5b:9d:4a:2f:99:
         7d:57:08:5d:54:d5:1c:75:c9:87:42:46:36:3c:42:d6:15:2a:
         b2:59:a6:45:13:f5:32:84:d7:f6:f6:e7:eb:0b:9a:91:df:ce:
         3d:1a:c6:f5:7f:01:e5:1d:d6:56:56:54:70:0b:d6:0c:a2:9b:
         29:af:5c:94:d3:1f:84:f4:e3:79:91:92:a4:19:b0:91:aa:2e:
         e6:c1:e5:17:f1:24:23:0d:65:ba:84:30:df:8d:6b:dd:06:54:
         29:ba:86:d4:fa:fc:ee:b4:5e:27:58:29:82:37:8f:27:44:2b:
         26:6d:32:3d:2f:75:c9:49:eb:af:ca:e3:0e:21:a5:c4:4c:4e:
         f4:f0:5e:17:45:01:7d:fd:b8:fc:f0:c3:90:c8:d3:9f:e4:ed:
         6b:0e:cc:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtr23brJurCJL79ND5e2gXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjMwMTAxMTQxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWVjY2Y0MzYxNjYzNzMyYmZjZmQyMDljNTZjMWJhNzNlZTVhNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjj0R4MCjKBidbQkw8lDWckV4nnf
H45Y09OxPVyvAoF55zzgA2a8GgVWVGfEtCC/8XJu1K4jOWYFFePQAyvCfDlCfutR
w8N3yrBopxsDbhwlvKi+NcnRUzOrOn1rAA6yzxSIwTfenSghoTwWGftR1t74Imi/
AiFDgqXp64s/eUra/YpbMwCK5ZDv/gTrdxH4xrkRCMPt+HCCHcfte6J63e3H7OK9
yMvPPbBVBShS1z9/qfqrd8PqmLI/BNnU2wGxU0mc16R1d3+pcd5qgVfDxyuWISfe
lMByDzvv1JXXxW4VBUWSCWmWseKTlREMoGT1BsAMH0QSmkELZQo2B7jpYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7sz0NhZjcyv8/SCcVsG6c+5adnMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvX3V6UFEyRm1OektfejlJSnhXd2JwejdscDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbmiMA0G
CSqGSIb3DQEBCwUAA4IBAQAn+xdKn+6CBWIUKCnayHhaRoSYtgKpqUkw0QQ0HzMA
ZtIiATgBSPi80PVgKY3W8Sa+Sj6gN9bv0g3CkszyQwOdFHur2PgFdvUk46ky+v0D
iYasxbDdpGOzIGxb+4j/l1E26s9+W9UnW51KL5l9VwhdVNUcdcmHQkY2PELWFSqy
WaZFE/UyhNf29ufrC5qR3849Gsb1fwHlHdZWVlRwC9YMopspr1yU0x+E9ON5kZKk
GbCRqi7mweUX8SQjDWW6hDDfjWvdBlQpuobU+vzutF4nWCmCN48nRCsmbTI9L3XJ
SeuvyuMOIaXETE708F4XRQF9/bj88MOQyNOf5O1rDszx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:29 2024 by rpki-client on console-fra.rpki-client.org