Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/4pubTc7EiV6XvtfcmkULA2WYCnw.roa
File:                     4pubTc7EiV6XvtfcmkULA2WYCnw.roa (raw, json)
Hash identifier:          HWcGFFFxwlQNlAAgfvvgmca+K3nUSTfRDthyaGPbhrE=
Subject key identifier:   E2:9B:9B:4D:CE:C4:89:5E:97:BE:D7:DC:9A:45:0B:03:65:98:0A:7C
Certificate issuer:       /CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Certificate serial:       35449B02
Authority key identifier: E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/4pubTc7EiV6XvtfcmkULA2WYCnw.roa
Signing time:             Sat 01 Jan 2022 09:54:44 +0000
ROA not before:           Sat 01 Jan 2022 09:54:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41039
IP address blocks:        5.153.128.0/18 maxlen: 24
                          92.242.96.0/19 maxlen: 32
                          195.184.192.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 893688578 (0x35449b02)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
        Validity
            Not Before: Jan  1 09:54:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e29b9b4dcec4895e97bed7dc9a450b0365980a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fd:9c:1a:c7:a6:f9:84:22:76:23:60:35:fd:
                    ac:94:2c:ae:0b:9b:a5:82:d8:e0:d3:d2:59:ed:ec:
                    31:b3:a3:6f:06:42:7d:3e:3d:5d:0b:02:e9:1f:84:
                    23:36:c7:7a:11:c4:2f:de:6b:82:2b:52:40:64:28:
                    f0:1b:bb:b6:7a:b9:90:f8:ae:aa:38:80:21:f9:ea:
                    bb:a1:39:db:4d:c4:f0:0c:c2:4b:56:bb:1c:37:ee:
                    81:f5:5a:8c:50:1d:54:a6:e1:91:19:08:0c:97:cc:
                    d1:2b:3b:71:14:11:42:9b:42:57:db:8b:83:36:d7:
                    84:81:5b:b2:50:88:51:4f:26:dc:f0:93:2c:f3:4a:
                    4d:14:49:8f:16:06:e0:22:5d:6f:5a:23:ce:4c:e4:
                    51:3f:81:a3:a4:24:8e:89:4c:62:af:26:a6:2d:e1:
                    6f:01:16:36:c0:42:72:d1:32:8b:1b:61:df:a2:f6:
                    89:b7:ef:e0:f5:fb:48:ce:3d:1a:94:a3:5e:cc:4f:
                    07:61:28:73:ea:e3:ad:53:03:29:64:d9:e6:8f:3b:
                    eb:23:7c:76:e9:b0:2c:55:78:84:da:fd:2b:57:1b:
                    d3:5b:25:cf:b0:49:45:3d:1e:16:e0:29:87:d5:88:
                    ef:0a:9c:4d:5d:7b:0f:98:4a:b3:89:1f:3c:fa:bb:
                    74:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:9B:9B:4D:CE:C4:89:5E:97:BE:D7:DC:9A:45:0B:03:65:98:0A:7C
            X509v3 Authority Key Identifier:
                keyid:E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/4pubTc7EiV6XvtfcmkULA2WYCnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.128.0/18
                  92.242.96.0/19
                  195.184.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         60:bd:f8:8a:8f:7e:ab:83:b3:56:76:73:f2:1e:c9:0f:0b:c6:
         46:88:3a:f9:24:99:a1:7a:c2:b0:c4:15:f0:ad:34:94:95:3e:
         70:1c:ff:bd:96:08:a8:f9:bc:8b:23:c5:54:2f:7d:33:4d:f7:
         3b:90:7a:39:81:39:06:57:fc:1f:f6:0d:b2:c6:3b:fc:60:45:
         9a:e1:39:58:b6:62:72:1e:1f:09:5f:73:d9:51:dd:61:2e:23:
         92:11:a7:22:ae:1e:74:39:4b:21:4b:f6:95:f6:32:cc:8d:91:
         ad:3b:66:e1:31:ed:d1:04:51:f2:d0:35:a0:98:4a:70:dc:13:
         7c:0b:f7:38:c3:98:65:a1:a2:75:0a:6e:02:13:00:94:ef:d7:
         42:c5:92:3c:85:80:53:61:41:8e:1b:10:db:a3:60:52:72:c0:
         00:ba:1b:d5:78:3c:0d:d7:eb:1f:1b:56:00:f3:8b:d6:40:89:
         14:c0:ad:66:43:18:49:aa:bf:e7:57:fa:ce:49:4c:27:64:73:
         50:56:1d:ae:b6:13:2d:40:35:a4:0b:99:31:d8:f8:8b:18:ed:
         db:19:21:1d:7b:1f:b2:40:29:8a:b6:28:9f:c5:3b:e4:37:6b:
         65:d0:81:fa:2c:93:51:ce:b1:a2:c2:7e:33:7b:74:0d:19:66:
         3e:86:ea:bf
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIENUSbAjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
N2Q3OTlhZTBlZmRkOTg2ZGRlNzdmYjM1YWQwYTEwODIzY2I5NzJmMB4XDTIyMDEw
MTA5NTQ0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTI5YjliNGRjZWM0
ODk1ZTk3YmVkN2RjOWE0NTBiMDM2NTk4MGE3YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKP9nBrHpvmEInYjYDX9rJQsrgubpYLY4NPSWe3sMbOjbwZC
fT49XQsC6R+EIzbHehHEL95rgitSQGQo8Bu7tnq5kPiuqjiAIfnqu6E5203E8AzC
S1a7HDfugfVajFAdVKbhkRkIDJfM0Ss7cRQRQptCV9uLgzbXhIFbslCIUU8m3PCT
LPNKTRRJjxYG4CJdb1ojzkzkUT+Bo6QkjolMYq8mpi3hbwEWNsBCctEyixth36L2
ibfv4PX7SM49GpSjXsxPB2Eoc+rjrVMDKWTZ5o876yN8dumwLFV4hNr9K1cb01sl
z7BJRT0eFuAph9WI7wqcTV17D5hKs4kfPPq7dNkCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTim5tNzsSJXpe+19yaRQsDZZgKfDAfBgNVHSMEGDAWgBTn15muDv3Zht3n
f7Na0KEII8uXLzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzU5ZVpyZzc5MlliZDUzLXpXdENoQ0NQTGx5OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzkvMTEwODFiLTRlZjktNGUyZi04MTUzLTI4NzkzNzk0MGQ3Yi8x
LzRwdWJUYzdFaVY2WHZ0ZmNta1VMQTJXWUNudy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkv
MTEwODFiLTRlZjktNGUyZi04MTUzLTI4NzkzNzk0MGQ3Yi8xLzU5ZVpyZzc5Mlli
ZDUzLXpXdENoQ0NQTGx5OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEBgWZgAMEBVzyYAMEBcO4wDANBgkq
hkiG9w0BAQsFAAOCAQEAYL34io9+q4OzVnZz8h7JDwvGRog6+SSZoXrCsMQV8K00
lJU+cBz/vZYIqPm8iyPFVC99M033O5B6OYE5Blf8H/YNssY7/GBFmuE5WLZich4f
CV9z2VHdYS4jkhGnIq4edDlLIUv2lfYyzI2RrTtm4THt0QRR8tA1oJhKcNwTfAv3
OMOYZaGidQpuAhMAlO/XQsWSPIWAU2FBjhsQ26NgUnLAALob1Xg8DdfrHxtWAPOL
1kCJFMCtZkMYSaq/51f6zklMJ2RzUFYdrrYTLUA1pAuZMdj4ixjt2xkhHXsfskAp
irYon8U75DdrZdCB+iyTUc6xosJ+M3t0DRlmPobqvw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:55 2024 by rpki-client on console-ams.rpki-client.org