Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Qq3yqh_MeYzjsp3pUpNqmsRA7lo.roa
File:                     Qq3yqh_MeYzjsp3pUpNqmsRA7lo.roa (raw, json)
Hash identifier:          TjMoUuu0yH8EA5G8Tc+TedjTrWdmnpYlUQ+AKzQ1TgE=
Subject key identifier:   42:AD:F2:AA:1F:CC:79:8C:E3:B2:9D:E9:52:93:6A:9A:C4:40:EE:5A
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       01877605C20B192060431503CF6FD29796AC
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Qq3yqh_MeYzjsp3pUpNqmsRA7lo.roa
Signing time:             Wed 12 Apr 2023 15:11:41 +0000
ROA not before:           Wed 12 Apr 2023 15:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        193.109.160.0/22 maxlen: 32
                          193.162.78.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:76:05:c2:0b:19:20:60:43:15:03:cf:6f:d2:97:96:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Apr 12 15:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=42adf2aa1fcc798ce3b29de952936a9ac440ee5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:cd:c2:8b:58:80:06:82:d6:a7:e7:ee:86:3c:
                    f9:9d:87:a5:cc:06:d6:95:99:86:01:ef:6f:cc:5d:
                    8f:21:5a:21:4c:81:24:3f:c0:2f:00:e4:e0:0d:dc:
                    4a:29:8d:46:a7:1d:93:df:3c:82:47:1f:a9:fb:9f:
                    37:17:bd:53:95:de:46:76:31:9e:3a:e8:c4:98:bf:
                    39:90:6a:66:88:2e:2f:54:76:7f:d5:52:63:fb:89:
                    d6:53:d7:72:c1:41:a5:27:93:f5:9d:da:16:c2:e5:
                    d1:3f:de:1d:91:a5:b5:ab:45:c3:e0:79:d7:f9:02:
                    8b:a2:d4:ad:2f:54:2b:38:ae:9b:ff:f0:bd:33:16:
                    d8:5f:06:7a:77:de:f6:d5:95:c5:32:a0:23:3d:6b:
                    17:d1:44:ff:e6:28:ab:cd:0a:1c:ec:e2:41:42:c2:
                    0c:67:96:3e:a3:48:33:77:c8:1e:1b:80:79:04:57:
                    bf:92:c8:50:8f:08:be:33:28:89:b6:0d:47:d0:33:
                    47:6b:6d:53:23:55:68:b1:21:dc:6f:1c:7e:74:3c:
                    49:96:05:5c:ba:6a:bc:61:3b:55:46:03:f7:7e:a0:
                    0e:6c:24:e1:88:fa:c2:15:73:02:73:9f:fb:57:07:
                    d4:e7:36:66:c5:9c:b0:08:7a:f3:ee:1d:5b:da:1f:
                    c1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:AD:F2:AA:1F:CC:79:8C:E3:B2:9D:E9:52:93:6A:9A:C4:40:EE:5A
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Qq3yqh_MeYzjsp3pUpNqmsRA7lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.160.0/22
                  193.162.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:cb:7f:3f:fb:ad:69:e7:a2:b8:43:4f:7a:e1:71:d6:4a:8f:
         d7:8b:a6:77:b7:23:34:07:5f:16:6a:78:4c:2c:34:c0:5b:37:
         1b:8d:51:e5:f2:68:52:70:1b:93:42:78:81:e9:f5:44:50:ed:
         ea:a0:18:e1:45:d5:df:89:2b:1b:64:c8:95:f8:5e:df:4c:27:
         42:30:62:8d:c2:45:7a:5b:22:e5:51:3d:89:4a:62:62:c0:33:
         05:05:56:5a:90:07:f2:12:8f:d6:a0:64:d6:7e:03:76:c8:ce:
         3f:60:92:31:64:a7:c8:c7:e5:dc:c5:09:8d:ec:29:16:65:0a:
         87:6d:89:38:ac:c3:fc:b8:b9:f6:7f:23:50:3a:b3:b9:87:0a:
         62:93:f7:b7:b7:56:d6:b6:3b:19:ae:5a:d3:fc:25:53:2e:27:
         db:de:09:20:fe:7c:07:7d:b3:1e:1e:03:bf:21:52:6b:94:16:
         60:a0:ba:c5:69:a2:0a:f7:cd:fc:21:01:25:ae:ec:39:7d:1c:
         99:8a:e3:ae:a7:df:fd:8f:41:fa:89:8c:db:dc:56:95:da:29:
         90:d6:c6:f0:c6:c6:e7:09:fe:ba:d0:66:41:c9:b2:73:15:b7:
         67:cc:b7:e5:9c:59:18:31:07:f5:dc:f6:c1:e6:b7:30:13:5f:
         46:31:60:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYd2BcILGSBgQxUDz2/Sl5asMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjMwNDEyMTUxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmFkZjJhYTFmY2M3OThjZTNiMjlkZTk1MjkzNmE5YWM0NDBlZTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhs3Ci1iABoLWp+fuhjz5nYelzAbW
lZmGAe9vzF2PIVohTIEkP8AvAOTgDdxKKY1Gpx2T3zyCRx+p+583F71Tld5GdjGe
OujEmL85kGpmiC4vVHZ/1VJj+4nWU9dywUGlJ5P1ndoWwuXRP94dkaW1q0XD4HnX
+QKLotStL1QrOK6b//C9MxbYXwZ6d9721ZXFMqAjPWsX0UT/5iirzQoc7OJBQsIM
Z5Y+o0gzd8geG4B5BFe/kshQjwi+MyiJtg1H0DNHa21TI1VosSHcbxx+dDxJlgVc
umq8YTtVRgP3fqAObCThiPrCFXMCc5/7VwfU5zZmxZywCHrz7h1b2h/BQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEKt8qofzHmM47Kd6VKTaprEQO5aMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvUXEzeXFoX01lWXpqc3AzcFVwTnFtc1JBN2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwW2gAwQA
waJOMA0GCSqGSIb3DQEBCwUAA4IBAQBDy38/+61p56K4Q0964XHWSo/Xi6Z3tyM0
B18WanhMLDTAWzcbjVHl8mhScBuTQniB6fVEUO3qoBjhRdXfiSsbZMiV+F7fTCdC
MGKNwkV6WyLlUT2JSmJiwDMFBVZakAfyEo/WoGTWfgN2yM4/YJIxZKfIx+XcxQmN
7CkWZQqHbYk4rMP8uLn2fyNQOrO5hwpik/e3t1bWtjsZrlrT/CVTLifb3gkg/nwH
fbMeHgO/IVJrlBZgoLrFaaIK9838IQElruw5fRyZiuOup9/9j0H6iYzb3FaV2imQ
1sbwxsbnCf660GZBybJzFbdnzLflnFkYMQf13PbB5rcwE19GMWDX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:25 2024 by rpki-client on console-ams.rpki-client.org