Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/HtV2dxKUrCI5xUF3jxJ1qWcVSug.roa
File:                     HtV2dxKUrCI5xUF3jxJ1qWcVSug.roa (raw, json)
Hash identifier:          3bp4cU19s8sRyysEzsMAAspB2GUSz8jF0fsZZgRLNl0=
Subject key identifier:   1E:D5:76:77:12:94:AC:22:39:C5:41:77:8F:12:75:A9:67:15:4A:E8
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       018527932D790C5C071B3F0DF933D17E5FEE
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/HtV2dxKUrCI5xUF3jxJ1qWcVSug.roa
Signing time:             Sun 18 Dec 2022 23:30:34 +0000
ROA not before:           Sun 18 Dec 2022 23:30:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5503
IP address blocks:        213.18.192.0/18 maxlen: 24
                          212.132.128.0/19 maxlen: 24
                          217.177.64.0/19 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          212.132.64.0/18 maxlen: 24
                          217.177.0.0/18 maxlen: 24
                          217.180.0.0/17 maxlen: 24
                          217.177.128.0/17 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          212.132.32.0/19 maxlen: 24
                          217.181.0.0/17 maxlen: 24
                          62.171.192.0/18 maxlen: 24
                          217.179.0.0/16 maxlen: 24
                          194.238.0.0/17 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:27:93:2d:79:0c:5c:07:1b:3f:0d:f9:33:d1:7e:5f:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Dec 18 23:30:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1ed576771294ac2239c541778f1275a967154ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:86:f9:15:e2:1f:7c:5a:59:57:06:16:dd:26:
                    d7:35:9f:a5:6a:72:79:7f:7e:44:ed:3c:5d:6e:27:
                    74:ff:89:29:3a:63:86:17:f8:91:19:3a:25:05:fa:
                    95:1d:c5:a4:6b:39:40:37:45:95:eb:44:d6:05:7c:
                    7a:ee:89:62:d1:71:4f:d8:2f:cf:3f:81:2d:af:7d:
                    c8:74:28:5f:57:a9:e1:f7:ed:cd:c4:ba:93:f7:2f:
                    4a:da:3d:31:f2:f1:28:9d:15:2d:53:f1:a5:99:92:
                    da:a5:28:98:af:b1:75:35:66:b0:ff:90:85:e9:31:
                    88:69:10:e9:4a:07:71:1e:ac:dc:df:fc:98:54:d1:
                    39:6b:db:75:64:bf:a6:78:e7:05:48:a8:bf:43:e2:
                    67:15:85:1d:fe:d7:97:d5:5a:59:3b:77:9f:bd:f8:
                    41:d2:8e:8c:9a:fb:1f:9e:b3:4f:07:24:c9:53:b2:
                    85:12:2f:2d:58:21:42:90:27:df:ac:bb:4f:a8:1d:
                    d6:9e:f5:51:7c:e6:29:27:ec:11:6b:4d:98:3f:ad:
                    49:25:4e:94:31:d5:d5:c1:54:24:12:7b:36:22:d0:
                    fc:29:88:2b:50:1b:b0:73:c2:bc:38:b0:13:cb:68:
                    4f:55:b0:bb:3f:3f:86:9e:0a:04:2c:19:93:0e:db:
                    d0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D5:76:77:12:94:AC:22:39:C5:41:77:8F:12:75:A9:67:15:4A:E8
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/HtV2dxKUrCI5xUF3jxJ1qWcVSug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.0.0/17
                  212.132.32.0-212.132.159.255
                  213.18.192.0/18
                  217.177.0.0-217.177.95.255
                  217.177.128.0/17
                  217.179.0.0-217.180.127.255
                  217.181.0.0/17
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:ae:a6:63:75:87:0c:ae:68:d3:a1:c6:61:40:2d:da:cc:e7:
         8c:a0:ce:c4:4c:bb:d0:11:da:2d:c9:81:03:81:eb:9b:37:92:
         e1:3f:38:27:e2:0d:3b:a5:66:6d:da:92:f4:e7:33:4b:72:b2:
         9e:d8:b5:58:be:3a:af:67:30:12:99:54:2d:9f:00:6c:0d:22:
         3a:b9:82:29:0f:24:0d:79:70:1c:60:7b:0d:f1:d6:b3:e8:cd:
         b8:ad:51:04:d4:9d:28:d9:e7:fd:2f:39:4f:de:6f:cd:0f:e1:
         9e:4c:57:61:ae:36:54:bb:e6:55:48:79:23:68:26:e3:4b:fe:
         73:9d:d4:b6:d6:13:5f:aa:65:e5:f1:14:e6:d3:9b:f7:af:7a:
         34:e7:8c:a1:81:c5:f3:ea:d0:c1:51:9d:1f:e0:3d:6a:3f:19:
         0d:77:3d:be:d5:58:92:ad:ca:3b:b9:0e:93:26:da:b3:23:ee:
         b4:2c:b1:94:ac:f8:53:cf:d0:ac:80:a7:45:c7:f7:60:ad:b4:
         c8:87:b1:32:74:6a:c0:b5:62:70:7e:c5:af:c5:ba:0c:a4:2c:
         0b:33:11:c6:80:07:37:17:65:4c:01:9e:9e:c0:19:37:15:54:
         fc:3a:25:14:09:b3:86:73:29:c6:72:24:69:33:cb:5b:60:7a:
         bd:c1:bc:d3
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYUnky15DFwHGz8N+TPRfl/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjIxMjE4MjMzMDM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ1NzY3NzEyOTRhYzIyMzljNTQxNzc4ZjEyNzVhOTY3MTU0YWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIb5FeIffFpZVwYW3SbXNZ+lanJ5
f35E7Txdbid0/4kpOmOGF/iRGTolBfqVHcWkazlAN0WV60TWBXx67oli0XFP2C/P
P4Etr33IdChfV6nh9+3NxLqT9y9K2j0x8vEonRUtU/GlmZLapSiYr7F1NWaw/5CF
6TGIaRDpSgdxHqzc3/yYVNE5a9t1ZL+meOcFSKi/Q+JnFYUd/teX1VpZO3efvfhB
0o6MmvsfnrNPByTJU7KFEi8tWCFCkCffrLtPqB3WnvVRfOYpJ+wRa02YP61JJU6U
MdXVwVQkEns2ItD8KYgrUBuwc8K8OLATy2hPVbC7Pz+GngoELBmTDtvQSQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFB7VdncSlKwiOcVBd48SdalnFUroMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvSHRWMmR4S1VyQ0k1eFVGM2p4SjFxV2NWU3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSAwQGPqvAAwQC
ucDkAwQFwpoAAwQHwu4AMAwDBAXUhCADBAXUhIADBAbVEsAwCwMDANmxAwQF2bFA
AwQH2bGAMAsDAwDZswMEB9m0AAMEB9m1ADANBAIAAjAHAwUAKgIPsDANBgkqhkiG
9w0BAQsFAAOCAQEAh66mY3WHDK5o06HGYUAt2sznjKDOxEy70BHaLcmBA4HrmzeS
4T84J+INO6VmbdqS9OczS3Kynti1WL46r2cwEplULZ8AbA0iOrmCKQ8kDXlwHGB7
DfHWs+jNuK1RBNSdKNnn/S85T95vzQ/hnkxXYa42VLvmVUh5I2gm40v+c53UttYT
X6pl5fEU5tOb9696NOeMoYHF8+rQwVGdH+A9aj8ZDXc9vtVYkq3KO7kOkybasyPu
tCyxlKz4U8/QrICnRcf3YK20yIexMnRqwLVicH7Fr8W6DKQsCzMRxoAHNxdlTAGe
nsAZNxVU/DolFAmzhnMpxnIkaTPLW2B6vcG80w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:08 2024 by rpki-client on console-fra.rpki-client.org