Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/5SA0kPhYcvR2JTw495L69x_fI6o.roa
File:                     5SA0kPhYcvR2JTw495L69x_fI6o.roa (raw, json)
Hash identifier:          JBwE/dEsB0n+2hB96OFcxmaUqLWsyMR5DT+X3Lq9KVU=
Subject key identifier:   E5:20:34:90:F8:58:72:F4:76:25:3C:38:F7:92:FA:F7:1F:DF:23:AA
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018DBBAD6EAA7B88A26087B73C8D824C6FE4
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/5SA0kPhYcvR2JTw495L69x_fI6o.roa
Signing time:             Sun 18 Feb 2024 10:05:21 +0000
ROA not before:           Sun 18 Feb 2024 10:05:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        193.53.81.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bb:ad:6e:aa:7b:88:a2:60:87:b7:3c:8d:82:4c:6f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Feb 18 10:05:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5203490f85872f476253c38f792faf71fdf23aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e2:2e:db:71:3e:6a:a5:3d:4f:e8:e2:e8:44:
                    91:3b:04:ee:ec:d1:a5:9e:24:cb:c1:b4:94:30:b5:
                    41:e6:f8:03:68:e5:c6:11:42:a6:69:a4:b4:e0:64:
                    aa:36:0d:06:3d:f3:55:77:e6:31:bd:d0:59:fe:bd:
                    89:f4:27:41:9d:d4:3b:c8:87:2b:60:5c:b0:4e:b2:
                    36:3e:9a:2c:8b:ac:f0:9a:8c:71:4b:ae:ba:76:f6:
                    02:28:d9:58:27:84:a0:4e:6b:6c:3c:09:e5:28:c7:
                    91:ff:d8:f1:57:e4:b2:0b:f9:bf:7d:8f:f5:9b:6e:
                    f7:0c:c0:60:34:b1:72:f4:4e:73:40:93:89:51:cb:
                    a8:9e:53:34:f4:8f:07:b4:54:36:01:1d:9e:c9:c1:
                    4d:c8:c2:16:60:3b:da:3f:07:fd:2a:72:ea:24:94:
                    26:81:f3:60:41:0c:fc:7f:80:07:09:6b:14:df:84:
                    c3:a1:08:05:71:4f:7f:bf:5c:93:79:65:0d:23:09:
                    f6:11:43:3a:30:9a:d2:f1:1a:7f:bd:f3:94:fb:44:
                    e3:51:0f:d0:d4:86:ce:f7:77:27:cf:3a:54:de:ac:
                    bd:54:bc:c1:bf:3d:ff:0f:0b:29:07:4d:58:d4:5c:
                    d4:ad:9e:62:be:03:7a:43:a6:65:68:ff:41:db:46:
                    a6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:20:34:90:F8:58:72:F4:76:25:3C:38:F7:92:FA:F7:1F:DF:23:AA
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/5SA0kPhYcvR2JTw495L69x_fI6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:a2:a9:9e:c7:25:50:6d:1a:af:c2:f9:0e:ef:1e:c1:ac:b3:
         48:69:05:05:86:8a:24:83:67:20:68:f1:a2:16:d6:3a:db:df:
         a8:c1:fc:98:63:83:d4:2f:78:10:c0:6a:4d:e2:ac:92:80:50:
         e0:ee:b4:3e:2f:99:7c:62:57:0c:07:f0:67:76:76:97:f1:00:
         a4:3d:84:92:0f:86:90:ee:89:7d:37:8a:3f:9a:73:45:07:67:
         23:3a:1f:a6:08:64:90:a8:0f:b3:d2:6b:ea:10:15:e9:5a:56:
         a3:6a:ed:37:63:3f:0c:4e:11:5f:50:09:24:1d:86:ed:f9:94:
         2f:f2:fd:22:ec:13:3d:ca:97:d3:12:f0:91:04:d3:fd:6a:5a:
         ac:d9:2e:93:f1:9d:a4:b6:f3:03:b9:be:47:7c:7a:14:0b:f7:
         74:e3:0d:b6:3e:37:09:3f:bd:11:87:cb:6b:65:18:86:52:c9:
         44:19:1e:81:10:76:29:f5:f6:1a:f8:2a:cd:59:54:11:b2:e6:
         83:88:4a:68:ab:04:9d:f5:91:3e:cc:1e:19:44:bb:b5:e5:8a:
         41:d7:06:a5:67:6e:be:f1:c1:c1:21:50:53:96:aa:96:76:7f:
         8e:99:24:4f:73:9f:e8:de:26:2b:cb:e1:ab:68:06:9f:0e:5f:
         6a:c8:cf:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY27rW6qe4iiYIe3PI2CTG/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMjE4MTAwNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTIwMzQ5MGY4NTg3MmY0NzYyNTNjMzhmNzkyZmFmNzFmZGYyM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluIu23E+aqU9T+ji6ESROwTu7NGl
niTLwbSUMLVB5vgDaOXGEUKmaaS04GSqNg0GPfNVd+YxvdBZ/r2J9CdBndQ7yIcr
YFywTrI2Pposi6zwmoxxS666dvYCKNlYJ4SgTmtsPAnlKMeR/9jxV+SyC/m/fY/1
m273DMBgNLFy9E5zQJOJUcuonlM09I8HtFQ2AR2eycFNyMIWYDvaPwf9KnLqJJQm
gfNgQQz8f4AHCWsU34TDoQgFcU9/v1yTeWUNIwn2EUM6MJrS8Rp/vfOU+0TjUQ/Q
1IbO93cnzzpU3qy9VLzBvz3/DwspB01Y1FzUrZ5ivgN6Q6ZlaP9B20amzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUgNJD4WHL0diU8OPeS+vcf3yOqMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvNVNBMGtQaFljdlIySlR3NDk1TDY5eF9mSTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTVRMA0G
CSqGSIb3DQEBCwUAA4IBAQBboqmexyVQbRqvwvkO7x7BrLNIaQUFhookg2cgaPGi
FtY629+owfyYY4PUL3gQwGpN4qySgFDg7rQ+L5l8YlcMB/BndnaX8QCkPYSSD4aQ
7ol9N4o/mnNFB2cjOh+mCGSQqA+z0mvqEBXpWlajau03Yz8MThFfUAkkHYbt+ZQv
8v0i7BM9ypfTEvCRBNP9alqs2S6T8Z2ktvMDub5HfHoUC/d04w22PjcJP70Rh8tr
ZRiGUslEGR6BEHYp9fYa+CrNWVQRsuaDiEpoqwSd9ZE+zB4ZRLu15YpB1walZ26+
8cHBIVBTlqqWdn+OmSRPc5/o3iYry+GraAafDl9qyM8d
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:48 2024 by rpki-client on console-ams.rpki-client.org