Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/ovKNmAIdIrY9iw0ZUBSjlBt571Q.roa
File:                     ovKNmAIdIrY9iw0ZUBSjlBt571Q.roa (raw, json)
Hash identifier:          zpnNshwTV0GpR0oEddIiChnd4kwvAwECdAGuWWa7afw=
Subject key identifier:   A2:F2:8D:98:02:1D:22:B6:3D:8B:0D:19:50:14:A3:94:1B:79:EF:54
Certificate issuer:       /CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
Certificate serial:       018C452BD618B86021B0C17CEFDB2AED359E
Authority key identifier: B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/ovKNmAIdIrY9iw0ZUBSjlBt571Q.roa
Signing time:             Thu 07 Dec 2023 16:45:49 +0000
ROA not before:           Thu 07 Dec 2023 16:45:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25459
IP address blocks:        83.172.128.0/19 maxlen: 19
                          83.172.160.0/21 maxlen: 21
                          83.172.168.0/22 maxlen: 22
                          83.172.180.0/22 maxlen: 22
                          83.172.184.0/21 maxlen: 21
                          2a02:cec0::/30 maxlen: 30

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:45:2b:d6:18:b8:60:21:b0:c1:7c:ef:db:2a:ed:35:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
        Validity
            Not Before: Dec  7 16:45:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2f28d98021d22b63d8b0d195014a3941b79ef54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3f:d6:6b:c6:a0:75:4a:ff:20:d1:c5:7f:7c:
                    02:8b:bb:e8:48:99:69:3d:a1:1d:dd:91:26:6b:d5:
                    6d:a0:8a:0d:21:cd:29:e3:91:03:42:08:25:d3:b8:
                    e3:c9:37:75:e5:6e:d7:bf:9f:ea:7e:a5:d0:47:6b:
                    f8:42:60:ae:17:34:88:6f:cb:b3:f4:f1:ae:b4:65:
                    a7:8c:ca:4f:d3:12:06:44:1b:16:f9:a8:7a:7d:c5:
                    9f:ce:4f:06:57:64:43:de:b7:77:8e:97:fe:4a:4c:
                    19:c9:3d:6b:b0:d1:b8:b6:47:c7:b9:e5:df:38:c7:
                    44:56:7e:67:c4:f4:8a:ab:d9:20:97:0a:0a:ae:88:
                    ea:95:56:68:ac:2f:30:e3:1f:dc:48:8f:8d:ff:c8:
                    03:1d:3b:3b:29:89:30:b3:9a:53:71:81:60:a7:35:
                    98:ab:bb:02:d9:74:b1:90:ad:d7:2c:b1:c0:40:a2:
                    e8:e6:09:5d:e5:59:a7:4a:3e:c6:fa:b5:8b:a3:ea:
                    ee:f7:52:8a:21:d6:0f:76:17:5e:95:1a:ed:67:06:
                    9a:ad:97:ee:5e:11:8f:ec:b5:63:14:70:0d:ef:5c:
                    12:49:15:ca:17:e7:1d:98:20:03:3d:89:c0:f4:ef:
                    69:04:a1:f8:80:ab:88:33:eb:b7:4a:26:e9:f4:a6:
                    88:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F2:8D:98:02:1D:22:B6:3D:8B:0D:19:50:14:A3:94:1B:79:EF:54
            X509v3 Authority Key Identifier:
                keyid:B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/ovKNmAIdIrY9iw0ZUBSjlBt571Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/syj-JYobm_YUimzg6KcS8YhAkEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.172.128.0-83.172.171.255
                  83.172.180.0-83.172.191.255
                IPv6:
                  2a02:cec0::/30

    Signature Algorithm: sha256WithRSAEncryption
         8c:e1:23:5f:7a:8c:1b:52:7f:e0:cd:5f:35:0f:7a:9c:a3:6b:
         4d:a3:37:0d:2b:2a:30:78:bf:d7:96:3b:6d:48:ca:cd:5d:c6:
         8e:a6:8e:25:86:25:2c:ea:17:a4:45:83:7d:70:94:a7:3c:cd:
         34:ba:3b:cf:a1:56:40:f9:12:b6:af:4f:78:4c:1b:a0:ca:a1:
         a1:50:39:8a:88:71:e9:9d:23:76:48:3b:f2:4c:b0:36:19:34:
         40:2f:d3:eb:34:81:41:6a:26:8d:a0:21:0b:f1:fc:3f:6c:8f:
         3f:11:30:dc:3b:8f:a8:f3:5d:98:8c:c0:8a:e2:37:33:cb:d6:
         59:04:a8:75:d7:c0:16:00:4a:5d:84:78:23:5e:90:f3:9b:50:
         43:08:5d:32:37:08:a6:80:e6:cd:1d:09:38:5c:fe:5e:50:89:
         c0:64:7c:99:a6:85:4f:7f:9d:2c:95:40:00:8d:c0:05:d1:e4:
         5b:d4:4e:60:c7:15:ba:fb:4f:58:90:39:72:9c:8a:0b:13:94:
         2c:15:04:00:eb:1a:62:17:df:6a:e5:26:3d:5b:c5:04:19:c1:
         9a:c7:64:4e:b4:ad:fd:f3:c1:96:02:b5:cb:31:f0:91:af:c2:
         82:13:31:1f:50:b8:76:1d:4e:87:85:b8:af:98:39:57:31:68:
         e4:ae:5f:51
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYxFK9YYuGAhsMF879sq7TWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMjhmZTI1OGExYjliZjYxNDhhNmNlMGU4YTcxMmYxODg0
MDkwNGMwHhcNMjMxMjA3MTY0NTQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmYyOGQ5ODAyMWQyMmI2M2Q4YjBkMTk1MDE0YTM5NDFiNzllZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT/Wa8agdUr/INHFf3wCi7voSJlp
PaEd3ZEma9VtoIoNIc0p45EDQggl07jjyTd15W7Xv5/qfqXQR2v4QmCuFzSIb8uz
9PGutGWnjMpP0xIGRBsW+ah6fcWfzk8GV2RD3rd3jpf+SkwZyT1rsNG4tkfHueXf
OMdEVn5nxPSKq9kglwoKrojqlVZorC8w4x/cSI+N/8gDHTs7KYkws5pTcYFgpzWY
q7sC2XSxkK3XLLHAQKLo5gld5VmnSj7G+rWLo+ru91KKIdYPdhdelRrtZwaarZfu
XhGP7LVjFHAN71wSSRXKF+cdmCADPYnA9O9pBKH4gKuIM+u3Sibp9KaIAQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFKLyjZgCHSK2PYsNGVAUo5Qbee9UMB8GA1UdIwQY
MBaAFLMo/iWKG5v2FIps4OinEvGIQJBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODkt
ZWQ4NGEwMDU4YTlmLzEvb3ZLTm1BSWRJclk5aXcwWlVCU2psQnQ1NzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODktZWQ4NGEwMDU4YTlm
LzEvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAiBAIAATAcMAwDBAdTrIAD
BAJTrKgwDAMEAlOstAMEBlOsgDANBAIAAjAHAwUCKgLOwDANBgkqhkiG9w0BAQsF
AAOCAQEAjOEjX3qMG1J/4M1fNQ96nKNrTaM3DSsqMHi/15Y7bUjKzV3GjqaOJYYl
LOoXpEWDfXCUpzzNNLo7z6FWQPkStq9PeEwboMqhoVA5iohx6Z0jdkg78kywNhk0
QC/T6zSBQWomjaAhC/H8P2yPPxEw3DuPqPNdmIzAiuI3M8vWWQSoddfAFgBKXYR4
I16Q85tQQwhdMjcIpoDmzR0JOFz+XlCJwGR8maaFT3+dLJVAAI3ABdHkW9ROYMcV
uvtPWJA5cpyKCxOULBUEAOsaYhffauUmPVvFBBnBmsdkTrSt/fPBlgK1yzHwka/C
ghMxH1C4dh1Oh4W4r5g5VzFo5K5fUQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:23 2024 by rpki-client on console-fra.rpki-client.org