Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/HZiwv3WdwPbWsZ_M95PaQ-Q2BXY.roa
File:                     HZiwv3WdwPbWsZ_M95PaQ-Q2BXY.roa (raw, json)
Hash identifier:          614WDDfTIpprkor82u/Ve3/4M5KPUZ/XhkTkytSY64Q=
Subject key identifier:   1D:98:B0:BF:75:9D:C0:F6:D6:B1:9F:CC:F7:93:DA:43:E4:36:05:76
Certificate issuer:       /CN=7f7734dfea120657412ea867ddbc7b84d132bf78
Certificate serial:       0188D33E70A72CF161B2F42B4F87C2356815
Authority key identifier: 7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/HZiwv3WdwPbWsZ_M95PaQ-Q2BXY.roa
Signing time:             Mon 19 Jun 2023 10:41:04 +0000
ROA not before:           Mon 19 Jun 2023 10:41:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        146.19.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d3:3e:70:a7:2c:f1:61:b2:f4:2b:4f:87:c2:35:68:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f7734dfea120657412ea867ddbc7b84d132bf78
        Validity
            Not Before: Jun 19 10:41:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d98b0bf759dc0f6d6b19fccf793da43e4360576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6a:66:73:8c:b4:84:05:4b:b7:fe:a2:49:ba:
                    63:d4:57:46:88:bc:63:b8:ad:d9:d7:5c:15:66:b7:
                    40:4c:bc:6c:47:e7:6b:48:c8:7f:05:5c:59:11:2c:
                    49:46:08:6a:fa:b9:19:f2:72:f5:bf:0d:04:39:04:
                    4d:45:07:83:1c:a7:a7:f0:6a:85:e0:ec:bd:ac:8d:
                    7b:29:8e:68:02:6b:d1:90:4b:41:02:9b:0f:5c:e8:
                    de:e2:0d:2b:fe:54:fd:d8:24:b0:14:bb:b7:95:c8:
                    8e:b2:9a:57:64:33:c3:d9:a1:50:73:5c:b9:b1:59:
                    5a:67:81:ce:78:0b:3f:a0:45:27:fb:20:76:be:d0:
                    70:b7:da:e1:5a:4d:fa:75:5f:2e:e2:76:e1:0a:8a:
                    0f:ba:8c:7e:81:8e:19:50:1d:41:91:54:bc:74:cf:
                    dc:26:28:dc:fd:c4:3b:3f:f3:6e:44:f3:45:b2:be:
                    dd:62:04:10:8e:f7:f1:86:ac:79:8f:a9:9f:a4:d3:
                    ca:22:b9:d3:89:75:e9:66:7b:80:73:98:3c:58:e5:
                    35:8f:35:82:22:8c:21:70:b5:06:d6:0a:4a:87:61:
                    a1:94:6d:6d:b3:0f:0e:2d:a7:1d:bb:63:e9:7d:b2:
                    d4:0a:f2:39:a2:24:d4:62:a8:c7:32:9a:49:fb:30:
                    96:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:98:B0:BF:75:9D:C0:F6:D6:B1:9F:CC:F7:93:DA:43:E4:36:05:76
            X509v3 Authority Key Identifier:
                keyid:7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/HZiwv3WdwPbWsZ_M95PaQ-Q2BXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:36:3c:0b:71:a4:ec:5c:93:3a:af:81:4f:db:a5:85:dc:83:
         b4:b0:93:4c:a7:fa:25:6c:9a:d7:06:97:63:d2:5b:60:e3:52:
         ba:71:1b:d8:78:aa:e7:3e:79:3b:55:83:f3:20:33:f5:52:e6:
         2a:4a:ae:5c:2d:6d:32:a3:da:f7:77:79:ff:46:69:6d:0c:99:
         94:58:4b:97:71:27:e2:d6:aa:b9:2a:16:72:04:f4:1f:2e:01:
         aa:4c:1c:f3:42:26:92:e6:11:c4:12:27:9f:31:31:f4:bc:82:
         4f:6f:8b:ce:49:21:fc:0e:9b:05:44:aa:8d:b1:19:b6:83:e7:
         77:de:cf:8e:e7:a8:31:77:69:81:df:c0:2a:d4:dc:8f:6d:87:
         81:f8:6c:10:8b:30:dc:02:ce:db:d9:1f:ad:12:f7:6e:ef:3c:
         f8:07:28:85:71:64:62:ae:25:a1:b1:83:68:b2:44:9f:38:0b:
         08:82:6f:bb:29:c9:58:2a:0b:08:a7:7e:73:be:28:07:4d:34:
         cb:d6:79:66:d0:cb:35:91:d8:42:9a:2f:9f:18:a7:c6:a2:cd:
         3d:1d:67:0c:2c:85:d1:d4:1d:14:04:fa:0d:00:d2:a1:bc:d3:
         8c:ab:d7:c9:33:2f:f0:b9:05:c0:b2:0c:a1:15:1d:32:27:b5:
         ed:38:0f:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYjTPnCnLPFhsvQrT4fCNWgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNzczNGRmZWExMjA2NTc0MTJlYTg2N2RkYmM3Yjg0ZDEz
MmJmNzgwHhcNMjMwNjE5MTA0MTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk4YjBiZjc1OWRjMGY2ZDZiMTlmY2NmNzkzZGE0M2U0MzYwNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWpmc4y0hAVLt/6iSbpj1FdGiLxj
uK3Z11wVZrdATLxsR+drSMh/BVxZESxJRghq+rkZ8nL1vw0EOQRNRQeDHKen8GqF
4Oy9rI17KY5oAmvRkEtBApsPXOje4g0r/lT92CSwFLu3lciOsppXZDPD2aFQc1y5
sVlaZ4HOeAs/oEUn+yB2vtBwt9rhWk36dV8u4nbhCooPuox+gY4ZUB1BkVS8dM/c
Jijc/cQ7P/NuRPNFsr7dYgQQjvfxhqx5j6mfpNPKIrnTiXXpZnuAc5g8WOU1jzWC
IowhcLUG1gpKh2GhlG1tsw8OLacdu2PpfbLUCvI5oiTUYqjHMppJ+zCWNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2YsL91ncD21rGfzPeT2kPkNgV2MB8GA1UdIwQY
MBaAFH93NN/qEgZXQS6oZ928e4TRMr94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYt
MTk2OTMxOTYyZDNjLzEvSFppd3YzV2R3UGJXc1pfTTk1UGFRLVEyQlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNj
LzEvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhP8MA0G
CSqGSIb3DQEBCwUAA4IBAQBHNjwLcaTsXJM6r4FP26WF3IO0sJNMp/olbJrXBpdj
0ltg41K6cRvYeKrnPnk7VYPzIDP1UuYqSq5cLW0yo9r3d3n/RmltDJmUWEuXcSfi
1qq5KhZyBPQfLgGqTBzzQiaS5hHEEiefMTH0vIJPb4vOSSH8DpsFRKqNsRm2g+d3
3s+O56gxd2mB38Aq1NyPbYeB+GwQizDcAs7b2R+tEvdu7zz4ByiFcWRiriWhsYNo
skSfOAsIgm+7KclYKgsIp35zvigHTTTL1nlm0Ms1kdhCmi+fGKfGos09HWcMLIXR
1B0UBPoNANKhvNOMq9fJMy/wuQXAsgyhFR0yJ7XtOA8G
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:59 2024 by rpki-client on console-ams.rpki-client.org