Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/IHs8gN51gQYQXHmOKnPhe82ZRHs.roa
File:                     IHs8gN51gQYQXHmOKnPhe82ZRHs.roa (raw, json)
Hash identifier:          z826LKa1QNtKcKH3C8Go4AuWb2Wo2dNKFjpA+R0OLkI=
Subject key identifier:   20:7B:3C:80:DE:75:81:06:10:5C:79:8E:2A:73:E1:7B:CD:99:44:7B
Certificate issuer:       /CN=7f7734dfea120657412ea867ddbc7b84d132bf78
Certificate serial:       0187505FFD90FD243B19E746F9FE6F43FAFB
Authority key identifier: 7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/IHs8gN51gQYQXHmOKnPhe82ZRHs.roa
Signing time:             Wed 05 Apr 2023 07:44:40 +0000
ROA not before:           Wed 05 Apr 2023 07:44:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204843
IP address blocks:        146.19.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:50:5f:fd:90:fd:24:3b:19:e7:46:f9:fe:6f:43:fa:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f7734dfea120657412ea867ddbc7b84d132bf78
        Validity
            Not Before: Apr  5 07:44:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=207b3c80de758106105c798e2a73e17bcd99447b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:41:bb:63:b3:25:75:d1:02:41:fd:aa:a6:f0:
                    78:76:18:5f:7e:3e:ee:45:d0:d7:df:b8:47:fa:ac:
                    d0:d4:7b:80:9a:77:44:f7:bb:2b:9b:09:58:75:4b:
                    50:a6:08:7b:9d:d0:a5:68:8b:a1:16:4a:6b:55:bf:
                    d5:5e:c9:5b:89:2d:8a:95:2a:d2:42:29:26:51:51:
                    15:32:76:dd:d3:bd:07:ec:88:50:b1:9a:c6:e9:17:
                    99:4b:60:4b:ef:8a:25:55:ac:91:69:64:24:e2:d3:
                    a9:19:80:ff:8d:c8:0a:fb:de:3f:d7:de:bf:85:cc:
                    cd:76:c7:9c:90:17:e1:f1:e3:be:21:c0:93:da:fd:
                    ea:72:27:d5:a5:1f:bf:ea:9b:2e:23:95:45:ac:79:
                    a8:e1:f5:c4:8c:e4:5a:9b:3f:b8:f4:d7:c8:a9:08:
                    d3:4b:4b:bd:68:6a:25:ee:12:eb:a4:a8:31:01:a1:
                    3e:5e:15:3d:b0:93:4d:82:e5:ea:83:45:70:37:37:
                    97:5c:db:9c:df:63:31:1f:81:6c:eb:d9:d9:14:ec:
                    69:25:fa:cb:ca:38:a5:9d:06:dc:0a:2e:62:0f:d3:
                    0f:b5:41:20:d9:bc:e2:e8:d0:da:0b:b3:e2:54:03:
                    49:b9:41:5f:9b:7c:cd:01:48:c6:bb:8a:26:36:2f:
                    f9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:7B:3C:80:DE:75:81:06:10:5C:79:8E:2A:73:E1:7B:CD:99:44:7B
            X509v3 Authority Key Identifier:
                keyid:7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/IHs8gN51gQYQXHmOKnPhe82ZRHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:d0:ce:0a:9e:90:0c:2a:2f:49:c9:09:db:89:4b:36:36:8a:
         4e:64:c6:e7:31:05:70:f9:82:f3:fa:5a:c6:74:46:d8:f7:5c:
         7a:bb:f0:9e:f0:74:9d:4c:81:0d:a8:c7:d1:ff:c4:a2:f6:ad:
         ad:36:03:c6:51:d8:c9:09:16:14:cd:24:57:57:ee:f9:9c:d2:
         17:e1:1d:28:31:15:ce:88:c1:ae:0e:25:db:a3:53:91:f5:9a:
         3d:9a:0d:9f:2b:f6:36:50:b3:79:80:6e:91:73:07:27:69:f7:
         f9:93:36:32:3d:c8:99:2a:a7:3b:d8:3a:a8:81:a7:d3:2f:82:
         89:cd:9a:01:4f:57:f7:c3:fe:92:da:96:20:85:ca:98:6a:48:
         85:1e:56:d5:8b:1a:08:fb:00:a9:ae:a9:fa:2d:14:a0:e3:e8:
         50:10:97:8f:12:40:c2:8b:d0:51:b0:f2:3d:79:90:6f:9d:ac:
         fd:5c:a0:46:d5:76:04:9c:1d:22:4f:34:97:9c:f7:22:6b:f2:
         9a:c2:5f:3f:24:fb:3f:da:42:70:be:4e:1f:bb:1e:f6:cc:a2:
         26:0c:25:68:ce:18:b9:e2:96:53:6b:0a:8f:e0:dd:33:fb:03:
         ba:5a:5b:1b:41:73:4b:a3:3c:8c:8a:56:ec:48:b1:fd:b8:e3:
         b8:24:68:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdQX/2Q/SQ7GedG+f5vQ/r7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNzczNGRmZWExMjA2NTc0MTJlYTg2N2RkYmM3Yjg0ZDEz
MmJmNzgwHhcNMjMwNDA1MDc0NDQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDdiM2M4MGRlNzU4MTA2MTA1Yzc5OGUyYTczZTE3YmNkOTk0NDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkG7Y7MlddECQf2qpvB4dhhffj7u
RdDX37hH+qzQ1HuAmndE97srmwlYdUtQpgh7ndClaIuhFkprVb/VXslbiS2KlSrS
QikmUVEVMnbd070H7IhQsZrG6ReZS2BL74olVayRaWQk4tOpGYD/jcgK+94/196/
hczNdseckBfh8eO+IcCT2v3qcifVpR+/6psuI5VFrHmo4fXEjORamz+49NfIqQjT
S0u9aGol7hLrpKgxAaE+XhU9sJNNguXqg0VwNzeXXNuc32MxH4Fs69nZFOxpJfrL
yjilnQbcCi5iD9MPtUEg2bzi6NDaC7PiVANJuUFfm3zNAUjGu4omNi/5BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCB7PIDedYEGEFx5jipz4XvNmUR7MB8GA1UdIwQY
MBaAFH93NN/qEgZXQS6oZ928e4TRMr94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYt
MTk2OTMxOTYyZDNjLzEvSUhzOGdONTFnUVlRWEhtT0tuUGhlODJaUkhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNj
LzEvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhP8MA0G
CSqGSIb3DQEBCwUAA4IBAQAR0M4KnpAMKi9JyQnbiUs2NopOZMbnMQVw+YLz+lrG
dEbY91x6u/Ce8HSdTIENqMfR/8Si9q2tNgPGUdjJCRYUzSRXV+75nNIX4R0oMRXO
iMGuDiXbo1OR9Zo9mg2fK/Y2ULN5gG6Rcwcnaff5kzYyPciZKqc72DqogafTL4KJ
zZoBT1f3w/6S2pYghcqYakiFHlbVixoI+wCprqn6LRSg4+hQEJePEkDCi9BRsPI9
eZBvnaz9XKBG1XYEnB0iTzSXnPcia/Kawl8/JPs/2kJwvk4fux72zKImDCVozhi5
4pZTawqP4N0z+wO6WlsbQXNLozyMilbsSLH9uOO4JGjN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:29 2024 by rpki-client on console-fra.rpki-client.org