Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/pmBkKronKcz_gQrJ00k4Njxj5TA.roa
File:                     pmBkKronKcz_gQrJ00k4Njxj5TA.roa (raw, json)
Hash identifier:          r6P9TzJ33kRN4zlwrMvVnz6ko/xRuq8h0rp3jQ5X6Cw=
Subject key identifier:   A6:60:64:2A:BA:27:29:CC:FF:81:0A:C9:D3:49:38:36:3C:63:E5:30
Certificate issuer:       /CN=7f7734dfea120657412ea867ddbc7b84d132bf78
Certificate serial:       01897612BED9B34815B7BEFA9A2E3091F744
Authority key identifier: 7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/pmBkKronKcz_gQrJ00k4Njxj5TA.roa
Signing time:             Fri 21 Jul 2023 01:31:27 +0000
ROA not before:           Fri 21 Jul 2023 01:31:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        146.19.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:76:12:be:d9:b3:48:15:b7:be:fa:9a:2e:30:91:f7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f7734dfea120657412ea867ddbc7b84d132bf78
        Validity
            Not Before: Jul 21 01:31:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a660642aba2729ccff810ac9d34938363c63e530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:16:97:e0:da:76:89:ce:e5:96:5e:12:ff:2b:
                    5e:48:65:34:de:69:43:dd:d3:dc:b1:e5:cf:aa:53:
                    ac:d0:94:b9:3b:bf:04:79:b0:d4:18:de:c7:6b:65:
                    95:7b:82:88:1c:95:0c:42:66:5a:d1:a0:5f:57:e0:
                    73:b4:60:96:40:7b:6b:a8:d8:2a:67:5e:8b:24:7d:
                    ff:59:35:25:bb:aa:ad:26:f6:0f:4d:25:50:24:e8:
                    4d:90:f4:29:56:f3:7b:a9:51:6d:9b:61:76:27:d4:
                    c3:28:83:8d:56:a0:b0:4f:b9:52:b7:7b:79:66:d7:
                    38:05:79:22:16:ed:cb:fe:97:21:ea:2d:1d:f7:80:
                    7a:66:78:18:1c:4b:16:71:0a:28:23:97:4b:8e:9b:
                    e0:25:e8:ea:d0:87:56:be:8d:17:67:cf:ed:c6:53:
                    44:d4:f0:7b:18:e7:c2:21:4f:50:96:39:ac:7a:9d:
                    36:b3:18:32:a9:87:60:80:5b:5d:2c:89:96:79:bd:
                    17:b3:54:33:60:5b:27:55:e3:4d:0e:d5:9f:01:dc:
                    9e:06:5c:33:86:0b:0b:27:b0:1e:86:62:32:3f:fc:
                    80:89:70:d5:09:ca:ec:45:dc:0e:ae:9f:f5:25:6b:
                    eb:ce:63:e2:65:c8:ba:d9:74:d7:39:d1:04:9c:a9:
                    80:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:60:64:2A:BA:27:29:CC:FF:81:0A:C9:D3:49:38:36:3C:63:E5:30
            X509v3 Authority Key Identifier:
                keyid:7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/pmBkKronKcz_gQrJ00k4Njxj5TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:3c:1e:fe:55:e4:ec:2b:81:7e:06:f8:d9:86:78:b4:ea:bc:
         c6:7b:d3:54:fb:ac:de:3d:5d:b3:32:cd:8a:77:d2:6e:93:80:
         c7:32:b2:90:75:54:87:9c:e3:2e:d4:f4:2d:12:ea:e1:4e:8d:
         d1:9e:fc:57:f1:bf:b0:ac:cb:9b:b7:3c:b6:86:14:29:d3:56:
         51:fa:a3:c3:b5:b7:43:83:62:04:d1:06:a0:95:ec:7c:65:14:
         53:99:87:d2:df:26:0f:01:a2:3d:c2:c0:30:c8:2a:11:9b:7b:
         c2:32:5d:2e:8b:3e:e6:b6:93:39:43:70:c4:91:a1:8a:41:85:
         c5:fc:90:b7:c6:41:06:02:c5:aa:43:35:e1:5a:21:fa:83:cb:
         47:60:34:92:69:9f:94:4a:6a:5c:e9:8e:ed:ac:eb:4c:45:15:
         70:f4:98:d5:6a:c5:ad:59:18:2a:0f:70:ae:bc:4b:24:72:00:
         02:f8:79:47:5f:8a:db:6a:4c:ea:fb:b3:16:93:5c:aa:70:6f:
         27:43:4e:b0:1c:4c:0f:61:5a:37:59:db:22:35:62:9f:84:94:
         5b:19:71:de:fa:f9:b3:53:46:cd:d2:d9:a2:1b:4e:f9:fd:d5:
         ac:f8:1f:ee:06:24:b6:4b:e0:c2:21:50:be:d9:f0:50:38:16:
         e9:99:ea:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYl2Er7Zs0gVt776mi4wkfdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNzczNGRmZWExMjA2NTc0MTJlYTg2N2RkYmM3Yjg0ZDEz
MmJmNzgwHhcNMjMwNzIxMDEzMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjYwNjQyYWJhMjcyOWNjZmY4MTBhYzlkMzQ5MzgzNjNjNjNlNTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRaX4Np2ic7lll4S/yteSGU03mlD
3dPcseXPqlOs0JS5O78EebDUGN7Ha2WVe4KIHJUMQmZa0aBfV+BztGCWQHtrqNgq
Z16LJH3/WTUlu6qtJvYPTSVQJOhNkPQpVvN7qVFtm2F2J9TDKIONVqCwT7lSt3t5
Ztc4BXkiFu3L/pch6i0d94B6ZngYHEsWcQooI5dLjpvgJejq0IdWvo0XZ8/txlNE
1PB7GOfCIU9Qljmsep02sxgyqYdggFtdLImWeb0Xs1QzYFsnVeNNDtWfAdyeBlwz
hgsLJ7AehmIyP/yAiXDVCcrsRdwOrp/1JWvrzmPiZci62XTXOdEEnKmAmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZgZCq6JynM/4EKydNJODY8Y+UwMB8GA1UdIwQY
MBaAFH93NN/qEgZXQS6oZ928e4TRMr94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYt
MTk2OTMxOTYyZDNjLzEvcG1Ca0tyb25LY3pfZ1FySjAwazROanhqNVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNj
LzEvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhP8MA0G
CSqGSIb3DQEBCwUAA4IBAQCpPB7+VeTsK4F+BvjZhni06rzGe9NU+6zePV2zMs2K
d9Juk4DHMrKQdVSHnOMu1PQtEurhTo3RnvxX8b+wrMubtzy2hhQp01ZR+qPDtbdD
g2IE0Qaglex8ZRRTmYfS3yYPAaI9wsAwyCoRm3vCMl0uiz7mtpM5Q3DEkaGKQYXF
/JC3xkEGAsWqQzXhWiH6g8tHYDSSaZ+USmpc6Y7trOtMRRVw9JjVasWtWRgqD3Cu
vEskcgAC+HlHX4rbakzq+7MWk1yqcG8nQ06wHEwPYVo3WdsiNWKfhJRbGXHe+vmz
U0bN0tmiG075/dWs+B/uBiS2S+DCIVC+2fBQOBbpmeq2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:29 2024 by rpki-client on console-fra.rpki-client.org