Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/rzoa4WArAA3CH5E6rlE79pD2Afg.roa
File:                     rzoa4WArAA3CH5E6rlE79pD2Afg.roa (raw, json)
Hash identifier:          wFNg6Y6Rlauv2X/jG0GMsQ6omlzm2kHz2GcqXzCI/mA=
Subject key identifier:   AF:3A:1A:E1:60:2B:00:0D:C2:1F:91:3A:AE:51:3B:F6:90:F6:01:F8
Certificate issuer:       /CN=7f7734dfea120657412ea867ddbc7b84d132bf78
Certificate serial:       0185C3304C6A8DB26B82F668FC185FE11326
Authority key identifier: 7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/rzoa4WArAA3CH5E6rlE79pD2Afg.roa
Signing time:             Wed 18 Jan 2023 04:43:20 +0000
ROA not before:           Wed 18 Jan 2023 04:43:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204843
IP address blocks:        146.19.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c3:30:4c:6a:8d:b2:6b:82:f6:68:fc:18:5f:e1:13:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f7734dfea120657412ea867ddbc7b84d132bf78
        Validity
            Not Before: Jan 18 04:43:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=af3a1ae1602b000dc21f913aae513bf690f601f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:30:af:6f:07:5d:52:10:41:5a:67:90:17:70:
                    0f:0a:dd:08:ae:7b:db:53:1f:00:95:c4:10:05:ea:
                    d8:99:bd:8e:07:55:b8:d7:ee:d8:fc:e1:e7:ca:e1:
                    03:f3:60:bd:ad:c6:8f:0b:cb:92:aa:64:e1:f2:ed:
                    01:63:5c:85:75:4f:e6:b7:17:eb:96:1d:8a:c1:78:
                    7e:bd:6a:e1:66:b6:8b:22:4f:ee:e2:63:45:47:76:
                    0a:d2:a4:47:d7:6e:48:06:24:ac:88:0b:d2:eb:a1:
                    a2:38:85:70:ca:e7:11:6f:53:e7:3e:5a:fa:c6:5c:
                    53:f6:98:76:ff:71:b7:c6:ad:3c:dd:d2:c4:9b:a1:
                    05:ba:cb:b7:7a:49:14:d0:29:c1:e1:00:7c:c7:4c:
                    25:bc:42:c0:22:83:29:24:cb:b2:0d:c1:21:ca:0c:
                    52:ec:c7:60:2e:16:02:90:8a:b2:8f:f0:e6:5f:ad:
                    98:e9:4e:ad:d8:a2:19:68:19:6f:bf:53:db:da:77:
                    4d:c2:7b:d0:6e:d9:a5:20:fc:b0:0d:1f:2d:47:90:
                    94:e3:4d:49:50:b5:01:e4:ab:c4:e9:bf:66:58:73:
                    56:d8:ba:e4:97:40:7f:17:68:e5:56:69:03:38:3d:
                    7b:50:92:6b:82:88:17:59:0e:95:2c:e9:26:c8:c7:
                    ae:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:3A:1A:E1:60:2B:00:0D:C2:1F:91:3A:AE:51:3B:F6:90:F6:01:F8
            X509v3 Authority Key Identifier:
                keyid:7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/rzoa4WArAA3CH5E6rlE79pD2Afg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:0e:5f:48:b7:28:61:17:92:71:06:d1:d3:f6:69:e4:4e:96:
         23:93:8c:da:79:8f:7a:c1:d6:57:0d:f3:5b:3d:56:bd:fc:22:
         8e:cf:76:81:58:c0:9a:c7:ab:07:7f:fa:57:a7:2a:a9:ba:64:
         1d:7a:89:9e:da:5a:af:1b:47:9a:c7:79:cb:82:b7:81:aa:7f:
         42:7b:4d:a1:72:33:e9:f6:f8:c1:8b:3b:6a:c5:b9:a7:ee:b9:
         37:36:e2:af:89:4f:ad:29:4f:be:fe:c7:ec:d8:86:c3:ec:07:
         04:d8:5c:50:ef:7e:22:67:a9:d9:7f:8e:83:5e:72:7e:c3:d9:
         d6:29:a6:f0:0a:3f:58:cb:60:eb:c4:aa:34:44:5f:3d:cc:95:
         69:0a:04:d5:cc:2f:1d:36:d8:42:50:60:98:fc:3e:72:85:f0:
         b1:d3:05:ea:7b:3f:e2:ba:41:0f:4c:e8:4c:0d:bc:64:40:99:
         eb:6a:84:0b:d5:3f:47:22:8b:d9:52:b7:34:01:e2:56:42:78:
         39:5e:b8:94:28:bf:23:c9:2c:83:cb:1f:76:16:88:e6:d4:bd:
         41:f3:51:08:e4:1a:7a:32:1a:0c:08:60:0d:b5:f7:36:37:be:
         15:d1:83:0a:79:ef:5e:5d:78:87:9a:91:ae:d7:71:8a:19:8d:
         13:73:86:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYXDMExqjbJrgvZo/Bhf4RMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNzczNGRmZWExMjA2NTc0MTJlYTg2N2RkYmM3Yjg0ZDEz
MmJmNzgwHhcNMjMwMTE4MDQ0MzIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNhMWFlMTYwMmIwMDBkYzIxZjkxM2FhZTUxM2JmNjkwZjYwMWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DCvbwddUhBBWmeQF3APCt0Irnvb
Ux8AlcQQBerYmb2OB1W41+7Y/OHnyuED82C9rcaPC8uSqmTh8u0BY1yFdU/mtxfr
lh2KwXh+vWrhZraLIk/u4mNFR3YK0qRH125IBiSsiAvS66GiOIVwyucRb1PnPlr6
xlxT9ph2/3G3xq083dLEm6EFusu3ekkU0CnB4QB8x0wlvELAIoMpJMuyDcEhygxS
7MdgLhYCkIqyj/DmX62Y6U6t2KIZaBlvv1Pb2ndNwnvQbtmlIPywDR8tR5CU401J
ULUB5KvE6b9mWHNW2Lrkl0B/F2jlVmkDOD17UJJrgogXWQ6VLOkmyMeujwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK86GuFgKwANwh+ROq5RO/aQ9gH4MB8GA1UdIwQY
MBaAFH93NN/qEgZXQS6oZ928e4TRMr94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYt
MTk2OTMxOTYyZDNjLzEvcnpvYTRXQXJBQTNDSDVFNnJsRTc5cEQyQWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNj
LzEvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhP8MA0G
CSqGSIb3DQEBCwUAA4IBAQAoDl9ItyhhF5JxBtHT9mnkTpYjk4zaeY96wdZXDfNb
PVa9/CKOz3aBWMCax6sHf/pXpyqpumQdeome2lqvG0eax3nLgreBqn9Ce02hcjPp
9vjBiztqxbmn7rk3NuKviU+tKU++/sfs2IbD7AcE2FxQ734iZ6nZf46DXnJ+w9nW
KabwCj9Yy2DrxKo0RF89zJVpCgTVzC8dNthCUGCY/D5yhfCx0wXqez/iukEPTOhM
DbxkQJnraoQL1T9HIovZUrc0AeJWQng5XriUKL8jySyDyx92Fojm1L1B81EI5Bp6
MhoMCGANtfc2N74V0YMKee9eXXiHmpGu13GKGY0Tc4Y1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:29 2024 by rpki-client on console-fra.rpki-client.org