Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/2Mz_cnqfgJ0ep66S2TUnOjst1p0.roa
File:                     2Mz_cnqfgJ0ep66S2TUnOjst1p0.roa (raw, json)
Hash identifier:          HD1ecmzhpnVBCgeBHbp1IXeUGc2da4M/Qy9DpuDri1w=
Subject key identifier:   D8:CC:FF:72:7A:9F:80:9D:1E:A7:AE:92:D9:35:27:3A:3B:2D:D6:9D
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018B053782D5DDFFDD836297ABFAEEF59E64
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/2Mz_cnqfgJ0ep66S2TUnOjst1p0.roa
Signing time:             Fri 06 Oct 2023 13:40:05 +0000
ROA not before:           Fri 06 Oct 2023 13:40:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34665
IP address blocks:        5.183.129.0/24 maxlen: 24
                          194.32.239.0/24 maxlen: 24
                          194.32.238.0/24 maxlen: 24
                          45.14.222.0/24 maxlen: 24
                          91.188.212.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:05:37:82:d5:dd:ff:dd:83:62:97:ab:fa:ee:f5:9e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Oct  6 13:40:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d8ccff727a9f809d1ea7ae92d935273a3b2dd69d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:83:5f:27:3a:09:c9:4d:d1:e4:6f:75:77:53:
                    05:ec:22:a8:a9:0c:e3:7c:ef:79:99:10:4e:9e:b6:
                    7d:81:c4:5f:a3:f0:38:35:0a:21:23:06:7f:be:4e:
                    6a:f0:a9:25:ca:6a:eb:91:41:aa:25:24:6b:af:d0:
                    83:ee:d7:98:52:88:cc:42:86:1e:bb:c5:8a:2f:e5:
                    13:a1:1f:c2:07:07:59:38:2a:46:c8:19:74:22:ba:
                    b3:3a:00:f3:10:15:a7:e8:d4:96:03:be:8e:ac:f1:
                    30:16:77:a5:f7:b0:0b:e8:26:a7:d1:30:e3:ff:c8:
                    67:07:4e:97:8e:40:02:58:62:f2:85:7d:69:11:81:
                    b8:4a:ee:79:c3:f0:d0:eb:40:62:59:01:26:32:8d:
                    b4:3b:99:cc:b0:0f:f4:e1:58:5a:42:8f:bc:b9:e2:
                    4c:8f:73:ef:54:9e:27:56:9c:32:fc:c3:d3:9d:2c:
                    2a:5f:cc:7b:1f:14:3a:a2:be:86:fb:6c:ab:3f:09:
                    29:4b:76:0f:e9:c7:89:f4:e9:ee:51:14:c5:19:57:
                    02:42:0a:11:13:77:d9:ce:c1:ee:1f:5e:fe:b0:5e:
                    c3:29:39:f9:7b:df:1b:f4:44:72:4d:14:fc:a8:bf:
                    55:37:91:32:a3:dd:67:5c:07:77:dd:41:d7:a3:46:
                    43:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:CC:FF:72:7A:9F:80:9D:1E:A7:AE:92:D9:35:27:3A:3B:2D:D6:9D
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/2Mz_cnqfgJ0ep66S2TUnOjst1p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.129.0/24
                  45.14.222.0/24
                  91.188.212.0/22
                  194.32.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:c1:8a:ef:50:9b:a7:30:0f:d6:4d:05:48:ed:e8:01:e8:5c:
         e0:41:ce:d0:9b:8a:18:97:b0:9c:ac:ed:bd:45:a0:fc:da:6e:
         1b:61:90:24:12:db:5d:20:d1:79:d6:79:08:12:e1:af:c4:7c:
         a2:0c:6a:27:36:dc:0a:f5:1d:a5:7d:cb:7c:6b:54:7d:cb:2b:
         e0:82:a0:95:db:1b:10:88:c3:06:cb:ed:1f:88:18:52:f6:ff:
         88:ad:2c:66:4c:2f:1f:b2:e3:82:60:44:f9:ad:ac:84:02:f0:
         71:bb:dc:97:a8:75:80:14:4b:c9:37:c3:0a:07:c8:a0:94:1d:
         af:f3:24:e6:af:8d:b7:58:b6:34:f4:ef:7a:bc:4e:19:c1:4c:
         c3:cd:dd:f1:68:14:3a:10:0a:c1:c8:d3:cf:53:ec:cb:4c:56:
         2e:27:46:67:b8:09:f4:52:4b:5a:37:96:f5:4f:46:a5:2b:e5:
         fb:a5:0d:67:a2:33:60:19:a2:8e:f3:f5:a2:fc:12:9a:d7:44:
         dd:d5:e0:bd:12:5e:a4:73:94:7b:0b:bc:42:b1:70:3b:ee:19:
         0d:50:4f:e9:71:15:c4:c4:ec:1b:55:d7:26:2e:df:2a:9f:4a:
         db:71:fc:5d:0a:8c:dd:10:6e:d2:8d:98:33:c9:23:ba:c2:f5:
         25:b4:b3:5e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYsFN4LV3f/dg2KXq/ru9Z5kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMxMDA2MTM0MDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGNjZmY3MjdhOWY4MDlkMWVhN2FlOTJkOTM1MjczYTNiMmRkNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloNfJzoJyU3R5G91d1MF7CKoqQzj
fO95mRBOnrZ9gcRfo/A4NQohIwZ/vk5q8KklymrrkUGqJSRrr9CD7teYUojMQoYe
u8WKL+UToR/CBwdZOCpGyBl0IrqzOgDzEBWn6NSWA76OrPEwFnel97AL6Can0TDj
/8hnB06XjkACWGLyhX1pEYG4Su55w/DQ60BiWQEmMo20O5nMsA/04VhaQo+8ueJM
j3PvVJ4nVpwy/MPTnSwqX8x7HxQ6or6G+2yrPwkpS3YP6ceJ9OnuURTFGVcCQgoR
E3fZzsHuH17+sF7DKTn5e98b9ERyTRT8qL9VN5Eyo91nXAd33UHXo0ZDRwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNjM/3J6n4CdHqeuktk1Jzo7LdadMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvMk16X2NucWZnSjBlcDY2UzJUVW5PanN0MXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQABbeBAwQA
LQ7eAwQCW7zUAwQBwiDuMA0GCSqGSIb3DQEBCwUAA4IBAQA6wYrvUJunMA/WTQVI
7egB6FzgQc7Qm4oYl7CcrO29RaD82m4bYZAkEttdINF51nkIEuGvxHyiDGonNtwK
9R2lfct8a1R9yyvggqCV2xsQiMMGy+0fiBhS9v+IrSxmTC8fsuOCYET5rayEAvBx
u9yXqHWAFEvJN8MKB8iglB2v8yTmr423WLY09O96vE4ZwUzDzd3xaBQ6EArByNPP
U+zLTFYuJ0ZnuAn0UktaN5b1T0alK+X7pQ1nojNgGaKO8/Wi/BKa10Td1eC9El6k
c5R7C7xCsXA77hkNUE/pcRXExOwbVdcmLt8qn0rbcfxdCozdEG7SjZgzySO6wvUl
tLNe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org