Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/_rwQyT39nicin718fKX5Y-MJXnY.roa
File:                     _rwQyT39nicin718fKX5Y-MJXnY.roa (raw, json)
Hash identifier:          tHKvrTR9IQm3+bglqXs/NIoeiGfI8ge5v/OE3iqKra0=
Subject key identifier:   FE:BC:10:C9:3D:FD:9E:27:22:9F:BD:7C:7C:A5:F9:63:E3:09:5E:76
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018CC86FBDCF93098FC20BF4A8193A70576B
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/_rwQyT39nicin718fKX5Y-MJXnY.roa
Signing time:             Tue 02 Jan 2024 04:30:15 +0000
ROA not before:           Tue 02 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        5.183.129.0/24 maxlen: 24
                          194.32.239.0/24 maxlen: 24
                          194.32.238.0/24 maxlen: 24
                          45.14.222.0/24 maxlen: 24
                          91.188.212.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:bd:cf:93:09:8f:c2:0b:f4:a8:19:3a:70:57:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=febc10c93dfd9e27229fbd7c7ca5f963e3095e76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:40:57:74:92:27:c5:b1:7c:bd:45:7b:1c:62:
                    cb:1b:10:b1:dc:de:84:8c:a4:f1:7c:30:59:9b:3b:
                    7b:5e:8a:a2:9b:34:cc:1d:35:1b:54:a5:0e:7c:9e:
                    bc:96:29:21:79:aa:60:5b:b8:b9:e9:4b:6b:bf:eb:
                    ca:d4:f3:7f:2e:88:35:76:30:8e:ea:1e:64:6b:e6:
                    c1:4a:ce:8b:55:a3:c6:7c:2d:ba:94:0f:e0:b1:e1:
                    d0:b2:7f:2c:a8:47:db:18:a2:fb:00:b4:aa:30:21:
                    22:f8:fe:9f:28:71:b8:a5:e9:b7:c1:b0:ab:cf:6e:
                    a7:cd:3a:09:0b:65:0c:2c:89:ad:0e:c4:c5:82:94:
                    00:5b:bf:65:e1:52:54:45:20:b3:7d:c9:6c:88:e9:
                    98:c2:37:06:44:d2:f4:f0:b6:e1:24:6d:07:91:eb:
                    8b:ec:a0:67:44:79:11:dd:6a:4b:97:0e:f8:1b:5b:
                    dd:9b:1d:fc:29:12:18:1b:0b:bb:55:37:06:10:00:
                    58:8c:28:c7:2e:25:4b:d7:76:b8:3a:25:a8:e3:d1:
                    b5:5c:bf:01:ca:06:61:4f:c8:72:f2:f7:d6:b0:ee:
                    8b:93:b5:19:b4:75:19:36:21:84:6e:ad:72:02:c6:
                    00:f5:99:92:c7:4e:14:9f:df:40:7f:de:87:a9:79:
                    53:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:BC:10:C9:3D:FD:9E:27:22:9F:BD:7C:7C:A5:F9:63:E3:09:5E:76
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/_rwQyT39nicin718fKX5Y-MJXnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.129.0/24
                  45.14.222.0/24
                  91.188.212.0/22
                  194.32.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:f5:02:a6:b2:5b:80:a5:b8:e2:29:7c:98:d4:94:a2:38:46:
         bd:ba:5f:75:2c:7e:e9:a5:0a:81:33:a5:4b:9a:fd:0a:ce:c4:
         a4:ac:68:f2:86:d4:67:c9:51:8a:7d:b7:6d:af:c6:78:8b:ee:
         fc:d0:9e:cc:5d:e7:f0:32:22:ff:66:c7:28:63:3d:ca:2c:56:
         84:48:17:cc:77:b0:3f:27:9a:24:1a:e5:8d:9b:cc:54:a7:d8:
         00:9b:bc:94:da:a4:44:59:b4:f1:7b:19:ad:03:c8:ae:a0:67:
         a8:32:db:3d:25:35:12:6f:56:0d:b1:43:1d:3a:ca:ce:de:5c:
         5b:20:be:74:da:bb:d3:65:ce:86:b2:96:c6:c3:73:83:9b:99:
         4c:bd:6b:53:36:00:f8:97:58:a2:f1:f8:ca:2e:4b:0c:d2:ad:
         26:b6:d9:d1:e8:27:b7:d6:f5:fc:a8:ac:ac:79:8f:f8:af:94:
         5e:a2:27:f3:b7:2d:8a:ed:16:be:ad:24:87:09:27:e6:d6:b0:
         60:3d:95:6e:cb:e5:05:4e:c9:d1:40:4b:2d:07:df:54:4d:05:
         10:68:50:72:eb:37:18:9c:7f:b8:0c:0d:10:ec:0f:fc:77:8b:
         4d:3c:0b:84:9b:bc:db:ca:e2:3f:95:87:71:8b:37:7f:83:e4:
         ff:3d:f9:71
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzIb73PkwmPwgv0qBk6cFdrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMTAyMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWJjMTBjOTNkZmQ5ZTI3MjI5ZmJkN2M3Y2E1Zjk2M2UzMDk1ZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEBXdJInxbF8vUV7HGLLGxCx3N6E
jKTxfDBZmzt7XoqimzTMHTUbVKUOfJ68likheapgW7i56Utrv+vK1PN/Log1djCO
6h5ka+bBSs6LVaPGfC26lA/gseHQsn8sqEfbGKL7ALSqMCEi+P6fKHG4pem3wbCr
z26nzToJC2UMLImtDsTFgpQAW79l4VJURSCzfclsiOmYwjcGRNL08LbhJG0HkeuL
7KBnRHkR3WpLlw74G1vdmx38KRIYGwu7VTcGEABYjCjHLiVL13a4OiWo49G1XL8B
ygZhT8hy8vfWsO6Lk7UZtHUZNiGEbq1yAsYA9ZmSx04Un99Af96HqXlTRQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFP68EMk9/Z4nIp+9fHyl+WPjCV52MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvX3J3UXlUMzluaWNpbjcxOGZLWDVZLU1KWG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQABbeBAwQA
LQ7eAwQCW7zUAwQBwiDuMA0GCSqGSIb3DQEBCwUAA4IBAQBz9QKmsluApbjiKXyY
1JSiOEa9ul91LH7ppQqBM6VLmv0KzsSkrGjyhtRnyVGKfbdtr8Z4i+780J7MXefw
MiL/ZscoYz3KLFaESBfMd7A/J5okGuWNm8xUp9gAm7yU2qREWbTxexmtA8iuoGeo
Mts9JTUSb1YNsUMdOsrO3lxbIL502rvTZc6GspbGw3ODm5lMvWtTNgD4l1ii8fjK
LksM0q0mttnR6Ce31vX8qKyseY/4r5Reoifzty2K7Ra+rSSHCSfm1rBgPZVuy+UF
TsnRQEstB99UTQUQaFBy6zcYnH+4DA0Q7A/8d4tNPAuEm7zbyuI/lYdxizd/g+T/
Pflx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org