Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gWFtk6QK0apbrkjDnvXfOaohu-k.roa
File:                     gWFtk6QK0apbrkjDnvXfOaohu-k.roa (raw, json)
Hash identifier:          2iHeofCU3TWtRJ5V3Jets/FfynNINSUUpcHjiR7GVJA=
Subject key identifier:   81:61:6D:93:A4:0A:D1:AA:5B:AE:48:C3:9E:F5:DF:39:AA:21:BB:E9
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01856F1DB89439E4E9C96483BF86E82B72CF
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gWFtk6QK0apbrkjDnvXfOaohu-k.roa
Signing time:             Sun 01 Jan 2023 20:54:56 +0000
ROA not before:           Sun 01 Jan 2023 20:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14576
IP address blocks:        94.231.218.0/24 maxlen: 24
                          94.231.217.0/24 maxlen: 24
                          94.231.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:b8:94:39:e4:e9:c9:64:83:bf:86:e8:2b:72:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 20:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=81616d93a40ad1aa5bae48c39ef5df39aa21bbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:88:9a:3c:3a:96:bc:3a:dd:b5:f1:3e:00:c9:
                    32:d7:45:56:d4:2c:9c:3f:72:78:06:a3:21:22:3c:
                    67:0e:ef:ad:cc:0e:d1:ba:68:65:6b:76:e3:32:ec:
                    69:a2:0f:c6:a1:07:59:ec:fb:b7:2f:a7:3c:e0:3d:
                    48:76:05:45:9b:be:85:50:fd:80:0b:7b:7f:e7:65:
                    a2:be:9f:e4:26:8e:20:bf:09:7c:1f:38:29:bf:2a:
                    a2:e0:87:de:3f:51:30:fa:4f:20:54:43:02:df:fa:
                    f4:3e:84:40:f8:51:e6:ad:ba:c7:44:70:c8:4e:f0:
                    a8:39:03:1a:be:6b:f8:72:97:e7:f4:22:b3:49:8c:
                    5c:d1:af:e2:e9:78:51:7d:63:03:3e:17:a8:9a:19:
                    02:92:94:41:43:2f:db:27:4b:b9:01:50:98:29:1d:
                    c2:71:4d:d4:a6:36:15:8f:92:4b:7f:ea:cd:1d:ec:
                    b7:54:1c:67:1c:34:46:38:dd:47:58:2a:a6:1f:24:
                    f4:d0:67:d4:2f:6d:7c:99:8c:46:f0:9a:20:63:e9:
                    16:3e:4a:92:04:49:68:43:d8:36:bf:53:88:a8:28:
                    aa:ef:15:5c:e4:57:15:2f:dc:94:03:b5:41:e1:a8:
                    b6:ed:e6:d4:09:aa:47:70:d3:4a:4c:8c:c6:4b:d6:
                    ea:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:61:6D:93:A4:0A:D1:AA:5B:AE:48:C3:9E:F5:DF:39:AA:21:BB:E9
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gWFtk6QK0apbrkjDnvXfOaohu-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.216.0-94.231.218.255

    Signature Algorithm: sha256WithRSAEncryption
         79:b9:d5:32:36:b5:32:2e:a1:2a:eb:1e:d6:c1:4e:8a:b4:6c:
         82:aa:7c:f4:03:24:e9:81:86:87:1a:a6:d3:3b:35:de:57:9a:
         72:b0:7d:5d:82:a3:25:e5:0e:18:4f:a1:6d:df:44:39:3b:87:
         92:e0:6b:fd:0f:ec:88:96:2e:d9:8b:cf:6c:9a:0f:75:08:2b:
         1b:58:91:43:a5:53:72:d0:70:46:4b:a2:c3:b4:b2:a1:9c:d5:
         56:60:f4:bf:17:11:d1:8c:b9:9a:1a:1c:45:29:18:60:32:a5:
         01:1f:04:13:a8:a0:46:9b:af:d8:ab:e1:d0:b7:9c:f8:db:f5:
         bf:24:b1:ae:28:9e:2a:90:9b:53:10:d0:69:20:50:cb:d3:84:
         5f:cd:63:38:ac:a6:a9:37:5d:55:da:1d:c8:d8:57:f4:8a:61:
         66:4e:36:11:11:f7:9b:a0:ea:cb:d0:26:64:54:0b:c3:95:dc:
         20:00:c6:90:5f:29:98:db:ca:51:2e:3b:f3:5e:df:8d:90:c4:
         4a:6a:b7:da:de:44:d4:de:bb:74:7d:25:67:f5:08:36:5c:0d:
         05:0f:d5:30:cb:d1:87:44:d2:01:9b:57:d2:e8:10:ed:c7:61:
         80:c6:60:3e:09:d5:30:af:2d:fc:23:45:29:27:b8:60:77:f8:
         96:70:88:02
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVvHbiUOeTpyWSDv4boK3LPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTYxNmQ5M2E0MGFkMWFhNWJhZTQ4YzM5ZWY1ZGYzOWFhMjFiYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IiaPDqWvDrdtfE+AMky10VW1Cyc
P3J4BqMhIjxnDu+tzA7Rumhla3bjMuxpog/GoQdZ7Pu3L6c84D1IdgVFm76FUP2A
C3t/52Wivp/kJo4gvwl8Hzgpvyqi4IfeP1Ew+k8gVEMC3/r0PoRA+FHmrbrHRHDI
TvCoOQMavmv4cpfn9CKzSYxc0a/i6XhRfWMDPheomhkCkpRBQy/bJ0u5AVCYKR3C
cU3UpjYVj5JLf+rNHey3VBxnHDRGON1HWCqmHyT00GfUL218mYxG8JogY+kWPkqS
BEloQ9g2v1OIqCiq7xVc5FcVL9yUA7VB4ai27ebUCapHcNNKTIzGS9bqxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIFhbZOkCtGqW65Iw5713zmqIbvpMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvZ1dGdGs2UUswYXBicmtqRG52WGZPYW9odS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANe59gD
BABe59owDQYJKoZIhvcNAQELBQADggEBAHm51TI2tTIuoSrrHtbBToq0bIKqfPQD
JOmBhocaptM7Nd5XmnKwfV2CoyXlDhhPoW3fRDk7h5Lga/0P7IiWLtmLz2yaD3UI
KxtYkUOlU3LQcEZLosO0sqGc1VZg9L8XEdGMuZoaHEUpGGAypQEfBBOooEabr9ir
4dC3nPjb9b8ksa4oniqQm1MQ0GkgUMvThF/NYzispqk3XVXaHcjYV/SKYWZONhER
95ug6svQJmRUC8OV3CAAxpBfKZjbylEuO/Ne342QxEpqt9reRNTeu3R9JWf1CDZc
DQUP1TDL0YdE0gGbV9LoEO3HYYDGYD4J1TCvLfwjRSknuGB3+JZwiAI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org