Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/jCejywPE67emooVMqKSwo5ZFTtk.roa
File:                     jCejywPE67emooVMqKSwo5ZFTtk.roa (raw, json)
Hash identifier:          y8xN6h74oSlw5y5mGySNDaZ13PzaXVuIAwq2Mbs98oY=
Subject key identifier:   8C:27:A3:CB:03:C4:EB:B7:A6:A2:85:4C:A8:A4:B0:A3:96:45:4E:D9
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01856F1DBA7B0EB5583E5952F826E4EC4C88
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/jCejywPE67emooVMqKSwo5ZFTtk.roa
Signing time:             Sun 01 Jan 2023 20:54:57 +0000
ROA not before:           Sun 01 Jan 2023 20:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35830
IP address blocks:        94.231.219.0/24 maxlen: 24
                          84.54.56.0/23 maxlen: 23
                          84.54.58.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:ba:7b:0e:b5:58:3e:59:52:f8:26:e4:ec:4c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 20:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8c27a3cb03c4ebb7a6a2854ca8a4b0a396454ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e2:33:a7:63:ec:e2:ee:1b:20:f7:a8:8b:e6:
                    cc:a8:4a:23:68:1c:28:ae:ce:fb:c3:d3:72:11:e4:
                    3e:75:2b:e4:ab:be:14:5d:a9:c8:16:98:5d:9c:25:
                    3b:2a:6c:7d:e4:23:ce:6f:20:40:57:86:ad:ae:72:
                    f6:6b:f9:dd:d0:81:a6:bc:b3:87:a4:94:2b:c3:cb:
                    c4:91:f0:f4:58:88:b3:13:60:ac:d9:8c:3f:d6:a0:
                    77:6c:c0:37:2c:c1:8f:99:58:61:9f:75:40:65:4c:
                    79:84:3c:df:fb:4f:0c:7e:41:6c:f7:f3:15:ec:8a:
                    a5:4d:11:04:88:1f:03:18:12:9a:16:c2:9c:d6:87:
                    4c:72:d6:81:e2:ab:b0:54:8e:cc:36:bc:05:bd:eb:
                    80:b5:29:37:a7:58:5d:18:25:ef:f6:73:82:44:9d:
                    2a:e0:5c:5b:b1:d6:29:31:6b:38:24:62:d1:5d:a7:
                    1c:a3:74:14:7d:9c:8a:99:cd:51:f1:c2:5e:d7:9b:
                    67:41:e2:38:40:6f:4b:ef:a6:0b:6b:b0:ef:89:02:
                    0a:9c:f5:67:89:10:91:6c:61:e1:eb:91:b2:5e:26:
                    93:5d:b2:7c:3c:34:ea:94:b0:df:44:62:f8:95:47:
                    00:ad:37:1a:c0:6a:97:91:6d:8d:4f:5e:8a:1c:d9:
                    3f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:27:A3:CB:03:C4:EB:B7:A6:A2:85:4C:A8:A4:B0:A3:96:45:4E:D9
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/jCejywPE67emooVMqKSwo5ZFTtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.56.0-84.54.58.255
                  94.231.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:af:77:72:2e:1a:1e:62:fd:64:86:6f:eb:f1:0f:69:95:3f:
         cb:89:a0:da:19:5f:d9:f9:24:29:f0:6e:47:54:23:dc:ea:db:
         3e:f9:70:36:75:57:f6:a0:a9:61:09:f3:b8:c6:a6:2f:1d:f7:
         6b:1f:24:28:71:cf:1c:aa:04:06:f1:12:33:93:ca:80:55:2a:
         f8:16:a9:ce:8d:0e:de:1e:ab:21:ad:d7:ea:74:03:9f:87:c7:
         45:c5:b7:93:0e:5f:2d:5b:31:bb:b3:e2:47:37:b7:cb:0c:c8:
         80:be:b9:18:92:39:fe:ee:21:d0:46:01:0f:ce:f4:ff:d7:b6:
         69:35:93:7a:38:dd:97:6a:a5:66:b7:a1:74:97:27:1f:be:d9:
         2a:02:c3:5a:13:31:9d:15:a4:9e:05:3a:18:b2:78:ba:9d:38:
         3e:8e:e3:4f:ba:90:86:49:3b:dd:1f:0f:01:dc:a1:ab:53:b2:
         3e:44:d1:b3:20:67:bf:fe:e1:b4:d0:90:d4:b3:80:64:ab:21:
         9b:4c:69:af:2e:60:6a:96:8e:39:33:28:b7:df:38:f7:bc:be:
         8d:03:65:dd:10:1d:07:5c:3e:d7:8d:14:40:7f:e9:55:6d:48:
         4a:50:09:0c:f2:32:34:3e:13:cc:65:ae:70:b4:cb:9d:f3:e9:
         19:27:17:4b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVvHbp7DrVYPllS+Cbk7EyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzI3YTNjYjAzYzRlYmI3YTZhMjg1NGNhOGE0YjBhMzk2NDU0ZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+Izp2Ps4u4bIPeoi+bMqEojaBwo
rs77w9NyEeQ+dSvkq74UXanIFphdnCU7Kmx95CPObyBAV4atrnL2a/nd0IGmvLOH
pJQrw8vEkfD0WIizE2Cs2Yw/1qB3bMA3LMGPmVhhn3VAZUx5hDzf+08MfkFs9/MV
7IqlTREEiB8DGBKaFsKc1odMctaB4quwVI7MNrwFveuAtSk3p1hdGCXv9nOCRJ0q
4FxbsdYpMWs4JGLRXacco3QUfZyKmc1R8cJe15tnQeI4QG9L76YLa7DviQIKnPVn
iRCRbGHh65GyXiaTXbJ8PDTqlLDfRGL4lUcArTcawGqXkW2NT16KHNk/IQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIwno8sDxOu3pqKFTKiksKOWRU7ZMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvakNlanl3UEU2N2Vtb29WTXFLU3dvNVpGVHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANUNjgD
BABUNjoDBABe59swDQYJKoZIhvcNAQELBQADggEBAC6vd3IuGh5i/WSGb+vxD2mV
P8uJoNoZX9n5JCnwbkdUI9zq2z75cDZ1V/agqWEJ87jGpi8d92sfJChxzxyqBAbx
EjOTyoBVKvgWqc6NDt4eqyGt1+p0A5+Hx0XFt5MOXy1bMbuz4kc3t8sMyIC+uRiS
Of7uIdBGAQ/O9P/Xtmk1k3o43ZdqpWa3oXSXJx++2SoCw1oTMZ0VpJ4FOhiyeLqd
OD6O40+6kIZJO90fDwHcoatTsj5E0bMgZ7/+4bTQkNSzgGSrIZtMaa8uYGqWjjkz
KLffOPe8vo0DZd0QHQdcPteNFEB/6VVtSEpQCQzyMjQ+E8xlrnC0y53z6RknF0s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org