Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/n9quEjfRhfLKDzqf4SGyMmZNd9M.roa
File:                     n9quEjfRhfLKDzqf4SGyMmZNd9M.roa (raw, json)
Hash identifier:          gWKIgIQSBy+HBjK4Hfh/sC/8BzoG3f7/V3hdaPRw4n8=
Subject key identifier:   9F:DA:AE:12:37:D1:85:F2:CA:0F:3A:9F:E1:21:B2:32:66:4D:77:D3
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018964895AA2A10DFED67E53F6A3A88223AF
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/n9quEjfRhfLKDzqf4SGyMmZNd9M.roa
Signing time:             Mon 17 Jul 2023 15:47:50 +0000
ROA not before:           Mon 17 Jul 2023 15:47:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48031
IP address blocks:        194.105.60.0/24 maxlen: 24
                          213.166.82.0/24 maxlen: 24
                          194.107.92.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:64:89:5a:a2:a1:0d:fe:d6:7e:53:f6:a3:a8:82:23:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jul 17 15:47:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9fdaae1237d185f2ca0f3a9fe121b232664d77d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2f:9d:4e:7e:dc:8f:2a:53:ac:06:76:56:d3:
                    06:16:0d:b9:23:20:db:87:2f:23:fc:4d:ec:69:b8:
                    8f:37:96:be:4c:50:e1:2a:e6:cd:ed:30:f3:de:b2:
                    50:4a:68:2b:c8:0e:8c:b8:dd:39:66:60:00:1e:7e:
                    d1:21:54:b0:cc:4a:66:25:29:49:39:d0:50:eb:6b:
                    c0:d3:be:07:bc:ff:6b:72:41:a2:9b:9c:e1:e8:ed:
                    f7:ec:75:a6:db:9d:fc:0f:c9:07:7d:4f:44:b1:3b:
                    ef:2d:24:e7:40:7d:86:5b:b7:58:16:8c:c7:ea:0e:
                    87:e0:0a:eb:9c:a3:8c:81:ee:20:ab:22:36:1b:47:
                    8f:01:6c:3b:30:dc:e5:cd:52:cc:f6:0a:ab:ee:fb:
                    81:36:2b:51:3f:21:30:88:c4:a7:31:81:63:5d:27:
                    16:dd:0a:4f:6b:37:a3:f0:40:28:42:45:1e:23:17:
                    24:af:d0:a0:a5:db:51:59:c7:83:84:a4:3c:4b:c5:
                    11:bb:d6:ef:0a:48:2d:7f:7f:fd:16:74:1e:d3:02:
                    79:d6:13:c4:c5:06:41:8d:af:bc:23:b8:84:98:45:
                    82:e4:02:83:ae:e9:1a:f5:84:30:f7:b7:98:3d:e4:
                    5d:42:cf:e1:a2:50:3b:f5:62:ff:12:cf:b5:c9:3f:
                    1f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:DA:AE:12:37:D1:85:F2:CA:0F:3A:9F:E1:21:B2:32:66:4D:77:D3
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/n9quEjfRhfLKDzqf4SGyMmZNd9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.60.0/24
                  194.107.92.0/24
                  213.166.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:56:a4:c1:68:53:91:86:ea:d1:38:e0:50:bc:00:c5:df:8e:
         6a:e3:22:b8:dc:08:c4:91:00:17:dc:32:9c:75:78:72:91:aa:
         47:d8:33:74:10:1f:b7:1a:06:10:12:e2:5c:88:2f:f2:27:2b:
         85:13:75:2e:9c:24:dd:be:e4:f7:e3:a5:41:96:cf:c2:6b:b6:
         eb:3b:8e:fe:49:e3:78:82:1a:37:64:b5:ab:b6:14:06:51:86:
         0a:25:82:67:1a:6b:6f:07:6b:e6:96:7b:51:69:b5:15:06:1e:
         d3:74:80:e4:3d:f8:55:00:88:87:96:48:80:42:03:85:73:35:
         2e:41:bf:35:89:e5:be:32:d9:6b:2f:38:b7:d8:43:af:d9:f7:
         b4:73:5c:51:31:36:92:25:68:30:89:f7:5a:03:db:bf:8c:3f:
         87:00:49:4c:3d:e8:f3:ea:ac:e8:34:a1:66:3e:ae:0f:7c:03:
         1b:de:35:46:1e:83:99:90:74:57:03:d0:6d:d7:87:6f:35:7e:
         34:2e:4d:f3:18:ff:25:ab:3b:ac:13:6b:8b:c2:4e:b4:d6:ee:
         19:ce:a6:4b:f2:db:8f:51:8b:01:1f:81:05:8b:72:df:50:49:
         39:f9:46:de:30:72:f5:fd:0f:aa:bc:cb:3d:58:f1:ab:4a:2f:
         47:59:18:b4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYlkiVqioQ3+1n5T9qOogiOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmRhYWUxMjM3ZDE4NWYyY2EwZjNhOWZlMTIxYjIzMjY2NGQ3N2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkS+dTn7cjypTrAZ2VtMGFg25IyDb
hy8j/E3sabiPN5a+TFDhKubN7TDz3rJQSmgryA6MuN05ZmAAHn7RIVSwzEpmJSlJ
OdBQ62vA074HvP9rckGim5zh6O337HWm2538D8kHfU9EsTvvLSTnQH2GW7dYFozH
6g6H4ArrnKOMge4gqyI2G0ePAWw7MNzlzVLM9gqr7vuBNitRPyEwiMSnMYFjXScW
3QpPazej8EAoQkUeIxckr9CgpdtRWceDhKQ8S8URu9bvCkgtf3/9FnQe0wJ51hPE
xQZBja+8I7iEmEWC5AKDruka9YQw97eYPeRdQs/holA79WL/Es+1yT8foQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ/arhI30YXyyg86n+EhsjJmTXfTMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvbjlxdUVqZlJoZkxLRHpxZjRTR3lNbVpOZDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwmk8AwQA
wmtcAwQA1aZSMA0GCSqGSIb3DQEBCwUAA4IBAQAVVqTBaFORhurROOBQvADF345q
4yK43AjEkQAX3DKcdXhykapH2DN0EB+3GgYQEuJciC/yJyuFE3UunCTdvuT346VB
ls/Ca7brO47+SeN4gho3ZLWrthQGUYYKJYJnGmtvB2vmlntRabUVBh7TdIDkPfhV
AIiHlkiAQgOFczUuQb81ieW+MtlrLzi32EOv2fe0c1xRMTaSJWgwifdaA9u/jD+H
AElMPejz6qzoNKFmPq4PfAMb3jVGHoOZkHRXA9Bt14dvNX40Lk3zGP8lqzusE2uL
wk601u4ZzqZL8tuPUYsBH4EFi3LfUEk5+UbeMHL1/Q+qvMs9WPGrSi9HWRi0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org