Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nF-NAKhjzXAYh8aKOOeIiYHqHZQ.roa
File:                     nF-NAKhjzXAYh8aKOOeIiYHqHZQ.roa (raw, json)
Hash identifier:          iCJO/oOf3Au4Ff7ksscUfXUX1VZ2r1e1FKZYBvRgNLc=
Subject key identifier:   9C:5F:8D:00:A8:63:CD:70:18:87:C6:8A:38:E7:88:89:81:EA:1D:94
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01856F1DCFE20FF077664121B5AB32EF1689
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nF-NAKhjzXAYh8aKOOeIiYHqHZQ.roa
Signing time:             Sun 01 Jan 2023 20:55:02 +0000
ROA not before:           Sun 01 Jan 2023 20:55:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211825
IP address blocks:        5.183.155.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:cf:e2:0f:f0:77:66:41:21:b5:ab:32:ef:16:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 20:55:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c5f8d00a863cd701887c68a38e7888981ea1d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:75:ec:93:b3:33:bd:9d:79:16:f7:1e:06:2f:
                    94:9b:ee:17:57:9f:52:91:9d:a4:d8:c8:d4:6a:ea:
                    b4:fb:25:d2:4b:70:a6:31:3a:5a:1d:83:3d:66:72:
                    8e:f0:2d:cf:62:99:59:03:da:29:90:a0:54:59:58:
                    89:4e:5f:4b:40:c1:10:b1:eb:8d:da:9d:6f:ab:d7:
                    25:f5:20:2e:9f:2f:36:eb:67:40:3b:e1:47:f4:c2:
                    c6:5f:bd:05:3b:f4:bc:b0:f9:6a:e0:cf:1f:05:73:
                    39:f0:b3:18:a0:d3:17:a0:ae:98:5a:7d:59:66:8a:
                    56:84:d6:f9:ff:fd:c5:6b:03:8b:f1:b3:a5:0f:a5:
                    c6:1e:bf:ff:a4:23:03:6b:85:33:14:14:15:9b:6d:
                    30:14:05:33:d3:18:97:99:90:ea:1f:93:c0:2d:6c:
                    cb:bf:ad:e6:d9:2b:30:78:d8:de:b9:02:86:14:c6:
                    16:79:ad:9e:7f:7d:f2:a8:48:c7:95:1b:88:da:13:
                    18:68:dc:fa:6e:aa:b3:20:6f:65:f2:d3:f7:0e:65:
                    0a:59:c7:db:89:59:30:e9:9d:37:44:98:3b:82:08:
                    7a:12:c4:9a:55:e9:4a:aa:14:a6:42:74:05:97:9d:
                    31:99:99:ed:29:61:cc:40:dd:c0:6f:8e:c9:f6:e9:
                    ea:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:5F:8D:00:A8:63:CD:70:18:87:C6:8A:38:E7:88:89:81:EA:1D:94
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nF-NAKhjzXAYh8aKOOeIiYHqHZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:57:0a:40:0e:b7:71:ff:b0:95:98:57:65:4b:93:db:bc:78:
         01:9d:62:93:3f:b6:52:6e:4f:2c:31:0a:b2:26:a0:d4:1e:cc:
         b3:7c:3d:6e:b9:bb:2d:91:bc:c0:57:15:5e:79:48:e9:0c:d6:
         bc:61:65:83:b1:15:c0:88:43:8c:2f:09:b9:2b:1d:70:c2:0a:
         4d:d3:ec:44:45:97:8c:c8:06:30:7d:92:a8:59:6e:9b:00:e7:
         09:41:39:ab:11:16:38:76:47:09:da:3f:ce:43:c0:40:21:16:
         39:53:3b:4e:dd:dd:76:c7:9a:2b:7e:91:e1:c2:28:74:54:cd:
         fd:3a:7c:7c:44:7d:bf:c9:4f:17:2d:7b:51:8e:98:d5:b4:29:
         07:43:b1:b3:ec:90:1c:38:96:47:68:99:8f:0c:37:19:b7:ad:
         58:01:74:0f:d4:4c:cb:bc:1f:91:3b:b9:f9:ab:fb:31:dd:c1:
         81:29:99:02:13:4b:2c:bb:df:2d:da:3b:33:c9:88:66:24:a8:
         36:28:37:11:97:1f:34:d6:68:03:52:a0:8d:3b:5d:ec:f7:29:
         3e:bb:58:52:20:1d:79:4a:dd:cb:b4:b4:a6:02:61:ab:c5:99:
         48:a7:95:5e:04:9d:95:9a:39:1b:2e:07:cc:53:cb:3a:3a:e6:
         87:ba:1e:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvHc/iD/B3ZkEhtasy7xaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzVmOGQwMGE4NjNjZDcwMTg4N2M2OGEzOGU3ODg4OTgxZWExZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HXsk7MzvZ15FvceBi+Um+4XV59S
kZ2k2MjUauq0+yXSS3CmMTpaHYM9ZnKO8C3PYplZA9opkKBUWViJTl9LQMEQseuN
2p1vq9cl9SAuny8262dAO+FH9MLGX70FO/S8sPlq4M8fBXM58LMYoNMXoK6YWn1Z
ZopWhNb5//3FawOL8bOlD6XGHr//pCMDa4UzFBQVm20wFAUz0xiXmZDqH5PALWzL
v63m2SsweNjeuQKGFMYWea2ef33yqEjHlRuI2hMYaNz6bqqzIG9l8tP3DmUKWcfb
iVkw6Z03RJg7ggh6EsSaVelKqhSmQnQFl50xmZntKWHMQN3Ab47J9unqnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxfjQCoY81wGIfGijjniImB6h2UMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvbkYtTkFLaGp6WEFZaDhhS09PZUlpWUhxSFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbebMA0G
CSqGSIb3DQEBCwUAA4IBAQCcVwpADrdx/7CVmFdlS5PbvHgBnWKTP7ZSbk8sMQqy
JqDUHsyzfD1uubstkbzAVxVeeUjpDNa8YWWDsRXAiEOMLwm5Kx1wwgpN0+xERZeM
yAYwfZKoWW6bAOcJQTmrERY4dkcJ2j/OQ8BAIRY5UztO3d12x5orfpHhwih0VM39
Onx8RH2/yU8XLXtRjpjVtCkHQ7Gz7JAcOJZHaJmPDDcZt61YAXQP1EzLvB+RO7n5
q/sx3cGBKZkCE0ssu98t2jszyYhmJKg2KDcRlx801mgDUqCNO13s9yk+u1hSIB15
St3LtLSmAmGrxZlIp5VeBJ2VmjkbLgfMU8s6OuaHuh6g
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org