Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/qlw1UhOsPjvOVmWB-oKTAuO-Mds.roa
File:                     qlw1UhOsPjvOVmWB-oKTAuO-Mds.roa (raw, json)
Hash identifier:          rmI7yJ0My4gqHZOAmyZmnt4CR7A+dPLH/xtJLu2BQZw=
Subject key identifier:   AA:5C:35:52:13:AC:3E:3B:CE:56:65:81:FA:82:93:02:E3:BE:31:DB
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01856F1DC98DE807A56E7B62D01BF174A34B
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/qlw1UhOsPjvOVmWB-oKTAuO-Mds.roa
Signing time:             Sun 01 Jan 2023 20:55:01 +0000
ROA not before:           Sun 01 Jan 2023 20:55:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58066
IP address blocks:        92.119.231.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:c9:8d:e8:07:a5:6e:7b:62:d0:1b:f1:74:a3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 20:55:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa5c355213ac3e3bce566581fa829302e3be31db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7b:6f:5a:bb:61:85:ec:a9:9e:41:de:a3:a9:
                    c2:53:49:a0:e5:15:2e:5b:ce:31:0d:a2:42:cb:9e:
                    bf:7c:94:2d:7d:cd:e7:8e:de:89:8f:c7:9f:ec:23:
                    e0:79:46:4d:d8:a1:3d:85:7a:f4:b9:2c:d3:68:b2:
                    cb:6a:f6:2e:88:ed:2e:29:eb:8f:6b:23:91:00:76:
                    59:f2:8a:62:f6:4a:80:ce:95:2a:b1:a3:38:ef:e7:
                    b6:ba:e1:03:a7:1b:f3:dd:19:0b:61:c6:d9:4b:01:
                    f0:8c:ce:f0:98:f4:a0:e3:22:1e:ca:34:d2:48:1e:
                    fa:30:58:02:b7:51:87:15:f6:91:50:ca:e8:6f:5a:
                    62:29:23:f1:fb:2e:8f:02:4b:53:b2:3f:8d:17:c0:
                    9b:fd:47:77:e4:55:f4:ad:ed:90:a9:b5:c5:41:0e:
                    1a:0b:21:9c:d2:75:97:ce:0a:04:15:98:60:8d:ac:
                    ed:04:da:06:51:cc:b9:67:7a:af:c8:41:97:e2:ab:
                    04:17:21:99:de:91:82:27:64:3d:c1:7e:19:24:6e:
                    99:53:ca:66:32:70:c5:b7:f2:40:77:63:87:3c:73:
                    41:09:41:dc:ad:c9:d0:db:09:cb:5e:c5:cd:24:8f:
                    b8:f5:65:97:34:34:b8:67:ce:a4:48:e5:f7:a8:53:
                    0e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:5C:35:52:13:AC:3E:3B:CE:56:65:81:FA:82:93:02:E3:BE:31:DB
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/qlw1UhOsPjvOVmWB-oKTAuO-Mds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:99:c4:b2:2c:d0:b4:6d:6c:89:b4:d0:dc:56:bb:a8:fa:10:
         c8:1f:af:c8:7f:3f:5d:be:02:aa:07:03:e9:12:b7:16:6e:92:
         92:30:2c:31:ce:ff:81:93:b8:f7:3d:65:4b:5f:0e:7e:c0:7a:
         6d:74:3f:3b:2b:69:f4:45:0e:dd:26:40:76:b3:20:88:fe:fe:
         3e:3d:02:03:dd:b2:81:66:95:82:67:74:10:5a:2b:09:5b:9b:
         62:7c:ac:3d:1f:cc:6d:cb:a8:52:30:a2:79:b5:cf:85:c5:86:
         7f:d1:09:e7:bc:d3:72:f6:e6:93:75:8f:0f:32:7e:6d:18:ea:
         f1:4b:dd:b4:69:07:ec:f8:c3:87:cc:4f:4a:a5:6d:af:06:e2:
         62:e1:5f:86:6b:e9:6f:c6:08:03:67:97:a3:64:93:35:68:90:
         31:8d:24:3f:43:4e:78:d1:c1:03:08:85:c4:7c:9b:8a:6e:7e:
         a3:84:ad:d5:e4:80:25:5e:85:f6:54:3b:fa:58:6c:e9:5b:f8:
         96:b0:2f:9e:e6:8e:fb:83:79:eb:28:25:c9:ec:b7:90:31:c6:
         d5:fd:06:7a:57:e8:a1:56:aa:0c:b1:ca:a9:57:bc:52:26:61:
         bb:0b:8d:8a:19:04:98:ce:e1:cc:38:61:a1:9c:8c:bb:c7:4f:
         c3:38:2b:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvHcmN6Aelbnti0BvxdKNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTVjMzU1MjEzYWMzZTNiY2U1NjY1ODFmYTgyOTMwMmUzYmUzMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgntvWrthheypnkHeo6nCU0mg5RUu
W84xDaJCy56/fJQtfc3njt6Jj8ef7CPgeUZN2KE9hXr0uSzTaLLLavYuiO0uKeuP
ayORAHZZ8opi9kqAzpUqsaM47+e2uuEDpxvz3RkLYcbZSwHwjM7wmPSg4yIeyjTS
SB76MFgCt1GHFfaRUMrob1piKSPx+y6PAktTsj+NF8Cb/Ud35FX0re2QqbXFQQ4a
CyGc0nWXzgoEFZhgjaztBNoGUcy5Z3qvyEGX4qsEFyGZ3pGCJ2Q9wX4ZJG6ZU8pm
MnDFt/JAd2OHPHNBCUHcrcnQ2wnLXsXNJI+49WWXNDS4Z86kSOX3qFMOkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpcNVITrD47zlZlgfqCkwLjvjHbMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvcWx3MVVoT3NQanZPVm1XQi1vS1RBdU8tTWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHfnMA0G
CSqGSIb3DQEBCwUAA4IBAQCwmcSyLNC0bWyJtNDcVruo+hDIH6/Ifz9dvgKqBwPp
ErcWbpKSMCwxzv+Bk7j3PWVLXw5+wHptdD87K2n0RQ7dJkB2syCI/v4+PQID3bKB
ZpWCZ3QQWisJW5tifKw9H8xty6hSMKJ5tc+FxYZ/0QnnvNNy9uaTdY8PMn5tGOrx
S920aQfs+MOHzE9KpW2vBuJi4V+Ga+lvxggDZ5ejZJM1aJAxjSQ/Q0540cEDCIXE
fJuKbn6jhK3V5IAlXoX2VDv6WGzpW/iWsC+e5o77g3nrKCXJ7LeQMcbV/QZ6V+ih
VqoMscqpV7xSJmG7C42KGQSYzuHMOGGhnIy7x0/DOCsD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org