Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/v_AkUPx8iRNsBAW8pPdbztQ_Tp8.roa
File:                     v_AkUPx8iRNsBAW8pPdbztQ_Tp8.roa (raw, json)
Hash identifier:          m04aKVYzMnx6VtBhrS0yR7dRwaG0v7Gf64dqXwc4Kho=
Subject key identifier:   BF:F0:24:50:FC:7C:89:13:6C:04:05:BC:A4:F7:5B:CE:D4:3F:4E:9F
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01856F1DC4851875E2CDCFE67192970BCAB0
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/v_AkUPx8iRNsBAW8pPdbztQ_Tp8.roa
Signing time:             Sun 01 Jan 2023 20:54:59 +0000
ROA not before:           Sun 01 Jan 2023 20:54:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52000
IP address blocks:        195.246.110.0/24 maxlen: 24
                          37.44.196.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:c4:85:18:75:e2:cd:cf:e6:71:92:97:0b:ca:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 20:54:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bff02450fc7c89136c0405bca4f75bced43f4e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:86:86:eb:04:ba:bb:f5:4b:ea:a1:b2:6a:6c:
                    e1:ac:b6:0f:0c:ae:06:6a:80:cd:50:73:71:09:d6:
                    82:94:d8:c4:e3:36:be:95:0e:78:c3:c6:59:31:8d:
                    25:2b:36:d2:9a:94:36:85:ef:f0:96:bc:83:4f:06:
                    c4:ae:cf:de:d5:eb:28:97:b3:55:dc:d2:8e:3a:ef:
                    45:bf:87:2e:b5:bb:d0:b4:d4:42:30:92:05:da:99:
                    60:ae:cf:d1:f2:ef:0b:4c:52:b2:e1:a8:0e:63:fc:
                    31:24:14:66:21:4a:c5:99:b8:a2:14:c1:34:57:4f:
                    33:64:48:22:68:24:a1:25:e7:06:23:8d:e5:ed:cb:
                    2d:92:fa:6c:99:11:69:e5:ff:f9:e2:9c:ca:8f:e1:
                    bd:5f:f2:83:e1:3e:76:5b:32:23:69:9d:72:8e:55:
                    c7:04:89:c9:04:d8:6a:72:24:43:16:4d:a7:0a:ce:
                    95:88:74:57:88:ed:b3:2c:2a:76:33:1b:1a:b7:dc:
                    50:67:79:7d:7d:82:fe:a4:40:b7:3a:79:03:f5:b9:
                    17:bb:a6:58:a9:18:73:d9:5e:6c:a1:b5:95:92:70:
                    93:c1:34:e0:2c:58:93:15:a8:e8:33:a3:1a:01:65:
                    61:60:7e:13:29:c7:85:8b:4d:b0:39:bb:d6:0f:36:
                    77:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:F0:24:50:FC:7C:89:13:6C:04:05:BC:A4:F7:5B:CE:D4:3F:4E:9F
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/v_AkUPx8iRNsBAW8pPdbztQ_Tp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.196.0/23
                  195.246.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:3a:32:c8:cc:4e:a8:92:9f:3c:09:a6:27:f8:78:50:51:0d:
         ae:88:8a:3c:c9:fc:a4:10:c7:03:96:2e:b5:62:4d:6a:7a:75:
         39:f4:b9:47:1e:21:03:ad:a0:89:64:3a:85:4b:13:12:93:6f:
         94:ad:87:11:93:03:2b:ef:7f:1d:b4:3d:24:ad:11:d5:16:c5:
         94:e5:2c:cc:8a:78:23:d4:de:10:4e:0e:f4:4a:9a:51:47:fe:
         1c:ed:59:e5:1b:96:03:71:f3:b6:44:37:c6:e4:58:68:8c:98:
         e8:e0:60:a0:c4:8c:e0:b1:8b:34:66:51:56:f3:a4:a2:8d:05:
         d2:89:cc:32:28:e0:01:4d:86:72:e9:ed:b0:4c:c5:12:ad:1f:
         f6:6d:13:1b:38:27:8a:73:0e:27:2d:f0:12:cf:a2:2b:da:0f:
         8c:8d:f8:4f:92:43:3e:fe:72:5f:1d:93:91:c4:c8:68:d2:7e:
         f0:93:18:06:15:7d:18:a3:9a:3e:20:3f:d5:56:61:26:0a:55:
         eb:23:9b:2f:ba:73:00:89:88:26:f1:b2:47:96:23:59:13:3b:
         c9:2e:4a:dc:5c:b3:6b:b8:dd:6b:a8:2a:58:d1:08:94:31:2a:
         39:f2:b1:60:d0:cc:41:1b:9a:aa:33:c7:49:9c:eb:08:1f:df:
         d1:1b:10:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvHcSFGHXizc/mcZKXC8qwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmYwMjQ1MGZjN2M4OTEzNmMwNDA1YmNhNGY3NWJjZWQ0M2Y0ZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIaG6wS6u/VL6qGyamzhrLYPDK4G
aoDNUHNxCdaClNjE4za+lQ54w8ZZMY0lKzbSmpQ2he/wlryDTwbErs/e1esol7NV
3NKOOu9Fv4cutbvQtNRCMJIF2plgrs/R8u8LTFKy4agOY/wxJBRmIUrFmbiiFME0
V08zZEgiaCShJecGI43l7cstkvpsmRFp5f/54pzKj+G9X/KD4T52WzIjaZ1yjlXH
BInJBNhqciRDFk2nCs6ViHRXiO2zLCp2Mxsat9xQZ3l9fYL+pEC3OnkD9bkXu6ZY
qRhz2V5sobWVknCTwTTgLFiTFajoM6MaAWVhYH4TKceFi02wObvWDzZ3GwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL/wJFD8fIkTbAQFvKT3W87UP06fMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvdl9Ba1VQeDhpUk5zQkFXOHBQZGJ6dFFfVHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJSzEAwQA
w/ZuMA0GCSqGSIb3DQEBCwUAA4IBAQBPOjLIzE6okp88CaYn+HhQUQ2uiIo8yfyk
EMcDli61Yk1qenU59LlHHiEDraCJZDqFSxMSk2+UrYcRkwMr738dtD0krRHVFsWU
5SzMingj1N4QTg70SppRR/4c7VnlG5YDcfO2RDfG5FhojJjo4GCgxIzgsYs0ZlFW
86SijQXSicwyKOABTYZy6e2wTMUSrR/2bRMbOCeKcw4nLfASz6Ir2g+MjfhPkkM+
/nJfHZORxMho0n7wkxgGFX0Yo5o+ID/VVmEmClXrI5svunMAiYgm8bJHliNZEzvJ
LkrcXLNruN1rqCpY0QiUMSo58rFg0MxBG5qqM8dJnOsIH9/RGxCf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org