Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/wIYvNsLFi0qw7nflAXts8L4_gXs.roa
File:                     wIYvNsLFi0qw7nflAXts8L4_gXs.roa (raw, json)
Hash identifier:          bfKhJu8+yJV1Vg6DzyseAucWJr6VEip4e7wBwdsrVIc=
Subject key identifier:   C0:86:2F:36:C2:C5:8B:4A:B0:EE:77:E5:01:7B:6C:F0:BE:3F:81:7B
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       039ED48C
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/wIYvNsLFi0qw7nflAXts8L4_gXs.roa
Signing time:             Sat 01 Jan 2022 14:07:04 +0000
ROA not before:           Sat 01 Jan 2022 14:07:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47726
IP address blocks:        80.76.60.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60740748 (0x39ed48c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 14:07:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c0862f36c2c58b4ab0ee77e5017b6cf0be3f817b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:74:7e:8f:eb:90:df:bd:f2:3f:64:e5:6a:62:
                    0b:f0:82:31:d5:9e:7d:5a:44:fe:49:c2:38:2d:ec:
                    22:1f:95:a9:df:16:a7:0d:34:95:50:bc:19:5f:f6:
                    1e:99:1c:90:dc:a7:53:72:7e:84:61:b5:7b:2c:01:
                    e8:ae:12:47:ef:c3:47:6c:c5:b6:55:47:bf:85:b0:
                    b8:28:d0:99:5a:39:d2:c6:23:37:86:f9:6d:7c:15:
                    c0:61:ce:1f:02:ea:e4:04:37:c5:0f:8e:84:fd:14:
                    af:8d:36:80:96:bb:d9:0d:a7:0a:dd:7a:24:91:8f:
                    57:dc:ee:c5:22:15:17:5a:ae:f1:44:4f:0a:cf:69:
                    38:5a:6e:5c:9f:31:bb:17:31:87:94:5b:aa:51:89:
                    35:5f:e1:75:f3:e1:12:76:e5:2d:24:7e:7d:d3:9e:
                    a9:a2:5a:84:08:27:f5:c7:51:1f:da:81:92:58:10:
                    00:7e:f3:48:59:00:df:fe:09:40:60:ac:d4:99:70:
                    3e:57:55:6f:bf:50:ec:9c:4e:34:13:9f:80:87:09:
                    c4:12:33:5b:33:fe:d6:0d:da:34:59:69:7f:11:37:
                    f1:cd:6a:a7:10:22:25:76:8c:c8:4d:64:fa:f7:35:
                    af:71:79:e4:3f:d7:17:07:79:26:83:d4:eb:58:10:
                    61:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:86:2F:36:C2:C5:8B:4A:B0:EE:77:E5:01:7B:6C:F0:BE:3F:81:7B
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/wIYvNsLFi0qw7nflAXts8L4_gXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:7a:97:15:1f:6b:d7:9e:99:72:c5:f0:c7:09:f6:08:2e:30:
         97:6a:63:c7:c1:65:11:11:bb:42:4b:c8:cc:39:d2:aa:59:30:
         c1:2a:93:cb:05:29:57:08:72:15:70:e1:0a:3b:f8:dd:8f:6e:
         75:5d:f2:69:e5:b6:85:45:42:ef:d6:13:26:9b:1a:0b:9f:88:
         fd:e4:a7:ae:58:b0:8c:13:b6:d4:f3:6d:a0:99:9e:2f:4d:7d:
         ec:b0:03:93:95:77:9b:52:fb:a9:b0:d9:28:f5:24:30:99:3c:
         07:13:59:79:36:cc:b2:3c:76:57:f2:d1:f0:97:0d:82:3d:6b:
         55:c5:97:c9:82:7b:fd:71:d4:8b:d3:94:e6:fb:86:84:23:83:
         c6:40:8a:1c:59:d5:d2:f3:3e:9d:2e:12:a1:11:cc:be:70:d1:
         55:b5:a7:e6:6f:d3:67:2e:b3:7b:31:a3:37:1f:37:19:6e:a5:
         4e:bb:3c:a1:6a:6e:54:b0:e8:71:63:53:2a:25:b2:dd:8e:9f:
         a8:f2:ea:7b:11:43:d7:9b:0e:e9:12:9e:7b:69:94:7d:33:82:
         8b:5d:ce:6f:62:4e:3d:f3:1f:97:3e:72:51:a9:10:bf:55:29:
         78:12:c0:82:e3:c5:c3:1e:8d:4a:1a:03:9d:3c:d5:18:f3:08:
         96:35:11:ec
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA57UjDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGEzOTQxYzI3Y2ZlNWMyMzRjNGJmMjIxZWNiMmE1NzliMmRlYWFiMB4XDTIyMDEw
MTE0MDcwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzA4NjJmMzZjMmM1
OGI0YWIwZWU3N2U1MDE3YjZjZjBiZTNmODE3YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN10fo/rkN+98j9k5WpiC/CCMdWefVpE/knCOC3sIh+Vqd8W
pw00lVC8GV/2HpkckNynU3J+hGG1eywB6K4SR+/DR2zFtlVHv4WwuCjQmVo50sYj
N4b5bXwVwGHOHwLq5AQ3xQ+OhP0Ur402gJa72Q2nCt16JJGPV9zuxSIVF1qu8URP
Cs9pOFpuXJ8xuxcxh5RbqlGJNV/hdfPhEnblLSR+fdOeqaJahAgn9cdRH9qBklgQ
AH7zSFkA3/4JQGCs1JlwPldVb79Q7JxONBOfgIcJxBIzWzP+1g3aNFlpfxE38c1q
pxAiJXaMyE1k+vc1r3F55D/XFwd5JoPU61gQYQECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTAhi82wsWLSrDud+UBe2zwvj+BezAfBgNVHSMEGDAWgBRdo5QcJ8/lwjTE
vyIeyypXmy3qqzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hhT1VIQ2ZQNWNJMHhMOGlIc3NxVjVzdDZxcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvMzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8x
L3dJWXZOc0xGaTBxdzduZmxBWHRzOEw0X2dYcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
MzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8xL1hhT1VIQ2ZQNWNJ
MHhMOGlIc3NxVjVzdDZxcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBMPDANBgkqhkiG9w0BAQsFAAOC
AQEAKHqXFR9r156ZcsXwxwn2CC4wl2pjx8FlERG7QkvIzDnSqlkwwSqTywUpVwhy
FXDhCjv43Y9udV3yaeW2hUVC79YTJpsaC5+I/eSnrliwjBO21PNtoJmeL0197LAD
k5V3m1L7qbDZKPUkMJk8BxNZeTbMsjx2V/LR8JcNgj1rVcWXyYJ7/XHUi9OU5vuG
hCODxkCKHFnV0vM+nS4SoRHMvnDRVbWn5m/TZy6zezGjNx83GW6lTrs8oWpuVLDo
cWNTKiWy3Y6fqPLqexFD15sO6RKee2mUfTOCi13Ob2JOPfMflz5yUakQv1UpeBLA
guPFwx6NShoDnTzVGPMIljUR7A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org