Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/weguYIDoOg0FQMk24_9xQ3PYY4Y.roa
File:                     weguYIDoOg0FQMk24_9xQ3PYY4Y.roa (raw, json)
Hash identifier:          sOAHqVXw0sJ9TzBO/Hc5/rlyY9EuhZC+vg6CUN8kSwY=
Subject key identifier:   C1:E8:2E:60:80:E8:3A:0D:05:40:C9:36:E3:FF:71:43:73:D8:63:86
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01853C1AE9A097971B8BF81199176E332493
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/weguYIDoOg0FQMk24_9xQ3PYY4Y.roa
Signing time:             Thu 22 Dec 2022 23:11:14 +0000
ROA not before:           Thu 22 Dec 2022 23:11:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50756
IP address blocks:        194.76.18.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3c:1a:e9:a0:97:97:1b:8b:f8:11:99:17:6e:33:24:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Dec 22 23:11:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c1e82e6080e83a0d0540c936e3ff714373d86386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:93:ea:6c:9c:c8:03:b9:de:10:c9:5b:49:7d:
                    98:93:25:4f:92:9e:52:dc:d5:8c:8f:1f:40:40:4a:
                    8c:78:95:5a:6a:7a:2a:b9:4b:4e:e2:1f:9e:ab:84:
                    5c:5e:16:4f:a9:47:51:48:a2:01:b4:b6:7c:dd:04:
                    7f:67:b1:e7:1c:87:a0:1e:fc:7a:b5:fb:e4:94:86:
                    01:29:01:e7:ad:09:5d:31:51:90:2e:32:db:f6:41:
                    1d:f8:7f:3e:ef:67:97:69:af:ce:91:01:61:56:16:
                    c7:24:b1:b5:79:70:ae:6f:b7:0f:a2:7c:6f:fc:62:
                    20:b4:0f:47:f7:e8:06:2f:1c:61:b0:c9:0c:b4:33:
                    e2:fe:df:85:c2:45:59:bd:72:c4:4e:e2:75:ab:de:
                    bf:97:b2:2d:d9:37:b0:a7:8e:a7:c9:4b:b3:d5:4f:
                    21:b4:5f:59:a2:76:2e:9b:05:59:37:64:40:59:c5:
                    68:a8:1f:d2:ce:c0:61:8c:03:a9:0f:ba:e2:fd:81:
                    7a:10:43:d2:cf:ac:75:c1:74:8e:9f:aa:22:69:13:
                    9f:fe:eb:4c:c9:2d:5c:32:24:2a:0c:47:73:82:f8:
                    45:e3:ac:41:87:05:06:0d:58:f8:ac:65:a4:a8:ea:
                    02:48:44:d0:26:0d:04:2b:d3:76:c9:09:18:75:8a:
                    b6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E8:2E:60:80:E8:3A:0D:05:40:C9:36:E3:FF:71:43:73:D8:63:86
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/weguYIDoOg0FQMk24_9xQ3PYY4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3c:60:bf:50:20:7e:75:d0:4f:89:03:35:43:49:0d:2e:cd:
         e0:d6:e4:c2:37:c9:be:1c:d1:dd:e9:2e:64:6d:d4:d4:33:ff:
         d1:2e:07:11:65:3a:ee:8e:b6:ef:5d:45:db:95:54:74:46:41:
         67:bf:d2:75:17:4e:cf:aa:6e:49:31:ba:35:91:fd:a5:bb:7f:
         1b:51:c0:b2:14:0a:ca:7f:9b:e2:bf:2c:ad:75:02:3f:00:6a:
         70:d0:57:5b:82:51:34:9d:d1:10:52:87:6d:6a:d3:71:99:6a:
         62:e5:7b:b0:52:79:d8:a5:a9:16:9d:de:35:62:af:ca:19:41:
         be:75:bf:ac:80:e4:56:cd:fa:cb:5b:70:71:2a:e7:a3:b6:50:
         a5:51:fe:9f:78:2b:7b:17:60:a7:f5:de:ae:e5:ef:d2:4e:d0:
         4a:77:92:c3:f9:6e:80:cf:7e:68:f7:49:87:b0:fd:97:e2:e7:
         95:71:2e:04:17:13:99:35:6f:7a:b7:05:5e:eb:56:4e:19:f6:
         42:a4:92:56:3c:09:98:83:87:45:a2:ec:ab:71:8d:e2:35:38:
         60:89:ff:c9:f6:ed:48:e0:a1:81:ba:01:32:a7:80:1b:8a:48:
         87:ae:85:71:fe:5f:65:4c:24:cc:25:f1:a0:dd:2b:ca:12:c8:
         19:0c:83:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYU8Gumgl5cbi/gRmRduMySTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjIxMjIyMjMxMTE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWU4MmU2MDgwZTgzYTBkMDU0MGM5MzZlM2ZmNzE0MzczZDg2Mzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5PqbJzIA7neEMlbSX2YkyVPkp5S
3NWMjx9AQEqMeJVaanoquUtO4h+eq4RcXhZPqUdRSKIBtLZ83QR/Z7HnHIegHvx6
tfvklIYBKQHnrQldMVGQLjLb9kEd+H8+72eXaa/OkQFhVhbHJLG1eXCub7cPonxv
/GIgtA9H9+gGLxxhsMkMtDPi/t+FwkVZvXLETuJ1q96/l7It2Tewp46nyUuz1U8h
tF9ZonYumwVZN2RAWcVoqB/SzsBhjAOpD7ri/YF6EEPSz6x1wXSOn6oiaROf/utM
yS1cMiQqDEdzgvhF46xBhwUGDVj4rGWkqOoCSETQJg0EK9N2yQkYdYq2LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHoLmCA6DoNBUDJNuP/cUNz2GOGMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvd2VndVlJRG9PZzBGUU1rMjRfOXhRM1BZWTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkwSMA0G
CSqGSIb3DQEBCwUAA4IBAQAGPGC/UCB+ddBPiQM1Q0kNLs3g1uTCN8m+HNHd6S5k
bdTUM//RLgcRZTrujrbvXUXblVR0RkFnv9J1F07Pqm5JMbo1kf2lu38bUcCyFArK
f5vivyytdQI/AGpw0FdbglE0ndEQUodtatNxmWpi5XuwUnnYpakWnd41Yq/KGUG+
db+sgORWzfrLW3BxKuejtlClUf6feCt7F2Cn9d6u5e/STtBKd5LD+W6Az35o90mH
sP2X4ueVcS4EFxOZNW96twVe61ZOGfZCpJJWPAmYg4dFouyrcY3iNThgif/J9u1I
4KGBugEyp4AbikiHroVx/l9lTCTMJfGg3SvKEsgZDIN1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org