Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/5Tty1IHuUIQUBJS81ymdjeyEebk.roa
File:                     5Tty1IHuUIQUBJS81ymdjeyEebk.roa (raw, json)
Hash identifier:          Zhc6voCpH3rkHlTqg7khWnBYTZaQki6mTkZPw4s9x/M=
Subject key identifier:   E5:3B:72:D4:81:EE:50:84:14:04:94:BC:D7:29:9D:8D:EC:84:79:B9
Certificate issuer:       /CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
Certificate serial:       1AB46616
Authority key identifier: 35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/5Tty1IHuUIQUBJS81ymdjeyEebk.roa
Signing time:             Sat 01 Jan 2022 06:03:41 +0000
ROA not before:           Sat 01 Jan 2022 06:03:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47298
IP address blocks:        185.1.202.0/24 maxlen: 24
                          2001:7f8:10e::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 448030230 (0x1ab46616)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3556e7fb5772f979edd5e5c5aa63eb2b9c0ddc8e
        Validity
            Not Before: Jan  1 06:03:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e53b72d481ee5084140494bcd7299d8dec8479b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c6:b3:77:80:15:45:31:60:6e:5c:b6:b0:66:
                    66:f5:3a:6e:6c:cc:70:28:54:4b:cd:fc:fe:c4:72:
                    53:e7:56:29:46:83:ff:a9:da:36:f3:96:b9:9b:d8:
                    08:d6:ee:af:97:a6:c9:02:06:08:5b:16:59:18:0d:
                    0d:74:d3:bb:d4:7f:93:84:bb:33:4d:4a:d8:52:e0:
                    e8:f4:27:74:d5:bd:68:2a:05:d1:89:f7:38:d1:f6:
                    94:23:e4:08:1b:d3:2c:03:99:27:53:7b:26:9c:fd:
                    dc:4f:a0:e8:6d:09:ff:55:15:e1:fc:26:d2:61:7a:
                    da:1a:e5:b4:a8:97:6a:b9:6a:a2:31:45:8c:75:15:
                    14:a5:14:d0:5c:59:e2:a1:ff:b6:b2:55:04:82:ca:
                    a1:0f:f2:ea:0c:dd:46:da:7c:36:df:6b:a0:a7:d9:
                    f8:b0:44:d3:e1:1a:b7:55:9f:2b:84:17:2b:9f:05:
                    bd:9b:4d:e1:a5:d5:bf:99:8f:66:1b:b3:c9:8c:d2:
                    ca:df:84:af:e6:b2:09:48:b5:76:76:eb:f7:d2:be:
                    0f:bf:f9:42:c5:ed:da:68:b9:86:c0:cc:5c:f0:00:
                    d2:e4:cd:45:18:92:b1:08:23:4e:52:cb:ae:c4:27:
                    cd:99:82:28:08:57:c2:1a:c0:1d:3b:7b:53:03:4c:
                    cb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:3B:72:D4:81:EE:50:84:14:04:94:BC:D7:29:9D:8D:EC:84:79:B9
            X509v3 Authority Key Identifier:
                keyid:35:56:E7:FB:57:72:F9:79:ED:D5:E5:C5:AA:63:EB:2B:9C:0D:DC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/5Tty1IHuUIQUBJS81ymdjeyEebk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/dcfa2a-76f7-4443-a495-6bb30a8730ed/1/NVbn-1dy-Xnt1eXFqmPrK5wN3I4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.202.0/24
                IPv6:
                  2001:7f8:10e::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:42:7c:4e:68:83:33:0b:06:12:7f:3d:75:47:b0:22:0f:f8:
         b4:3b:0c:8d:92:49:59:b6:df:88:5a:d8:ff:35:59:88:da:26:
         82:96:40:19:69:59:2d:29:72:bd:32:cd:23:3c:f0:e3:29:5c:
         23:ea:91:41:c2:b6:48:bb:90:80:4d:28:79:2c:8f:1f:63:47:
         33:5a:d1:28:41:ca:91:1c:36:54:3c:46:7b:ca:49:01:d1:70:
         a1:7d:4f:bf:ef:bc:7d:bb:4c:11:29:df:2d:92:46:ef:40:34:
         5f:2a:60:33:63:a2:f6:c4:ac:1d:ce:2a:3c:21:9e:c5:ca:2c:
         aa:62:02:50:cf:97:03:c5:92:eb:ff:fc:8b:7f:66:b2:78:fa:
         4c:20:22:a2:eb:99:35:27:5d:a4:52:01:eb:58:60:7f:19:83:
         0a:f1:15:03:97:fb:5f:dd:4d:e0:e9:cd:74:d5:05:b5:40:cc:
         78:91:e3:57:05:fb:75:be:0e:66:0c:e7:57:0b:7e:44:f3:b7:
         ad:e8:83:db:40:c0:a9:d6:f5:59:34:26:fc:a8:56:4b:40:6b:
         c2:39:66:14:29:c4:13:7a:98:b8:db:e5:b0:dd:9e:67:11:94:
         b3:d2:1f:12:47:c7:58:90:d3:5c:6d:56:24:1d:c9:5e:c4:42:
         a1:30:35:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIEGrRmFjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTU2ZTdmYjU3NzJmOTc5ZWRkNWU1YzVhYTYzZWIyYjljMGRkYzhlMB4XDTIyMDEw
MTA2MDM0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTUzYjcyZDQ4MWVl
NTA4NDE0MDQ5NGJjZDcyOTlkOGRlYzg0NzliOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMLGs3eAFUUxYG5ctrBmZvU6bmzMcChUS838/sRyU+dWKUaD
/6naNvOWuZvYCNbur5emyQIGCFsWWRgNDXTTu9R/k4S7M01K2FLg6PQndNW9aCoF
0Yn3ONH2lCPkCBvTLAOZJ1N7Jpz93E+g6G0J/1UV4fwm0mF62hrltKiXarlqojFF
jHUVFKUU0FxZ4qH/trJVBILKoQ/y6gzdRtp8Nt9roKfZ+LBE0+Eat1WfK4QXK58F
vZtN4aXVv5mPZhuzyYzSyt+Er+ayCUi1dnbr99K+D7/5QsXt2mi5hsDMXPAA0uTN
RRiSsQgjTlLLrsQnzZmCKAhXwhrAHTt7UwNMywsCAwEAAaOCAhowggIWMB0GA1Ud
DgQWBBTlO3LUge5QhBQElLzXKZ2N7IR5uTAfBgNVHSMEGDAWgBQ1Vuf7V3L5ee3V
5cWqY+srnA3cjjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05WYm4tMWR5LVhudDFlWEZxbVBySzV3TjNJNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODEvZGNmYTJhLTc2ZjctNDQ0My1hNDk1LTZiYjMwYTg3MzBlZC8x
LzVUdHkxSUh1VUlRVUJKUzgxeW1kamV5RWViay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEv
ZGNmYTJhLTc2ZjctNDQ0My1hNDk1LTZiYjMwYTg3MzBlZC8xL05WYm4tMWR5LVhu
dDFlWEZxbVBySzV3TjNJNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAw
BggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEALkByjAPBAIAAjAJAwcAIAEH+AEO
MA0GCSqGSIb3DQEBCwUAA4IBAQBJQnxOaIMzCwYSfz11R7AiD/i0OwyNkklZtt+I
Wtj/NVmI2iaClkAZaVktKXK9Ms0jPPDjKVwj6pFBwrZIu5CATSh5LI8fY0czWtEo
QcqRHDZUPEZ7ykkB0XChfU+/77x9u0wRKd8tkkbvQDRfKmAzY6L2xKwdzio8IZ7F
yiyqYgJQz5cDxZLr//yLf2ayePpMICKi65k1J12kUgHrWGB/GYMK8RUDl/tf3U3g
6c101QW1QMx4keNXBft1vg5mDOdXC35E87et6IPbQMCp1vVZNCb8qFZLQGvCOWYU
KcQTepi42+Ww3Z5nEZSz0h8SR8dYkNNcbVYkHclexEKhMDVc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:46 2024 by rpki-client on console-ams.rpki-client.org