Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa
File:                     Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa (raw, json)
Hash identifier:          TZmixzeXJ2TTTL2pTW3iT9Ib+xbOFI1xM+KZD5i/2rE=
Subject key identifier:   1F:39:3B:DD:7E:86:D3:F0:D0:28:55:47:8F:85:71:EA:F8:0F:C2:F4
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CC49245B942D1FFE0E4AABCFDFDA2A619
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201942
IP address blocks:        185.58.196.0/22 maxlen: 22
                          185.119.112.0/22 maxlen: 22
                          212.23.223.0/24 maxlen: 24
                          195.184.72.0/24 maxlen: 24
                          45.130.16.0/22 maxlen: 22
                          193.56.3.0/24 maxlen: 24
                          46.226.144.0/21 maxlen: 21
                          194.26.143.0/24 maxlen: 24
                          195.182.205.0/24 maxlen: 24
                          193.163.117.0/24 maxlen: 24
                          193.46.216.0/24 maxlen: 24
                          185.232.41.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:45:b9:42:d1:ff:e0:e4:aa:bc:fd:fd:a2:a6:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f393bdd7e86d3f0d02855478f8571eaf80fc2f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3e:e6:7f:a2:72:6b:f9:28:c4:ef:c5:86:5a:
                    d4:3c:fe:b8:17:57:22:44:07:0f:4c:79:ce:b3:9f:
                    d7:73:a7:20:5b:c5:6e:de:a6:8e:66:96:5e:2e:06:
                    a3:8b:87:51:cc:95:49:af:62:c1:6d:33:e7:a2:59:
                    5a:e4:96:f5:72:ce:e7:bd:09:8c:1d:41:3f:ed:19:
                    e8:bb:30:b5:81:0a:86:cc:c9:7f:76:98:2c:1a:86:
                    5f:65:2e:84:0b:45:c7:b4:7b:a8:09:6a:37:b0:d8:
                    29:86:50:1e:8b:12:6a:92:ef:8b:e6:95:29:81:89:
                    41:cb:f7:e9:6f:bb:ce:f3:d5:02:bf:2a:a8:23:d3:
                    69:3f:d5:d5:e6:1e:69:26:b1:7c:05:85:8b:66:d1:
                    db:78:98:f7:47:68:b2:01:f4:85:77:45:e0:69:d1:
                    ce:d4:ea:32:0b:54:0e:52:98:00:78:76:a8:3d:c3:
                    70:21:90:0a:ce:29:f2:fd:f8:c4:b8:c5:31:c9:b7:
                    d7:ce:93:bb:b0:4f:84:71:cd:f4:05:e5:c0:37:0c:
                    d7:c7:71:6d:21:65:d4:18:87:d8:3c:50:89:43:0a:
                    c4:5b:77:92:4a:49:bd:56:b0:87:7c:fb:a7:2a:be:
                    4b:6c:ec:69:aa:a3:4b:ff:96:c2:f3:53:5a:8a:7e:
                    bf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:39:3B:DD:7E:86:D3:F0:D0:28:55:47:8F:85:71:EA:F8:0F:C2:F4
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.16.0/22
                  46.226.144.0/21
                  185.58.196.0/22
                  185.119.112.0/22
                  185.232.41.0/24
                  193.46.216.0/24
                  193.56.3.0/24
                  193.163.117.0/24
                  194.26.143.0/24
                  195.182.205.0/24
                  195.184.72.0/24
                  212.23.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:7c:c1:13:aa:e2:0a:d8:a5:4f:3e:43:94:5b:a9:b4:0c:53:
         43:29:9f:42:93:8f:cf:2b:48:0d:65:81:7d:ce:f0:31:30:a0:
         b7:1c:e4:98:58:41:0b:d6:0a:d3:4d:6e:08:67:76:3d:d8:e2:
         8a:a0:b0:4b:bb:98:21:8a:bd:b5:9f:e3:58:8c:fc:a7:bb:ea:
         00:c4:c1:f8:de:4a:b0:79:af:ca:9d:97:34:ea:02:0f:14:4b:
         2d:82:37:bf:4f:d2:e6:9d:1f:96:c0:cf:e2:f3:aa:b7:43:a1:
         12:c1:d6:71:f3:fd:2d:b6:55:9b:d3:f2:8d:a8:f1:57:84:a1:
         e7:10:de:53:20:26:29:b1:92:ad:d4:df:f7:5f:1e:0e:5c:cc:
         f8:20:83:42:83:f9:7c:de:a7:5f:8f:bb:51:70:5a:4e:03:51:
         b8:f6:1a:82:a3:fa:a1:2f:da:4a:b4:ef:e1:3a:26:1c:3e:a4:
         53:e9:6b:f6:a0:97:d5:43:fa:f8:e9:d4:2f:27:45:b7:4e:3e:
         ca:d6:c2:ed:ec:fa:52:0e:ad:09:88:37:6d:66:07:e6:7c:51:
         a2:ca:0d:a2:2f:b5:bb:1d:b9:11:9a:0f:e9:99:f0:37:a2:6d:
         56:3f:f2:57:0c:0b:43:b2:d3:0d:a2:12:10:06:8d:3d:83:39:
         e3:5b:8f:0b
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYzEkkW5QtH/4OSqvP39oqYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM5M2JkZDdlODZkM2YwZDAyODU1NDc4Zjg1NzFlYWY4MGZjMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4T7mf6Jya/koxO/FhlrUPP64F1ci
RAcPTHnOs5/Xc6cgW8Vu3qaOZpZeLgaji4dRzJVJr2LBbTPnolla5Jb1cs7nvQmM
HUE/7RnouzC1gQqGzMl/dpgsGoZfZS6EC0XHtHuoCWo3sNgphlAeixJqku+L5pUp
gYlBy/fpb7vO89UCvyqoI9NpP9XV5h5pJrF8BYWLZtHbeJj3R2iyAfSFd0XgadHO
1OoyC1QOUpgAeHaoPcNwIZAKziny/fjEuMUxybfXzpO7sE+Ecc30BeXANwzXx3Ft
IWXUGIfYPFCJQwrEW3eSSkm9VrCHfPunKr5LbOxpqqNL/5bC81Nain6/kQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFB85O91+htPw0ChVR4+Fcer4D8L0MB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvSHprNzNYNkcwX0RRS0ZWSGo0Vng2dmdQd3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCLYIQAwQD
LuKQAwQCuTrEAwQCuXdwAwQAuegpAwQAwS7YAwQAwTgDAwQAwaN1AwQAwhqPAwQA
w7bNAwQAw7hIAwQA1BffMA0GCSqGSIb3DQEBCwUAA4IBAQBBfMETquIK2KVPPkOU
W6m0DFNDKZ9Ck4/PK0gNZYF9zvAxMKC3HOSYWEEL1grTTW4IZ3Y92OKKoLBLu5gh
ir21n+NYjPynu+oAxMH43kqwea/KnZc06gIPFEstgje/T9LmnR+WwM/i86q3Q6ES
wdZx8/0ttlWb0/KNqPFXhKHnEN5TICYpsZKt1N/3Xx4OXMz4IINCg/l83qdfj7tR
cFpOA1G49hqCo/qhL9pKtO/hOiYcPqRT6Wv2oJfVQ/r46dQvJ0W3Tj7K1sLt7PpS
Dq0JiDdtZgfmfFGiyg2iL7W7HbkRmg/pmfA3om1WP/JXDAtDstMNohIQBo09gznj
W48L
-----END CERTIFICATE-----
Generated at Fri Sep 20 11:20:00 2024 by rpki-client on console-ams.rpki-client.org