Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/CQz715dswBhnY_Vn0fPSQZqJNxs.roa
File:                     CQz715dswBhnY_Vn0fPSQZqJNxs.roa (raw, json)
Hash identifier:          SOhO5R9V5mWeI6pOTD98sR8JnylbmuxOOnd5//b+m/4=
Subject key identifier:   09:0C:FB:D7:97:6C:C0:18:67:63:F5:67:D1:F3:D2:41:9A:89:37:1B
Certificate issuer:       /CN=2956584b70ce847c1a9b400548b14db031bedff2
Certificate serial:       018E9962126EC1B7D1CE1B950B3C972F4818
Authority key identifier: 29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/CQz715dswBhnY_Vn0fPSQZqJNxs.roa
Signing time:             Mon 01 Apr 2024 11:18:45 +0000
ROA not before:           Mon 01 Apr 2024 11:18:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        79.110.234.0/24 maxlen: 24
                          188.93.141.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:99:62:12:6e:c1:b7:d1:ce:1b:95:0b:3c:97:2f:48:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2956584b70ce847c1a9b400548b14db031bedff2
        Validity
            Not Before: Apr  1 11:18:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=090cfbd7976cc0186763f567d1f3d2419a89371b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:28:5f:de:b4:00:bb:7a:6b:9e:03:d0:0e:4d:
                    e7:5c:e0:fd:ed:e3:be:a2:8e:5d:e0:ca:84:26:a2:
                    9d:76:ad:90:3a:a3:cc:14:76:7b:a1:cc:23:ee:6d:
                    32:4b:07:1f:84:a1:9d:ff:38:2a:34:f9:a2:15:ac:
                    6e:e7:2e:34:9e:5e:ae:ce:fe:bc:62:ae:c4:03:b5:
                    ba:ee:3d:18:5e:f6:0d:65:b1:5f:6f:02:7c:25:54:
                    fe:d0:e2:19:13:48:36:ba:79:4c:a0:02:99:56:ac:
                    87:66:15:e1:72:8d:c3:c9:93:4f:5f:34:7c:b5:4e:
                    f8:2e:77:f9:ba:fd:b7:b0:04:ad:2b:23:d7:14:fd:
                    f2:d0:4e:b7:22:1d:ef:10:63:f9:01:bd:d2:f1:27:
                    be:f8:d0:93:53:56:c7:4a:c4:0e:8e:bc:36:c4:e8:
                    c0:8d:03:6b:87:09:ba:c8:30:b6:47:a1:6b:7c:12:
                    4d:3b:ca:5a:c2:8b:38:18:18:14:da:71:17:0f:cd:
                    fa:8a:1f:70:a9:32:ad:e1:5c:44:89:98:24:da:6c:
                    28:16:da:96:4f:2e:7f:60:c4:e1:c2:26:b1:46:fb:
                    6c:a6:c2:de:17:67:fb:43:5b:94:3a:55:91:7c:aa:
                    17:93:c6:77:8e:8e:e5:ce:6a:f7:01:70:00:18:00:
                    6d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0C:FB:D7:97:6C:C0:18:67:63:F5:67:D1:F3:D2:41:9A:89:37:1B
            X509v3 Authority Key Identifier:
                keyid:29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/CQz715dswBhnY_Vn0fPSQZqJNxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/KVZYS3DOhHwam0AFSLFNsDG-3_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.234.0/24
                  188.93.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:14:b0:bc:68:a1:66:c6:e7:96:ed:3c:b8:f6:36:fb:ab:c5:
         18:48:13:0e:33:0a:1f:fc:95:57:7a:c0:53:1a:12:0a:d3:94:
         27:a9:41:47:65:33:9d:40:ad:2b:3a:92:db:bd:9e:57:02:4d:
         60:8b:f7:a1:78:ec:a1:c5:f2:7d:13:cc:de:26:83:bd:c4:c2:
         c5:4f:57:0e:53:69:20:42:a3:e3:fa:3b:0f:af:3e:6f:a1:97:
         5b:ad:fb:b7:fe:10:2a:e3:64:84:92:9f:5d:64:6e:bd:13:66:
         8e:65:ad:37:61:22:15:e0:c2:35:8b:74:aa:85:9a:fb:3c:dd:
         ea:2a:e7:9a:cb:23:78:78:2c:17:ef:50:f8:a6:54:1a:b7:c3:
         e2:89:4c:f0:4f:27:13:38:72:24:57:2c:63:f0:73:43:c7:8c:
         78:3e:69:5b:68:8d:05:d9:b4:42:70:de:1a:de:56:51:d7:54:
         a8:57:b2:01:18:95:54:f0:47:c3:5d:0b:5c:65:80:f2:58:af:
         db:a1:ab:5f:3a:8a:33:00:12:f5:52:fe:e3:ee:1d:40:1b:ef:
         69:a0:a5:cb:27:45:36:89:18:38:d2:d4:29:d0:43:dd:98:ba:
         f6:e9:6f:30:9c:8c:30:e7:94:9a:c1:d6:68:47:25:09:8e:11:
         6c:c2:d3:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6ZYhJuwbfRzhuVCzyXL0gYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTY1ODRiNzBjZTg0N2MxYTliNDAwNTQ4YjE0ZGIwMzFi
ZWRmZjIwHhcNMjQwNDAxMTExODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBjZmJkNzk3NmNjMDE4Njc2M2Y1NjdkMWYzZDI0MTlhODkzNzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoihf3rQAu3prngPQDk3nXOD97eO+
oo5d4MqEJqKddq2QOqPMFHZ7ocwj7m0ySwcfhKGd/zgqNPmiFaxu5y40nl6uzv68
Yq7EA7W67j0YXvYNZbFfbwJ8JVT+0OIZE0g2unlMoAKZVqyHZhXhco3DyZNPXzR8
tU74Lnf5uv23sAStKyPXFP3y0E63Ih3vEGP5Ab3S8Se++NCTU1bHSsQOjrw2xOjA
jQNrhwm6yDC2R6FrfBJNO8pawos4GBgU2nEXD836ih9wqTKt4VxEiZgk2mwoFtqW
Ty5/YMThwiaxRvtspsLeF2f7Q1uUOlWRfKoXk8Z3jo7lzmr3AXAAGABtWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAkM+9eXbMAYZ2P1Z9Hz0kGaiTcbMB8GA1UdIwQY
MBaAFClWWEtwzoR8GptABUixTbAxvt/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAt
MDZiNDFlZjEzOThkLzEvQ1F6NzE1ZHN3QmhuWV9WbjBmUFNRWnFKTnhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAtMDZiNDFlZjEzOThk
LzEvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT27qAwQA
vF2NMA0GCSqGSIb3DQEBCwUAA4IBAQAyFLC8aKFmxueW7Ty49jb7q8UYSBMOMwof
/JVXesBTGhIK05QnqUFHZTOdQK0rOpLbvZ5XAk1gi/eheOyhxfJ9E8zeJoO9xMLF
T1cOU2kgQqPj+jsPrz5voZdbrfu3/hAq42SEkp9dZG69E2aOZa03YSIV4MI1i3Sq
hZr7PN3qKueayyN4eCwX71D4plQat8PiiUzwTycTOHIkVyxj8HNDx4x4PmlbaI0F
2bRCcN4a3lZR11SoV7IBGJVU8EfDXQtcZYDyWK/boatfOoozABL1Uv7j7h1AG+9p
oKXLJ0U2iRg40tQp0EPdmLr26W8wnIww55SawdZoRyUJjhFswtO3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:30 2024 by rpki-client on console-ams.rpki-client.org