Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/5hQUv1r9rZNMSIOd86oVkwPRSAM.roa
File:                     5hQUv1r9rZNMSIOd86oVkwPRSAM.roa (raw, json)
Hash identifier:          4QsiRSyjkdP+c6lcQThmJJJVQtUEZREMyXbrSIuyTNE=
Subject key identifier:   E6:14:14:BF:5A:FD:AD:93:4C:48:83:9D:F3:AA:15:93:03:D1:48:03
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       018572E834D35BEF6DCD6F348193004A1421
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/5hQUv1r9rZNMSIOd86oVkwPRSAM.roa
Signing time:             Mon 02 Jan 2023 14:34:58 +0000
ROA not before:           Mon 02 Jan 2023 14:34:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212238
IP address blocks:        185.239.48.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:e8:34:d3:5b:ef:6d:cd:6f:34:81:93:00:4a:14:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Jan  2 14:34:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e61414bf5afdad934c48839df3aa159303d14803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e0:19:51:a1:9d:20:57:c9:9d:7d:eb:b7:fa:
                    75:05:e1:e5:db:e7:00:15:80:c3:02:9f:e8:38:3c:
                    5c:ef:aa:72:1b:19:05:18:7a:07:be:3a:fb:ec:cd:
                    55:48:bf:96:30:83:75:16:09:d2:11:dd:6a:ee:f6:
                    95:c8:1e:6f:be:7a:33:b5:ec:a9:52:62:ee:e8:de:
                    66:1d:30:f1:a6:bc:90:bf:9d:03:97:4e:b0:79:85:
                    e3:e9:3b:e3:1c:25:43:08:bc:06:ea:dc:d4:6f:55:
                    c8:7f:66:20:01:89:31:f0:5b:f6:38:5d:cf:46:09:
                    dc:ea:c8:f9:08:5b:fc:c5:df:63:5e:f2:f4:56:b0:
                    83:89:4a:79:a4:4d:05:29:99:27:95:81:59:d1:3f:
                    00:10:34:0c:2b:00:d0:43:79:dc:1e:fa:fb:30:67:
                    30:44:80:25:91:b0:b0:02:1d:90:cd:41:b1:c4:1e:
                    80:92:e6:ff:d2:8e:83:03:cc:2b:47:36:a2:e6:09:
                    09:c4:8f:14:71:d8:79:2e:56:cb:10:2b:30:82:88:
                    76:c4:50:e4:6d:83:61:ca:02:29:20:64:be:81:ed:
                    e7:40:92:ce:84:91:29:1a:53:e9:8f:83:04:da:98:
                    9e:3a:3c:2c:d6:5a:b4:13:a3:f6:33:97:9d:dc:da:
                    05:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:14:14:BF:5A:FD:AD:93:4C:48:83:9D:F3:AA:15:93:03:D1:48:03
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/5hQUv1r9rZNMSIOd86oVkwPRSAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:1b:04:0d:06:a1:26:cc:ef:e4:5b:56:d4:88:bf:d7:16:7d:
         76:ff:85:50:fa:b0:10:64:a6:62:8e:2b:62:f2:c8:8d:be:6c:
         42:54:9a:b1:e5:03:a7:14:67:c7:96:0d:20:1c:df:f7:7f:e2:
         1b:9b:63:6c:7a:4a:47:16:ca:25:10:84:8c:e1:c7:2a:eb:43:
         61:f9:37:54:75:9d:ec:77:07:cb:fd:c3:46:ed:aa:d8:7e:e6:
         51:7f:27:a2:ac:9a:1d:cc:81:26:9c:30:fc:44:ee:37:5c:74:
         7c:44:a7:dc:20:b3:b3:33:ff:d4:11:c8:60:6a:51:5a:e9:76:
         a8:92:2e:80:e6:01:c3:0b:57:41:ce:32:50:06:67:ec:f1:31:
         60:49:3d:31:1b:2e:77:d9:e0:70:24:10:73:f9:eb:c2:d8:7f:
         ff:2e:8f:ca:24:01:84:b5:b8:49:5f:89:7a:d8:ff:58:5d:77:
         47:93:ce:10:f8:e0:c5:68:c0:5f:96:63:d7:6f:01:12:a0:59:
         4b:3f:da:28:e0:00:56:e5:42:6f:77:3c:17:e3:4c:6f:df:c5:
         5e:5d:57:20:9e:cd:f9:b3:51:c8:4d:f4:53:89:87:26:46:3e:
         88:a8:9a:a8:0a:96:73:f9:53:3e:4c:4b:c5:26:54:88:34:ee:
         4e:cd:45:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVy6DTTW+9tzW80gZMAShQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMTAyMTQzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE0MTRiZjVhZmRhZDkzNGM0ODgzOWRmM2FhMTU5MzAzZDE0ODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+AZUaGdIFfJnX3rt/p1BeHl2+cA
FYDDAp/oODxc76pyGxkFGHoHvjr77M1VSL+WMIN1FgnSEd1q7vaVyB5vvnozteyp
UmLu6N5mHTDxpryQv50Dl06weYXj6TvjHCVDCLwG6tzUb1XIf2YgAYkx8Fv2OF3P
Rgnc6sj5CFv8xd9jXvL0VrCDiUp5pE0FKZknlYFZ0T8AEDQMKwDQQ3ncHvr7MGcw
RIAlkbCwAh2QzUGxxB6Akub/0o6DA8wrRzai5gkJxI8Ucdh5LlbLECswgoh2xFDk
bYNhygIpIGS+ge3nQJLOhJEpGlPpj4ME2pieOjws1lq0E6P2M5ed3NoFIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYUFL9a/a2TTEiDnfOqFZMD0UgDMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvNWhRVXYxcjlyWk5NU0lPZDg2b1Zrd1BSU0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue8wMA0G
CSqGSIb3DQEBCwUAA4IBAQBtGwQNBqEmzO/kW1bUiL/XFn12/4VQ+rAQZKZijiti
8siNvmxCVJqx5QOnFGfHlg0gHN/3f+Ibm2NsekpHFsolEISM4ccq60Nh+TdUdZ3s
dwfL/cNG7arYfuZRfyeirJodzIEmnDD8RO43XHR8RKfcILOzM//UEchgalFa6Xao
ki6A5gHDC1dBzjJQBmfs8TFgST0xGy532eBwJBBz+evC2H//Lo/KJAGEtbhJX4l6
2P9YXXdHk84Q+ODFaMBflmPXbwESoFlLP9oo4ABW5UJvdzwX40xv38VeXVcgns35
s1HITfRTiYcmRj6IqJqoCpZz+VM+TEvFJlSINO5OzUXF
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:59:33 2023 by rpki-client on console-fra.rpki-client.org