Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/hnJ74AuNGiTWugpoBzq2C7fbhm8.roa
File:                     hnJ74AuNGiTWugpoBzq2C7fbhm8.roa (raw, json)
Hash identifier:          9l9087yuYGP8fTE6fPqOPBd/k8YvE7LzOq/E9w4PpvU=
Subject key identifier:   86:72:7B:E0:0B:8D:1A:24:D6:BA:0A:68:07:3A:B6:0B:B7:DB:86:6F
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       018572E8324AE6E2CFE3F8DFFF273D07946C
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/hnJ74AuNGiTWugpoBzq2C7fbhm8.roa
Signing time:             Mon 02 Jan 2023 14:34:57 +0000
ROA not before:           Mon 02 Jan 2023 14:34:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43624
IP address blocks:        185.233.187.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:e8:32:4a:e6:e2:cf:e3:f8:df:ff:27:3d:07:94:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Jan  2 14:34:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86727be00b8d1a24d6ba0a68073ab60bb7db866f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e7:ea:f3:0f:0b:d2:55:14:ff:d3:9b:00:f0:
                    a7:28:83:9a:5b:d1:48:d3:3f:2c:76:ec:86:89:ce:
                    8f:13:c3:3a:c7:7f:3e:af:51:c2:14:ee:6c:81:4e:
                    d0:ed:6b:5d:cf:2a:9d:e6:23:f4:fd:38:b6:a6:3d:
                    7a:ba:49:8a:99:f3:6c:3a:6b:69:5c:f8:9b:cd:ca:
                    6e:fc:ff:d6:59:d8:68:21:44:ee:89:6c:12:5c:43:
                    48:92:98:dc:3a:26:fc:ee:e8:5f:44:b4:63:a9:73:
                    98:3f:09:61:16:ed:38:fc:c3:fc:26:5c:7d:c7:3e:
                    7e:01:87:07:43:b3:df:8b:ca:94:7f:3d:88:39:b1:
                    8f:8e:7d:25:c1:c5:36:ef:f2:e7:76:db:cd:83:23:
                    de:4c:8c:67:81:66:90:7f:33:88:59:0f:16:3c:d3:
                    44:c5:97:87:1f:56:2c:61:65:a5:01:4e:fc:8c:e0:
                    03:c8:3d:32:b4:86:6e:6c:0a:d0:fb:ca:6e:59:db:
                    99:da:67:12:dc:e5:08:23:a5:8d:51:64:fe:36:ab:
                    bc:ac:01:da:b7:33:d8:bc:c7:72:e1:0d:24:65:2c:
                    85:a1:d0:6d:db:6a:2b:0c:49:db:9d:5f:f0:b3:5e:
                    bc:9f:cb:27:cb:3d:2a:89:a1:1b:ae:34:45:59:77:
                    6a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:72:7B:E0:0B:8D:1A:24:D6:BA:0A:68:07:3A:B6:0B:B7:DB:86:6F
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/hnJ74AuNGiTWugpoBzq2C7fbhm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:8f:8e:0c:a5:1f:3e:7c:5d:44:9c:5e:9b:f1:8f:7c:be:fd:
         d8:6a:c3:6b:9c:ac:d3:0f:90:d8:01:6e:a1:65:80:62:cc:4e:
         ed:df:74:6c:4a:ad:e9:60:da:bd:fe:19:14:ab:fb:54:bb:a7:
         bc:ec:2b:60:1b:29:b3:6d:89:58:35:95:26:78:17:1f:d1:cb:
         c4:36:7f:7f:a6:dd:04:c3:a8:0a:63:2b:10:ec:d6:96:90:a4:
         23:4e:b8:10:4c:e3:e2:9d:d7:2c:b2:6a:9a:a6:45:aa:69:74:
         03:14:11:65:d4:78:91:3a:fa:24:4a:cb:6c:e7:cb:92:b2:68:
         c6:d8:ae:c6:80:a6:bb:8c:f8:0a:7b:81:47:9a:be:6c:1f:c8:
         fe:ff:ea:fa:6d:c7:67:71:41:4f:b4:57:91:06:0c:f4:3a:68:
         ee:a9:dc:83:3d:7e:a5:71:75:cc:99:70:97:e4:05:22:f9:08:
         2c:01:bf:5c:7f:c6:f1:d5:a9:d1:bb:fd:d4:99:27:1a:42:f6:
         61:a5:9d:d8:bb:7a:d0:2b:dd:db:63:d3:db:11:65:d9:e1:c8:
         73:8c:db:90:37:6d:61:49:66:4c:c5:c3:3f:c9:39:f7:bc:f8:
         ea:3c:93:de:6b:bf:fb:86:8d:f5:da:86:33:f7:aa:b0:7f:de:
         85:60:9e:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVy6DJK5uLP4/jf/yc9B5RsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMTAyMTQzNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjcyN2JlMDBiOGQxYTI0ZDZiYTBhNjgwNzNhYjYwYmI3ZGI4NjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOfq8w8L0lUU/9ObAPCnKIOaW9FI
0z8sduyGic6PE8M6x38+r1HCFO5sgU7Q7Wtdzyqd5iP0/Ti2pj16ukmKmfNsOmtp
XPibzcpu/P/WWdhoIUTuiWwSXENIkpjcOib87uhfRLRjqXOYPwlhFu04/MP8Jlx9
xz5+AYcHQ7Pfi8qUfz2IObGPjn0lwcU27/LndtvNgyPeTIxngWaQfzOIWQ8WPNNE
xZeHH1YsYWWlAU78jOADyD0ytIZubArQ+8puWduZ2mcS3OUII6WNUWT+Nqu8rAHa
tzPYvMdy4Q0kZSyFodBt22orDEnbnV/ws168n8snyz0qiaEbrjRFWXdqawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZye+ALjRok1roKaAc6tgu324ZvMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvaG5KNzRBdU5HaVRXdWdwb0J6cTJDN2ZiaG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuem7MA0G
CSqGSIb3DQEBCwUAA4IBAQByj44MpR8+fF1EnF6b8Y98vv3YasNrnKzTD5DYAW6h
ZYBizE7t33RsSq3pYNq9/hkUq/tUu6e87CtgGymzbYlYNZUmeBcf0cvENn9/pt0E
w6gKYysQ7NaWkKQjTrgQTOPindcssmqapkWqaXQDFBFl1HiROvokSsts58uSsmjG
2K7GgKa7jPgKe4FHmr5sH8j+/+r6bcdncUFPtFeRBgz0OmjuqdyDPX6lcXXMmXCX
5AUi+QgsAb9cf8bx1anRu/3UmScaQvZhpZ3Yu3rQK93bY9PbEWXZ4chzjNuQN21h
SWZMxcM/yTn3vPjqPJPea7/7ho312oYz96qwf96FYJ6y
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:30 2024 by rpki-client on console-fra.rpki-client.org