Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5WwSPyaiVPMFzO9jA3jKW5004Dg.roa
File:                     5WwSPyaiVPMFzO9jA3jKW5004Dg.roa (raw, json)
Hash identifier:          dvgf0dHQwBjr2UBAY847EwWzP6uW4KACWxeAAVy4yXQ=
Subject key identifier:   E5:6C:12:3F:26:A2:54:F3:05:CC:EF:63:03:78:CA:5B:9D:34:E0:38
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018BFC923223676C7B1363D87962C8044E2E
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5WwSPyaiVPMFzO9jA3jKW5004Dg.roa
Signing time:             Thu 23 Nov 2023 14:25:21 +0000
ROA not before:           Thu 23 Nov 2023 14:25:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60446
IP address blocks:        188.132.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:fc:92:32:23:67:6c:7b:13:63:d8:79:62:c8:04:4e:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Nov 23 14:25:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e56c123f26a254f305ccef630378ca5b9d34e038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c7:b6:32:76:ca:dd:1b:73:e1:cd:3b:20:e6:
                    fe:e7:93:1d:fc:05:c3:33:cb:2d:e6:59:5e:7f:1e:
                    7f:dc:80:53:2d:04:77:c3:01:97:35:8c:e3:7f:6e:
                    21:76:53:c3:cb:55:91:28:91:fa:a1:22:64:e9:43:
                    47:63:7b:c8:fc:86:d8:b6:ad:88:ac:bd:fb:f8:1e:
                    a0:b1:ea:b5:13:0c:6b:2b:3c:b0:cd:76:6f:3e:4e:
                    d4:9d:32:07:7a:d2:81:7f:6d:7f:19:88:3b:c1:e8:
                    e5:c7:d3:c5:7d:4f:29:12:2c:8a:53:fc:0f:98:cc:
                    03:3f:bf:4e:fb:31:01:ca:57:e5:bd:de:39:f7:b9:
                    85:d5:90:2b:8c:6e:c3:36:93:e2:61:5d:59:94:b4:
                    cc:79:f3:0a:21:62:62:42:ef:99:2b:26:fb:47:0c:
                    36:9a:01:da:6c:17:b2:1f:a6:f3:14:6e:c8:9d:92:
                    24:4e:90:7b:5a:4a:ff:7b:a7:05:62:1f:b0:21:57:
                    7f:f8:11:7b:92:19:c2:42:9d:f9:ec:df:cc:b9:48:
                    24:37:74:dd:c6:ab:57:21:f9:9e:51:b9:27:75:53:
                    8d:7d:a1:73:84:cd:23:26:2d:c2:13:3d:00:82:10:
                    94:01:3c:c1:22:57:0d:33:f6:f9:91:17:84:05:a5:
                    26:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:6C:12:3F:26:A2:54:F3:05:CC:EF:63:03:78:CA:5B:9D:34:E0:38
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5WwSPyaiVPMFzO9jA3jKW5004Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:e7:ff:6c:56:7b:c1:6d:73:ba:31:f9:32:b7:72:f3:85:e9:
         c4:23:23:34:f4:10:fd:81:6c:db:af:b7:f1:7d:e1:31:55:c8:
         d0:b0:f6:aa:51:ff:8e:bd:45:38:61:a9:86:a7:b1:2e:62:c0:
         08:0c:37:06:ee:0e:22:99:80:e6:75:c7:47:2a:8f:26:33:d9:
         50:e1:0a:c7:7f:25:99:bc:e4:13:f1:ff:18:0f:0d:64:ad:49:
         54:46:c7:f4:94:ac:fa:a2:c1:85:65:d7:05:75:fb:ab:82:98:
         40:a2:3f:09:49:83:13:32:d8:b7:54:8f:81:2f:5d:ca:53:26:
         de:30:4c:e7:ea:4a:e5:3c:37:3e:1d:20:69:18:6a:13:cb:c8:
         b5:1d:10:3f:ea:a3:f9:93:59:d5:87:4c:71:9d:aa:4d:6a:bf:
         db:5b:b7:0c:e5:79:28:f5:36:0f:62:5b:26:c3:97:a4:91:3d:
         1d:95:c0:aa:ee:3a:b2:16:2f:67:ef:1c:3d:6c:a1:ab:5e:fa:
         64:de:ac:2a:42:11:b3:6d:14:75:66:ff:b1:75:cb:f6:44:60:
         31:7e:ec:a9:7a:80:cd:97:54:42:e1:be:f7:ae:dc:d6:c1:ed:
         bb:66:9e:0a:27:b7:2a:de:74:04:14:15:ff:07:12:de:02:4d:
         89:c3:81:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYv8kjIjZ2x7E2PYeWLIBE4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMTIzMTQyNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTZjMTIzZjI2YTI1NGYzMDVjY2VmNjMwMzc4Y2E1YjlkMzRlMDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8e2MnbK3Rtz4c07IOb+55Md/AXD
M8st5llefx5/3IBTLQR3wwGXNYzjf24hdlPDy1WRKJH6oSJk6UNHY3vI/IbYtq2I
rL37+B6gseq1EwxrKzywzXZvPk7UnTIHetKBf21/GYg7wejlx9PFfU8pEiyKU/wP
mMwDP79O+zEBylflvd4597mF1ZArjG7DNpPiYV1ZlLTMefMKIWJiQu+ZKyb7Rww2
mgHabBeyH6bzFG7InZIkTpB7Wkr/e6cFYh+wIVd/+BF7khnCQp357N/MuUgkN3Td
xqtXIfmeUbkndVONfaFzhM0jJi3CEz0AghCUATzBIlcNM/b5kReEBaUm2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVsEj8molTzBczvYwN4yludNOA4MB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvNVd3U1B5YWlWUE1Gek85akEzaktXNTAwNERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvITfMA0G
CSqGSIb3DQEBCwUAA4IBAQDR5/9sVnvBbXO6Mfkyt3LzhenEIyM09BD9gWzbr7fx
feExVcjQsPaqUf+OvUU4YamGp7EuYsAIDDcG7g4imYDmdcdHKo8mM9lQ4QrHfyWZ
vOQT8f8YDw1krUlURsf0lKz6osGFZdcFdfurgphAoj8JSYMTMti3VI+BL13KUybe
MEzn6krlPDc+HSBpGGoTy8i1HRA/6qP5k1nVh0xxnapNar/bW7cM5Xko9TYPYlsm
w5ekkT0dlcCq7jqyFi9n7xw9bKGrXvpk3qwqQhGzbRR1Zv+xdcv2RGAxfuypeoDN
l1RC4b73rtzWwe27Zp4KJ7cq3nQEFBX/BxLeAk2Jw4E1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:01 2024 by rpki-client on console-fra.rpki-client.org