Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/C7cfChhQtngjP4b4lvlA5HKlZ3E.roa
File:                     C7cfChhQtngjP4b4lvlA5HKlZ3E.roa (raw, json)
Hash identifier:          4RF0n4kXdnh+WEQRkpdfHdf0hvc6qVseGeg8R/t3VzI=
Subject key identifier:   0B:B7:1F:0A:18:50:B6:78:23:3F:86:F8:96:F9:40:E4:72:A5:67:71
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018AF27F6C9EC83BBF83A0D90BD3FCF11FD6
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/C7cfChhQtngjP4b4lvlA5HKlZ3E.roa
Signing time:             Mon 02 Oct 2023 22:25:51 +0000
ROA not before:           Mon 02 Oct 2023 22:25:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212193
IP address blocks:        188.132.214.0/24 maxlen: 24
                          77.92.147.0/24 maxlen: 24
                          212.68.55.0/24 maxlen: 24
                          188.132.190.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f2:7f:6c:9e:c8:3b:bf:83:a0:d9:0b:d3:fc:f1:1f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Oct  2 22:25:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0bb71f0a1850b678233f86f896f940e472a56771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5e:8c:b7:0c:75:64:e9:a5:8b:59:c6:da:2f:
                    9c:0d:96:72:6d:d9:5d:6d:10:49:b3:74:58:ed:a9:
                    d5:cb:69:20:42:5a:78:17:b9:ee:39:ad:9e:f4:fc:
                    5c:d4:aa:16:b7:95:d1:3e:c0:be:78:ec:60:fa:29:
                    c9:bf:04:62:b7:31:a5:5f:20:ed:9c:53:92:e0:97:
                    c6:f6:4b:d9:2b:ab:91:94:18:0f:c5:9f:58:20:29:
                    31:ca:b7:30:23:7b:c3:72:e7:7e:3e:06:1f:7a:7d:
                    a8:14:a0:1b:34:27:02:c6:c7:bb:fe:91:53:8e:4c:
                    d5:60:93:5c:d4:a8:50:6d:02:14:81:1b:9a:5f:43:
                    30:fc:36:cd:f5:5d:77:50:97:58:c1:85:f7:02:53:
                    15:21:ac:64:91:5c:0d:78:67:55:55:ee:4c:e7:af:
                    f3:be:48:dc:37:ad:58:85:48:1a:c9:62:ae:21:eb:
                    07:bd:2c:87:66:b3:30:c4:f3:b6:70:0c:50:7f:14:
                    57:ce:c3:3d:81:b4:0a:d9:49:01:af:86:91:79:1c:
                    c8:56:17:99:27:3a:7b:60:23:8c:2d:4c:40:a8:17:
                    67:2e:78:35:3c:29:07:6a:0c:f5:d0:49:7c:9f:10:
                    d3:01:79:53:5c:5d:46:12:79:49:c7:56:33:b5:09:
                    fe:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B7:1F:0A:18:50:B6:78:23:3F:86:F8:96:F9:40:E4:72:A5:67:71
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/C7cfChhQtngjP4b4lvlA5HKlZ3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.147.0/24
                  188.132.190.0/24
                  188.132.214.0/24
                  212.68.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:df:ab:bc:ff:f4:28:88:89:3f:48:e7:25:8b:74:04:3c:2f:
         92:32:2b:6c:b1:f7:37:a1:5f:d5:94:2c:c1:78:1f:dd:98:7c:
         82:82:b2:f1:d8:1f:a0:b8:de:d9:9e:b1:88:84:6f:b0:ef:07:
         2a:4d:9e:0e:7c:32:70:43:b6:43:55:17:c3:0c:19:57:ca:84:
         fd:3d:48:45:be:2c:e4:8e:7c:df:ce:33:59:94:12:09:43:fc:
         52:33:1c:bd:ea:43:f8:61:a5:7b:35:6a:53:cc:f5:98:b5:9d:
         31:85:fa:4d:63:41:58:cc:cd:55:fc:6d:22:83:43:9a:7e:59:
         9a:77:06:ce:d1:2a:cd:34:4d:5e:52:0b:65:3a:a5:e2:59:9e:
         51:b6:dd:10:eb:6a:5c:ca:fa:f2:5c:fb:0c:38:ee:5a:a4:78:
         80:53:02:1f:e2:3d:d0:cc:5b:24:9f:ac:63:7d:32:b6:d5:67:
         04:48:ce:f1:36:d6:4a:44:9d:23:19:60:a2:bc:ad:1f:0e:4e:
         38:dc:c7:67:9e:12:19:03:b3:3d:c2:63:9f:19:4a:1b:ee:f4:
         69:19:01:35:fd:22:67:bd:30:6c:e8:db:e6:69:9a:fd:b4:28:
         d4:55:cc:ea:31:95:17:5e:1d:48:c1:ae:d2:ad:2e:21:9f:2b:
         e7:8f:3b:1f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYryf2yeyDu/g6DZC9P88R/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMDAyMjIyNTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmI3MWYwYTE4NTBiNjc4MjMzZjg2Zjg5NmY5NDBlNDcyYTU2NzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol6Mtwx1ZOmli1nG2i+cDZZybdld
bRBJs3RY7anVy2kgQlp4F7nuOa2e9Pxc1KoWt5XRPsC+eOxg+inJvwRitzGlXyDt
nFOS4JfG9kvZK6uRlBgPxZ9YICkxyrcwI3vDcud+PgYfen2oFKAbNCcCxse7/pFT
jkzVYJNc1KhQbQIUgRuaX0Mw/DbN9V13UJdYwYX3AlMVIaxkkVwNeGdVVe5M56/z
vkjcN61YhUgayWKuIesHvSyHZrMwxPO2cAxQfxRXzsM9gbQK2UkBr4aReRzIVheZ
Jzp7YCOMLUxAqBdnLng1PCkHagz10El8nxDTAXlTXF1GEnlJx1YztQn+5wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAu3HwoYULZ4Iz+G+Jb5QORypWdxMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvQzdjZkNoaFF0bmdqUDRiNGx2bEE1SEtsWjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATVyTAwQA
vIS+AwQAvITWAwQA1EQ3MA0GCSqGSIb3DQEBCwUAA4IBAQA936u8//QoiIk/SOcl
i3QEPC+SMitssfc3oV/VlCzBeB/dmHyCgrLx2B+guN7ZnrGIhG+w7wcqTZ4OfDJw
Q7ZDVRfDDBlXyoT9PUhFvizkjnzfzjNZlBIJQ/xSMxy96kP4YaV7NWpTzPWYtZ0x
hfpNY0FYzM1V/G0ig0OaflmadwbO0SrNNE1eUgtlOqXiWZ5Rtt0Q62pcyvryXPsM
OO5apHiAUwIf4j3QzFskn6xjfTK21WcESM7xNtZKRJ0jGWCivK0fDk443MdnnhIZ
A7M9wmOfGUob7vRpGQE1/SJnvTBs6NvmaZr9tCjUVczqMZUXXh1Iwa7SrS4hnyvn
jzsf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:01 2024 by rpki-client on console-fra.rpki-client.org