Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/HVzTBTHZtHxGKU0Rs-oK4dnUv4Q.roa
File:                     HVzTBTHZtHxGKU0Rs-oK4dnUv4Q.roa (raw, json)
Hash identifier:          niH4z2ZUS7BpXpTRLC9fjNN7pBfduE6utka0dRE+B8w=
Subject key identifier:   1D:5C:D3:05:31:D9:B4:7C:46:29:4D:11:B3:EA:0A:E1:D9:D4:BF:84
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018CC50126E76FE3666DF96E14A5EDE3E101
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/HVzTBTHZtHxGKU0Rs-oK4dnUv4Q.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215911
IP address blocks:        188.132.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:26:e7:6f:e3:66:6d:f9:6e:14:a5:ed:e3:e1:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d5cd30531d9b47c46294d11b3ea0ae1d9d4bf84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:98:c7:21:d3:4b:70:27:7d:02:e6:76:de:ae:
                    a0:bd:32:93:11:6e:9f:9b:35:b7:e4:02:8f:77:33:
                    0f:f3:07:32:45:f5:bc:dd:db:a0:45:f8:18:6c:98:
                    b3:fb:e6:50:f0:c5:13:b3:ec:5f:68:67:61:b3:1c:
                    66:f6:fe:5e:c0:90:79:8a:c3:3a:88:61:c1:f5:05:
                    e0:43:52:18:fa:4a:ee:61:27:b1:52:37:cf:fe:8d:
                    d8:07:6d:55:37:a0:5d:67:1f:84:68:1d:77:0c:13:
                    de:53:21:b2:cd:b0:a0:ea:57:b8:8e:34:fa:c5:73:
                    13:f1:e4:86:98:87:00:6b:a9:66:c0:49:98:38:e4:
                    0a:e8:d8:7f:e6:06:55:63:bc:58:46:c4:74:66:1f:
                    99:05:0d:64:49:c7:9f:5b:3b:e5:b4:da:db:e3:6d:
                    bd:19:e2:e2:b9:2a:5d:39:84:74:95:7e:69:7b:0c:
                    df:2a:89:85:d9:69:7f:9b:b6:a2:67:01:94:88:0d:
                    e8:09:b3:2a:ed:8d:8e:c2:5b:ec:8e:1f:84:92:56:
                    2f:f9:17:0c:90:ab:40:b4:57:25:22:3e:b8:d3:86:
                    c2:05:4b:a3:e1:f9:2b:1e:0f:4c:3c:65:c3:39:ae:
                    f9:fc:03:f1:ea:f7:41:f4:72:89:10:bd:f8:d3:19:
                    df:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:5C:D3:05:31:D9:B4:7C:46:29:4D:11:B3:EA:0A:E1:D9:D4:BF:84
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/HVzTBTHZtHxGKU0Rs-oK4dnUv4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:9d:42:c3:fa:26:40:09:24:7f:9a:27:d2:cd:55:c5:1c:ad:
         15:4c:8c:c9:5f:b8:60:7d:26:b0:a2:9a:af:01:ca:47:38:fd:
         8b:a3:1b:68:b2:27:35:43:a7:93:26:e5:9b:b4:4f:b5:9f:ea:
         bc:82:41:53:f5:a2:65:4f:34:e3:e5:86:c9:c3:d2:5e:2b:d2:
         bd:85:0c:8a:9a:03:54:24:e3:6f:07:df:97:e0:b6:24:27:75:
         c4:14:1d:41:ae:1d:f0:4a:44:d2:91:c8:1e:d6:bf:74:2c:78:
         b5:2d:1c:dc:cc:74:8b:6c:36:a9:a1:50:6b:33:e1:03:e4:47:
         3e:05:51:83:dd:b0:21:b7:a0:d8:fc:d2:9d:b7:ce:00:c4:cb:
         23:d5:fc:f1:f2:11:53:35:d9:0a:e9:6b:cd:4f:df:1d:c2:2e:
         a2:07:5d:9f:6f:80:40:7b:81:3e:0b:b0:85:5b:54:e4:f5:e4:
         b2:9c:f1:88:b2:1f:5c:cf:ba:ab:18:7a:ca:7c:59:ff:20:cc:
         a9:de:4f:81:b0:74:19:c3:5c:33:0c:0e:60:52:bb:75:16:11:
         f1:3a:17:11:1c:0d:43:1f:9a:4e:2b:26:02:54:1e:a5:1b:be:
         49:09:77:23:59:0d:85:74:c3:d2:e2:32:c3:e6:e5:80:e5:46:
         64:14:76:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASbnb+NmbfluFKXt4+EBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDVjZDMwNTMxZDliNDdjNDYyOTRkMTFiM2VhMGFlMWQ5ZDRiZjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJjHIdNLcCd9AuZ23q6gvTKTEW6f
mzW35AKPdzMP8wcyRfW83dugRfgYbJiz++ZQ8MUTs+xfaGdhsxxm9v5ewJB5isM6
iGHB9QXgQ1IY+kruYSexUjfP/o3YB21VN6BdZx+EaB13DBPeUyGyzbCg6le4jjT6
xXMT8eSGmIcAa6lmwEmYOOQK6Nh/5gZVY7xYRsR0Zh+ZBQ1kScefWzvltNrb4229
GeLiuSpdOYR0lX5pewzfKomF2Wl/m7aiZwGUiA3oCbMq7Y2Owlvsjh+EklYv+RcM
kKtAtFclIj6404bCBUuj4fkrHg9MPGXDOa75/APx6vdB9HKJEL340xnfpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1c0wUx2bR8RilNEbPqCuHZ1L+EMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvSFZ6VEJUSFp0SHhHS1UwUnMtb0s0ZG5VdjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvITfMA0G
CSqGSIb3DQEBCwUAA4IBAQBcnULD+iZACSR/mifSzVXFHK0VTIzJX7hgfSawopqv
AcpHOP2Loxtosic1Q6eTJuWbtE+1n+q8gkFT9aJlTzTj5YbJw9JeK9K9hQyKmgNU
JONvB9+X4LYkJ3XEFB1Brh3wSkTSkcge1r90LHi1LRzczHSLbDapoVBrM+ED5Ec+
BVGD3bAht6DY/NKdt84AxMsj1fzx8hFTNdkK6WvNT98dwi6iB12fb4BAe4E+C7CF
W1Tk9eSynPGIsh9cz7qrGHrKfFn/IMyp3k+BsHQZw1wzDA5gUrt1FhHxOhcRHA1D
H5pOKyYCVB6lG75JCXcjWQ2FdMPS4jLD5uWA5UZkFHY6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:01 2024 by rpki-client on console-fra.rpki-client.org