Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/ie4CvJ38jRO2J7YxDNX_k9VuMC8.roa
File:                     ie4CvJ38jRO2J7YxDNX_k9VuMC8.roa (raw, json)
Hash identifier:          rTLUL5glgg8FlOsxxke5ZdXiIGWA9JDHRIKccOWRoHs=
Subject key identifier:   89:EE:02:BC:9D:FC:8D:13:B6:27:B6:31:0C:D5:FF:93:D5:6E:30:2F
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018AF2B0DDBBE75423218CC4FA3607F6613E
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/ie4CvJ38jRO2J7YxDNX_k9VuMC8.roa
Signing time:             Mon 02 Oct 2023 23:19:51 +0000
ROA not before:           Mon 02 Oct 2023 23:19:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44620
IP address blocks:        212.68.32.0/24 maxlen: 24
                          77.92.146.0/24 maxlen: 24
                          188.132.206.0/24 maxlen: 24
                          188.132.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f2:b0:dd:bb:e7:54:23:21:8c:c4:fa:36:07:f6:61:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Oct  2 23:19:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89ee02bc9dfc8d13b627b6310cd5ff93d56e302f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ff:97:3d:01:48:9c:fe:e7:1a:37:74:e2:85:
                    90:9f:0e:0a:45:b6:4f:0d:ea:9b:9b:36:98:8a:5e:
                    41:d3:6e:30:5a:50:7e:ed:f7:72:7c:be:ab:16:fc:
                    0d:28:10:22:6b:38:17:cd:c1:67:51:23:6c:b1:77:
                    77:cb:2e:4a:50:86:a0:96:2e:aa:6b:dd:3e:10:33:
                    7e:a2:0d:5b:b8:f1:a5:de:02:ae:86:55:8c:7a:ee:
                    8f:09:9f:23:35:77:53:19:66:da:15:e3:e1:dd:ad:
                    8d:df:5b:fd:b6:6f:00:c1:10:05:2a:92:99:16:db:
                    a6:81:c1:d2:01:2d:21:bb:42:91:e0:59:17:bb:9d:
                    cd:13:94:21:ae:78:fb:92:43:8d:fd:56:de:45:73:
                    34:5a:eb:aa:5e:a2:f3:07:ac:0b:e8:1e:e9:a0:f9:
                    06:cd:72:52:9e:1a:f3:af:34:dd:f6:44:21:f5:56:
                    2e:55:57:b2:8b:e6:30:e9:f4:7c:c1:6d:24:54:c6:
                    cf:e5:7c:64:c8:7b:73:21:5d:03:34:3a:5c:9d:7b:
                    9b:bb:aa:e7:42:a3:64:51:11:79:70:bf:da:c1:97:
                    83:ac:03:b6:9a:19:41:65:88:f1:01:2a:c9:32:60:
                    b9:d1:fb:9c:e7:7f:12:68:d7:0f:19:89:4b:cd:8a:
                    6b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:EE:02:BC:9D:FC:8D:13:B6:27:B6:31:0C:D5:FF:93:D5:6E:30:2F
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/ie4CvJ38jRO2J7YxDNX_k9VuMC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.146.0/24
                  188.132.206.0/23
                  212.68.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:bd:59:56:a0:48:69:d4:8c:7a:8d:6b:1a:68:7a:11:fe:3f:
         76:a1:7a:10:c5:8f:b0:50:59:5a:77:bf:98:f5:83:23:4c:01:
         57:11:52:a9:92:16:a0:09:c4:77:04:e9:d5:20:97:5c:89:6b:
         81:15:a3:a6:8c:2d:d6:aa:49:87:10:2d:a3:d4:73:8e:2c:a2:
         17:98:1d:0a:5c:d8:61:31:4a:eb:20:11:f1:40:56:ec:34:cf:
         46:92:00:25:ae:f6:0d:64:2a:f7:10:74:d7:9a:ba:80:7a:3f:
         a4:e0:29:2d:75:63:e9:85:02:bd:88:89:85:b7:9a:37:05:c5:
         b8:1b:2a:48:70:61:3b:75:4f:a6:88:88:31:bb:93:aa:79:34:
         b6:c6:02:22:fe:26:73:5f:99:6e:4e:dc:66:23:1b:a6:6b:7a:
         be:33:33:d8:e6:a3:19:9a:79:98:9c:7a:f8:65:5c:d8:15:ed:
         97:99:6f:1f:fb:34:79:8d:69:62:d4:ef:3e:16:55:ab:ca:c6:
         84:d9:c6:a1:5a:fd:ab:18:e5:a2:dd:b1:1a:11:f8:ec:58:1d:
         81:ef:9e:02:c3:3d:98:2c:9f:28:40:09:d2:c9:ec:ba:be:b9:
         6c:45:f0:98:a1:8b:ae:f7:aa:b1:a6:2b:e2:9c:1a:6e:e5:68:
         be:8b:7c:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYrysN2751QjIYzE+jYH9mE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMDAyMjMxOTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWVlMDJiYzlkZmM4ZDEzYjYyN2I2MzEwY2Q1ZmY5M2Q1NmUzMDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/+XPQFInP7nGjd04oWQnw4KRbZP
DeqbmzaYil5B024wWlB+7fdyfL6rFvwNKBAiazgXzcFnUSNssXd3yy5KUIagli6q
a90+EDN+og1buPGl3gKuhlWMeu6PCZ8jNXdTGWbaFePh3a2N31v9tm8AwRAFKpKZ
FtumgcHSAS0hu0KR4FkXu53NE5Qhrnj7kkON/VbeRXM0WuuqXqLzB6wL6B7poPkG
zXJSnhrzrzTd9kQh9VYuVVeyi+Yw6fR8wW0kVMbP5XxkyHtzIV0DNDpcnXubu6rn
QqNkURF5cL/awZeDrAO2mhlBZYjxASrJMmC50fuc538SaNcPGYlLzYprwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFInuAryd/I0Ttie2MQzV/5PVbjAvMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvaWU0Q3ZKMzhqUk8ySjdZeEROWF9rOVZ1TUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVySAwQB
vITOAwQA1EQgMA0GCSqGSIb3DQEBCwUAA4IBAQCcvVlWoEhp1Ix6jWsaaHoR/j92
oXoQxY+wUFlad7+Y9YMjTAFXEVKpkhagCcR3BOnVIJdciWuBFaOmjC3WqkmHEC2j
1HOOLKIXmB0KXNhhMUrrIBHxQFbsNM9GkgAlrvYNZCr3EHTXmrqAej+k4CktdWPp
hQK9iImFt5o3BcW4GypIcGE7dU+miIgxu5OqeTS2xgIi/iZzX5luTtxmIxuma3q+
MzPY5qMZmnmYnHr4ZVzYFe2XmW8f+zR5jWli1O8+FlWrysaE2cahWv2rGOWi3bEa
EfjsWB2B754Cwz2YLJ8oQAnSyey6vrlsRfCYoYuu96qxpivinBpu5Wi+i3xD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:01 2024 by rpki-client on console-fra.rpki-client.org