Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/NUV-sE-g_KNgm0CgaRf5B7oW8fo.roa
File:                     NUV-sE-g_KNgm0CgaRf5B7oW8fo.roa (raw, json)
Hash identifier:          vYgTGWEJ8evXb4xyFvpR7Ws9BB5i8NmEUrkCsk6hjc8=
Subject key identifier:   35:45:7E:B0:4F:A0:FC:A3:60:9B:40:A0:69:17:F9:07:BA:16:F1:FA
Certificate issuer:       /CN=9076f77da841b7b94215b6fac2d41a71c2151601
Certificate serial:       01856E8B2751A7DC3EA274EE2E83586DF965
Authority key identifier: 90:76:F7:7D:A8:41:B7:B9:42:15:B6:FA:C2:D4:1A:71:C2:15:16:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kHb3fahBt7lCFbb6wtQaccIVFgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/NUV-sE-g_KNgm0CgaRf5B7oW8fo.roa
Signing time:             Sun 01 Jan 2023 18:14:51 +0000
ROA not before:           Sun 01 Jan 2023 18:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209010
IP address blocks:        130.193.4.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:8b:27:51:a7:dc:3e:a2:74:ee:2e:83:58:6d:f9:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9076f77da841b7b94215b6fac2d41a71c2151601
        Validity
            Not Before: Jan  1 18:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35457eb04fa0fca3609b40a06917f907ba16f1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9a:bc:e7:96:f5:1b:b3:6c:be:83:8d:de:11:
                    c1:55:0e:6e:0c:54:f1:9b:0c:6c:f1:da:2a:bf:43:
                    81:2c:2d:4e:57:22:c3:17:b0:64:a6:27:5e:52:97:
                    4f:52:c7:2d:ff:94:4d:83:21:cb:f0:1c:00:2e:97:
                    a5:a2:e9:2a:90:7c:b5:2a:d5:7d:dd:c6:72:12:8d:
                    08:ec:cf:e8:80:68:81:bd:3e:17:0e:04:ea:0c:31:
                    9e:ba:20:7c:4f:cd:90:d0:8c:c5:ba:73:c8:27:17:
                    34:a0:13:23:84:3b:53:d1:73:f2:f5:23:8d:01:e3:
                    1f:f3:a2:e5:e9:e9:6a:45:dd:17:a6:b4:0f:03:d1:
                    bb:b2:5b:28:1e:ef:66:4b:72:7b:6b:8e:44:28:4e:
                    91:e7:8c:bc:b0:d5:07:0d:96:e9:c8:db:0a:7d:44:
                    dc:f4:00:ca:09:d9:07:5e:cb:63:74:d7:83:fa:66:
                    b5:6d:d6:97:e0:9b:77:85:07:f1:cf:61:4a:b1:eb:
                    e4:07:38:6f:a9:7c:22:18:30:d0:b1:f9:a3:1e:7d:
                    1b:ed:a6:55:95:e4:6f:81:c5:4f:6f:58:38:49:55:
                    f6:1c:ff:be:e5:fc:17:08:7c:ab:1f:56:21:54:b2:
                    a5:a5:53:77:c0:4b:2b:94:c8:60:94:42:53:77:7c:
                    b6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:45:7E:B0:4F:A0:FC:A3:60:9B:40:A0:69:17:F9:07:BA:16:F1:FA
            X509v3 Authority Key Identifier:
                keyid:90:76:F7:7D:A8:41:B7:B9:42:15:B6:FA:C2:D4:1A:71:C2:15:16:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kHb3fahBt7lCFbb6wtQaccIVFgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/NUV-sE-g_KNgm0CgaRf5B7oW8fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e1d6b7-555c-4d9b-afe1-e63ce55370eb/1/kHb3fahBt7lCFbb6wtQaccIVFgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:9b:91:fd:aa:f8:85:c8:33:cb:3a:74:7c:90:f5:ea:7b:17:
         01:2d:de:eb:39:eb:66:2d:18:e4:af:a6:7c:0d:8a:f9:9b:d7:
         9e:b6:47:aa:e0:15:80:c8:95:fa:f1:0d:db:33:0f:f5:98:1f:
         6c:ce:a9:55:7b:21:1d:4d:b5:cf:9d:59:4d:a8:e6:85:f4:dc:
         54:f5:1f:81:6c:fa:64:f2:49:ba:be:a9:85:bc:2e:5b:ab:b7:
         8e:6a:93:76:61:1f:71:5a:8b:a8:fd:7f:94:83:77:70:68:ee:
         fc:64:97:2d:f1:dc:22:66:6b:23:81:f5:3c:5a:84:56:5f:0e:
         79:79:3e:a6:45:56:61:f9:d3:3b:39:a9:3b:98:af:01:44:8a:
         c2:a1:17:47:6a:69:a6:99:12:00:65:ae:25:6c:be:84:eb:b8:
         9a:90:45:ff:83:68:e4:4d:79:20:30:33:d9:99:af:66:2d:3d:
         35:15:10:1b:c4:f7:a4:8a:09:23:52:37:93:40:25:d3:83:df:
         e5:2f:be:6b:03:0f:4b:c2:90:ce:29:aa:fa:6f:c9:c2:07:05:
         98:b0:8f:60:45:d7:82:c7:e8:d0:2a:6e:b7:28:96:ca:c4:e6:
         5f:53:02:67:d2:bd:6a:cb:5f:e2:55:d3:a9:24:0c:e5:ea:09:
         7b:1e:db:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuiydRp9w+onTuLoNYbfllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNzZmNzdkYTg0MWI3Yjk0MjE1YjZmYWMyZDQxYTcxYzIx
NTE2MDEwHhcNMjMwMTAxMTgxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQ1N2ViMDRmYTBmY2EzNjA5YjQwYTA2OTE3ZjkwN2JhMTZmMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJq855b1G7NsvoON3hHBVQ5uDFTx
mwxs8doqv0OBLC1OVyLDF7BkpideUpdPUsct/5RNgyHL8BwALpeloukqkHy1KtV9
3cZyEo0I7M/ogGiBvT4XDgTqDDGeuiB8T82Q0IzFunPIJxc0oBMjhDtT0XPy9SON
AeMf86Ll6elqRd0XprQPA9G7slsoHu9mS3J7a45EKE6R54y8sNUHDZbpyNsKfUTc
9ADKCdkHXstjdNeD+ma1bdaX4Jt3hQfxz2FKsevkBzhvqXwiGDDQsfmjHn0b7aZV
leRvgcVPb1g4SVX2HP++5fwXCHyrH1YhVLKlpVN3wEsrlMhglEJTd3y2WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVFfrBPoPyjYJtAoGkX+Qe6FvH6MB8GA1UdIwQY
MBaAFJB2932oQbe5QhW2+sLUGnHCFRYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0hiM2ZhaEJ0N2xDRmJiNnd0UWFjY0lWRmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9lMWQ2YjctNTU1Yy00ZDliLWFmZTEt
ZTYzY2U1NTM3MGViLzEvTlVWLXNFLWdfS05nbTBDZ2FSZjVCN29XOGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9lMWQ2YjctNTU1Yy00ZDliLWFmZTEtZTYzY2U1NTM3MGVi
LzEva0hiM2ZhaEJ0N2xDRmJiNnd0UWFjY0lWRmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsEEMA0G
CSqGSIb3DQEBCwUAA4IBAQCsm5H9qviFyDPLOnR8kPXqexcBLd7rOetmLRjkr6Z8
DYr5m9eetkeq4BWAyJX68Q3bMw/1mB9szqlVeyEdTbXPnVlNqOaF9NxU9R+BbPpk
8km6vqmFvC5bq7eOapN2YR9xWouo/X+Ug3dwaO78ZJct8dwiZmsjgfU8WoRWXw55
eT6mRVZh+dM7Oak7mK8BRIrCoRdHammmmRIAZa4lbL6E67iakEX/g2jkTXkgMDPZ
ma9mLT01FRAbxPekigkjUjeTQCXTg9/lL75rAw9LwpDOKar6b8nCBwWYsI9gRdeC
x+jQKm63KJbKxOZfUwJn0r1qy1/iVdOpJAzl6gl7HtvS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:01 2024 by rpki-client on console-ams.rpki-client.org