Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/85gPcrYhBuWLdMdn7sAR3omZkvg.roa
File:                     85gPcrYhBuWLdMdn7sAR3omZkvg.roa (raw, json)
Hash identifier:          5A1uweyOieGq7Z6Mb01ZJdT4Yv/yHv6b2PE1mxtMH6Q=
Subject key identifier:   F3:98:0F:72:B6:21:06:E5:8B:74:C7:67:EE:C0:11:DE:89:99:92:F8
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       018A648FEA6FC382C855FFC16D0FF29A1547
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/85gPcrYhBuWLdMdn7sAR3omZkvg.roa
Signing time:             Tue 05 Sep 2023 08:57:47 +0000
ROA not before:           Tue 05 Sep 2023 08:57:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201453
IP address blocks:        185.230.145.0/24 maxlen: 24
                          185.230.144.0/22 maxlen: 22
                          185.230.144.0/24 maxlen: 24
                          185.160.231.0/24 maxlen: 24
                          185.160.230.0/24 maxlen: 24
                          185.160.229.0/24 maxlen: 24
                          185.160.228.0/24 maxlen: 24
                          185.160.228.0/22 maxlen: 22
                          185.232.132.0/22 maxlen: 22
                          185.232.135.0/24 maxlen: 24
                          185.232.134.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:64:8f:ea:6f:c3:82:c8:55:ff:c1:6d:0f:f2:9a:15:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: Sep  5 08:57:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f3980f72b62106e58b74c767eec011de899992f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d2:9e:b9:37:02:13:b1:8f:c1:b2:7b:f8:43:
                    30:b2:82:71:46:78:20:71:07:05:59:55:7b:74:0b:
                    8d:86:1b:28:46:d8:69:19:37:71:00:99:8c:dc:ce:
                    a1:d7:ac:b1:02:b5:50:3d:20:44:91:cd:d1:43:f4:
                    40:36:c4:c8:83:70:a8:fb:5b:c6:da:27:d5:6e:4f:
                    33:b4:17:d2:cb:2f:c0:75:68:4d:27:e9:f4:fd:b1:
                    62:3a:c3:a2:45:21:26:3b:81:e5:39:50:79:bd:7b:
                    0b:39:e1:8c:7f:a9:46:29:01:b1:f4:39:13:f0:44:
                    82:9c:87:81:1f:a0:69:d3:3d:f2:32:58:29:22:da:
                    a9:97:56:42:64:11:ed:48:07:04:35:3d:05:32:be:
                    cd:27:8c:2d:5a:b2:f3:fd:26:d2:66:34:3e:17:7f:
                    36:a3:84:ac:e1:f1:a6:86:fe:95:f0:0f:20:4a:26:
                    59:d8:a3:88:c1:c3:5e:b7:91:e5:e6:45:88:1b:64:
                    bf:4f:f3:41:7f:62:72:6b:7f:3c:3e:fb:8b:01:fc:
                    4b:8f:62:96:dd:56:4b:0e:cf:3a:b7:2b:fe:de:6b:
                    06:7a:d5:28:36:99:67:ae:0c:b9:79:3e:71:26:da:
                    51:d3:c8:08:7d:2b:1d:02:50:f0:43:31:fe:0f:99:
                    bc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:98:0F:72:B6:21:06:E5:8B:74:C7:67:EE:C0:11:DE:89:99:92:F8
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/85gPcrYhBuWLdMdn7sAR3omZkvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.228.0/22
                  185.230.144.0/22
                  185.232.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:2b:94:49:2d:9e:ed:e9:81:a6:14:91:64:ed:da:71:d6:7e:
         52:05:95:1c:f0:18:54:e9:b2:7e:34:e2:9e:ff:09:26:fe:9b:
         55:d6:37:68:a8:48:8b:f4:f0:14:4c:51:ed:a6:cc:3c:41:b0:
         95:fd:1e:ac:e0:39:ca:bb:d6:32:4a:55:7f:71:23:1c:70:72:
         d8:a5:17:1e:a1:cf:7b:6f:ac:15:80:39:72:a0:0e:42:5f:77:
         6a:1f:90:f1:10:db:95:75:84:e2:dc:68:60:61:2c:c3:45:78:
         cc:12:f2:2b:53:a1:6d:47:b0:61:28:37:c3:4e:54:56:93:8c:
         93:30:0e:86:28:6b:1d:45:fa:e1:fc:ba:b1:d6:b8:1d:a0:ef:
         dc:47:77:e7:81:7e:1d:f5:bc:35:15:96:3d:ee:b9:1f:df:80:
         3b:b9:4b:da:a2:a0:d1:06:9e:db:56:4c:a2:a7:11:1c:9a:69:
         9b:ee:73:62:2a:b3:54:7b:0d:f5:6f:32:c9:50:df:81:cd:ed:
         72:ee:8f:c7:22:d4:69:89:14:7f:f5:58:94:f8:39:a1:67:6b:
         21:8a:2a:3a:4f:97:6a:86:62:05:3f:e3:ee:91:18:c8:01:fa:
         05:51:12:4e:db:45:55:39:c2:9a:0e:c8:9c:13:02:aa:d5:2e:
         93:a1:e3:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYpkj+pvw4LIVf/BbQ/ymhVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjMwOTA1MDg1NzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzk4MGY3MmI2MjEwNmU1OGI3NGM3NjdlZWMwMTFkZTg5OTk5MmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutKeuTcCE7GPwbJ7+EMwsoJxRngg
cQcFWVV7dAuNhhsoRthpGTdxAJmM3M6h16yxArVQPSBEkc3RQ/RANsTIg3Co+1vG
2ifVbk8ztBfSyy/AdWhNJ+n0/bFiOsOiRSEmO4HlOVB5vXsLOeGMf6lGKQGx9DkT
8ESCnIeBH6Bp0z3yMlgpItqpl1ZCZBHtSAcENT0FMr7NJ4wtWrLz/SbSZjQ+F382
o4Ss4fGmhv6V8A8gSiZZ2KOIwcNet5Hl5kWIG2S/T/NBf2Jya388PvuLAfxLj2KW
3VZLDs86tyv+3msGetUoNplnrgy5eT5xJtpR08gIfSsdAlDwQzH+D5m8gQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPOYD3K2IQbli3THZ+7AEd6JmZL4MB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvODVnUGNyWWhCdVdMZE1kbjdzQVIzb21aa3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuaDkAwQC
ueaQAwQCueiEMA0GCSqGSIb3DQEBCwUAA4IBAQBpK5RJLZ7t6YGmFJFk7dpx1n5S
BZUc8BhU6bJ+NOKe/wkm/ptV1jdoqEiL9PAUTFHtpsw8QbCV/R6s4DnKu9YySlV/
cSMccHLYpRceoc97b6wVgDlyoA5CX3dqH5DxENuVdYTi3GhgYSzDRXjMEvIrU6Ft
R7BhKDfDTlRWk4yTMA6GKGsdRfrh/Lqx1rgdoO/cR3fngX4d9bw1FZY97rkf34A7
uUvaoqDRBp7bVkyipxEcmmmb7nNiKrNUew31bzLJUN+Bze1y7o/HItRpiRR/9ViU
+DmhZ2shiio6T5dqhmIFP+PukRjIAfoFURJO20VVOcKaDsicEwKq1S6ToePr
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:06 2024 by rpki-client on console-ams.rpki-client.org