Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/dBNib0S-vNT16NLL6QlrLE_ePJo.roa
File:                     dBNib0S-vNT16NLL6QlrLE_ePJo.roa (raw, json)
Hash identifier:          tvOqF0NCkS1km0QOh9RSLjBUZr0CeiGN2DnQuHxpPZo=
Subject key identifier:   74:13:62:6F:44:BE:BC:D4:F5:E8:D2:CB:E9:09:6B:2C:4F:DE:3C:9A
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       018CC72737FE8A9FCAAC8EDCEB8E6A441CB7
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/dBNib0S-vNT16NLL6QlrLE_ePJo.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213177
IP address blocks:        185.226.228.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:37:fe:8a:9f:ca:ac:8e:dc:eb:8e:6a:44:1c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7413626f44bebcd4f5e8d2cbe9096b2c4fde3c9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8c:57:61:76:1a:76:b8:9d:a5:a3:f4:6a:54:
                    7e:04:4c:2f:af:58:ec:b9:d0:ff:b7:17:2f:3e:af:
                    01:36:b7:1b:e0:0c:1a:ce:4f:c3:c5:1d:80:6f:f2:
                    e5:ee:12:f6:d0:36:be:d9:84:5c:8e:10:c3:7a:51:
                    22:ae:33:c9:56:f1:bb:7a:c2:54:25:3c:2d:43:0b:
                    12:b3:4f:10:02:a8:7d:07:57:41:41:8a:fa:f7:7f:
                    4a:3e:be:e7:f7:46:c3:b6:06:29:d5:37:9a:9e:d1:
                    2b:7d:37:27:fd:87:ac:bc:39:9c:8d:42:c5:56:ff:
                    a7:96:52:fb:20:b0:f6:28:28:d2:3d:b0:e4:22:f4:
                    70:88:25:f4:05:4c:fd:97:1a:b1:ed:10:2c:14:52:
                    e3:82:d6:2a:28:73:b0:08:0b:6c:82:d8:39:4c:96:
                    a1:78:d6:88:5c:c9:e6:c7:a3:01:a5:38:64:9c:14:
                    76:21:26:b7:52:f5:a2:ba:01:7a:cd:43:d1:3f:64:
                    42:8d:22:01:f6:79:1e:c1:bd:76:3f:e0:37:be:2d:
                    04:9f:33:1f:ee:5e:09:10:b8:78:69:11:a0:09:55:
                    d3:ea:35:f5:f8:c5:ce:fc:7b:67:57:81:87:4a:e5:
                    bc:42:b3:d5:5e:4f:99:b0:af:79:db:62:fd:01:3f:
                    62:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:13:62:6F:44:BE:BC:D4:F5:E8:D2:CB:E9:09:6B:2C:4F:DE:3C:9A
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/dBNib0S-vNT16NLL6QlrLE_ePJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:d0:d9:e7:7c:67:88:c5:31:65:36:a0:ef:6e:34:47:33:82:
         3e:7a:df:f8:40:8f:d4:2d:f3:e1:7a:e6:0e:62:5f:20:67:04:
         26:b8:9d:aa:5f:32:bc:d8:bd:eb:89:2c:2b:47:30:d7:cd:cd:
         7f:10:2c:94:9a:82:cd:64:a9:e1:63:5b:3c:41:21:00:2f:77:
         3a:2f:2e:34:2f:4f:db:06:be:15:56:31:e9:5a:8b:59:ae:d2:
         62:76:67:e7:5d:22:6b:c3:45:ba:e2:88:92:9b:9f:cf:8f:1c:
         10:f2:8b:da:e3:48:d6:08:31:fb:df:fb:72:03:01:01:bc:56:
         a7:c7:1e:b9:b1:03:7a:a6:98:74:d7:2f:18:49:c0:50:7b:1f:
         08:46:03:be:1e:5d:cd:97:8e:8c:44:e0:ec:38:1b:00:76:6f:
         b4:83:71:73:11:cd:fb:39:94:84:ef:a1:1e:2d:37:45:12:52:
         52:d3:ca:62:7e:86:72:ed:2b:7f:6b:99:9a:a4:42:cb:e3:b8:
         21:bf:cc:02:31:9c:7c:87:3f:de:7a:84:7e:28:93:2d:8d:81:
         ae:64:7d:6c:07:4c:a7:d8:d2:ed:2a:10:db:e5:a9:5e:ae:53:
         54:c5:80:27:63:1b:4f:2a:94:7f:ff:e0:7c:7c:c9:5d:f9:a9:
         61:01:fa:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzf+ip/KrI7c645qRBy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDEzNjI2ZjQ0YmViY2Q0ZjVlOGQyY2JlOTA5NmIyYzRmZGUzYzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIxXYXYadridpaP0alR+BEwvr1js
udD/txcvPq8BNrcb4Awazk/DxR2Ab/Ll7hL20Da+2YRcjhDDelEirjPJVvG7esJU
JTwtQwsSs08QAqh9B1dBQYr6939KPr7n90bDtgYp1TeantErfTcn/YesvDmcjULF
Vv+nllL7ILD2KCjSPbDkIvRwiCX0BUz9lxqx7RAsFFLjgtYqKHOwCAtsgtg5TJah
eNaIXMnmx6MBpThknBR2ISa3UvWiugF6zUPRP2RCjSIB9nkewb12P+A3vi0EnzMf
7l4JELh4aRGgCVXT6jX1+MXO/HtnV4GHSuW8QrPVXk+ZsK9522L9AT9iHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQTYm9EvrzU9ejSy+kJayxP3jyaMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvZEJOaWIwUy12TlQxNk5MTDZRbHJMRV9lUEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueLkMA0G
CSqGSIb3DQEBCwUAA4IBAQB10NnnfGeIxTFlNqDvbjRHM4I+et/4QI/ULfPheuYO
Yl8gZwQmuJ2qXzK82L3riSwrRzDXzc1/ECyUmoLNZKnhY1s8QSEAL3c6Ly40L0/b
Br4VVjHpWotZrtJidmfnXSJrw0W64oiSm5/PjxwQ8ova40jWCDH73/tyAwEBvFan
xx65sQN6pph01y8YScBQex8IRgO+Hl3Nl46MRODsOBsAdm+0g3FzEc37OZSE76Ee
LTdFElJS08pifoZy7St/a5mapELL47ghv8wCMZx8hz/eeoR+KJMtjYGuZH1sB0yn
2NLtKhDb5alerlNUxYAnYxtPKpR//+B8fMld+alhAfqh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:02 2024 by rpki-client on console-fra.rpki-client.org