Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/hO_nI-0mjGBNZ5X5wOaTQWcqDiQ.roa
File:                     hO_nI-0mjGBNZ5X5wOaTQWcqDiQ.roa (raw, json)
Hash identifier:          0cqrMQ3Nsy2bYiAYR5wkU5Y1bmfQAGQ+chDRY2PzN8Y=
Subject key identifier:   84:EF:E7:23:ED:26:8C:60:4D:67:95:F9:C0:E6:93:41:67:2A:0E:24
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       018CC72737CBBFE58E12E79C71A0EF20BBF1
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/hO_nI-0mjGBNZ5X5wOaTQWcqDiQ.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212988
IP address blocks:        185.230.146.0/23 maxlen: 23
                          185.232.133.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:37:cb:bf:e5:8e:12:e7:9c:71:a0:ef:20:bb:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84efe723ed268c604d6795f9c0e69341672a0e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:68:d2:e3:7b:c7:cd:ae:1c:f5:5c:6b:b1:95:
                    8c:2f:f4:3a:2c:32:7f:76:65:22:06:55:62:b3:40:
                    0a:08:29:86:aa:ed:07:ab:8d:dd:a5:22:ca:ac:9d:
                    c7:2e:1f:9f:fe:1f:53:af:ba:dd:90:25:d8:d4:00:
                    cc:22:4e:69:f4:66:0e:7e:13:0b:c4:f5:3a:0b:21:
                    cf:75:ae:c6:0b:bb:8a:63:be:c6:1f:01:29:09:85:
                    6c:82:31:7c:07:f2:7a:ed:70:a8:30:8e:58:6f:2b:
                    72:ee:71:81:71:51:20:f9:ab:dc:ac:52:9d:08:85:
                    60:3f:c8:24:ae:6a:a6:6d:e3:4f:91:84:21:9d:83:
                    1d:c3:c7:19:ed:dd:97:a3:04:0e:41:3e:44:5f:86:
                    3c:9f:ce:24:5f:ca:83:04:e0:31:95:8d:53:5b:33:
                    41:3c:da:cd:1e:5d:88:be:b5:f6:b0:71:1d:e5:5a:
                    09:6a:06:9a:44:69:36:e0:52:79:2a:a0:9e:1e:24:
                    1d:cf:b1:eb:8b:dc:92:18:b6:42:57:20:d6:9c:33:
                    7a:2a:51:5f:af:9f:e0:80:0e:d4:6b:14:ce:3f:46:
                    e4:5f:47:04:05:80:c2:90:17:43:9e:43:2d:bf:20:
                    7c:ea:b0:89:b2:73:a6:14:f1:33:ac:32:f2:78:a1:
                    44:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:EF:E7:23:ED:26:8C:60:4D:67:95:F9:C0:E6:93:41:67:2A:0E:24
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/hO_nI-0mjGBNZ5X5wOaTQWcqDiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.146.0/23
                  185.232.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:25:62:af:bc:d9:28:de:6a:27:a3:e4:d5:1a:b7:8f:7d:99:
         8a:ca:f3:07:8e:1b:59:e4:bb:8b:96:47:22:97:c9:2a:09:b3:
         20:f7:e9:88:18:25:bd:da:b7:d4:fe:37:ad:e7:89:bf:ce:a9:
         cc:6e:5c:61:c3:15:a7:b5:26:94:aa:91:a3:72:4d:6c:6f:ad:
         f8:bb:39:36:af:2a:5e:18:9b:cf:61:63:b4:b6:8a:03:9b:27:
         17:a3:ab:a4:0f:a5:e9:6e:8d:6b:22:ac:9d:30:56:8b:30:c8:
         5d:35:17:ea:08:17:c3:b0:af:2a:7e:83:83:72:e8:13:14:ce:
         cb:e8:1b:01:c0:50:27:ad:9b:d4:bf:9f:4f:7e:27:6c:a0:73:
         44:62:35:65:e2:cd:d5:1f:6a:83:7d:ff:d5:96:ec:98:b1:84:
         aa:05:4c:87:d7:5d:36:36:6d:5f:b2:6a:0e:ed:83:4b:26:38:
         b4:a5:5a:ca:40:ce:cb:85:d6:c4:13:bd:28:9c:da:81:78:83:
         49:44:60:8b:1d:7b:bc:b9:61:73:e6:ee:f1:7c:c7:a9:96:e2:
         a6:bf:d8:ac:ad:55:8e:29:12:e6:6d:13:d9:2d:15:d0:d6:84:
         df:87:b4:f4:07:0c:1d:39:f5:67:c5:db:91:c9:ff:0f:03:84:
         d5:82:8f:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJzfLv+WOEueccaDvILvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGVmZTcyM2VkMjY4YzYwNGQ2Nzk1ZjljMGU2OTM0MTY3MmEwZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mjS43vHza4c9VxrsZWML/Q6LDJ/
dmUiBlVis0AKCCmGqu0Hq43dpSLKrJ3HLh+f/h9Tr7rdkCXY1ADMIk5p9GYOfhML
xPU6CyHPda7GC7uKY77GHwEpCYVsgjF8B/J67XCoMI5Ybyty7nGBcVEg+avcrFKd
CIVgP8gkrmqmbeNPkYQhnYMdw8cZ7d2XowQOQT5EX4Y8n84kX8qDBOAxlY1TWzNB
PNrNHl2IvrX2sHEd5VoJagaaRGk24FJ5KqCeHiQdz7Hri9ySGLZCVyDWnDN6KlFf
r5/ggA7UaxTOP0bkX0cEBYDCkBdDnkMtvyB86rCJsnOmFPEzrDLyeKFE6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFITv5yPtJoxgTWeV+cDmk0FnKg4kMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvaE9fbkktMG1qR0JOWjVYNXdPYVRRV2NxRGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBueaSAwQA
ueiFMA0GCSqGSIb3DQEBCwUAA4IBAQCXJWKvvNko3mono+TVGrePfZmKyvMHjhtZ
5LuLlkcil8kqCbMg9+mIGCW92rfU/jet54m/zqnMblxhwxWntSaUqpGjck1sb634
uzk2rypeGJvPYWO0tooDmycXo6ukD6Xpbo1rIqydMFaLMMhdNRfqCBfDsK8qfoOD
cugTFM7L6BsBwFAnrZvUv59PfidsoHNEYjVl4s3VH2qDff/VluyYsYSqBUyH1102
Nm1fsmoO7YNLJji0pVrKQM7LhdbEE70onNqBeINJRGCLHXu8uWFz5u7xfMepluKm
v9isrVWOKRLmbRPZLRXQ1oTfh7T0BwwdOfVnxduRyf8PA4TVgo8D
-----END CERTIFICATE-----
Generated at Fri Oct 25 10:02:37 2024 by rpki-client on console-ams.rpki-client.org