Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa
File:                     7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa (raw, json)
Hash identifier:          dC1EcqZPm6lU/HSGBz5dHsDt3YO/aKpNcjbDglDchkw=
Subject key identifier:   EF:3D:A7:27:C9:B3:44:C2:C4:7F:98:84:48:5D:2C:FF:D0:9F:0B:FD
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       0185969D726AE31DAC1517B410BA1F15A694
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa
Signing time:             Mon 09 Jan 2023 12:59:38 +0000
ROA not before:           Mon 09 Jan 2023 12:59:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     395800
IP address blocks:        85.92.109.0/24 maxlen: 24
                          194.5.92.0/24 maxlen: 24
                          109.236.58.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:96:9d:72:6a:e3:1d:ac:15:17:b4:10:ba:1f:15:a6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  9 12:59:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef3da727c9b344c2c47f9884485d2cffd09f0bfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:32:01:fb:28:e9:d0:81:68:57:b7:49:45:c6:
                    09:cf:81:60:ac:da:ce:e4:7c:af:f9:f8:2e:ca:ce:
                    8e:cc:8d:37:a1:12:0a:4c:1e:4f:ff:81:d3:b4:7a:
                    ce:cd:9d:2c:1f:66:51:a3:59:53:d4:7f:ab:ad:ec:
                    d4:63:57:02:3a:21:ee:e4:c4:25:a7:65:16:43:b6:
                    94:2e:8b:51:93:9b:27:3a:87:4f:d5:22:11:44:83:
                    24:30:57:f9:47:6a:95:72:dd:66:63:09:90:46:62:
                    c8:88:df:f0:87:a3:3d:98:4d:07:82:37:81:59:fc:
                    a7:a8:2a:8a:26:7f:98:e5:c9:b9:47:34:49:1d:c6:
                    6f:6b:54:0a:07:7a:a2:a9:82:89:ac:65:83:5b:45:
                    f8:ce:16:8d:c6:f8:3b:91:a4:9a:10:fb:ef:28:16:
                    65:28:fa:b5:70:47:57:ad:32:dc:1a:fa:c7:4b:c6:
                    62:48:f3:1a:bf:d2:96:a6:58:10:f9:d3:40:b0:c0:
                    65:b7:50:c0:eb:58:0f:69:bf:a0:c3:6a:8d:eb:6e:
                    59:66:8e:31:48:c3:58:d2:4d:66:ff:08:f2:9d:a0:
                    7b:c0:85:f1:f1:35:39:84:30:70:b0:d0:72:6a:19:
                    b8:da:27:90:1e:43:9e:05:05:63:cb:78:16:26:2f:
                    18:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:3D:A7:27:C9:B3:44:C2:C4:7F:98:84:48:5D:2C:FF:D0:9F:0B:FD
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/7z2nJ8mzRMLEf5iESF0s_9CfC_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.92.109.0/24
                  109.236.58.0/24
                  194.5.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:39:a7:6b:1d:0a:bc:fb:4e:ea:cb:ca:ba:89:bc:23:dc:90:
         32:24:b8:6e:5c:f6:96:83:39:42:f4:23:4c:c7:ac:42:3c:75:
         1e:72:44:f1:23:93:9e:10:77:34:c5:53:91:d7:a6:26:ff:88:
         7c:6e:d5:32:47:c2:ef:28:2a:b8:fc:53:50:9d:24:f8:94:31:
         1c:c3:51:a4:22:14:f2:46:03:55:a3:17:de:dd:ef:60:55:bf:
         57:58:b3:f5:91:97:2f:57:0b:61:4f:b0:ce:33:8d:f7:7f:6b:
         99:f0:91:f3:2d:ec:39:ac:0a:f9:c6:5a:f0:9c:95:75:17:5a:
         ba:f7:74:36:cf:f3:3c:72:2b:49:17:f6:74:fc:ee:5d:75:f0:
         7a:d5:d5:a9:c3:f9:eb:a2:c1:8d:3f:0a:54:83:10:33:cc:fe:
         a4:4b:5b:a0:2a:87:2c:10:10:7c:38:f6:a7:e8:f8:fe:55:56:
         f2:54:ba:40:d2:79:ad:7c:cb:3f:42:07:98:31:5f:13:80:a1:
         39:8e:67:c3:81:d8:95:9e:af:36:ba:85:80:bb:71:5e:80:0b:
         1a:ff:e5:0d:c7:49:b5:fe:17:0b:b6:ff:cc:fd:46:c0:3f:a6:
         8c:25:5e:6d:5b:db:b0:eb:82:c6:08:91:a2:d7:ee:35:1c:52:
         41:9f:73:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYWWnXJq4x2sFRe0ELofFaaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTA5MTI1OTM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjNkYTcyN2M5YjM0NGMyYzQ3Zjk4ODQ0ODVkMmNmZmQwOWYwYmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTIB+yjp0IFoV7dJRcYJz4FgrNrO
5Hyv+fguys6OzI03oRIKTB5P/4HTtHrOzZ0sH2ZRo1lT1H+rrezUY1cCOiHu5MQl
p2UWQ7aULotRk5snOodP1SIRRIMkMFf5R2qVct1mYwmQRmLIiN/wh6M9mE0HgjeB
WfynqCqKJn+Y5cm5RzRJHcZva1QKB3qiqYKJrGWDW0X4zhaNxvg7kaSaEPvvKBZl
KPq1cEdXrTLcGvrHS8ZiSPMav9KWplgQ+dNAsMBlt1DA61gPab+gw2qN625ZZo4x
SMNY0k1m/wjynaB7wIXx8TU5hDBwsNByahm42ieQHkOeBQVjy3gWJi8YcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO89pyfJs0TCxH+YhEhdLP/Qnwv9MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvN3oybko4bXpSTUxFZjVpRVNGMHNfOUNmQ18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVVxtAwQA
bew6AwQAwgVcMA0GCSqGSIb3DQEBCwUAA4IBAQA6OadrHQq8+07qy8q6ibwj3JAy
JLhuXPaWgzlC9CNMx6xCPHUeckTxI5OeEHc0xVOR16Ym/4h8btUyR8LvKCq4/FNQ
nST4lDEcw1GkIhTyRgNVoxfe3e9gVb9XWLP1kZcvVwthT7DOM433f2uZ8JHzLew5
rAr5xlrwnJV1F1q693Q2z/M8citJF/Z0/O5ddfB61dWpw/nrosGNPwpUgxAzzP6k
S1ugKocsEBB8OPan6Pj+VVbyVLpA0nmtfMs/QgeYMV8TgKE5jmfDgdiVnq82uoWA
u3FegAsa/+UNx0m1/hcLtv/M/UbAP6aMJV5tW9uw64LGCJGi1+41HFJBn3Pc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org