Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BLbStrqXhTnmy211oT2xyAzFl-s.roa
File:                     BLbStrqXhTnmy211oT2xyAzFl-s.roa (raw, json)
Hash identifier:          0gPovrTg6rxahRcy6LNTSD9Y6NYwud3d7LZ2JIH5aH4=
Subject key identifier:   04:B6:D2:B6:BA:97:85:39:E6:CB:6D:75:A1:3D:B1:C8:0C:C5:97:EB
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01899C9D38E1B53F8A7A24BA9812DC3D59AA
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BLbStrqXhTnmy211oT2xyAzFl-s.roa
Signing time:             Fri 28 Jul 2023 13:08:16 +0000
ROA not before:           Fri 28 Jul 2023 13:08:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43146
IP address blocks:        194.116.163.0/24 maxlen: 24
                          194.116.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:9c:9d:38:e1:b5:3f:8a:7a:24:ba:98:12:dc:3d:59:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jul 28 13:08:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=04b6d2b6ba978539e6cb6d75a13db1c80cc597eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4c:f3:0d:4e:49:94:3a:df:1c:eb:58:ed:3b:
                    ac:88:d0:52:aa:a5:04:f0:13:c2:57:b0:78:93:1d:
                    83:f0:23:49:75:86:7c:21:7c:15:64:8f:81:85:03:
                    62:8f:46:48:38:9a:18:8c:96:f6:b7:ae:b5:42:29:
                    ba:c3:5d:fc:a4:3e:d4:53:f5:59:f1:5f:84:a8:e6:
                    b5:13:c4:db:d5:2a:85:b0:0a:d7:a3:73:ef:45:fb:
                    dd:2d:40:63:1d:48:e4:9d:c4:4a:f8:7a:7c:40:1c:
                    bd:3f:f1:bc:c5:2e:9c:0d:11:ef:2e:6e:05:c0:09:
                    a9:08:f4:d8:37:3a:d3:1b:f5:f5:13:88:80:6c:b3:
                    5d:65:2b:49:ab:a1:c8:9c:75:a9:e7:45:3d:a5:be:
                    b1:06:2e:33:ba:44:7d:b0:b1:c6:37:9b:bf:d7:cf:
                    b3:ba:2e:ae:d9:44:b1:ef:16:d9:16:00:5d:55:b6:
                    d4:1a:8a:c7:35:75:f1:fb:46:d5:5b:61:91:d6:c6:
                    4c:a9:38:04:f0:eb:75:9d:f6:05:7e:d0:84:88:ff:
                    86:fc:5a:5e:a5:7e:99:7d:e4:7d:c2:13:bb:f3:27:
                    7e:2c:8c:86:05:8b:1f:08:5a:01:e0:a4:4f:ea:2f:
                    c9:00:ac:ed:d9:fe:f1:75:b7:8d:10:10:31:cb:ed:
                    08:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B6:D2:B6:BA:97:85:39:E6:CB:6D:75:A1:3D:B1:C8:0C:C5:97:EB
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BLbStrqXhTnmy211oT2xyAzFl-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:60:cb:d4:92:4d:9a:9d:c0:3e:8b:fc:f3:4a:d9:b5:d4:55:
         6f:26:d6:34:55:49:dc:97:01:8e:f9:77:a4:4a:c6:17:7c:bd:
         b1:0f:99:f3:39:d3:84:94:15:7b:81:ae:76:99:43:00:06:e3:
         ac:3f:4b:72:5c:c1:e4:09:00:01:a3:ae:6e:d1:b3:9e:d7:66:
         43:af:1c:dc:fc:27:d9:63:4a:4b:c6:06:1d:11:e6:87:02:57:
         16:54:22:82:19:1b:6d:0f:37:7d:58:6f:dc:3c:b5:57:9e:1b:
         59:80:43:6f:e6:8c:0f:73:d3:84:74:d1:c4:7e:91:3f:4d:f3:
         8e:8d:79:f9:66:3a:37:df:ad:9f:75:8b:2c:5a:9b:c9:09:64:
         9a:07:74:6a:16:6f:28:37:c4:86:0d:18:64:bf:61:4d:69:86:
         46:ba:4c:19:4f:df:56:6b:75:03:fe:4a:f0:5e:50:da:18:9c:
         9c:42:d9:3f:b5:4a:92:3a:97:4e:5d:d6:1a:91:9d:ba:38:d6:
         15:3f:f2:25:17:63:8e:4e:90:41:70:97:77:5e:1f:34:3d:90:
         d6:c5:6f:a8:cd:fb:8a:d3:5c:fc:c8:d6:76:20:e3:16:bd:57:
         ae:29:98:dd:97:7c:02:b7:09:f6:91:2f:23:5a:62:f4:e2:6f:
         d7:88:fc:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYmcnTjhtT+KeiS6mBLcPVmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNzI4MTMwODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGI2ZDJiNmJhOTc4NTM5ZTZjYjZkNzVhMTNkYjFjODBjYzU5N2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkzzDU5JlDrfHOtY7TusiNBSqqUE
8BPCV7B4kx2D8CNJdYZ8IXwVZI+BhQNij0ZIOJoYjJb2t661Qim6w138pD7UU/VZ
8V+EqOa1E8Tb1SqFsArXo3PvRfvdLUBjHUjkncRK+Hp8QBy9P/G8xS6cDRHvLm4F
wAmpCPTYNzrTG/X1E4iAbLNdZStJq6HInHWp50U9pb6xBi4zukR9sLHGN5u/18+z
ui6u2USx7xbZFgBdVbbUGorHNXXx+0bVW2GR1sZMqTgE8Ot1nfYFftCEiP+G/Fpe
pX6ZfeR9whO78yd+LIyGBYsfCFoB4KRP6i/JAKzt2f7xdbeNEBAxy+0IfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAS20ra6l4U55sttdaE9scgMxZfrMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvQkxiU3RycVhoVG5teTIxMW9UMnh5QXpGbC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnSiMA0G
CSqGSIb3DQEBCwUAA4IBAQA+YMvUkk2ancA+i/zzStm11FVvJtY0VUnclwGO+Xek
SsYXfL2xD5nzOdOElBV7ga52mUMABuOsP0tyXMHkCQABo65u0bOe12ZDrxzc/CfZ
Y0pLxgYdEeaHAlcWVCKCGRttDzd9WG/cPLVXnhtZgENv5owPc9OEdNHEfpE/TfOO
jXn5Zjo3362fdYssWpvJCWSaB3RqFm8oN8SGDRhkv2FNaYZGukwZT99Wa3UD/krw
XlDaGJycQtk/tUqSOpdOXdYakZ26ONYVP/IlF2OOTpBBcJd3Xh80PZDWxW+ozfuK
01z8yNZ2IOMWvVeuKZjdl3wCtwn2kS8jWmL04m/XiPyr
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org