Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/FH7KkgQoJoO8AwK3-UGMyc2lkBc.roa
File:                     FH7KkgQoJoO8AwK3-UGMyc2lkBc.roa (raw, json)
Hash identifier:          PNfr2xK/8D6wfL+CzMeImHZuqXOs1Avv7bUoEk/P2vY=
Subject key identifier:   14:7E:CA:92:04:28:26:83:BC:03:02:B7:F9:41:8C:C9:CD:A5:90:17
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018558D3ECFB3702F015237041259F6F369C
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/FH7KkgQoJoO8AwK3-UGMyc2lkBc.roa
Signing time:             Wed 28 Dec 2022 13:02:41 +0000
ROA not before:           Wed 28 Dec 2022 13:02:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.21.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          46.16.12.0/24 maxlen: 24
                          46.16.15.0/24 maxlen: 24
                          46.16.14.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24
                          45.8.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:58:d3:ec:fb:37:02:f0:15:23:70:41:25:9f:6f:36:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Dec 28 13:02:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=147eca9204282683bc0302b7f9418cc9cda59017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:80:4c:c4:00:43:4d:ac:78:2e:b5:c6:04:b7:
                    44:48:80:dc:02:09:2d:8d:bd:a3:8b:07:9c:0b:74:
                    42:dc:a4:6c:07:f8:74:66:36:c8:db:95:c0:e3:2d:
                    8e:f6:df:36:bc:9d:a2:f5:4a:6a:5d:0c:20:c9:ef:
                    bb:db:3d:09:b9:ae:71:38:3b:13:55:cf:71:74:60:
                    b3:4e:66:7d:e5:10:f4:3f:0c:1f:46:12:00:ad:55:
                    07:28:26:66:02:53:67:98:f6:9b:7a:80:a0:2e:2d:
                    73:ee:73:f7:ac:8c:cf:01:5a:b1:8c:3e:32:d2:47:
                    4e:9b:f5:d0:87:3c:51:8a:79:43:ce:45:b6:65:c3:
                    d3:8b:3d:92:10:f3:ad:d5:89:b8:04:ad:4a:bc:74:
                    9a:2d:14:94:33:14:d8:f4:c8:68:1e:44:d0:21:59:
                    c5:33:cd:58:ea:78:9c:7d:e7:30:07:6d:f3:63:8f:
                    35:5c:18:dd:88:f2:f2:d9:f2:f6:88:a1:6b:0b:c5:
                    39:0f:07:9e:d3:38:ec:a9:4c:a1:62:84:c7:fa:5f:
                    ae:16:5d:8e:8f:9c:63:e5:9e:7f:71:c3:11:4c:8a:
                    65:c8:5c:ef:e3:ea:36:ea:d6:6e:75:ca:a8:30:5d:
                    52:54:b8:7c:f1:c7:46:0d:d3:10:b8:1e:fb:25:e7:
                    b7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7E:CA:92:04:28:26:83:BC:03:02:B7:F9:41:8C:C9:CD:A5:90:17
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/FH7KkgQoJoO8AwK3-UGMyc2lkBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.21.255
                  31.129.23.0-31.129.29.255
                  31.129.31.0/24
                  45.8.99.0/24
                  46.16.12.0/24
                  46.16.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:12:65:18:cf:04:c7:60:00:15:5d:de:fc:0e:4e:c9:22:17:
         5f:c1:47:eb:bd:a6:26:60:18:7e:f9:1a:f8:d5:e2:fc:d2:09:
         6b:66:20:39:34:b0:55:d7:de:cc:f4:f3:b3:23:51:8e:f6:88:
         0a:b7:2d:d0:c2:32:18:67:e5:ef:f9:84:6e:f7:f1:22:fd:fb:
         cd:d2:34:72:9a:d5:3e:d2:47:d6:5c:6e:82:2c:84:e7:90:18:
         88:be:f8:b4:ca:4f:b6:9e:00:1d:53:d1:ff:be:2f:c6:b0:5e:
         31:3e:c0:81:e3:68:4c:c4:c1:eb:cf:22:ff:fe:33:c6:ea:31:
         06:16:cf:0c:3c:98:d9:9f:61:d6:88:db:a1:6d:8d:b3:97:27:
         81:fe:69:b3:f5:7b:e2:82:ed:b6:cf:12:64:5c:5e:5d:e5:d9:
         0e:2f:07:93:8e:09:07:b1:c2:85:e9:e5:35:ed:65:3b:65:93:
         ad:ec:13:fb:c8:b3:57:12:a8:18:b4:d1:e4:54:9a:13:56:5c:
         13:78:74:f2:55:d4:57:fa:5a:ce:3f:b3:5c:74:59:5e:36:c1:
         b5:35:1b:fe:62:8d:17:6b:48:91:d7:1e:bf:25:5d:70:17:eb:
         a4:bf:ce:03:09:d7:b2:ff:2f:ac:ea:e6:cc:6a:06:e7:36:04:
         44:f4:a9:19
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVY0+z7NwLwFSNwQSWfbzacMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMjI4MTMwMjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdlY2E5MjA0MjgyNjgzYmMwMzAyYjdmOTQxOGNjOWNkYTU5MDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4BMxABDTax4LrXGBLdESIDcAgkt
jb2jiwecC3RC3KRsB/h0ZjbI25XA4y2O9t82vJ2i9UpqXQwgye+72z0Jua5xODsT
Vc9xdGCzTmZ95RD0PwwfRhIArVUHKCZmAlNnmPabeoCgLi1z7nP3rIzPAVqxjD4y
0kdOm/XQhzxRinlDzkW2ZcPTiz2SEPOt1Ym4BK1KvHSaLRSUMxTY9MhoHkTQIVnF
M81Y6nicfecwB23zY481XBjdiPLy2fL2iKFrC8U5Dwee0zjsqUyhYoTH+l+uFl2O
j5xj5Z5/ccMRTIplyFzv4+o26tZudcqoMF1SVLh88cdGDdMQuB77Jee3YQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBR+ypIEKCaDvAMCt/lBjMnNpZAXMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvRkg3S2tnUW9Kb084QXdLMy1VR015YzJsa0JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzA5BAIAATAzMAsDAwAfgQME
AR+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQALQhjAwQALhAMAwQBLhAOMA0GCSqG
SIb3DQEBCwUAA4IBAQAKEmUYzwTHYAAVXd78Dk7JIhdfwUfrvaYmYBh++Rr41eL8
0glrZiA5NLBV197M9POzI1GO9ogKty3QwjIYZ+Xv+YRu9/Ei/fvN0jRymtU+0kfW
XG6CLITnkBiIvvi0yk+2ngAdU9H/vi/GsF4xPsCB42hMxMHrzyL//jPG6jEGFs8M
PJjZn2HWiNuhbY2zlyeB/mmz9Xvigu22zxJkXF5d5dkOLweTjgkHscKF6eU17WU7
ZZOt7BP7yLNXEqgYtNHkVJoTVlwTeHTyVdRX+lrOP7NcdFleNsG1NRv+Yo0Xa0iR
1x6/JV1wF+ukv84DCdey/y+s6ubMagbnNgRE9KkZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org