Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/GRk8cqQHhqYoez4AJqIAb_liecM.roa
File:                     GRk8cqQHhqYoez4AJqIAb_liecM.roa (raw, json)
Hash identifier:          qeMRiGHf1hgIOf3+LgYWku/oc92826YxbrrqUhnciqk=
Subject key identifier:   19:19:3C:72:A4:07:86:A6:28:7B:3E:00:26:A2:00:6F:F9:62:79:C3
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       12B88701
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/GRk8cqQHhqYoez4AJqIAb_liecM.roa
Signing time:             Fri 27 May 2022 17:33:13 +0000
ROA not before:           Fri 27 May 2022 17:33:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     63023
IP address blocks:        195.80.49.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 314083073 (0x12b88701)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: May 27 17:33:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=19193c72a40786a6287b3e0026a2006ff96279c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d7:54:a5:ac:9d:ec:f3:6b:89:93:53:75:9f:
                    cc:e7:e6:cc:3a:07:bd:a1:94:7a:ad:ac:ad:97:fa:
                    fa:43:36:42:2c:89:58:bc:bf:24:14:13:64:1f:58:
                    e4:94:6a:9f:28:b1:2e:c9:63:0a:e5:cf:e3:2d:bd:
                    01:2a:97:65:93:e7:d5:12:fd:a0:4b:78:ae:a3:0c:
                    10:0d:f6:97:d9:4c:e0:49:6c:bd:73:11:1f:32:eb:
                    d5:7a:c9:8b:b8:a6:c1:c9:10:a6:1a:2a:9d:72:78:
                    eb:37:b6:1f:bf:1b:9b:cc:b5:6b:47:73:f9:74:e6:
                    0d:99:a8:99:fd:5b:63:0b:b4:47:37:64:88:ba:20:
                    3e:55:59:92:67:0b:b9:c2:c3:b6:c8:86:35:5f:ba:
                    e1:f7:bf:7e:4a:ac:ea:bf:22:79:9c:2b:38:ab:ec:
                    c3:bb:b9:ab:1c:1b:58:0b:57:5f:00:a8:a7:56:1d:
                    47:2b:5f:95:da:b2:85:99:89:1d:f9:30:24:b6:68:
                    55:6c:4a:24:f4:5b:0f:83:08:db:0f:6f:e6:e0:ec:
                    25:36:9a:03:74:39:d6:9d:ee:5c:1d:80:8b:5c:88:
                    84:7b:88:45:cb:af:fc:b1:63:21:ba:35:00:88:f6:
                    a3:98:c5:82:da:ee:aa:d3:35:27:10:c9:05:ae:72:
                    e4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:19:3C:72:A4:07:86:A6:28:7B:3E:00:26:A2:00:6F:F9:62:79:C3
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/GRk8cqQHhqYoez4AJqIAb_liecM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.80.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f5:13:c4:bb:80:a8:a6:02:d7:fe:bf:51:c8:50:28:ea:5b:
         63:5b:e7:e6:14:73:29:48:f8:eb:72:13:26:1f:9a:45:c8:92:
         38:99:21:01:06:0e:d2:67:a7:a5:84:5f:d1:6b:e4:a6:a8:cb:
         75:1a:7e:a9:ec:b3:f1:08:1f:df:08:d7:30:e6:f7:5e:a4:4e:
         60:4d:7e:93:c4:08:d1:f3:4e:e9:e3:67:29:7c:4e:2c:76:bf:
         77:75:ca:7e:42:7b:dc:e5:ad:6d:ef:84:a9:c7:b2:c8:bf:eb:
         40:0f:e9:a4:bd:a7:eb:ae:ad:55:da:76:13:65:3a:96:55:8f:
         38:fb:a1:08:10:bf:57:58:da:9f:96:2b:95:59:bb:9a:c1:4b:
         5e:44:a4:a2:e6:54:76:06:4e:f2:2f:2c:85:b0:fb:f3:85:d2:
         f0:e8:83:93:df:ca:c7:51:97:75:2a:50:65:b8:05:41:17:e2:
         76:53:42:01:9a:55:64:5f:88:9b:8f:b3:eb:4f:a4:dd:04:f8:
         9a:08:2b:c7:66:8d:42:02:a0:8a:7f:05:c1:56:bf:b6:62:6e:
         78:40:23:c7:bd:21:0c:a3:c8:d6:97:e9:6e:fa:c7:09:0e:65:
         9b:a2:3a:6d:76:a8:36:21:e1:be:c3:f5:d1:17:33:dc:80:2e:
         4c:fc:db:71
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEriHATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NWIxZDEzYzJlMjZlMTI3ODYyNDZhNWVjNGM1YmVhNjk4NjRiMjBmMB4XDTIyMDUy
NzE3MzMxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTkxOTNjNzJhNDA3
ODZhNjI4N2IzZTAwMjZhMjAwNmZmOTYyNzljMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKrXVKWsnezza4mTU3WfzOfmzDoHvaGUeq2srZf6+kM2QiyJ
WLy/JBQTZB9Y5JRqnyixLsljCuXP4y29ASqXZZPn1RL9oEt4rqMMEA32l9lM4Els
vXMRHzLr1XrJi7imwckQphoqnXJ46ze2H78bm8y1a0dz+XTmDZmomf1bYwu0Rzdk
iLogPlVZkmcLucLDtsiGNV+64fe/fkqs6r8ieZwrOKvsw7u5qxwbWAtXXwCop1Yd
RytfldqyhZmJHfkwJLZoVWxKJPRbD4MI2w9v5uDsJTaaA3Q51p3uXB2Ai1yIhHuI
Rcuv/LFjIbo1AIj2o5jFgtruqtM1JxDJBa5y5KcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQZGTxypAeGpih7PgAmogBv+WJ5wzAfBgNVHSMEGDAWgBQFsdE8LibhJ4Yk
al7Exb6mmGSyDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JiSFJQQzRtNFNlR0pHcGV4TVctcHBoa3NnOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTgvYzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8x
L0dSazhjcVFIaHFZb2V6NEFKcUlBYl9saWVjTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgv
YzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8xL0JiSFJQQzRtNFNl
R0pHcGV4TVctcHBoa3NnOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNQMTANBgkqhkiG9w0BAQsFAAOC
AQEAVfUTxLuAqKYC1/6/UchQKOpbY1vn5hRzKUj463ITJh+aRciSOJkhAQYO0men
pYRf0WvkpqjLdRp+qeyz8Qgf3wjXMOb3XqROYE1+k8QI0fNO6eNnKXxOLHa/d3XK
fkJ73OWtbe+EqceyyL/rQA/ppL2n666tVdp2E2U6llWPOPuhCBC/V1jan5YrlVm7
msFLXkSkouZUdgZO8i8shbD784XS8OiDk9/Kx1GXdSpQZbgFQRfidlNCAZpVZF+I
m4+z60+k3QT4mggrx2aNQgKgin8FwVa/tmJueEAjx70hDKPI1pfpbvrHCQ5lm6I6
bXaoNiHhvsP10Rcz3IAuTPzbcQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org