Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/TA2E17CLG_JTXcGUzR53XCShLKY.roa
File:                     TA2E17CLG_JTXcGUzR53XCShLKY.roa (raw, json)
Hash identifier:          7N7BLW0BXUK+e1JNHP/Znh6MCqfXvciZSMxgFF8tgdQ=
Subject key identifier:   4C:0D:84:D7:B0:8B:1B:F2:53:5D:C1:94:CD:1E:77:5C:24:A1:2C:A6
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01860D6FE0690CCBFF164002CF986AB84C87
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/TA2E17CLG_JTXcGUzR53XCShLKY.roa
Signing time:             Wed 01 Feb 2023 14:44:41 +0000
ROA not before:           Wed 01 Feb 2023 14:44:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     26636
IP address blocks:        194.5.92.0/24 maxlen: 24
                          45.66.116.0/24 maxlen: 24
                          5.44.44.0/24 maxlen: 24
                          92.118.114.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:0d:6f:e0:69:0c:cb:ff:16:40:02:cf:98:6a:b8:4c:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Feb  1 14:44:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c0d84d7b08b1bf2535dc194cd1e775c24a12ca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7e:8c:f5:fb:3b:83:85:6f:8d:9f:d7:35:b5:
                    8d:22:81:e1:9f:b3:fd:23:a0:cf:92:24:78:bd:2d:
                    29:43:0f:86:c6:e1:48:c1:9b:eb:2c:e0:b0:08:87:
                    60:c2:47:fd:0e:b8:b6:ff:80:7d:ad:05:c1:b5:0b:
                    10:97:b0:2f:3d:7b:0e:85:44:cc:88:5d:bd:08:13:
                    7e:1b:a2:c1:20:22:9a:39:71:71:81:34:6e:54:c2:
                    ab:19:44:a0:8f:ea:ca:33:d7:a2:8d:35:93:22:6a:
                    ba:3e:40:2a:92:06:fa:8d:9e:b5:c9:e8:6f:bf:db:
                    94:61:06:7d:b6:93:df:31:1b:3d:f0:e6:45:50:bf:
                    51:6c:ef:f0:30:a8:27:4a:40:82:18:9c:e1:bd:8f:
                    dd:9a:23:4b:df:38:6f:e9:5b:50:ed:8d:df:4d:f3:
                    9b:d0:a7:75:7a:58:20:0d:03:30:27:44:fd:70:17:
                    b5:ce:b8:14:ce:92:0c:1b:24:11:54:95:2f:3e:0b:
                    0a:e4:47:23:d3:5b:4d:47:c9:27:b0:31:40:c8:0c:
                    c5:2a:af:57:c6:a6:1a:30:44:1d:ff:9d:07:da:51:
                    56:29:c5:5f:aa:09:ea:10:a7:d3:0f:27:f9:35:dc:
                    cc:27:ae:60:2c:b0:a1:9b:4f:77:9a:c3:8a:2b:10:
                    ea:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:0D:84:D7:B0:8B:1B:F2:53:5D:C1:94:CD:1E:77:5C:24:A1:2C:A6
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/TA2E17CLG_JTXcGUzR53XCShLKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.44.0/24
                  45.66.116.0/24
                  92.118.114.0/23
                  194.5.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:58:ee:2f:95:c0:30:a5:6c:4a:d7:e0:30:d8:ce:12:a1:33:
         88:4e:e4:d8:74:b9:6c:cf:74:b3:16:da:66:69:f7:dc:2a:00:
         0d:f5:56:1e:62:c0:d1:52:20:1b:ab:80:56:bd:1e:41:17:f2:
         e4:04:ec:cd:a9:c4:7c:6d:11:76:52:2c:67:7c:08:a0:fa:14:
         7a:11:56:fe:98:21:f5:a6:e5:99:27:6f:a0:c8:06:93:c9:52:
         aa:6c:49:e0:25:32:5d:df:a1:32:33:dc:a1:9c:6f:43:63:62:
         cf:8a:08:e3:1e:c6:ca:d0:56:60:6c:8d:e1:34:a4:84:78:f5:
         df:bd:7d:53:d8:da:c1:c7:b7:8b:12:a8:af:cf:ce:f6:43:bc:
         da:7d:22:53:7a:48:68:00:c5:3f:7b:32:3b:6c:a7:c1:34:2a:
         c4:76:b3:3c:f9:09:f2:f6:41:e2:42:7d:4b:f5:9d:f2:3b:3c:
         00:d2:83:3f:69:89:a9:18:92:5c:99:dc:76:6a:e0:21:15:13:
         38:f3:f0:f6:ea:f5:17:9d:29:3b:0a:2f:72:e8:93:4e:0e:6f:
         e3:4e:f1:c9:df:ec:19:7a:15:26:02:0d:16:6d:cb:83:cd:50:
         69:be:81:2f:a5:db:39:a0:73:94:b5:97:1d:3f:49:c0:82:08:
         bc:27:25:bb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYYNb+BpDMv/FkACz5hquEyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMjAxMTQ0NDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzBkODRkN2IwOGIxYmYyNTM1ZGMxOTRjZDFlNzc1YzI0YTEyY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuH6M9fs7g4VvjZ/XNbWNIoHhn7P9
I6DPkiR4vS0pQw+GxuFIwZvrLOCwCIdgwkf9Dri2/4B9rQXBtQsQl7AvPXsOhUTM
iF29CBN+G6LBICKaOXFxgTRuVMKrGUSgj+rKM9eijTWTImq6PkAqkgb6jZ61yehv
v9uUYQZ9tpPfMRs98OZFUL9RbO/wMKgnSkCCGJzhvY/dmiNL3zhv6VtQ7Y3fTfOb
0Kd1elggDQMwJ0T9cBe1zrgUzpIMGyQRVJUvPgsK5Ecj01tNR8knsDFAyAzFKq9X
xqYaMEQd/50H2lFWKcVfqgnqEKfTDyf5NdzMJ65gLLChm093msOKKxDqywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEwNhNewixvyU13BlM0ed1wkoSymMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvVEEyRTE3Q0xHX0pUWGNHVXpSNTNYQ1NoTEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQABSwsAwQA
LUJ0AwQBXHZyAwQAwgVcMA0GCSqGSIb3DQEBCwUAA4IBAQAZWO4vlcAwpWxK1+Aw
2M4SoTOITuTYdLlsz3SzFtpmaffcKgAN9VYeYsDRUiAbq4BWvR5BF/LkBOzNqcR8
bRF2UixnfAig+hR6EVb+mCH1puWZJ2+gyAaTyVKqbEngJTJd36EyM9yhnG9DY2LP
igjjHsbK0FZgbI3hNKSEePXfvX1T2NrBx7eLEqivz872Q7zafSJTekhoAMU/ezI7
bKfBNCrEdrM8+Qny9kHiQn1L9Z3yOzwA0oM/aYmpGJJcmdx2auAhFRM48/D26vUX
nSk7Ci9y6JNODm/jTvHJ3+wZehUmAg0WbcuDzVBpvoEvpds5oHOUtZcdP0nAggi8
JyW7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org