Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/gFlUJPcpNP9VwtJFUPJBT7qrVNs.roa
File:                     gFlUJPcpNP9VwtJFUPJBT7qrVNs.roa (raw, json)
Hash identifier:          ND1+YfcGsp5BTTim/x2UXQVy3uHQ8S8L51tIEZ/oHWk=
Subject key identifier:   80:59:54:24:F7:29:34:FF:55:C2:D2:45:50:F2:41:4F:BA:AB:54:DB
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01856E2FC4215AB9DA1C88DB57DF2B9B6E7F
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/gFlUJPcpNP9VwtJFUPJBT7qrVNs.roa
Signing time:             Sun 01 Jan 2023 16:35:02 +0000
ROA not before:           Sun 01 Jan 2023 16:35:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     395800
IP address blocks:        85.92.109.0/24 maxlen: 24
                          194.5.92.0/24 maxlen: 24
                          89.191.232.0/24 maxlen: 24
                          5.44.47.0/24 maxlen: 24
                          109.236.58.0/24 maxlen: 24
                          91.107.116.0/24 maxlen: 24
                          194.31.174.0/24 maxlen: 24
                          194.31.173.0/24 maxlen: 24
                          91.107.124.0/23 maxlen: 23
                          91.107.127.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:c4:21:5a:b9:da:1c:88:db:57:df:2b:9b:6e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  1 16:35:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80595424f72934ff55c2d24550f2414fbaab54db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8a:f9:1e:6a:f4:ac:64:de:10:9f:fb:ce:fb:
                    d6:af:48:fe:c6:dd:fd:36:47:04:b6:23:a7:f9:e1:
                    d4:2a:ca:b5:c1:bf:5b:98:71:13:fe:de:e1:e2:1a:
                    72:d8:8c:07:78:ea:fd:d0:09:de:88:33:c2:1c:a8:
                    cc:b4:3b:bd:d8:aa:98:00:fd:ba:07:e0:a3:c5:99:
                    3d:32:92:3b:ad:39:06:a5:0a:08:98:91:39:08:73:
                    05:d5:03:c2:04:62:39:cc:2a:97:d1:55:dc:fe:d5:
                    28:5e:d6:52:4b:98:f0:32:a3:5e:4e:9f:75:d2:5f:
                    e8:81:83:4d:70:ba:fa:9e:96:f2:36:9c:99:96:03:
                    ad:13:a1:cf:a4:5e:be:71:8f:2e:46:39:50:b0:c9:
                    3d:96:9c:0c:14:40:df:50:ce:67:35:e5:c4:fe:a1:
                    d0:51:91:cb:87:14:2f:1b:63:9b:8f:90:3e:9b:b9:
                    bc:20:9d:f8:ea:78:1f:cf:50:59:bf:d9:83:29:84:
                    3d:4e:e2:a7:04:c9:7c:97:a0:41:ad:a6:50:31:e8:
                    a6:1f:4f:0e:9f:98:50:67:f4:fc:7a:f5:45:b0:06:
                    ff:29:95:87:af:84:52:5e:1a:c6:18:32:9d:79:68:
                    8f:db:b6:c4:bc:ce:ea:c7:12:f3:e8:c6:df:bc:81:
                    c1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:59:54:24:F7:29:34:FF:55:C2:D2:45:50:F2:41:4F:BA:AB:54:DB
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/gFlUJPcpNP9VwtJFUPJBT7qrVNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.47.0/24
                  85.92.109.0/24
                  89.191.232.0/24
                  91.107.116.0/24
                  91.107.124.0/23
                  91.107.127.0/24
                  109.236.58.0/24
                  194.5.92.0/24
                  194.31.173.0-194.31.174.255

    Signature Algorithm: sha256WithRSAEncryption
         46:a4:97:b3:c3:ed:0c:72:54:48:64:00:49:ce:a0:c9:73:ec:
         f0:7b:35:5e:04:6d:2e:51:42:93:86:72:13:42:07:4d:05:af:
         02:c3:bf:e8:95:4a:bc:2b:20:ec:49:56:c2:ae:b4:c5:05:1b:
         47:fe:36:35:b4:aa:e4:c3:b3:e4:a7:43:59:b9:2c:67:c7:f7:
         85:66:ae:88:c9:e3:2a:7f:3c:74:e5:1c:e5:5a:63:02:31:db:
         43:e0:56:1c:52:32:5c:7c:d3:36:57:c0:ce:fb:4b:d9:3a:ca:
         c1:88:c0:7f:d7:e6:b0:03:4a:a0:13:89:bc:40:44:86:99:6f:
         73:3d:3b:af:de:f5:1b:53:7e:be:78:2a:eb:83:0c:28:fd:59:
         98:70:01:e4:bf:d3:ee:63:a3:0c:48:97:d9:23:b1:b2:e1:13:
         f4:92:28:c1:46:08:51:1b:5a:ac:d7:35:01:83:4f:b7:97:a6:
         1e:ad:f9:56:ac:de:dc:bb:ce:56:ec:fb:70:e0:d0:cd:4e:31:
         02:44:bf:d3:5c:c7:5e:e4:88:88:ea:ee:68:55:a0:1c:12:b1:
         44:e4:03:29:d8:c1:81:18:e2:2d:dc:a9:cb:5e:1d:8d:d4:8e:
         a9:07:29:41:33:7d:f7:f7:d8:47:5c:e5:5b:55:6b:b8:e4:64:
         0c:8b:01:a1
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYVuL8QhWrnaHIjbV98rm25/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTAxMTYzNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDU5NTQyNGY3MjkzNGZmNTVjMmQyNDU1MGYyNDE0ZmJhYWI1NGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYr5Hmr0rGTeEJ/7zvvWr0j+xt39
NkcEtiOn+eHUKsq1wb9bmHET/t7h4hpy2IwHeOr90AneiDPCHKjMtDu92KqYAP26
B+CjxZk9MpI7rTkGpQoImJE5CHMF1QPCBGI5zCqX0VXc/tUoXtZSS5jwMqNeTp91
0l/ogYNNcLr6npbyNpyZlgOtE6HPpF6+cY8uRjlQsMk9lpwMFEDfUM5nNeXE/qHQ
UZHLhxQvG2Obj5A+m7m8IJ346ngfz1BZv9mDKYQ9TuKnBMl8l6BBraZQMeimH08O
n5hQZ/T8evVFsAb/KZWHr4RSXhrGGDKdeWiP27bEvM7qxxLz6MbfvIHBQwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFIBZVCT3KTT/VcLSRVDyQU+6q1TbMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvZ0ZsVUpQY3BOUDlWd3RKRlVQSkJUN3FyVk5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABSwvAwQA
VVxtAwQAWb/oAwQAW2t0AwQBW2t8AwQAW2t/AwQAbew6AwQAwgVcMAwDBADCH60D
BADCH64wDQYJKoZIhvcNAQELBQADggEBAEakl7PD7QxyVEhkAEnOoMlz7PB7NV4E
bS5RQpOGchNCB00FrwLDv+iVSrwrIOxJVsKutMUFG0f+NjW0quTDs+SnQ1m5LGfH
94VmrojJ4yp/PHTlHOVaYwIx20PgVhxSMlx80zZXwM77S9k6ysGIwH/X5rADSqAT
ibxARIaZb3M9O6/e9RtTfr54KuuDDCj9WZhwAeS/0+5jowxIl9kjsbLhE/SSKMFG
CFEbWqzXNQGDT7eXph6t+Vas3ty7zlbs+3Dg0M1OMQJEv9Ncx17kiIjq7mhVoBwS
sUTkAynYwYEY4i3cqcteHY3UjqkHKUEzfff32Edc5VtVa7jkZAyLAaE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:55 2024 by rpki-client on console-fra.rpki-client.org