Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/0mh-OWfn2kV-vsI6IABkKFgnmrc.roa
File:                     0mh-OWfn2kV-vsI6IABkKFgnmrc.roa (raw, json)
Hash identifier:          Shztixm63jC8gvxPzYW6WolsS7g4qNPYXVJ3qvhRpJI=
Subject key identifier:   D2:68:7E:39:67:E7:DA:45:7E:BE:C2:3A:20:00:64:28:58:27:9A:B7
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       059F0E7A
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/0mh-OWfn2kV-vsI6IABkKFgnmrc.roa
Signing time:             Sat 01 Jan 2022 07:04:02 +0000
ROA not before:           Sat 01 Jan 2022 07:04:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51656
IP address blocks:        93.174.165.0/24 maxlen: 24
                          89.36.162.0/23 maxlen: 23
                          89.36.160.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 94310010 (0x59f0e7a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 07:04:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d2687e3967e7da457ebec23a2000642858279ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6c:05:9e:5d:47:6d:bf:8e:9d:4b:e1:76:59:
                    e3:97:2c:23:c1:ed:da:b9:2b:91:24:81:56:21:e5:
                    dc:e9:d9:6f:a3:6f:e0:a5:22:90:02:a1:71:60:44:
                    71:d0:17:97:31:a0:06:42:cc:26:7c:fc:2c:e4:55:
                    20:8b:39:02:b9:45:32:30:3c:b2:d6:a5:24:50:7d:
                    87:4b:fc:e3:91:e5:34:76:32:89:8d:43:76:fd:a1:
                    18:28:c1:92:6e:60:29:48:75:55:d2:7a:de:39:17:
                    82:44:90:aa:b1:43:9c:68:86:12:8c:03:99:43:0e:
                    79:24:70:47:69:e9:ab:b4:da:a1:f5:0f:74:92:3c:
                    a6:13:31:5d:08:72:bf:40:74:50:0d:08:ad:b8:8e:
                    db:03:c4:3d:56:32:59:a5:df:60:b8:c3:2c:a4:88:
                    93:b6:73:26:b1:ee:70:15:9b:5c:43:eb:64:00:64:
                    fc:76:9c:d3:24:8b:7d:29:d4:93:44:14:ff:1b:ba:
                    54:c9:23:aa:c3:b3:07:44:b0:d0:c8:37:eb:7d:79:
                    05:37:9f:2b:ba:d0:b0:6d:75:00:1c:d9:70:88:80:
                    0f:b9:51:93:2a:e0:c8:0a:a0:c5:03:2d:b5:ec:7b:
                    6c:d2:51:57:9f:c3:d9:df:2d:6a:0c:c5:8d:ab:a7:
                    de:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:68:7E:39:67:E7:DA:45:7E:BE:C2:3A:20:00:64:28:58:27:9A:B7
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/0mh-OWfn2kV-vsI6IABkKFgnmrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.160.0/22
                  93.174.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:1a:71:17:e9:96:b5:8c:9d:ed:f4:35:bb:b9:c4:aa:a6:d5:
         1b:e8:0b:2c:00:5d:d6:46:6d:d3:84:0f:f0:1c:f0:1d:59:90:
         80:4d:22:a5:63:a9:80:90:81:69:67:11:f3:d4:af:63:11:16:
         4d:8f:d6:28:9f:35:a3:da:90:9e:47:f7:94:97:8d:09:a0:93:
         93:90:4d:01:34:ab:fc:42:37:7a:16:3f:37:c6:a1:2a:d3:86:
         0d:f9:b0:f8:17:3c:1d:01:63:f5:cd:7c:49:07:6e:e5:ed:d0:
         54:75:b1:39:5a:9e:44:3b:a4:6d:cd:98:99:aa:2a:d2:e4:d9:
         1c:a5:2a:c3:7b:b1:7f:1d:86:41:5e:79:e3:a3:9d:40:ea:47:
         db:c0:8b:db:2d:80:e7:f4:54:39:69:64:0a:a6:46:93:ae:0f:
         ef:65:ae:0a:29:43:8d:0e:17:48:5f:26:73:30:89:f4:48:cb:
         fa:e6:2f:7c:74:49:8a:f9:9a:71:df:c1:50:f2:36:2f:a6:8d:
         f1:8f:71:3d:b4:a3:63:0c:22:d7:41:5f:e3:78:a1:bb:21:94:
         8d:cb:d1:d8:c0:e8:87:9b:5a:01:eb:05:dc:69:2c:6c:65:2e:
         b3:b0:eb:f3:56:49:a0:10:2b:f3:9c:4e:ae:d0:73:e8:ab:6c:
         96:c4:b3:bb
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBZ8OejANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
Y2VmNThkNGNmYTM1NTQzZjg0ODhhMjc1NmU2OTI0ZTY0N2I0NTg5MB4XDTIyMDEw
MTA3MDQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDI2ODdlMzk2N2U3
ZGE0NTdlYmVjMjNhMjAwMDY0Mjg1ODI3OWFiNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJJsBZ5dR22/jp1L4XZZ45csI8Ht2rkrkSSBViHl3OnZb6Nv
4KUikAKhcWBEcdAXlzGgBkLMJnz8LORVIIs5ArlFMjA8stalJFB9h0v845HlNHYy
iY1Ddv2hGCjBkm5gKUh1VdJ63jkXgkSQqrFDnGiGEowDmUMOeSRwR2npq7TaofUP
dJI8phMxXQhyv0B0UA0IrbiO2wPEPVYyWaXfYLjDLKSIk7ZzJrHucBWbXEPrZABk
/Hac0ySLfSnUk0QU/xu6VMkjqsOzB0Sw0Mg36315BTefK7rQsG11ABzZcIiAD7lR
kyrgyAqgxQMttex7bNJRV5/D2d8tagzFjaun3pcCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTSaH45Z+faRX6+wjogAGQoWCeatzAfBgNVHSMEGDAWgBTc71jUz6NVQ/hI
iidW5pJOZHtFiTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNPOVkxTS1qVlVQNFNJb25WdWFTVG1SN1JZay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWEvZWE0NDU1LTc4MzYtNDRjNC1iMmEzLTJlY2UwNGUxODVjMi8x
LzBtaC1PV2ZuMmtWLXZzSTZJQUJrS0Znbm1yYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEv
ZWE0NDU1LTc4MzYtNDRjNC1iMmEzLTJlY2UwNGUxODVjMi8xLzNPOVkxTS1qVlVQ
NFNJb25WdWFTVG1SN1JZay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAlkkoAMEAF2upTANBgkqhkiG9w0B
AQsFAAOCAQEARRpxF+mWtYyd7fQ1u7nEqqbVG+gLLABd1kZt04QP8BzwHVmQgE0i
pWOpgJCBaWcR89SvYxEWTY/WKJ81o9qQnkf3lJeNCaCTk5BNATSr/EI3ehY/N8ah
KtOGDfmw+Bc8HQFj9c18SQdu5e3QVHWxOVqeRDukbc2Ymaoq0uTZHKUqw3uxfx2G
QV5546OdQOpH28CL2y2A5/RUOWlkCqZGk64P72WuCilDjQ4XSF8mczCJ9EjL+uYv
fHRJivmacd/BUPI2L6aN8Y9xPbSjYwwi10Ff43ihuyGUjcvR2MDoh5taAesF3Gks
bGUus7Dr81ZJoBAr85xOrtBz6KtslsSzuw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:42 2024 by rpki-client on console-ams.rpki-client.org