Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/HEVVvP6q4V7XQeH8XkhHMPCawDU.roa
File:                     HEVVvP6q4V7XQeH8XkhHMPCawDU.roa (raw, json)
Hash identifier:          lHZacK+H2pcfRtYZA6EDhsptF6ZFLJKG+ywq/CCkp3M=
Subject key identifier:   1C:45:55:BC:FE:AA:E1:5E:D7:41:E1:FC:5E:48:47:30:F0:9A:C0:35
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       01856C6EFAB6C4EC9D09C26497BBC51052BC
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/HEVVvP6q4V7XQeH8XkhHMPCawDU.roa
Signing time:             Sun 01 Jan 2023 08:24:50 +0000
ROA not before:           Sun 01 Jan 2023 08:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51656
IP address blocks:        93.174.165.0/24 maxlen: 24
                          89.36.162.0/23 maxlen: 23
                          89.36.160.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6e:fa:b6:c4:ec:9d:09:c2:64:97:bb:c5:10:52:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 08:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1c4555bcfeaae15ed741e1fc5e484730f09ac035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e8:d3:74:b2:90:04:85:c2:a3:1c:d3:80:bb:
                    6f:76:28:c8:c2:c1:7f:70:c8:9b:5b:91:38:a1:82:
                    a7:86:ff:4a:ed:2b:c9:fc:1f:54:79:2c:09:c2:de:
                    d7:49:01:dd:8b:f9:36:85:9e:e4:e6:06:0c:b1:68:
                    03:dd:7d:5f:75:b0:d9:94:8e:16:90:27:d0:1b:aa:
                    13:41:ed:36:d1:73:df:3c:b3:65:bd:9a:4e:1b:3c:
                    38:ec:a9:41:0d:f2:30:0a:ae:a0:6d:d6:6e:50:6f:
                    0f:62:49:14:d2:6d:fc:ca:1e:b4:58:98:83:43:eb:
                    ee:f2:30:fd:6e:0e:4e:4f:ee:1c:a5:bc:f8:74:1d:
                    a5:2e:6d:27:e2:f9:89:d7:21:47:eb:30:37:f2:03:
                    c4:1d:ee:c5:68:da:ce:a2:7e:ed:88:b5:ed:20:ea:
                    d6:ff:97:a0:b2:10:3b:aa:7a:e3:fb:a1:1e:52:f6:
                    05:fc:28:4d:a5:e7:43:86:0d:89:19:20:f0:05:fa:
                    87:44:d4:da:c3:e9:23:51:43:37:d8:7c:e2:3f:18:
                    dd:f2:9d:87:02:f0:9f:cc:a4:ff:0b:fb:48:41:39:
                    85:25:90:b2:fd:36:ca:a9:87:84:0f:bf:25:ce:53:
                    3f:47:cb:fd:c5:4b:c2:9e:37:9f:4d:0e:7f:58:63:
                    bc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:45:55:BC:FE:AA:E1:5E:D7:41:E1:FC:5E:48:47:30:F0:9A:C0:35
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/HEVVvP6q4V7XQeH8XkhHMPCawDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.160.0/22
                  93.174.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:4f:26:7d:f7:3b:b1:46:f0:8d:79:54:41:c0:08:0a:94:f3:
         c6:de:d1:b6:b4:5f:7e:6e:aa:b7:42:9c:26:61:32:72:fb:bd:
         37:32:a7:46:af:e5:c4:57:c7:37:fe:5b:f0:f0:8f:57:3e:ae:
         a8:0f:4e:bd:7b:a4:b4:98:e3:c2:db:9b:1e:0a:8a:aa:b8:ab:
         3c:2d:b4:ad:ed:f1:60:24:6d:90:de:7a:a7:8a:04:11:41:05:
         c3:1a:08:fb:da:83:2a:fe:79:79:5f:2a:c1:b0:e7:de:96:c6:
         38:39:94:f3:ef:59:5e:f8:13:7d:ad:75:81:6a:9e:ce:44:f7:
         8b:00:10:ee:71:02:a3:25:f2:85:af:3b:9b:0a:70:a9:72:97:
         7b:e6:72:dc:68:f1:2e:01:1e:2d:6d:45:4e:9d:89:84:4c:54:
         55:d7:50:90:2a:95:84:4e:16:27:05:48:1d:92:d9:74:2f:d1:
         21:ea:d3:5f:27:0a:79:66:ba:39:80:ff:c4:54:60:af:5c:dc:
         bf:b8:37:b0:7a:55:e4:e5:08:61:03:26:55:9f:40:05:a9:0a:
         02:7d:fd:ba:2b:7c:23:d6:9f:09:91:d6:e2:45:1c:29:e8:1e:
         ae:a7:de:e1:fb:c8:1d:c5:52:e8:08:31:15:52:82:53:69:85:
         25:37:8c:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVsbvq2xOydCcJkl7vFEFK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjMwMTAxMDgyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQ1NTViY2ZlYWFlMTVlZDc0MWUxZmM1ZTQ4NDczMGYwOWFjMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlujTdLKQBIXCoxzTgLtvdijIwsF/
cMibW5E4oYKnhv9K7SvJ/B9UeSwJwt7XSQHdi/k2hZ7k5gYMsWgD3X1fdbDZlI4W
kCfQG6oTQe020XPfPLNlvZpOGzw47KlBDfIwCq6gbdZuUG8PYkkU0m38yh60WJiD
Q+vu8jD9bg5OT+4cpbz4dB2lLm0n4vmJ1yFH6zA38gPEHe7FaNrOon7tiLXtIOrW
/5egshA7qnrj+6EeUvYF/ChNpedDhg2JGSDwBfqHRNTaw+kjUUM32HziPxjd8p2H
AvCfzKT/C/tIQTmFJZCy/TbKqYeED78lzlM/R8v9xUvCnjefTQ5/WGO88wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBxFVbz+quFe10Hh/F5IRzDwmsA1MB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvSEVWVnZQNnE0VjdYUWVIOFhraEhNUENhd0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWSSgAwQA
Xa6lMA0GCSqGSIb3DQEBCwUAA4IBAQCrTyZ99zuxRvCNeVRBwAgKlPPG3tG2tF9+
bqq3QpwmYTJy+703MqdGr+XEV8c3/lvw8I9XPq6oD069e6S0mOPC25seCoqquKs8
LbSt7fFgJG2Q3nqnigQRQQXDGgj72oMq/nl5XyrBsOfelsY4OZTz71le+BN9rXWB
ap7ORPeLABDucQKjJfKFrzubCnCpcpd75nLcaPEuAR4tbUVOnYmETFRV11CQKpWE
ThYnBUgdktl0L9Eh6tNfJwp5Zro5gP/EVGCvXNy/uDewelXk5QhhAyZVn0AFqQoC
ff26K3wj1p8JkdbiRRwp6B6up97h+8gdxVLoCDEVUoJTaYUlN4wS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:14 2024 by rpki-client on console-fra.rpki-client.org