Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Sf73RJZx7lbDw7ThCO2rOEYUEd8.roa
File:                     Sf73RJZx7lbDw7ThCO2rOEYUEd8.roa (raw, json)
Hash identifier:          2R2A5o0eyUb0md+MyxrVaJ20KCzHOYX7VNOewoCzQTs=
Subject key identifier:   49:FE:F7:44:96:71:EE:56:C3:C3:B4:E1:08:ED:AB:38:46:14:11:DF
Certificate issuer:       /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial:       01856D2F2D4ACE609A45CAF3E3199BB5CA26
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Sf73RJZx7lbDw7ThCO2rOEYUEd8.roa
Signing time:             Sun 01 Jan 2023 11:54:46 +0000
ROA not before:           Sun 01 Jan 2023 11:54:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        185.160.193.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:2f:2d:4a:ce:60:9a:45:ca:f3:e3:19:9b:b5:ca:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
        Validity
            Not Before: Jan  1 11:54:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49fef7449671ee56c3c3b4e108edab38461411df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:49:8a:be:d6:8c:f4:2d:b1:62:e9:3f:e0:46:
                    49:e7:95:5d:c0:45:2c:08:25:69:78:ba:4d:29:c1:
                    48:ba:7c:3e:1b:7c:e0:44:b5:cc:2f:99:2d:24:ef:
                    80:59:15:41:7b:bc:31:56:1a:bb:a9:da:61:3b:55:
                    7e:f1:12:99:e9:39:6a:30:85:52:ca:4e:3e:fb:51:
                    fe:ae:d3:df:f0:e7:9e:4e:b2:56:6c:6a:b6:c0:34:
                    40:ea:0f:be:52:47:5a:f9:d6:73:8d:54:fb:61:d3:
                    45:c6:12:d7:76:b6:10:1b:22:44:13:2e:75:75:d2:
                    9e:d4:00:f3:55:9c:45:ea:b1:fa:80:bd:3c:f5:41:
                    9f:a2:65:51:ea:3d:a9:f5:97:78:b1:b2:7c:e4:c3:
                    8c:81:73:1e:21:d5:2a:d0:a9:ed:3f:a2:9f:a4:da:
                    65:7a:7a:76:8c:bd:0d:74:19:9f:33:e1:ba:c7:87:
                    ba:d8:69:7d:52:70:ef:6a:61:28:70:63:03:ab:53:
                    1c:12:e9:19:9b:61:de:fb:e4:35:62:66:bd:14:34:
                    e1:be:11:bc:e2:98:d7:88:33:13:2f:67:4a:81:e9:
                    3d:9f:bd:95:0c:75:b6:3c:22:e5:59:61:a7:49:8c:
                    5c:9a:db:d7:55:ab:20:32:d0:d2:18:f0:c5:a6:cb:
                    f5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FE:F7:44:96:71:EE:56:C3:C3:B4:E1:08:ED:AB:38:46:14:11:DF
            X509v3 Authority Key Identifier:
                keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Sf73RJZx7lbDw7ThCO2rOEYUEd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:19:81:d4:b5:e1:8f:67:73:d5:99:3c:49:9f:11:72:40:0d:
         da:37:4b:3c:a7:43:1c:88:a3:0c:93:b4:b1:af:f0:e9:27:60:
         7c:54:48:fa:97:ff:85:2b:d2:d4:4e:cd:2f:bf:5f:d7:72:4a:
         38:4b:6e:ff:b8:22:84:7d:68:0d:1d:6f:4c:1b:f2:c3:66:da:
         4f:93:7d:20:85:c1:0d:df:64:50:ec:5f:e6:8b:aa:26:ab:61:
         85:83:47:1c:37:a5:84:3c:60:f9:f1:94:32:cd:5a:a5:6d:62:
         80:b8:10:a2:c4:a0:79:40:23:df:06:5b:e5:b6:c9:9b:78:2d:
         4c:85:9c:cd:b4:7e:64:df:e0:50:16:a3:c9:c4:97:16:04:df:
         3c:53:3f:a3:04:e0:57:69:90:01:df:10:56:fb:ef:fa:f8:f6:
         f3:55:a5:45:2d:2b:b8:21:c7:1d:55:70:a1:e4:89:e1:dd:5a:
         e8:09:81:28:7a:38:78:ac:0a:1f:88:68:1c:0c:b8:eb:a5:f9:
         3c:5a:3e:43:94:09:fd:71:a7:2f:66:c8:fe:33:80:f8:dd:01:
         33:6c:ba:5d:f9:78:8e:2c:c6:6d:54:e4:47:21:e7:d4:93:c8:
         43:7f:e6:10:67:dc:c5:59:52:f2:80:ac:ab:1d:fc:d2:c4:64:
         5e:a2:97:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtLy1KzmCaRcrz4xmbtcomMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMTAxMTE1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZlZjc0NDk2NzFlZTU2YzNjM2I0ZTEwOGVkYWIzODQ2MTQxMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUmKvtaM9C2xYuk/4EZJ55VdwEUs
CCVpeLpNKcFIunw+G3zgRLXML5ktJO+AWRVBe7wxVhq7qdphO1V+8RKZ6TlqMIVS
yk4++1H+rtPf8OeeTrJWbGq2wDRA6g++Ukda+dZzjVT7YdNFxhLXdrYQGyJEEy51
ddKe1ADzVZxF6rH6gL089UGfomVR6j2p9Zd4sbJ85MOMgXMeIdUq0KntP6KfpNpl
enp2jL0NdBmfM+G6x4e62Gl9UnDvamEocGMDq1McEukZm2He++Q1Yma9FDThvhG8
4pjXiDMTL2dKgek9n72VDHW2PCLlWWGnSYxcmtvXVasgMtDSGPDFpsv1iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEn+90SWce5Ww8O04QjtqzhGFBHfMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvU2Y3M1JKWng3bGJEdzdUaENPMnJPRVlVRWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDBMA0G
CSqGSIb3DQEBCwUAA4IBAQC2GYHUteGPZ3PVmTxJnxFyQA3aN0s8p0MciKMMk7Sx
r/DpJ2B8VEj6l/+FK9LUTs0vv1/Xcko4S27/uCKEfWgNHW9MG/LDZtpPk30ghcEN
32RQ7F/mi6omq2GFg0ccN6WEPGD58ZQyzVqlbWKAuBCixKB5QCPfBlvltsmbeC1M
hZzNtH5k3+BQFqPJxJcWBN88Uz+jBOBXaZAB3xBW++/6+PbzVaVFLSu4IccdVXCh
5Inh3VroCYEoejh4rAofiGgcDLjrpfk8Wj5DlAn9cacvZsj+M4D43QEzbLpd+XiO
LMZtVORHIefUk8hDf+YQZ9zFWVLygKyrHfzSxGReopeo
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:16 2023 by rpki-client on console-ams.rpki-client.org