Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/MKv1DlfSNtLdvYpc8Xb59dpIvEU.roa
File:                     MKv1DlfSNtLdvYpc8Xb59dpIvEU.roa (raw, json)
Hash identifier:          w5GX/wKelS5BFBXdt5fQ7avCdV9cru4A97bCom8F7q8=
Subject key identifier:   30:AB:F5:0E:57:D2:36:D2:DD:BD:8A:5C:F1:76:F9:F5:DA:48:BC:45
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       018EC3129D50A2CE2D2C37E086D6752BA2A1
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/MKv1DlfSNtLdvYpc8Xb59dpIvEU.roa
Signing time:             Tue 09 Apr 2024 13:36:00 +0000
ROA not before:           Tue 09 Apr 2024 13:36:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200509
IP address blocks:        185.177.73.0/24 maxlen: 24
                          185.177.74.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:12:9d:50:a2:ce:2d:2c:37:e0:86:d6:75:2b:a2:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Apr  9 13:36:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30abf50e57d236d2ddbd8a5cf176f9f5da48bc45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e2:5c:d0:9d:8b:a1:cd:fe:84:07:8e:5d:48:
                    20:f9:1d:51:65:db:85:27:8c:48:4a:44:8e:48:b8:
                    f8:8a:5e:07:6a:75:d2:a4:0e:b6:a0:68:00:73:6c:
                    fb:6c:49:0d:4e:d1:9d:4e:5e:f2:0f:76:1c:29:84:
                    04:ce:c4:08:3c:4c:f3:2b:d6:24:1a:6a:98:bc:82:
                    14:90:64:4d:6a:e9:fb:b8:5d:cb:c9:8f:c4:39:a2:
                    a0:fb:de:2a:5e:17:c9:00:a2:ae:3a:84:21:00:a0:
                    dd:dd:f3:b4:c5:95:2e:0b:9d:0b:b9:f9:35:70:89:
                    47:e6:0d:8e:6c:e0:27:97:96:3b:05:c2:e3:96:50:
                    0f:ef:34:14:92:b7:30:dd:b9:fa:8d:4c:36:9e:f0:
                    5e:33:6f:bc:44:6f:b4:a9:38:a7:62:cd:2d:d9:9f:
                    14:84:af:1f:b3:c7:21:94:7d:49:df:50:82:39:08:
                    c1:b3:b8:07:bb:74:9b:38:7b:47:be:d0:0b:ab:5e:
                    75:5b:d2:dd:02:71:78:cb:4b:d5:02:ff:df:4c:f4:
                    21:d6:c1:97:6d:b8:54:e4:bc:1e:4a:50:32:81:09:
                    d0:25:e9:5c:21:cf:af:f9:39:78:dd:89:10:12:46:
                    51:d9:64:36:fb:11:43:d9:7c:de:02:07:d8:1b:55:
                    7b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AB:F5:0E:57:D2:36:D2:DD:BD:8A:5C:F1:76:F9:F5:DA:48:BC:45
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/MKv1DlfSNtLdvYpc8Xb59dpIvEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.73.0-185.177.75.255

    Signature Algorithm: sha256WithRSAEncryption
         92:9a:e9:5f:fb:79:8b:40:c3:03:ca:5f:5c:ea:68:5c:c3:6b:
         a7:50:2b:88:5c:da:f0:85:81:1f:47:66:47:76:a3:23:61:04:
         80:1d:50:c6:19:67:36:ca:b2:74:75:93:02:67:58:e3:75:d9:
         dd:44:89:5f:70:cb:6e:40:e3:1c:cb:43:fe:45:e7:ca:b2:b9:
         4c:26:f6:24:3f:2a:30:1e:6f:4a:98:bb:88:8e:70:ad:94:2a:
         0a:09:32:92:23:0f:ad:00:fb:25:6f:15:7b:66:fd:31:c5:cb:
         3f:b0:1d:c1:3e:c2:d7:fd:e5:af:65:6e:c9:15:bc:d3:14:22:
         ef:48:e7:a6:f9:42:d6:cb:ef:16:55:d2:7c:65:96:49:5a:04:
         74:7e:cc:5d:46:2b:9b:a9:53:a0:cc:b2:87:df:15:5d:e0:6e:
         e8:0d:05:8b:50:1d:2e:dc:28:ce:b3:5a:f1:f0:e9:63:0d:8d:
         d0:0b:3f:79:e4:fc:1a:45:e7:20:fc:ee:c4:a6:12:a7:c6:8b:
         57:23:26:4b:78:8f:61:a8:4b:7a:ac:8c:f0:1e:1d:51:0e:13:
         f0:5e:02:c1:7a:54:a5:80:44:51:e0:3b:90:2e:67:2d:ea:12:
         6b:a8:4e:a8:77:6e:ac:c6:e4:50:20:d2:10:e2:2a:48:69:13:
         05:f2:b0:38
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY7DEp1Qos4tLDfghtZ1K6KhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwNDA5MTMzNjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGFiZjUwZTU3ZDIzNmQyZGRiZDhhNWNmMTc2ZjlmNWRhNDhiYzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+Jc0J2Loc3+hAeOXUgg+R1RZduF
J4xISkSOSLj4il4HanXSpA62oGgAc2z7bEkNTtGdTl7yD3YcKYQEzsQIPEzzK9Yk
GmqYvIIUkGRNaun7uF3LyY/EOaKg+94qXhfJAKKuOoQhAKDd3fO0xZUuC50Lufk1
cIlH5g2ObOAnl5Y7BcLjllAP7zQUkrcw3bn6jUw2nvBeM2+8RG+0qTinYs0t2Z8U
hK8fs8chlH1J31CCOQjBs7gHu3SbOHtHvtALq151W9LdAnF4y0vVAv/fTPQh1sGX
bbhU5LweSlAygQnQJelcIc+v+Tl43YkQEkZR2WQ2+xFD2XzeAgfYG1V7SQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDCr9Q5X0jbS3b2KXPF2+fXaSLxFMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvTUt2MURsZlNOdExkdllwYzhYYjU5ZHBJdkVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5sUkD
BAK5sUgwDQYJKoZIhvcNAQELBQADggEBAJKa6V/7eYtAwwPKX1zqaFzDa6dQK4hc
2vCFgR9HZkd2oyNhBIAdUMYZZzbKsnR1kwJnWON12d1EiV9wy25A4xzLQ/5F58qy
uUwm9iQ/KjAeb0qYu4iOcK2UKgoJMpIjD60A+yVvFXtm/THFyz+wHcE+wtf95a9l
bskVvNMUIu9I56b5QtbL7xZV0nxllklaBHR+zF1GK5upU6DMsoffFV3gbugNBYtQ
HS7cKM6zWvHw6WMNjdALP3nk/BpF5yD87sSmEqfGi1cjJkt4j2GoS3qsjPAeHVEO
E/BeAsF6VKWARFHgO5AuZy3qEmuoTqh3bqzG5FAg0hDiKkhpEwXysDg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:34 2024 by rpki-client on console-fra.rpki-client.org