Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/TrqP2rGIx_EXwcf91YCH5buctDI.roa
File:                     TrqP2rGIx_EXwcf91YCH5buctDI.roa (raw, json)
Hash identifier:          /OJIsJ24xagnWYcrXz0XVGECuGnzmKmyi7DN2H0x4bw=
Subject key identifier:   4E:BA:8F:DA:B1:88:C7:F1:17:C1:C7:FD:D5:80:87:E5:BB:9C:B4:32
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       018322E9FDCF701E1DCD606302B82DA14DB8
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/TrqP2rGIx_EXwcf91YCH5buctDI.roa
Signing time:             Fri 09 Sep 2022 15:41:43 +0000
ROA not before:           Fri 09 Sep 2022 15:41:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28771
IP address blocks:        193.32.28.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:22:e9:fd:cf:70:1e:1d:cd:60:63:02:b8:2d:a1:4d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Sep  9 15:41:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4eba8fdab188c7f117c1c7fdd58087e5bb9cb432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d2:d6:98:10:1e:0a:6d:ce:a2:0d:1a:e6:f8:
                    a5:b5:84:99:19:c3:32:1b:e6:d3:b5:bb:3d:5a:a3:
                    4c:42:57:99:b4:af:67:9e:5a:8f:4f:46:12:5c:6a:
                    8d:3d:c4:40:e1:77:90:84:9c:f7:10:cb:6c:b9:9d:
                    d9:20:0b:21:fc:f2:1d:e5:52:53:c7:0a:49:be:09:
                    a0:11:99:27:ef:b2:f9:77:ab:4e:36:7e:85:cf:69:
                    20:8d:3f:1f:76:63:fc:d0:ea:bf:b7:05:ef:bb:11:
                    ea:f1:72:98:25:d5:5d:ec:9a:ab:1f:29:eb:69:ad:
                    5c:2e:ba:1c:b3:55:b9:ca:49:a4:15:b1:61:bf:bd:
                    f8:cd:b6:45:e0:ad:3a:74:6a:0b:df:bb:f0:ad:46:
                    a4:52:27:0f:05:d1:37:94:29:03:e1:c9:33:4d:3d:
                    54:56:f6:2f:e4:b7:0c:7e:cc:0a:80:c9:5e:03:19:
                    9c:27:6e:a3:17:45:0a:a3:d5:44:ad:ef:d6:88:79:
                    dd:f4:a2:47:6b:7f:a9:b3:2d:56:be:8a:e4:2f:2a:
                    fb:f3:d3:65:77:39:5b:30:9b:6e:20:7a:0d:7a:60:
                    e4:4f:82:17:91:20:2c:44:42:66:be:7c:7e:b7:f5:
                    92:53:9a:c8:aa:3b:3c:cd:92:3d:c8:9f:8b:05:f5:
                    3f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:BA:8F:DA:B1:88:C7:F1:17:C1:C7:FD:D5:80:87:E5:BB:9C:B4:32
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/TrqP2rGIx_EXwcf91YCH5buctDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:1f:fb:44:c3:dc:e5:ae:0e:de:4f:9e:99:b1:4c:02:17:8c:
         0f:c0:9d:b3:4f:c1:3b:99:2c:cc:71:97:3c:10:77:73:0b:24:
         7b:64:47:45:87:1c:1d:a1:4f:5f:c9:36:c1:97:ba:16:58:4c:
         8d:f9:80:99:16:c2:b9:18:23:3c:8c:52:0e:74:e3:d6:61:75:
         cd:f0:a9:74:37:b3:cb:66:bc:c2:93:0b:b8:a9:11:ce:16:ae:
         69:d9:45:e5:b9:3c:9c:bc:74:1e:99:22:aa:25:59:66:45:0f:
         d2:2e:d3:4d:89:e0:c6:91:e9:c1:68:91:7b:24:73:a0:f1:d9:
         0c:3f:7a:83:f4:15:04:26:7a:bb:c5:3e:59:73:11:d4:59:af:
         96:0f:96:53:30:ce:09:27:91:97:e3:60:b4:a1:ea:09:d3:dd:
         cf:7a:ff:a5:1c:fe:f6:4c:68:39:07:fd:71:b2:8d:c1:3c:ff:
         3b:4a:84:b7:9b:2e:e4:e8:19:83:cd:07:0e:94:df:90:1a:21:
         f3:33:1c:9f:14:61:e6:7a:3b:02:db:29:6a:d6:0a:d6:2c:f8:
         5c:a8:cc:3d:e6:93:6f:7e:a8:f7:33:32:d1:52:fb:9e:ce:4a:
         63:b3:31:ae:64:8c:12:9e:e4:51:73:ef:02:ce:95:a4:93:6f:
         8f:4e:20:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYMi6f3PcB4dzWBjArgtoU24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjIwOTA5MTU0MTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWJhOGZkYWIxODhjN2YxMTdjMWM3ZmRkNTgwODdlNWJiOWNiNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdLWmBAeCm3Oog0a5viltYSZGcMy
G+bTtbs9WqNMQleZtK9nnlqPT0YSXGqNPcRA4XeQhJz3EMtsuZ3ZIAsh/PId5VJT
xwpJvgmgEZkn77L5d6tONn6Fz2kgjT8fdmP80Oq/twXvuxHq8XKYJdVd7JqrHynr
aa1cLrocs1W5ykmkFbFhv734zbZF4K06dGoL37vwrUakUicPBdE3lCkD4ckzTT1U
VvYv5LcMfswKgMleAxmcJ26jF0UKo9VEre/WiHnd9KJHa3+psy1WvorkLyr789Nl
dzlbMJtuIHoNemDkT4IXkSAsREJmvnx+t/WSU5rIqjs8zZI9yJ+LBfU/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE66j9qxiMfxF8HH/dWAh+W7nLQyMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvVHJxUDJyR0l4X0VYd2NmOTFZQ0g1YnVjdERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSAcMA0G
CSqGSIb3DQEBCwUAA4IBAQAYH/tEw9zlrg7eT56ZsUwCF4wPwJ2zT8E7mSzMcZc8
EHdzCyR7ZEdFhxwdoU9fyTbBl7oWWEyN+YCZFsK5GCM8jFIOdOPWYXXN8Kl0N7PL
ZrzCkwu4qRHOFq5p2UXluTycvHQemSKqJVlmRQ/SLtNNieDGkenBaJF7JHOg8dkM
P3qD9BUEJnq7xT5ZcxHUWa+WD5ZTMM4JJ5GX42C0oeoJ093Pev+lHP72TGg5B/1x
so3BPP87SoS3my7k6BmDzQcOlN+QGiHzMxyfFGHmejsC2ylq1grWLPhcqMw95pNv
fqj3MzLRUvuezkpjszGuZIwSnuRRc+8CzpWkk2+PTiBH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org