Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/ZKHtnbfVs31G41hn6xXcrEQlZng.roa
File:                     ZKHtnbfVs31G41hn6xXcrEQlZng.roa (raw, json)
Hash identifier:          3WbtMzeK5aHzBHegpBpgCmlmAyaihdHS3OcV3pWHmUo=
Subject key identifier:   64:A1:ED:9D:B7:D5:B3:7D:46:E3:58:67:EB:15:DC:AC:44:25:66:78
Certificate issuer:       /CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
Certificate serial:       018843657D10BC988D75820D53E386AFF7FF
Authority key identifier: 8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/ZKHtnbfVs31G41hn6xXcrEQlZng.roa
Signing time:             Mon 22 May 2023 12:18:24 +0000
ROA not before:           Mon 22 May 2023 12:18:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202611
IP address blocks:        188.72.103.0/24 maxlen: 24
                          188.72.104.0/24 maxlen: 24
                          188.72.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:43:65:7d:10:bc:98:8d:75:82:0d:53:e3:86:af:f7:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
        Validity
            Not Before: May 22 12:18:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64a1ed9db7d5b37d46e35867eb15dcac44256678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5a:f9:26:50:f9:7c:3c:1d:bf:d8:ba:7d:a3:
                    cc:6a:9c:03:46:95:f0:67:83:95:ea:05:87:3e:65:
                    8b:e3:be:82:3d:56:ce:6e:9c:a9:76:94:c5:9b:9b:
                    34:8c:42:6c:f5:71:c0:86:9f:c6:2e:fb:a9:5e:fb:
                    23:68:6d:cf:79:12:61:a9:e2:b4:4b:d0:65:7e:0b:
                    94:5c:f2:7f:f2:2a:07:62:15:18:03:31:89:c7:29:
                    0f:f8:64:30:b6:64:70:f9:65:0c:cf:73:ae:ac:7a:
                    00:df:a7:fc:c6:a4:e2:56:bd:17:74:8f:f6:95:2a:
                    d2:6d:b5:3c:ea:7d:4a:0b:06:19:85:c4:b8:ea:03:
                    ee:b4:85:89:1c:16:f3:49:3b:3a:46:4b:92:b5:57:
                    01:5d:9d:f2:ef:f6:67:0e:f6:e4:96:32:20:90:e3:
                    f0:90:f8:43:36:32:f5:e9:60:48:89:2e:b3:1c:da:
                    bd:01:2f:59:a6:cc:44:f1:22:b6:bc:7f:ce:0c:9e:
                    e2:4f:a6:f0:44:28:49:51:6a:e3:7a:2d:5f:12:a5:
                    6a:d7:a1:fa:94:5a:fe:71:ca:ce:86:af:2e:9c:e0:
                    44:c9:d3:21:86:c1:a7:0c:83:9c:4e:35:e4:7b:56:
                    a0:f8:37:34:56:2e:98:af:2b:48:4d:85:bb:da:7f:
                    05:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A1:ED:9D:B7:D5:B3:7D:46:E3:58:67:EB:15:DC:AC:44:25:66:78
            X509v3 Authority Key Identifier:
                keyid:8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/ZKHtnbfVs31G41hn6xXcrEQlZng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.103.0-188.72.105.255

    Signature Algorithm: sha256WithRSAEncryption
         47:8c:d4:14:39:d2:b3:13:92:7e:91:8a:f5:44:df:89:81:c9:
         18:05:ee:3f:5a:55:64:8f:99:bc:14:78:86:5f:d8:1c:b0:91:
         20:0a:77:73:f4:7d:5d:4e:7e:ba:c5:c0:f9:06:1c:5e:e8:96:
         bb:d9:61:5b:00:8c:30:39:a5:0e:de:41:85:68:db:74:3c:8d:
         2c:d6:4d:9f:13:71:54:3c:b2:5b:34:ed:34:78:e8:43:a6:33:
         ad:58:84:53:a0:af:03:42:a0:f2:c0:9b:8b:e0:dd:3d:b0:ed:
         61:99:bb:31:64:b0:20:5b:7b:da:21:47:76:1e:66:e4:e7:56:
         dd:0e:37:2d:a0:f9:5d:a3:c4:52:73:55:4c:f2:7e:63:62:94:
         44:b7:8f:d0:1d:8b:9e:06:98:dc:b8:47:69:13:69:0b:69:b1:
         dd:85:64:97:1d:e6:36:9a:99:8a:ff:ae:a6:db:b5:6a:13:3b:
         51:99:b4:39:5f:28:66:bf:fc:be:53:46:26:71:34:d1:9b:49:
         f5:35:37:52:a6:4d:fe:6f:2c:5c:2f:80:f8:6a:09:72:7b:c9:
         42:49:50:4b:87:f0:78:68:96:61:09:e7:74:b5:b0:09:34:32:
         2e:80:c2:93:6c:7a:a3:da:6a:e0:3b:99:22:e9:ee:56:72:1f:
         1b:73:cc:71
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYhDZX0QvJiNdYINU+OGr/f/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQ0MDRlNWY4YTRiMTE3YWU0NGU3M2Q1M2M0NGVjZGQ1
NzgzNDIwHhcNMjMwNTIyMTIxODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGExZWQ5ZGI3ZDViMzdkNDZlMzU4NjdlYjE1ZGNhYzQ0MjU2Njc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglr5JlD5fDwdv9i6faPMapwDRpXw
Z4OV6gWHPmWL476CPVbObpypdpTFm5s0jEJs9XHAhp/GLvupXvsjaG3PeRJhqeK0
S9BlfguUXPJ/8ioHYhUYAzGJxykP+GQwtmRw+WUMz3OurHoA36f8xqTiVr0XdI/2
lSrSbbU86n1KCwYZhcS46gPutIWJHBbzSTs6RkuStVcBXZ3y7/ZnDvbkljIgkOPw
kPhDNjL16WBIiS6zHNq9AS9ZpsxE8SK2vH/ODJ7iT6bwRChJUWrjei1fEqVq16H6
lFr+ccrOhq8unOBEydMhhsGnDIOcTjXke1ag+Dc0Vi6YrytITYW72n8FPwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGSh7Z231bN9RuNYZ+sV3KxEJWZ4MB8GA1UdIwQY
MBaAFI2EQE5fiksReuROc9U8ROzdV4NCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjkt
MmNkOThlZTUzNTY5LzEvWktIdG5iZlZzMzFHNDFobjZ4WGNyRVFsWm5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjktMmNkOThlZTUzNTY5
LzEvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC8SGcD
BAG8SGgwDQYJKoZIhvcNAQELBQADggEBAEeM1BQ50rMTkn6RivVE34mByRgF7j9a
VWSPmbwUeIZf2BywkSAKd3P0fV1OfrrFwPkGHF7olrvZYVsAjDA5pQ7eQYVo23Q8
jSzWTZ8TcVQ8sls07TR46EOmM61YhFOgrwNCoPLAm4vg3T2w7WGZuzFksCBbe9oh
R3YeZuTnVt0ONy2g+V2jxFJzVUzyfmNilES3j9Adi54GmNy4R2kTaQtpsd2FZJcd
5jaamYr/rqbbtWoTO1GZtDlfKGa//L5TRiZxNNGbSfU1N1KmTf5vLFwvgPhqCXJ7
yUJJUEuH8HholmEJ53S1sAk0Mi6AwpNseqPaauA7mSLp7lZyHxtzzHE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:21 2024 by rpki-client on console-ams.rpki-client.org