Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa
File:                     1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa (raw, json)
Hash identifier:          jgNGQ7Twvaddt8aQOcVlYCwzn07WFPV4b6+DSaHRw9k=
Subject key identifier:   D5:DA:D2:6D:36:37:C9:94:B7:85:69:97:1A:FD:20:A9:F2:91:AD:64
Certificate issuer:       /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial:       01839BF46ADE13D4535F42001F7710C8922E
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa
Signing time:             Mon 03 Oct 2022 03:47:10 +0000
ROA not before:           Mon 03 Oct 2022 03:47:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213081
IP address blocks:        147.78.192.0/22 maxlen: 24
                          91.194.139.0/24 maxlen: 24
                          147.78.194.0/23 maxlen: 24
                          185.203.114.0/23 maxlen: 23
                          2a0a:e5c0::/29 maxlen: 48
                          2a09:2940::/29 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:9b:f4:6a:de:13:d4:53:5f:42:00:1f:77:10:c8:92:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
        Validity
            Not Before: Oct  3 03:47:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d5dad26d3637c994b78569971afd20a9f291ad64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d8:87:3e:89:3a:8f:88:f7:17:7b:de:a2:bc:
                    0a:0a:22:7e:bd:e2:60:d4:94:df:40:59:36:f9:1d:
                    9d:30:bf:14:93:72:a4:2b:72:9e:d1:4d:35:14:37:
                    41:d3:f4:07:f9:34:52:fe:19:32:e8:dd:ab:c0:2c:
                    28:bd:ba:ec:db:4f:c1:a7:9d:a8:c7:57:11:b2:04:
                    18:c2:0c:5d:41:b5:37:5b:21:e1:1e:3a:4a:c0:b9:
                    83:ae:20:b9:e1:22:78:0a:51:05:cf:f8:c9:fc:7f:
                    5d:69:e5:ed:5e:0f:c2:41:9c:ee:45:fe:62:3a:dd:
                    a2:1f:2e:37:b7:f4:86:2a:81:0c:75:91:9e:40:cf:
                    57:d4:c7:8a:a7:ee:b2:7a:d0:2e:07:29:5c:7a:db:
                    10:72:89:2a:c6:2e:bc:f8:d0:5c:ce:bb:13:eb:6d:
                    e2:b7:3a:87:12:5b:41:af:02:45:2c:20:07:a7:5d:
                    af:12:bd:33:0d:96:30:48:d6:dc:4b:db:30:d3:97:
                    4b:a5:83:b2:ec:b4:8e:70:fb:e1:a4:31:71:7b:51:
                    59:4e:be:3c:10:24:53:37:86:46:87:0c:28:df:ca:
                    21:93:89:85:da:3c:52:a7:c7:8e:12:a8:5f:7d:1f:
                    26:6d:05:45:b5:78:3e:00:31:7b:3c:64:18:9e:0a:
                    2c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:DA:D2:6D:36:37:C9:94:B7:85:69:97:1A:FD:20:A9:F2:91:AD:64
            X509v3 Authority Key Identifier:
                keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.139.0/24
                  147.78.192.0/22
                  185.203.114.0/23
                IPv6:
                  2a09:2940::/29
                  2a0a:e5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:3f:df:de:40:bc:49:72:fd:af:d9:22:bf:5f:29:3b:5f:38:
         13:c5:b3:cc:89:cb:ba:a0:b6:ae:41:72:42:dc:6e:17:ef:fd:
         f3:9d:b5:a2:1a:40:23:c1:a5:80:37:3d:02:f5:a7:40:a8:de:
         55:9d:03:a5:01:3c:be:56:02:52:48:18:a1:3d:7f:ef:10:d7:
         e9:a2:23:35:05:c3:37:8d:6c:1e:e5:7f:eb:0c:54:83:3f:c2:
         76:30:9d:f2:2d:ec:1d:54:4c:3b:db:41:46:27:86:39:56:29:
         6b:40:59:1f:56:a4:6c:76:0b:9d:92:cf:37:c7:c8:ff:9b:2d:
         02:c5:08:73:81:3f:f1:f5:1a:7b:2d:33:f1:8c:0b:68:e0:ff:
         fd:c8:e3:d0:5d:c3:17:4b:0e:80:76:e7:d6:cf:e0:12:69:f7:
         70:85:61:94:a0:aa:10:95:11:4d:ef:3a:9f:f1:eb:78:bb:38:
         fa:aa:93:4b:a6:18:5d:e5:1b:99:ae:8c:39:84:11:bf:51:71:
         19:41:ab:11:2b:74:1e:fe:a3:1b:76:f9:ce:3c:5f:d9:1f:e3:
         ff:5c:53:6d:e2:77:20:d1:96:9f:7b:6f:a6:c5:a4:66:58:6e:
         43:42:4c:b1:90:2c:d7:56:00:51:69:25:e2:b1:e5:92:f7:c5:
         82:5b:d7:1a
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYOb9GreE9RTX0IAH3cQyJIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmZjNWExNzI2NTRkZDYwMDlkYjFkODJkOTJmZmFmNzEy
MzQxMjAwHhcNMjIxMDAzMDM0NzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWRhZDI2ZDM2MzdjOTk0Yjc4NTY5OTcxYWZkMjBhOWYyOTFhZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7diHPok6j4j3F3veorwKCiJ+veJg
1JTfQFk2+R2dML8Uk3KkK3Ke0U01FDdB0/QH+TRS/hky6N2rwCwovbrs20/Bp52o
x1cRsgQYwgxdQbU3WyHhHjpKwLmDriC54SJ4ClEFz/jJ/H9daeXtXg/CQZzuRf5i
Ot2iHy43t/SGKoEMdZGeQM9X1MeKp+6yetAuBylcetsQcokqxi68+NBczrsT623i
tzqHEltBrwJFLCAHp12vEr0zDZYwSNbcS9sw05dLpYOy7LSOcPvhpDFxe1FZTr48
ECRTN4ZGhwwo38ohk4mF2jxSp8eOEqhffR8mbQVFtXg+ADF7PGQYngoseQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNXa0m02N8mUt4Vplxr9IKnyka1kMB8GA1UdIwQY
MBaAFJa/xaFyZU3WAJ2x2C2S/69xI0EgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmIt
YmZmYjc1N2MzMTM0LzEvMWRyU2JUWTN5WlMzaFdtWEd2MGdxZktScldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmItYmZmYjc1N2MzMTM0
LzEvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQAW8KLAwQC
k07AAwQBuctyMBQEAgACMA4DBQMqCSlAAwUDKgrlwDANBgkqhkiG9w0BAQsFAAOC
AQEAaj/f3kC8SXL9r9kiv18pO184E8WzzInLuqC2rkFyQtxuF+/98521ohpAI8Gl
gDc9AvWnQKjeVZ0DpQE8vlYCUkgYoT1/7xDX6aIjNQXDN41sHuV/6wxUgz/CdjCd
8i3sHVRMO9tBRieGOVYpa0BZH1akbHYLnZLPN8fI/5stAsUIc4E/8fUaey0z8YwL
aOD//cjj0F3DF0sOgHbn1s/gEmn3cIVhlKCqEJURTe86n/HreLs4+qqTS6YYXeUb
ma6MOYQRv1FxGUGrESt0Hv6jG3b5zjxf2R/j/1xTbeJ3INGWn3tvpsWkZlhuQ0JM
sZAs11YAUWkl4rHlkvfFglvXGg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:07 2024 by rpki-client on console-fra.rpki-client.org