Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/FlMLa3IatBQ1KJpZ2YhtwBkftT4.roa
File:                     FlMLa3IatBQ1KJpZ2YhtwBkftT4.roa (raw, json)
Hash identifier:          wIwVlWVCweBHvgEcnL+p3VDXWe6Uy7n2TECKqvQmu2Y=
Subject key identifier:   16:53:0B:6B:72:1A:B4:14:35:28:9A:59:D9:88:6D:C0:19:1F:B5:3E
Certificate issuer:       /CN=50592e68895c7068b4655508917ad5bbddbd0a5f
Certificate serial:       018FBE2404AB839CCB8946C227BE5207CA60
Authority key identifier: 50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/FlMLa3IatBQ1KJpZ2YhtwBkftT4.roa
Signing time:             Tue 28 May 2024 07:39:42 +0000
ROA not before:           Tue 28 May 2024 07:39:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201086
IP address blocks:        185.86.80.0/24 maxlen: 24
                          185.205.19.0/24 maxlen: 24
                          185.254.94.0/24 maxlen: 24
                          185.254.95.0/24 maxlen: 24
                          193.36.63.0/24 maxlen: 24
                          194.145.138.0/24 maxlen: 24
                          2a0a:fa40::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:24:04:ab:83:9c:cb:89:46:c2:27:be:52:07:ca:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50592e68895c7068b4655508917ad5bbddbd0a5f
        Validity
            Not Before: May 28 07:39:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16530b6b721ab41435289a59d9886dc0191fb53e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b8:8b:c5:38:d9:5b:8a:ec:ad:8e:f2:0b:e3:
                    4a:02:47:b0:af:76:6f:af:87:e9:a9:7a:aa:63:ed:
                    30:0e:c6:a8:bd:79:2b:58:a8:41:e8:77:0d:86:d8:
                    e3:a3:a2:e8:ce:ae:57:85:a1:f3:e6:af:b0:8e:0e:
                    a4:d3:96:9f:5f:9b:e6:22:8f:d8:68:b0:64:e8:6c:
                    5d:34:42:d5:cc:31:aa:6d:89:7a:37:ac:db:44:be:
                    49:3d:a5:e8:a3:0e:24:42:2c:e6:25:0e:c2:10:d9:
                    ea:dc:fc:9b:36:04:00:da:44:f6:21:8e:60:a9:6a:
                    81:28:d3:00:fe:da:c0:48:ff:fa:d2:89:6b:63:b3:
                    dd:dc:4f:e4:a6:6d:10:54:de:fb:5a:9d:6d:cb:91:
                    14:de:a2:ff:79:3b:b7:91:a7:56:39:9e:76:c8:37:
                    d4:69:5a:95:af:df:6e:1b:d8:58:4f:56:db:1a:65:
                    90:64:f7:31:e1:62:00:7e:7e:43:dc:83:a4:79:a6:
                    ca:83:6e:5c:3c:58:2c:3f:b5:0c:81:bd:af:2c:91:
                    a5:f4:60:bb:69:6d:6c:2a:b5:bd:fd:df:e9:0f:52:
                    b0:b4:2c:ac:36:09:5c:fe:cd:6a:de:d7:59:7e:73:
                    07:c3:a2:58:c3:e9:50:b1:cf:ec:74:7a:c7:84:95:
                    93:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:53:0B:6B:72:1A:B4:14:35:28:9A:59:D9:88:6D:C0:19:1F:B5:3E
            X509v3 Authority Key Identifier:
                keyid:50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/FlMLa3IatBQ1KJpZ2YhtwBkftT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.80.0/24
                  185.205.19.0/24
                  185.254.94.0/23
                  193.36.63.0/24
                  194.145.138.0/24
                IPv6:
                  2a0a:fa40::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:cf:64:d5:be:50:d9:47:61:12:2c:cd:cc:cd:b2:cc:05:48:
         6e:f4:4b:57:89:60:3d:0c:97:1d:e1:b1:db:37:c4:18:c0:8d:
         d9:3f:43:49:fd:aa:c8:a2:6b:fe:bb:1e:14:f1:a5:05:9d:a2:
         3a:58:23:2d:d7:23:9b:0b:fd:45:e0:33:18:10:94:87:d4:be:
         c7:e7:99:7b:4f:d7:d3:1e:31:fb:1d:8b:c3:94:f8:02:87:19:
         24:cd:e1:7a:b7:d5:c9:f0:e8:42:70:fe:a8:24:55:2c:ab:04:
         db:40:d2:8f:a2:bc:3e:18:c3:55:f0:3c:03:03:fb:83:c9:c0:
         e1:a2:30:a6:0e:45:ae:30:2c:30:99:a0:58:77:99:24:83:15:
         dc:e0:10:cf:22:42:6c:72:96:61:54:18:b6:50:47:68:d8:a0:
         0f:e0:eb:be:c3:68:2d:ea:d4:ac:4f:01:f1:ff:0e:74:c5:d9:
         c0:fe:6a:38:9d:d2:bb:e3:8c:33:53:d9:c4:2d:7a:8a:5c:b2:
         9d:d1:7f:61:1c:52:02:1d:34:88:2c:17:38:c9:8f:4a:ac:19:
         e4:99:31:4d:01:44:9f:b4:3b:e1:d0:6b:6d:49:72:f5:88:23:
         f5:50:57:f7:9b:cb:b1:e3:60:92:7b:24:7e:ec:4f:e9:55:75:
         f2:17:d7:18
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAY++JASrg5zLiUbCJ75SB8pgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTkyZTY4ODk1YzcwNjhiNDY1NTUwODkxN2FkNWJiZGRi
ZDBhNWYwHhcNMjQwNTI4MDczOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjUzMGI2YjcyMWFiNDE0MzUyODlhNTlkOTg4NmRjMDE5MWZiNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7iLxTjZW4rsrY7yC+NKAkewr3Zv
r4fpqXqqY+0wDsaovXkrWKhB6HcNhtjjo6Lozq5XhaHz5q+wjg6k05afX5vmIo/Y
aLBk6GxdNELVzDGqbYl6N6zbRL5JPaXoow4kQizmJQ7CENnq3PybNgQA2kT2IY5g
qWqBKNMA/trASP/60olrY7Pd3E/kpm0QVN77Wp1ty5EU3qL/eTu3kadWOZ52yDfU
aVqVr99uG9hYT1bbGmWQZPcx4WIAfn5D3IOkeabKg25cPFgsP7UMgb2vLJGl9GC7
aW1sKrW9/d/pD1KwtCysNglc/s1q3tdZfnMHw6JYw+lQsc/sdHrHhJWTqwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBZTC2tyGrQUNSiaWdmIbcAZH7U+MB8GA1UdIwQY
MBaAFFBZLmiJXHBotGVVCJF61bvdvQpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEt
N2JiZDI4Y2U0YTc1LzEvRmxNTGEzSWF0QlExS0pwWjJZaHR3QmtmdFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEtN2JiZDI4Y2U0YTc1
LzEvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAuVZQAwQA
uc0TAwQBuf5eAwQAwSQ/AwQAwpGKMA0EAgACMAcDBQAqCvpAMA0GCSqGSIb3DQEB
CwUAA4IBAQC4z2TVvlDZR2ESLM3MzbLMBUhu9EtXiWA9DJcd4bHbN8QYwI3ZP0NJ
/arIomv+ux4U8aUFnaI6WCMt1yObC/1F4DMYEJSH1L7H55l7T9fTHjH7HYvDlPgC
hxkkzeF6t9XJ8OhCcP6oJFUsqwTbQNKPorw+GMNV8DwDA/uDycDhojCmDkWuMCww
maBYd5kkgxXc4BDPIkJscpZhVBi2UEdo2KAP4Ou+w2gt6tSsTwHx/w50xdnA/mo4
ndK744wzU9nELXqKXLKd0X9hHFICHTSILBc4yY9KrBnkmTFNAUSftDvh0GttSXL1
iCP1UFf3m8ux42CSeyR+7E/pVXXyF9cY
-----END CERTIFICATE-----
Generated at Thu Jul 25 10:10:08 2024 by rpki-client on console-fra.rpki-client.org