Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/uKBsnwLjKV9zNOtEvm_3GhxOvgk.roa
File:                     uKBsnwLjKV9zNOtEvm_3GhxOvgk.roa (raw, json)
Hash identifier:          OA9CbHe+7ALuJIfJbowGxlQ/FpVotXTIXlI5JhMMP+w=
Subject key identifier:   B8:A0:6C:9F:02:E3:29:5F:73:34:EB:44:BE:6F:F7:1A:1C:4E:BE:09
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018D3BDFFDD38E66C217022954D3B8FB853E
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/uKBsnwLjKV9zNOtEvm_3GhxOvgk.roa
Signing time:             Wed 24 Jan 2024 14:29:11 +0000
ROA not before:           Wed 24 Jan 2024 14:29:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43201
IP address blocks:        193.8.74.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:df:fd:d3:8e:66:c2:17:02:29:54:d3:b8:fb:85:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Jan 24 14:29:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8a06c9f02e3295f7334eb44be6ff71a1c4ebe09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:84:3c:83:b7:33:69:34:be:38:52:6e:db:c5:
                    db:0f:fe:7f:b0:a8:90:c5:ae:ad:47:aa:52:1a:bb:
                    4b:9e:29:80:3e:f7:a5:32:2d:99:e4:64:c2:9e:24:
                    85:dc:9c:2f:c7:24:e6:42:c5:06:ab:00:3d:d2:8b:
                    5e:dd:54:19:9f:9d:52:4b:a9:65:35:03:96:95:cc:
                    38:42:5f:73:4b:f9:54:62:ea:5b:26:aa:58:2e:3b:
                    e7:2e:3d:05:34:84:f7:a8:ec:8f:a4:79:02:ac:e9:
                    f8:2d:39:5d:62:ec:7d:da:4d:19:f5:5a:d9:0b:33:
                    0b:9f:36:6a:8a:47:fa:0f:2c:39:8c:ec:f5:79:a6:
                    c4:ad:44:96:13:81:09:37:93:23:a4:1f:d3:f3:66:
                    91:9c:43:77:b9:9c:f5:9c:8b:c2:f9:28:ca:07:aa:
                    b8:74:a1:2b:d9:ee:99:a4:e7:cd:29:ea:a8:e3:22:
                    e3:db:1f:59:27:4a:1d:95:f0:55:80:e7:c1:05:5b:
                    33:d3:6d:17:38:f4:88:7c:b0:f1:d3:98:df:9c:82:
                    50:f5:16:24:4f:da:ad:29:b2:2d:74:b8:36:bb:f1:
                    72:05:e2:ba:05:23:fc:93:3d:cb:79:fc:e4:ca:05:
                    25:a2:64:e0:f5:cf:db:9f:a7:a8:8d:70:b2:75:3c:
                    2e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:A0:6C:9F:02:E3:29:5F:73:34:EB:44:BE:6F:F7:1A:1C:4E:BE:09
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/uKBsnwLjKV9zNOtEvm_3GhxOvgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:c4:a6:11:5f:d5:86:14:2b:5a:62:60:24:42:c4:78:b6:89:
         1c:54:b9:23:7d:b7:80:8a:94:59:6a:97:37:2a:72:ff:83:c1:
         88:6e:b3:2a:ff:25:83:ff:17:10:c9:ea:4d:e7:d3:ed:d7:5a:
         55:74:6d:91:42:e7:8e:0f:a0:2a:4d:fe:3a:ae:fd:43:7b:fe:
         12:c5:17:9c:37:fe:f2:78:d1:5b:3a:e8:ba:56:2d:a3:38:e2:
         5f:11:95:49:22:0d:3d:11:97:17:a1:cb:f8:75:0c:51:76:b7:
         4b:79:30:1a:66:18:56:16:af:dc:fa:34:58:50:34:9c:7d:03:
         a2:c0:fb:62:36:ec:e7:4a:fe:8f:3e:a6:8b:ab:4c:a6:15:a7:
         9f:8c:63:b4:a5:0e:ca:6f:80:6b:ce:1b:31:52:8d:65:32:a8:
         6f:5d:10:71:ab:21:e0:b6:7f:1e:38:0b:e4:9d:01:e3:50:43:
         09:49:0c:95:44:2a:47:69:87:03:01:b6:4b:35:43:f4:12:48:
         2d:01:0c:77:7b:cc:4b:83:f9:12:5f:bf:7e:19:29:d3:d1:69:
         07:1e:bd:a0:af:d5:26:69:73:4d:d2:21:3e:32:68:ef:30:b0:
         10:cd:2c:f8:4b:d7:cd:11:23:db:a2:47:b4:98:3a:7c:e8:38:
         e7:d0:26:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY073/3TjmbCFwIpVNO4+4U+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwMTI0MTQyOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGEwNmM5ZjAyZTMyOTVmNzMzNGViNDRiZTZmZjcxYTFjNGViZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IQ8g7czaTS+OFJu28XbD/5/sKiQ
xa6tR6pSGrtLnimAPvelMi2Z5GTCniSF3JwvxyTmQsUGqwA90ote3VQZn51SS6ll
NQOWlcw4Ql9zS/lUYupbJqpYLjvnLj0FNIT3qOyPpHkCrOn4LTldYux92k0Z9VrZ
CzMLnzZqikf6Dyw5jOz1eabErUSWE4EJN5MjpB/T82aRnEN3uZz1nIvC+SjKB6q4
dKEr2e6ZpOfNKeqo4yLj2x9ZJ0odlfBVgOfBBVsz020XOPSIfLDx05jfnIJQ9RYk
T9qtKbItdLg2u/FyBeK6BSP8kz3LefzkygUlomTg9c/bn6eojXCydTwu1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLigbJ8C4ylfczTrRL5v9xocTr4JMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvdUtCc253TGpLVjl6Tk90RXZtXzNHaHhPdmdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhKMA0G
CSqGSIb3DQEBCwUAA4IBAQBLxKYRX9WGFCtaYmAkQsR4tokcVLkjfbeAipRZapc3
KnL/g8GIbrMq/yWD/xcQyepN59Pt11pVdG2RQueOD6AqTf46rv1De/4SxRecN/7y
eNFbOui6Vi2jOOJfEZVJIg09EZcXocv4dQxRdrdLeTAaZhhWFq/c+jRYUDScfQOi
wPtiNuznSv6PPqaLq0ymFaefjGO0pQ7Kb4BrzhsxUo1lMqhvXRBxqyHgtn8eOAvk
nQHjUEMJSQyVRCpHaYcDAbZLNUP0EkgtAQx3e8xLg/kSX79+GSnT0WkHHr2gr9Um
aXNN0iE+MmjvMLAQzSz4S9fNESPboke0mDp86Djn0Cbr
-----END CERTIFICATE-----
Generated at Mon Aug 12 12:24:57 2024 by rpki-client on console-fra.rpki-client.org