Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/mJE0eDQUQVRrN6ki8uCmKeYsPrw.roa
File:                     mJE0eDQUQVRrN6ki8uCmKeYsPrw.roa (raw, json)
Hash identifier:          L798Zv3u91MZM+L9VGUews17pQ8mbPNo4UlLcF+WfOE=
Subject key identifier:   98:91:34:78:34:14:41:54:6B:37:A9:22:F2:E0:A6:29:E6:2C:3E:BC
Certificate issuer:       /CN=ffff0fa51e6939d01dcaa2bb3d5dcaa6d0043da2
Certificate serial:       018CCA2AA5B119CE99BE0637B75B4BBB0523
Authority key identifier: FF:FF:0F:A5:1E:69:39:D0:1D:CA:A2:BB:3D:5D:CA:A6:D0:04:3D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/__8PpR5pOdAdyqK7PV3KptAEPaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/mJE0eDQUQVRrN6ki8uCmKeYsPrw.roa
Signing time:             Tue 02 Jan 2024 12:34:01 +0000
ROA not before:           Tue 02 Jan 2024 12:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199659
IP address blocks:        185.8.92.0/22 maxlen: 22
                          185.26.240.0/22 maxlen: 22
                          2a02:d540::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a5:b1:19:ce:99:be:06:37:b7:5b:4b:bb:05:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffff0fa51e6939d01dcaa2bb3d5dcaa6d0043da2
        Validity
            Not Before: Jan  2 12:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98913478341441546b37a922f2e0a629e62c3ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:15:2e:c7:da:95:fa:bf:15:7b:91:2e:49:bb:
                    04:d5:b3:16:02:03:83:b3:84:02:3c:0a:88:a5:8d:
                    68:41:25:5c:58:89:6c:5a:60:37:14:e6:25:ca:84:
                    0f:12:ce:1f:9f:d4:a5:2c:f8:50:b7:12:30:21:b1:
                    a3:a9:f7:7a:4c:76:89:8c:7e:a2:09:43:2f:64:38:
                    9a:b5:f0:ae:40:69:46:fc:6f:8d:b4:4b:79:29:c9:
                    44:c3:20:3a:dd:d1:cc:95:14:c3:16:26:e0:4d:05:
                    05:ee:8e:25:1f:1f:6a:48:1d:2e:db:f6:21:e9:20:
                    2d:06:9c:10:4e:c3:cd:a4:12:42:2d:8f:4a:cf:34:
                    56:cd:74:71:f5:34:1d:c3:a5:fb:29:84:ff:4f:90:
                    28:f8:3f:59:b4:dc:54:94:2e:45:57:d5:40:f1:c5:
                    c1:6d:b1:db:a4:88:da:b6:7c:02:e4:13:73:ad:42:
                    a5:04:a5:57:b7:14:4e:fa:5e:d2:e2:96:2b:3b:ee:
                    08:d3:91:d4:9d:03:d6:45:18:13:2d:71:b5:ad:15:
                    ad:6c:63:20:f6:52:51:75:31:f0:14:51:c2:36:e1:
                    1b:d4:5d:83:a6:c5:3b:a8:1c:55:29:11:bc:fe:6f:
                    58:d8:c9:34:b6:64:4e:c2:d3:be:0c:48:9e:53:cd:
                    a8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:91:34:78:34:14:41:54:6B:37:A9:22:F2:E0:A6:29:E6:2C:3E:BC
            X509v3 Authority Key Identifier:
                keyid:FF:FF:0F:A5:1E:69:39:D0:1D:CA:A2:BB:3D:5D:CA:A6:D0:04:3D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/__8PpR5pOdAdyqK7PV3KptAEPaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/mJE0eDQUQVRrN6ki8uCmKeYsPrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/__8PpR5pOdAdyqK7PV3KptAEPaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.92.0/22
                  185.26.240.0/22
                IPv6:
                  2a02:d540::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:af:74:79:28:9b:cc:9a:c4:51:eb:66:fc:b5:5e:1b:bb:80:
         79:3b:9d:d1:a2:ad:a5:39:38:5b:02:9c:7e:f8:d0:f5:8b:b9:
         df:94:20:7b:ec:e1:0b:f4:01:fe:8d:78:4d:45:0a:02:5d:b5:
         14:8d:84:d2:78:90:ff:e9:06:82:95:6d:90:cc:80:8b:32:b3:
         a9:00:96:91:90:4a:9f:0b:43:9a:9d:a1:8e:9c:22:aa:60:73:
         6c:3b:30:d6:10:d2:53:71:50:54:f5:fe:38:77:88:8f:c4:eb:
         33:60:00:09:f6:66:ec:c4:fb:71:6e:55:14:6b:f7:55:41:f0:
         da:d5:29:87:99:d2:76:a2:1c:51:89:2c:6a:eb:40:54:00:47:
         95:87:99:b8:3d:b6:13:ff:5f:20:66:13:a4:8c:f6:b0:95:95:
         62:28:24:c0:a2:ba:64:e9:7f:1b:e2:10:84:5b:cc:8b:c0:f8:
         41:0f:b7:81:ce:52:da:27:e3:09:8f:2c:d0:34:d4:a4:81:69:
         83:75:cb:cc:b1:65:32:ce:e7:0e:08:0a:74:fc:fb:0b:6f:ae:
         db:86:89:ef:32:0f:42:48:43:fe:69:eb:87:ca:ff:f2:86:b2:
         b7:dc:24:49:2c:cd:e1:b4:67:71:a3:a5:89:39:59:39:f9:7e:
         48:b1:6a:67
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKqWxGc6ZvgY3t1tLuwUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZmYwZmE1MWU2OTM5ZDAxZGNhYTJiYjNkNWRjYWE2ZDAw
NDNkYTIwHhcNMjQwMTAyMTIzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODkxMzQ3ODM0MTQ0MTU0NmIzN2E5MjJmMmUwYTYyOWU2MmMzZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBUux9qV+r8Ve5EuSbsE1bMWAgOD
s4QCPAqIpY1oQSVcWIlsWmA3FOYlyoQPEs4fn9SlLPhQtxIwIbGjqfd6THaJjH6i
CUMvZDiatfCuQGlG/G+NtEt5KclEwyA63dHMlRTDFibgTQUF7o4lHx9qSB0u2/Yh
6SAtBpwQTsPNpBJCLY9KzzRWzXRx9TQdw6X7KYT/T5Ao+D9ZtNxUlC5FV9VA8cXB
bbHbpIjatnwC5BNzrUKlBKVXtxRO+l7S4pYrO+4I05HUnQPWRRgTLXG1rRWtbGMg
9lJRdTHwFFHCNuEb1F2DpsU7qBxVKRG8/m9Y2Mk0tmROwtO+DEieU82oowIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJiRNHg0FEFUazepIvLgpinmLD68MB8GA1UdIwQY
MBaAFP//D6UeaTnQHcqiuz1dyqbQBD2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX184UHBSNXBPZEFkeXFLN1BWM0twdEFFUGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS85Y2I2YjUtN2E1My00MDZmLWFmN2Et
MTdjMzhkOWMzNzY4LzEvbUpFMGVEUVVRVlJyTjZraTh1Q21LZVlzUHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS85Y2I2YjUtN2E1My00MDZmLWFmN2EtMTdjMzhkOWMzNzY4
LzEvX184UHBSNXBPZEFkeXFLN1BWM0twdEFFUGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQhcAwQC
uRrwMA0EAgACMAcDBQMqAtVAMA0GCSqGSIb3DQEBCwUAA4IBAQBXr3R5KJvMmsRR
62b8tV4bu4B5O53Roq2lOThbApx++ND1i7nflCB77OEL9AH+jXhNRQoCXbUUjYTS
eJD/6QaClW2QzICLMrOpAJaRkEqfC0OanaGOnCKqYHNsOzDWENJTcVBU9f44d4iP
xOszYAAJ9mbsxPtxblUUa/dVQfDa1SmHmdJ2ohxRiSxq60BUAEeVh5m4PbYT/18g
ZhOkjPawlZViKCTAorpk6X8b4hCEW8yLwPhBD7eBzlLaJ+MJjyzQNNSkgWmDdcvM
sWUyzucOCAp0/PsLb67bhonvMg9CSEP+aeuHyv/yhrK33CRJLM3htGdxo6WJOVk5
+X5IsWpn
-----END CERTIFICATE-----
Generated at Mon Sep 9 10:15:52 2024 by rpki-client on console-ams.rpki-client.org