Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/htHWsi4qSimwQbZ43DqrMQxVGO0.roa
File:                     htHWsi4qSimwQbZ43DqrMQxVGO0.roa (raw, json)
Hash identifier:          Gn23hmY5/I2iBOcxJ73JW4m2neA7L3frZafqovbNM4M=
Subject key identifier:   86:D1:D6:B2:2E:2A:4A:29:B0:41:B6:78:DC:3A:AB:31:0C:55:18:ED
Certificate issuer:       /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial:       018A81CD560E8F2E33994FB3D1EF10223729
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/htHWsi4qSimwQbZ43DqrMQxVGO0.roa
Signing time:             Mon 11 Sep 2023 01:13:52 +0000
ROA not before:           Mon 11 Sep 2023 01:13:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20668
IP address blocks:        195.245.82.0/23 maxlen: 23
                          193.169.142.0/23 maxlen: 23
                          185.206.53.0/24 maxlen: 24
                          185.206.52.0/24 maxlen: 24
                          193.36.89.0/24 maxlen: 24
                          195.78.124.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:81:cd:56:0e:8f:2e:33:99:4f:b3:d1:ef:10:22:37:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
        Validity
            Not Before: Sep 11 01:13:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86d1d6b22e2a4a29b041b678dc3aab310c5518ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2c:2c:63:94:57:84:a1:28:4c:9e:81:04:2c:
                    54:1e:cd:af:c3:3e:c4:36:4d:0d:56:eb:fd:7b:9a:
                    35:93:a6:52:d0:dd:b9:62:bf:6f:3f:45:e4:2f:76:
                    22:91:15:9f:52:d6:ca:90:f3:0a:76:8e:78:91:78:
                    6e:6c:e2:40:a3:65:e5:c6:39:e3:fa:87:d6:67:3d:
                    92:2a:91:e0:24:7c:87:bf:57:c4:a7:50:f1:a7:26:
                    b0:a5:48:2d:4b:69:42:70:d9:ba:6a:d1:01:b2:33:
                    b6:3a:62:77:a4:b3:c3:fe:63:da:0e:e1:a8:6c:07:
                    93:13:f3:91:a8:64:b1:31:ed:3d:0e:1b:53:22:fc:
                    e9:83:ad:14:ef:f2:f7:fb:7a:df:6a:b5:17:99:a0:
                    59:f8:e8:96:6a:b5:f4:a3:06:ae:f6:cb:71:0e:c1:
                    15:fe:ae:b7:3c:25:a0:e6:39:6d:1a:b4:2c:e4:26:
                    82:5d:c1:cf:f1:4f:2a:aa:b8:59:3c:e8:d3:2a:a7:
                    e8:a1:74:ad:c7:d0:dc:66:1d:d7:fa:50:5d:08:d6:
                    1c:b5:8c:27:29:d8:c1:cb:91:45:f7:01:2f:77:43:
                    dd:17:a7:6a:fa:0a:55:ce:5b:21:2b:84:74:ce:99:
                    43:bd:aa:80:d6:44:6d:06:47:b2:29:83:a1:8a:fd:
                    30:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D1:D6:B2:2E:2A:4A:29:B0:41:B6:78:DC:3A:AB:31:0C:55:18:ED
            X509v3 Authority Key Identifier:
                keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/htHWsi4qSimwQbZ43DqrMQxVGO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.52.0/23
                  193.36.89.0/24
                  193.169.142.0/23
                  195.78.124.0/23
                  195.245.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:59:c2:cd:18:41:dd:27:7f:3d:7a:ca:7d:f8:d6:05:a6:93:
         ff:e2:07:9b:50:0d:38:7f:5e:fe:46:7c:ac:7f:d1:8e:d1:61:
         70:05:3c:6c:21:58:1b:9e:e1:d7:26:de:82:27:ba:9c:6a:6c:
         3b:fd:5a:2c:ca:5b:60:9c:ab:a2:25:35:12:9f:88:b7:bd:4a:
         35:b5:03:c5:f3:d4:0c:42:b7:06:ed:af:13:10:22:30:98:b5:
         c9:8d:6a:d4:34:a9:2b:7a:bf:bc:a3:a6:4e:4a:3b:84:a6:ed:
         8e:30:8b:97:1e:e1:78:45:11:1b:94:6c:2f:b8:19:ab:31:09:
         3e:1a:03:74:ed:43:33:52:1c:e4:32:65:21:e5:37:f9:b6:14:
         f9:4e:55:c2:04:90:5b:1d:90:1a:86:d5:ea:97:98:59:c8:5f:
         39:2b:b2:66:96:f2:39:17:87:b7:d5:a3:99:85:57:7a:fe:e3:
         5a:99:66:12:fb:00:15:36:26:44:54:49:b0:65:e3:55:0f:87:
         dd:fb:56:14:a3:8a:27:ca:5c:df:6e:66:96:f0:d9:57:45:4e:
         12:b2:bb:53:f1:63:a0:dc:b3:d9:41:3c:ff:4a:cc:72:6c:43:
         fa:89:e7:73:e2:4d:be:17:99:65:9b:8a:07:19:f9:8c:45:e5:
         5e:27:9d:b7
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYqBzVYOjy4zmU+z0e8QIjcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjMwOTExMDExMzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQxZDZiMjJlMmE0YTI5YjA0MWI2NzhkYzNhYWIzMTBjNTUxOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSwsY5RXhKEoTJ6BBCxUHs2vwz7E
Nk0NVuv9e5o1k6ZS0N25Yr9vP0XkL3YikRWfUtbKkPMKdo54kXhubOJAo2Xlxjnj
+ofWZz2SKpHgJHyHv1fEp1DxpyawpUgtS2lCcNm6atEBsjO2OmJ3pLPD/mPaDuGo
bAeTE/ORqGSxMe09DhtTIvzpg60U7/L3+3rfarUXmaBZ+OiWarX0owau9stxDsEV
/q63PCWg5jltGrQs5CaCXcHP8U8qqrhZPOjTKqfooXStx9DcZh3X+lBdCNYctYwn
KdjBy5FF9wEvd0PdF6dq+gpVzlshK4R0zplDvaqA1kRtBkeyKYOhiv0wLwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIbR1rIuKkopsEG2eNw6qzEMVRjtMB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvaHRIV3NpNHFTaW13UWJaNDNEcXJNUXhWR08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBuc40AwQA
wSRZAwQBwamOAwQBw058AwQBw/VSMA0GCSqGSIb3DQEBCwUAA4IBAQADWcLNGEHd
J389esp9+NYFppP/4gebUA04f17+Rnysf9GO0WFwBTxsIVgbnuHXJt6CJ7qcamw7
/VosyltgnKuiJTUSn4i3vUo1tQPF89QMQrcG7a8TECIwmLXJjWrUNKkrer+8o6ZO
SjuEpu2OMIuXHuF4RREblGwvuBmrMQk+GgN07UMzUhzkMmUh5Tf5thT5TlXCBJBb
HZAahtXql5hZyF85K7JmlvI5F4e31aOZhVd6/uNamWYS+wAVNiZEVEmwZeNVD4fd
+1YUo4onylzfbmaW8NlXRU4SsrtT8WOg3LPZQTz/SsxybEP6iedz4k2+F5llm4oH
GfmMReVeJ523
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:59 2024 by rpki-client on console-ams.rpki-client.org