Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/uznDgZ5eFUebLhkrY6NZ4RKeSKw.roa
File:                     uznDgZ5eFUebLhkrY6NZ4RKeSKw.roa (raw, json)
Hash identifier:          CVxPfHSD/LXgwY/mexpZlMgKzuU+MwlgKAVAsSTqN7g=
Subject key identifier:   BB:39:C3:81:9E:5E:15:47:9B:2E:19:2B:63:A3:59:E1:12:9E:48:AC
Certificate issuer:       /CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
Certificate serial:       01856B256BABAE8752A32F42794B78D36162
Authority key identifier: A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/uznDgZ5eFUebLhkrY6NZ4RKeSKw.roa
Signing time:             Sun 01 Jan 2023 02:24:52 +0000
ROA not before:           Sun 01 Jan 2023 02:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8001
IP address blocks:        46.16.165.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:25:6b:ab:ae:87:52:a3:2f:42:79:4b:78:d3:61:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
        Validity
            Not Before: Jan  1 02:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb39c3819e5e15479b2e192b63a359e1129e48ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fb:e3:42:65:cc:d3:88:e6:e6:47:50:d1:81:
                    81:24:f2:98:34:fb:5a:52:fc:3c:b2:c9:8d:a0:8f:
                    7d:ea:05:8d:64:67:ab:46:c0:1b:c2:6c:ec:f2:e9:
                    91:f6:d3:aa:22:2d:62:59:d8:cc:f9:36:48:49:71:
                    84:34:0e:5b:f5:a0:a7:7c:6c:3d:75:f1:64:2a:9f:
                    d6:05:04:2e:cc:f7:8d:e0:15:e7:4a:36:aa:28:45:
                    d9:0e:1e:ce:51:29:7a:d6:d3:af:dd:f1:1e:3e:4d:
                    cd:ae:dd:14:78:fe:d9:6a:59:0c:3f:fd:bb:af:40:
                    45:8e:07:d3:ef:ae:af:67:7f:f2:bd:07:78:16:3c:
                    8b:01:59:ed:94:9a:93:b2:f4:bb:a0:ff:fe:19:66:
                    ea:eb:88:78:28:51:69:d6:35:4d:3a:e3:f5:38:83:
                    18:c9:e3:b5:6e:0c:46:3e:a1:b5:4f:32:10:89:a4:
                    9d:cb:36:71:d5:51:78:8e:e4:43:b3:a8:8d:68:bd:
                    1d:d0:e1:96:90:6b:05:6b:11:c7:c7:68:e8:28:e0:
                    4a:a3:a6:b6:85:c9:a8:c8:8b:62:75:d2:9a:a1:49:
                    8b:6d:8a:fa:80:0c:ef:f0:a0:d4:e5:23:97:cc:8d:
                    9a:02:d3:bb:3b:96:4f:f7:1b:87:0c:ad:4d:98:a9:
                    94:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:39:C3:81:9E:5E:15:47:9B:2E:19:2B:63:A3:59:E1:12:9E:48:AC
            X509v3 Authority Key Identifier:
                keyid:A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/uznDgZ5eFUebLhkrY6NZ4RKeSKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/po_5Ip79jRK0Jz80b4xkVOpYfsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:76:c8:ef:e1:22:13:ea:40:6e:35:ef:2c:76:df:2e:84:72:
         8c:9b:61:bf:18:54:89:5f:7e:5f:3b:10:62:38:dd:d8:6f:cb:
         d3:14:d5:d4:df:8e:30:dd:c4:3e:61:46:a4:c1:b1:cf:fc:17:
         89:5e:1a:8c:82:e6:23:3f:53:21:9a:ff:55:a7:16:f6:7f:25:
         9d:71:f9:75:2b:f0:5b:c9:08:66:01:82:09:15:9a:f0:59:14:
         cf:f5:ba:74:37:8b:a0:89:e1:8c:5c:c6:22:72:5a:e0:5f:be:
         24:89:e9:dd:c9:39:31:6a:ca:2f:23:51:75:3f:27:3f:1a:76:
         42:3e:53:b2:75:73:6e:e2:ad:ad:ce:0e:38:c3:f8:45:08:ac:
         d2:07:22:91:2c:7e:fe:a9:4f:11:99:73:12:3d:8e:80:2d:6e:
         9e:32:ff:18:d0:77:fe:69:32:64:e2:df:24:19:6d:10:01:07:
         8a:5f:17:71:76:33:88:26:de:92:e9:a5:62:7d:fa:64:64:a6:
         e7:8f:03:9f:77:62:24:40:c8:80:f3:3d:f4:43:7a:dd:b3:ce:
         23:f7:ce:0f:37:0c:7c:10:03:36:b4:79:80:4c:a3:7b:90:2d:
         d4:b6:76:d8:ad:7a:5a:7e:4a:c8:cd:36:79:f0:f3:0a:32:7d:
         14:45:b1:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVrJWurrodSoy9CeUt402FiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2OGZmOTIyOWVmZDhkMTJiNDI3M2YzNDZmOGM2NDU0ZWE1
ODdlY2MwHhcNMjMwMTAxMDIyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM5YzM4MTllNWUxNTQ3OWIyZTE5MmI2M2EzNTllMTEyOWU0OGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfvjQmXM04jm5kdQ0YGBJPKYNPta
Uvw8ssmNoI996gWNZGerRsAbwmzs8umR9tOqIi1iWdjM+TZISXGENA5b9aCnfGw9
dfFkKp/WBQQuzPeN4BXnSjaqKEXZDh7OUSl61tOv3fEePk3Nrt0UeP7ZalkMP/27
r0BFjgfT766vZ3/yvQd4FjyLAVntlJqTsvS7oP/+GWbq64h4KFFp1jVNOuP1OIMY
yeO1bgxGPqG1TzIQiaSdyzZx1VF4juRDs6iNaL0d0OGWkGsFaxHHx2joKOBKo6a2
hcmoyItiddKaoUmLbYr6gAzv8KDU5SOXzI2aAtO7O5ZP9xuHDK1NmKmUNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLs5w4GeXhVHmy4ZK2OjWeESnkisMB8GA1UdIwQY
MBaAFKaP+SKe/Y0StCc/NG+MZFTqWH7MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEt
MjI3ZTIxZTY5MWU3LzEvdXpuRGdaNWVGVWViTGhrclk2Tlo0UktlU0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEtMjI3ZTIxZTY5MWU3
LzEvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhClMA0G
CSqGSIb3DQEBCwUAA4IBAQASdsjv4SIT6kBuNe8sdt8uhHKMm2G/GFSJX35fOxBi
ON3Yb8vTFNXU344w3cQ+YUakwbHP/BeJXhqMguYjP1Mhmv9Vpxb2fyWdcfl1K/Bb
yQhmAYIJFZrwWRTP9bp0N4ugieGMXMYiclrgX74kiendyTkxasovI1F1Pyc/GnZC
PlOydXNu4q2tzg44w/hFCKzSByKRLH7+qU8RmXMSPY6ALW6eMv8Y0Hf+aTJk4t8k
GW0QAQeKXxdxdjOIJt6S6aViffpkZKbnjwOfd2IkQMiA8z30Q3rds84j984PNwx8
EAM2tHmATKN7kC3UtnbYrXpafkrIzTZ58PMKMn0URbEx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:24 2024 by rpki-client on console-ams.rpki-client.org