Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/ZK-ghZnIAQ28L-5iKhSDRpHS5C4.roa
File:                     ZK-ghZnIAQ28L-5iKhSDRpHS5C4.roa (raw, json)
Hash identifier:          eVJtWJrFM9fp25gXwFtflE6nm6vdd8G8J4y1XHw4SVY=
Subject key identifier:   64:AF:A0:85:99:C8:01:0D:BC:2F:EE:62:2A:14:83:46:91:D2:E4:2E
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       0188A2B7C2879F8DD0FD4B62FEA1FC6C8D58
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/ZK-ghZnIAQ28L-5iKhSDRpHS5C4.roa
Signing time:             Sat 10 Jun 2023 00:32:11 +0000
ROA not before:           Sat 10 Jun 2023 00:32:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.38.134.0/24 maxlen: 24
                          85.204.26.0/24 maxlen: 24
                          89.36.199.0/24 maxlen: 24
                          89.39.91.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a2:b7:c2:87:9f:8d:d0:fd:4b:62:fe:a1:fc:6c:8d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Jun 10 00:32:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64afa08599c8010dbc2fee622a14834691d2e42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0c:53:c8:79:e0:cd:5c:e5:f4:f5:04:de:ae:
                    39:4f:58:26:a0:64:a1:f6:78:54:4f:8e:d1:ce:a6:
                    21:a6:78:de:26:5b:4e:0b:3a:52:d2:4e:65:ee:2f:
                    38:54:65:55:22:a2:3c:da:23:48:62:4a:4b:1c:65:
                    25:9e:40:60:d8:66:de:44:f8:07:d7:01:50:6d:d5:
                    97:51:22:90:9b:a4:03:e5:ff:c8:d3:78:db:ec:8c:
                    61:47:71:7f:48:55:38:2e:e4:48:1b:7c:68:ae:dd:
                    15:d2:ea:3e:67:d6:6d:10:a8:cf:a7:18:3d:65:1e:
                    74:a7:7e:71:f0:b7:cc:6c:d3:86:b3:5b:21:99:0b:
                    21:05:1c:51:e5:79:b6:4b:df:be:34:f5:b7:c6:6b:
                    b5:5c:ba:ac:af:96:3d:6a:cf:2f:e9:04:60:c9:48:
                    1c:b1:6a:8c:9c:65:b0:18:78:c0:a2:ee:12:b6:64:
                    d1:6d:dd:81:fe:ad:8f:8f:ba:16:8a:26:e0:35:64:
                    79:b2:e8:66:47:cd:66:50:fe:38:98:a4:59:a8:3d:
                    3e:d1:67:a4:d1:0f:24:1b:09:af:36:9f:45:89:46:
                    28:57:e9:3f:28:af:9d:ec:db:a6:7b:9c:80:ae:56:
                    f6:cc:b0:d7:b8:db:22:07:b9:b3:b1:a6:96:1b:25:
                    6f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:AF:A0:85:99:C8:01:0D:BC:2F:EE:62:2A:14:83:46:91:D2:E4:2E
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/ZK-ghZnIAQ28L-5iKhSDRpHS5C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.26.0/24
                  89.36.199.0/24
                  89.38.134.0/24
                  89.39.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:3a:eb:ef:29:0a:39:47:49:ab:d6:07:32:5a:f2:ed:11:c0:
         57:3c:39:64:3a:80:08:49:84:2a:54:49:54:9a:eb:51:27:4d:
         5a:6f:01:50:0c:13:79:32:0f:89:d5:12:5d:06:87:b4:99:f2:
         3d:ae:5d:d1:39:e1:8d:d5:d9:cc:57:18:3e:dd:29:88:18:f5:
         a0:5f:38:fd:5e:82:0e:7a:0f:6e:b3:a7:b3:35:80:82:10:e2:
         43:18:9a:3a:ff:e6:05:e6:8d:82:98:e1:9c:80:40:e7:fa:c5:
         63:5d:13:0d:0b:19:d9:09:bb:22:4b:9c:7e:f6:70:c6:5b:2a:
         f3:2e:3d:c6:e3:b5:06:8d:ce:57:8a:b1:2d:67:e7:16:35:a1:
         6f:8d:60:01:85:87:1f:1d:67:45:77:47:5c:14:a8:6a:08:03:
         45:3f:aa:8c:b6:23:e9:c7:57:3f:87:51:75:48:55:9c:01:63:
         fd:d2:8f:bb:d2:47:40:9e:dd:9a:dd:a5:cf:b7:60:14:66:b3:
         e1:2b:08:cb:75:9f:2c:c7:e4:fb:24:5e:90:c7:ff:9d:63:1c:
         6f:f5:d6:26:70:ab:2f:87:f4:56:f0:3e:7e:66:3b:e7:6c:02:
         4d:1c:61:6b:dd:96:1b:36:80:87:a2:13:1e:42:31:1c:74:51:
         99:cc:ed:fd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYiit8KHn43Q/Uti/qH8bI1YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwNjEwMDAzMjExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGFmYTA4NTk5YzgwMTBkYmMyZmVlNjIyYTE0ODM0NjkxZDJlNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwxTyHngzVzl9PUE3q45T1gmoGSh
9nhUT47RzqYhpnjeJltOCzpS0k5l7i84VGVVIqI82iNIYkpLHGUlnkBg2GbeRPgH
1wFQbdWXUSKQm6QD5f/I03jb7IxhR3F/SFU4LuRIG3xort0V0uo+Z9ZtEKjPpxg9
ZR50p35x8LfMbNOGs1shmQshBRxR5Xm2S9++NPW3xmu1XLqsr5Y9as8v6QRgyUgc
sWqMnGWwGHjAou4StmTRbd2B/q2Pj7oWiibgNWR5suhmR81mUP44mKRZqD0+0Wek
0Q8kGwmvNp9FiUYoV+k/KK+d7Nume5yArlb2zLDXuNsiB7mzsaaWGyVvqwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGSvoIWZyAENvC/uYioUg0aR0uQuMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvWkstZ2habklBUTI4TC01aUtoU0RScEhTNUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcwaAwQA
WSTHAwQAWSaGAwQAWSdbMA0GCSqGSIb3DQEBCwUAA4IBAQCWOuvvKQo5R0mr1gcy
WvLtEcBXPDlkOoAISYQqVElUmutRJ01abwFQDBN5Mg+J1RJdBoe0mfI9rl3ROeGN
1dnMVxg+3SmIGPWgXzj9XoIOeg9us6ezNYCCEOJDGJo6/+YF5o2CmOGcgEDn+sVj
XRMNCxnZCbsiS5x+9nDGWyrzLj3G47UGjc5XirEtZ+cWNaFvjWABhYcfHWdFd0dc
FKhqCANFP6qMtiPpx1c/h1F1SFWcAWP90o+70kdAnt2a3aXPt2AUZrPhKwjLdZ8s
x+T7JF6Qx/+dYxxv9dYmcKsvh/RW8D5+ZjvnbAJNHGFr3ZYbNoCHohMeQjEcdFGZ
zO39
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:34 2024 by rpki-client on console-fra.rpki-client.org