Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/_I4WfyWGG82jFNTEByu2gHjNMSo.roa
File:                     _I4WfyWGG82jFNTEByu2gHjNMSo.roa (raw, json)
Hash identifier:          RpjVKA40fssBMVzrYQI+Ue/fyU0kmLETWVtYISmwAHw=
Subject key identifier:   FC:8E:16:7F:25:86:1B:CD:A3:14:D4:C4:07:2B:B6:80:78:CD:31:2A
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       0185A83A80A927BAF1AC798FBB92E25BA994
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/_I4WfyWGG82jFNTEByu2gHjNMSo.roa
Signing time:             Thu 12 Jan 2023 23:04:44 +0000
ROA not before:           Thu 12 Jan 2023 23:04:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        93.119.184.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a8:3a:80:a9:27:ba:f1:ac:79:8f:bb:92:e2:5b:a9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Jan 12 23:04:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc8e167f25861bcda314d4c4072bb68078cd312a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:90:ce:60:76:59:82:8a:73:95:1b:a8:d0:e5:
                    06:c4:da:56:3f:6d:89:2b:be:7e:35:c7:6c:84:99:
                    78:eb:63:28:5e:48:a0:28:0d:f5:52:ea:c6:58:2b:
                    9b:a0:43:13:17:11:a9:9b:9f:67:49:b9:ba:93:dd:
                    55:f3:1e:af:2a:fd:fa:4c:a3:29:6a:9b:95:71:e9:
                    cd:2c:1a:32:72:9f:e9:56:e9:8f:d6:2d:72:23:2a:
                    47:20:9f:c6:75:fa:69:46:18:43:34:89:b5:95:4b:
                    e4:69:f6:69:74:65:a2:be:c0:dc:48:a6:07:b9:79:
                    b1:32:9f:e0:98:03:d7:f8:77:22:8e:81:98:87:bb:
                    b4:55:82:b4:7a:1b:7f:d1:9c:f0:eb:3f:d9:8a:42:
                    e5:ea:d4:02:cf:52:a4:3d:4f:e2:63:b1:82:92:ba:
                    65:a4:6b:d4:49:3e:c8:69:fe:a9:5b:64:44:c2:75:
                    2e:1b:78:f2:e9:af:69:52:fb:cd:14:4d:5c:f2:7f:
                    ce:28:d0:e8:0e:7c:7d:2b:0e:9c:9b:3a:f5:ec:90:
                    f5:11:d0:07:32:26:03:13:03:e8:c1:2d:7d:88:d9:
                    a8:35:f6:f1:bb:ce:d8:25:93:85:55:1e:c8:2f:27:
                    d9:6f:9a:2a:cd:56:fa:39:87:25:8e:02:32:35:94:
                    2d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:8E:16:7F:25:86:1B:CD:A3:14:D4:C4:07:2B:B6:80:78:CD:31:2A
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/_I4WfyWGG82jFNTEByu2gHjNMSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.119.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:10:21:5c:0d:71:7c:d7:0c:4f:29:ab:eb:30:05:0e:92:7a:
         75:61:50:a2:e2:35:c9:97:3c:54:79:e4:35:bc:96:2b:dc:7b:
         f1:1d:4e:d1:24:1e:07:92:72:18:74:8b:5f:b5:bd:be:58:fa:
         85:d5:1f:ba:88:76:c5:24:19:df:a7:62:34:2d:8b:c6:77:71:
         57:cd:a5:6b:7f:8c:6b:d5:ab:d1:b5:05:56:ec:be:0b:31:1e:
         10:d5:dd:6d:7b:7a:74:af:6d:ca:5c:82:4e:e8:cd:46:61:ff:
         04:16:b2:7f:db:e2:a7:23:1f:b1:2b:f4:37:2e:8c:54:5a:42:
         94:33:93:77:7e:bf:df:fe:e2:72:5f:4e:75:7c:0c:f7:b8:d1:
         45:d3:b5:c2:b0:23:33:fb:ea:f0:47:b3:bf:74:c5:be:7b:ab:
         0a:6a:b6:b0:a0:f0:d3:8c:30:33:25:43:c6:74:02:31:a6:2d:
         5a:4e:5f:9a:32:9b:f0:16:71:79:2e:f7:e4:34:e8:ba:01:27:
         ad:de:41:64:e7:0c:5a:7a:b5:cd:c5:a4:cf:e5:da:7b:70:f2:
         76:11:93:06:60:d4:e3:63:b9:a7:82:78:69:10:7b:99:7d:b0:
         50:34:3d:76:46:05:06:ab:5a:db:f2:5f:ad:31:f6:4c:5a:4e:
         13:18:18:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWoOoCpJ7rxrHmPu5LiW6mUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwMTEyMjMwNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzhlMTY3ZjI1ODYxYmNkYTMxNGQ0YzQwNzJiYjY4MDc4Y2QzMTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppDOYHZZgopzlRuo0OUGxNpWP22J
K75+NcdshJl462MoXkigKA31UurGWCuboEMTFxGpm59nSbm6k91V8x6vKv36TKMp
apuVcenNLBoycp/pVumP1i1yIypHIJ/GdfppRhhDNIm1lUvkafZpdGWivsDcSKYH
uXmxMp/gmAPX+HcijoGYh7u0VYK0eht/0Zzw6z/ZikLl6tQCz1KkPU/iY7GCkrpl
pGvUST7Iaf6pW2REwnUuG3jy6a9pUvvNFE1c8n/OKNDoDnx9Kw6cmzr17JD1EdAH
MiYDEwPowS19iNmoNfbxu87YJZOFVR7ILyfZb5oqzVb6OYcljgIyNZQtyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyOFn8lhhvNoxTUxAcrtoB4zTEqMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvX0k0V2Z5V0dHODJqRk5URUJ5dTJnSGpOTVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXXe4MA0G
CSqGSIb3DQEBCwUAA4IBAQBmECFcDXF81wxPKavrMAUOknp1YVCi4jXJlzxUeeQ1
vJYr3HvxHU7RJB4HknIYdItftb2+WPqF1R+6iHbFJBnfp2I0LYvGd3FXzaVrf4xr
1avRtQVW7L4LMR4Q1d1te3p0r23KXIJO6M1GYf8EFrJ/2+KnIx+xK/Q3LoxUWkKU
M5N3fr/f/uJyX051fAz3uNFF07XCsCMz++rwR7O/dMW+e6sKarawoPDTjDAzJUPG
dAIxpi1aTl+aMpvwFnF5LvfkNOi6ASet3kFk5wxaerXNxaTP5dp7cPJ2EZMGYNTj
Y7mngnhpEHuZfbBQND12RgUGq1rb8l+tMfZMWk4TGBhI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:34 2024 by rpki-client on console-fra.rpki-client.org