Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/g-mTfmQrBYoY1PVdDO1wfUkV9ww.roa
File:                     g-mTfmQrBYoY1PVdDO1wfUkV9ww.roa (raw, json)
Hash identifier:          PaapNmmp+lA3UmGjNaylqcVqsOUL3durjaMgOebEJa8=
Subject key identifier:   83:E9:93:7E:64:2B:05:8A:18:D4:F5:5D:0C:ED:70:7D:49:15:F7:0C
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       0185A83A8117E40AF43B93DC4ED10430DDBC
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/g-mTfmQrBYoY1PVdDO1wfUkV9ww.roa
Signing time:             Thu 12 Jan 2023 23:04:44 +0000
ROA not before:           Thu 12 Jan 2023 23:04:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211936
IP address blocks:        93.119.184.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a8:3a:81:17:e4:0a:f4:3b:93:dc:4e:d1:04:30:dd:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Jan 12 23:04:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=83e9937e642b058a18d4f55d0ced707d4915f70c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1d:94:dc:2f:91:3a:be:be:f2:09:14:e4:bc:
                    1a:9e:ba:fc:37:c1:c9:de:34:af:67:12:72:17:ea:
                    b9:27:63:21:02:b1:e0:6b:c1:33:d2:2a:18:28:e5:
                    97:84:5b:07:9e:ef:b4:ed:af:87:73:86:89:e5:d2:
                    79:c8:1c:a2:37:0a:66:8a:38:e0:97:6a:c4:18:37:
                    66:a1:2d:40:d3:15:41:59:5e:85:44:94:84:47:20:
                    a5:06:e0:a7:89:92:29:ba:61:fb:81:7e:77:b3:d4:
                    ea:a5:47:b9:a2:e3:61:7c:88:92:99:46:1d:67:89:
                    da:fc:fc:f1:2a:fd:01:cd:54:1e:e5:e8:69:ea:b0:
                    12:25:50:c5:37:2a:31:13:2c:f3:f9:71:22:e8:30:
                    eb:06:fc:e6:db:dc:ea:f5:6c:0b:ec:6b:e4:22:dc:
                    ee:5d:6a:62:1b:a0:28:29:5c:f3:e3:c3:e8:00:d2:
                    a1:a7:1a:7b:f4:9f:3e:6f:6f:a7:41:b6:26:15:b4:
                    e0:c8:39:24:67:15:26:0a:66:e3:68:27:a1:c0:0f:
                    d7:e9:0d:99:43:f5:e5:ea:57:0f:21:4b:ca:7c:d6:
                    0e:87:0a:92:53:73:74:ae:da:66:77:a6:09:7e:8a:
                    1f:0c:36:ab:82:4f:89:84:51:04:57:96:e2:1b:bd:
                    e9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E9:93:7E:64:2B:05:8A:18:D4:F5:5D:0C:ED:70:7D:49:15:F7:0C
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/g-mTfmQrBYoY1PVdDO1wfUkV9ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.119.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:df:2e:37:b1:34:e5:f8:31:52:26:ec:60:c8:6c:c5:b2:28:
         a2:12:e9:a4:18:ac:2d:5d:ff:fd:3b:fe:e6:c6:92:f9:6b:2a:
         ae:bc:97:01:26:04:00:73:d1:64:4a:a1:4e:e4:86:4c:d4:89:
         76:ff:2d:3b:cd:85:89:df:22:4c:e8:6e:f2:42:f5:e0:09:47:
         06:65:87:56:3d:5f:ea:51:77:90:a2:17:0c:e0:ac:9c:36:0b:
         7a:6d:17:9f:23:2f:fb:79:65:05:96:3a:4a:4e:4c:60:e2:54:
         47:51:05:18:91:99:87:c2:ce:26:37:97:65:fe:70:3b:60:af:
         10:2a:06:5b:49:91:35:ed:dd:cc:61:66:be:9d:e7:8b:42:f6:
         b1:8d:e8:4c:c2:ca:40:59:d3:ff:7b:36:8a:48:f2:cb:05:85:
         68:74:a9:7e:7d:5d:d8:56:54:5e:e6:19:4d:d2:1b:2c:60:58:
         19:90:c9:d6:e2:3a:f9:59:05:cf:9b:22:9a:85:24:f4:85:e2:
         55:f4:19:8f:d3:e7:da:7b:c7:e7:02:9a:e4:bd:ee:b5:c6:80:
         ed:84:90:e4:0b:b1:66:92:d9:27:a7:ef:58:36:25:eb:4a:43:
         0e:f7:55:c0:b2:a9:e8:b1:0d:f9:88:b4:90:9d:d7:06:6b:a7:
         fe:53:8a:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWoOoEX5Ar0O5PcTtEEMN28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwMTEyMjMwNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2U5OTM3ZTY0MmIwNThhMThkNGY1NWQwY2VkNzA3ZDQ5MTVmNzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR2U3C+ROr6+8gkU5Lwanrr8N8HJ
3jSvZxJyF+q5J2MhArHga8Ez0ioYKOWXhFsHnu+07a+Hc4aJ5dJ5yByiNwpmijjg
l2rEGDdmoS1A0xVBWV6FRJSERyClBuCniZIpumH7gX53s9TqpUe5ouNhfIiSmUYd
Z4na/PzxKv0BzVQe5ehp6rASJVDFNyoxEyzz+XEi6DDrBvzm29zq9WwL7GvkItzu
XWpiG6AoKVzz48PoANKhpxp79J8+b2+nQbYmFbTgyDkkZxUmCmbjaCehwA/X6Q2Z
Q/Xl6lcPIUvKfNYOhwqSU3N0rtpmd6YJfoofDDargk+JhFEEV5biG73pJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPpk35kKwWKGNT1XQztcH1JFfcMMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvZy1tVGZtUXJCWW9ZMVBWZERPMXdmVWtWOXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXXe4MA0G
CSqGSIb3DQEBCwUAA4IBAQAH3y43sTTl+DFSJuxgyGzFsiiiEumkGKwtXf/9O/7m
xpL5ayquvJcBJgQAc9FkSqFO5IZM1Il2/y07zYWJ3yJM6G7yQvXgCUcGZYdWPV/q
UXeQohcM4KycNgt6bRefIy/7eWUFljpKTkxg4lRHUQUYkZmHws4mN5dl/nA7YK8Q
KgZbSZE17d3MYWa+neeLQvaxjehMwspAWdP/ezaKSPLLBYVodKl+fV3YVlRe5hlN
0hssYFgZkMnW4jr5WQXPmyKahST0heJV9BmP0+fae8fnAprkve61xoDthJDkC7Fm
ktknp+9YNiXrSkMO91XAsqnosQ35iLSQndcGa6f+U4qT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org