Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/rJNw643eZ9k5vYbH3Ogh1hRPvrg.roa
File:                     rJNw643eZ9k5vYbH3Ogh1hRPvrg.roa (raw, json)
Hash identifier:          HKU6ghQLb4Hh6aJF5gb/dkIQghVlEpnbZYp9+r81Jkc=
Subject key identifier:   AC:93:70:EB:8D:DE:67:D9:39:BD:86:C7:DC:E8:21:D6:14:4F:BE:B8
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       0188A48531413D1FC50740322DC2AADDF49A
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/rJNw643eZ9k5vYbH3Ogh1hRPvrg.roa
Signing time:             Sat 10 Jun 2023 08:56:12 +0000
ROA not before:           Sat 10 Jun 2023 08:56:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.38.134.0/24 maxlen: 24
                          89.47.94.0/24 maxlen: 24
                          85.204.26.0/24 maxlen: 24
                          89.36.199.0/24 maxlen: 24
                          89.39.91.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a4:85:31:41:3d:1f:c5:07:40:32:2d:c2:aa:dd:f4:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Jun 10 08:56:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac9370eb8dde67d939bd86c7dce821d6144fbeb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:28:38:93:59:db:e5:ba:f7:2d:35:ef:bc:ef:
                    ee:1c:1c:ee:85:a8:b0:c1:b9:60:69:49:e7:10:2d:
                    50:a3:ef:fd:51:9f:cc:15:e8:3c:29:e9:18:13:de:
                    18:8e:7e:5b:51:76:a1:a6:09:9b:fe:0f:98:f2:7b:
                    9c:46:3e:60:bd:fc:58:74:de:f0:a4:a5:87:de:1b:
                    f2:f7:22:09:54:d6:6c:b5:b2:46:4d:79:00:d5:9c:
                    8f:ea:54:90:10:7b:ca:9a:e5:c5:74:1e:9d:2f:b6:
                    67:c5:6c:e1:b1:fc:72:d8:0b:90:da:a6:84:83:f8:
                    60:b4:5c:a5:8a:9f:ea:f6:0c:0a:50:1b:e4:27:49:
                    f4:b4:6c:25:7d:61:ed:24:4f:70:0b:ca:e9:c3:22:
                    ee:f0:00:38:13:5b:eb:89:a6:f4:65:5e:52:32:8c:
                    df:a3:a3:59:dd:b9:b0:7e:26:63:a8:57:f5:ec:51:
                    04:39:f4:b0:b4:f0:6a:c1:b7:63:c5:dd:9b:83:ae:
                    91:26:73:c1:82:66:db:f6:be:5c:b6:7a:28:90:74:
                    2b:e5:53:7a:88:46:11:97:75:0f:00:2f:c8:1c:54:
                    c9:e4:a8:53:60:ac:ff:02:aa:b7:88:00:53:08:46:
                    d4:b9:91:7f:17:3b:6a:2c:5f:41:31:81:dc:fb:0d:
                    1b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:93:70:EB:8D:DE:67:D9:39:BD:86:C7:DC:E8:21:D6:14:4F:BE:B8
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/rJNw643eZ9k5vYbH3Ogh1hRPvrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.26.0/24
                  89.36.199.0/24
                  89.38.134.0/24
                  89.39.91.0/24
                  89.47.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:89:8e:8a:3d:6b:1a:80:52:db:7b:bf:99:9c:8e:8e:95:2e:
         81:55:a5:35:4b:d0:32:f8:8c:6a:12:e9:aa:cd:4c:f0:30:93:
         18:bc:58:36:02:55:e3:69:a0:a9:ea:a2:a4:9e:43:73:50:e1:
         22:9a:fc:7d:85:d7:d0:59:bc:28:09:89:91:6d:04:a7:11:58:
         24:65:bb:39:2b:0b:ed:49:b5:7f:49:8e:99:71:2c:21:61:c6:
         f8:9f:36:32:e6:f0:e4:98:f4:0c:f3:b5:28:b6:98:d7:16:d4:
         4b:f9:22:45:a3:19:13:97:6c:08:e6:2b:3d:22:dc:10:3d:61:
         02:c0:19:f8:03:55:95:df:c4:84:1d:03:6b:45:24:92:53:c2:
         26:dd:b1:4e:15:b9:94:34:2b:db:5c:10:1d:3f:3d:11:4c:3b:
         27:2e:b8:88:2d:88:11:61:d3:4b:ec:36:ce:b1:7d:f3:32:d8:
         17:32:c7:48:fd:3c:ae:3a:6d:a4:b8:54:78:99:7b:27:9a:43:
         3a:9e:9a:a4:33:2e:bf:72:19:fd:b7:50:17:f8:89:dc:9c:34:
         17:7f:83:3d:20:75:5e:f3:43:58:93:76:b9:de:64:62:9e:80:
         6e:86:ea:e0:35:f6:52:eb:22:4e:7b:f7:bb:0e:ca:e3:d3:bf:
         e8:cc:e0:2e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYikhTFBPR/FB0AyLcKq3fSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwNjEwMDg1NjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzkzNzBlYjhkZGU2N2Q5MzliZDg2YzdkY2U4MjFkNjE0NGZiZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyg4k1nb5br3LTXvvO/uHBzuhaiw
wblgaUnnEC1Qo+/9UZ/MFeg8KekYE94Yjn5bUXahpgmb/g+Y8nucRj5gvfxYdN7w
pKWH3hvy9yIJVNZstbJGTXkA1ZyP6lSQEHvKmuXFdB6dL7ZnxWzhsfxy2AuQ2qaE
g/hgtFylip/q9gwKUBvkJ0n0tGwlfWHtJE9wC8rpwyLu8AA4E1vriab0ZV5SMozf
o6NZ3bmwfiZjqFf17FEEOfSwtPBqwbdjxd2bg66RJnPBgmbb9r5ctnookHQr5VN6
iEYRl3UPAC/IHFTJ5KhTYKz/Aqq3iABTCEbUuZF/FztqLF9BMYHc+w0b5wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKyTcOuN3mfZOb2Gx9zoIdYUT764MB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvckpOdzY0M2VaOWs1dlliSDNPZ2gxaFJQdnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVcwaAwQA
WSTHAwQAWSaGAwQAWSdbAwQAWS9eMA0GCSqGSIb3DQEBCwUAA4IBAQCGiY6KPWsa
gFLbe7+ZnI6OlS6BVaU1S9Ay+IxqEumqzUzwMJMYvFg2AlXjaaCp6qKknkNzUOEi
mvx9hdfQWbwoCYmRbQSnEVgkZbs5KwvtSbV/SY6ZcSwhYcb4nzYy5vDkmPQM87Uo
tpjXFtRL+SJFoxkTl2wI5is9ItwQPWECwBn4A1WV38SEHQNrRSSSU8Im3bFOFbmU
NCvbXBAdPz0RTDsnLriILYgRYdNL7DbOsX3zMtgXMsdI/TyuOm2kuFR4mXsnmkM6
npqkMy6/chn9t1AX+IncnDQXf4M9IHVe80NYk3a53mRinoBuhurgNfZS6yJOe/e7
Dsrj07/ozOAu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org