Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/neqHT4C0Hk8RIcCo_5zwI6Cv9jg.roa
File:                     neqHT4C0Hk8RIcCo_5zwI6Cv9jg.roa (raw, json)
Hash identifier:          uu+2JFvFK3x8RRM+I/nkwmomMN4U4hyE6iCN+0vZMMU=
Subject key identifier:   9D:EA:87:4F:80:B4:1E:4F:11:21:C0:A8:FF:9C:F0:23:A0:AF:F6:38
Certificate issuer:       /CN=44007172df9fc2d4a2ddbba934cebc9f0286d3ca
Certificate serial:       018CC26D72F780C366D474367E3A5993A9EA
Authority key identifier: 44:00:71:72:DF:9F:C2:D4:A2:DD:BB:A9:34:CE:BC:9F:02:86:D3:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/neqHT4C0Hk8RIcCo_5zwI6Cv9jg.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58110
IP address blocks:        185.83.214.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:72:f7:80:c3:66:d4:74:36:7e:3a:59:93:a9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44007172df9fc2d4a2ddbba934cebc9f0286d3ca
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dea874f80b41e4f1121c0a8ff9cf023a0aff638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ec:78:86:16:fc:df:78:4c:0b:8a:0a:ab:7f:
                    1a:56:33:e2:3c:00:16:22:c2:34:cf:c1:d6:d8:95:
                    20:fd:95:40:b2:9d:c4:80:6c:d2:30:ba:6e:fa:aa:
                    75:94:a2:4a:5b:64:a7:8c:5e:5f:bb:3e:5b:86:c0:
                    c4:9b:f4:42:6e:ee:ca:a1:35:31:2e:af:cf:3d:3a:
                    08:5b:c7:14:0b:9b:75:e3:65:c5:b3:6d:d3:25:fe:
                    84:6a:82:bc:ac:de:5c:34:00:16:12:a5:ca:49:0d:
                    e3:a3:1c:db:9b:26:64:4a:eb:33:94:3e:93:26:4b:
                    e3:6c:91:13:6d:12:ef:2b:c8:a2:04:58:62:6b:04:
                    ca:a2:f0:8a:68:f3:ec:4d:e2:85:a6:d3:4a:de:5c:
                    cf:76:69:ad:5f:3f:37:f8:77:00:b7:3f:6e:1b:32:
                    cc:03:c1:51:ac:e6:e8:e6:ab:58:ec:5a:72:cc:60:
                    26:96:64:49:2d:84:25:0f:6e:8c:57:61:6a:14:37:
                    d9:6c:c5:32:b2:e1:c1:70:c6:29:f7:1f:c1:e2:0f:
                    18:81:a7:52:8c:8e:c7:df:14:50:4d:da:9a:8e:3e:
                    82:cc:a3:ff:a6:43:e3:9e:c7:42:38:c4:95:8f:f7:
                    16:27:1a:bd:ff:25:d1:c7:ab:fc:fd:c3:fe:18:72:
                    4c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EA:87:4F:80:B4:1E:4F:11:21:C0:A8:FF:9C:F0:23:A0:AF:F6:38
            X509v3 Authority Key Identifier:
                keyid:44:00:71:72:DF:9F:C2:D4:A2:DD:BB:A9:34:CE:BC:9F:02:86:D3:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/neqHT4C0Hk8RIcCo_5zwI6Cv9jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/RABxct-fwtSi3bupNM68nwKG08o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:78:c9:ec:1b:85:f5:8e:ce:02:6a:98:9b:e9:9a:9e:36:6a:
         a3:e6:16:c3:45:fc:68:e4:5b:00:ad:1d:63:1a:53:90:4f:fb:
         90:27:78:0c:32:31:08:90:42:50:64:36:ac:7f:e0:db:7b:d9:
         50:5c:2f:8e:e4:27:a3:98:d6:a1:da:a3:d2:7f:19:2e:16:28:
         3d:00:1e:fa:d7:a1:f2:f4:ea:35:64:c0:06:88:8e:70:0c:c4:
         42:36:5a:c0:4a:8e:06:68:6e:7f:a5:b2:cd:8a:9b:9e:7a:75:
         10:a9:40:f4:60:2c:00:fe:89:06:af:40:e8:2b:27:33:3f:d0:
         0c:66:8f:49:c1:2a:ba:91:39:37:d6:f2:57:5f:f2:49:76:56:
         9f:d4:01:c2:8a:b5:5a:41:f8:a1:0a:cb:49:60:ec:6b:6a:73:
         da:de:64:03:e5:cf:f8:62:7d:47:bd:e6:d2:6d:1a:37:e8:63:
         20:58:56:50:ac:1a:9c:af:7b:5c:04:3f:2d:fb:f2:dd:64:0d:
         91:2a:ce:91:c6:f4:e7:d2:91:23:70:7f:b4:52:b6:c6:74:64:
         5e:f1:05:61:d8:c7:f3:99:12:87:2c:fc:21:5e:5b:58:74:8d:
         3d:62:a1:cd:81:f1:ff:4c:95:11:a8:80:bb:f3:99:f5:10:ad:
         1c:7a:f9:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXL3gMNm1HQ2fjpZk6nqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MDA3MTcyZGY5ZmMyZDRhMmRkYmJhOTM0Y2ViYzlmMDI4
NmQzY2EwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVhODc0ZjgwYjQxZTRmMTEyMWMwYThmZjljZjAyM2EwYWZmNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+x4hhb833hMC4oKq38aVjPiPAAW
IsI0z8HW2JUg/ZVAsp3EgGzSMLpu+qp1lKJKW2SnjF5fuz5bhsDEm/RCbu7KoTUx
Lq/PPToIW8cUC5t142XFs23TJf6EaoK8rN5cNAAWEqXKSQ3joxzbmyZkSuszlD6T
JkvjbJETbRLvK8iiBFhiawTKovCKaPPsTeKFptNK3lzPdmmtXz83+HcAtz9uGzLM
A8FRrObo5qtY7FpyzGAmlmRJLYQlD26MV2FqFDfZbMUysuHBcMYp9x/B4g8YgadS
jI7H3xRQTdqajj6CzKP/pkPjnsdCOMSVj/cWJxq9/yXRx6v8/cP+GHJMMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3qh0+AtB5PESHAqP+c8COgr/Y4MB8GA1UdIwQY
MBaAFEQAcXLfn8LUot27qTTOvJ8ChtPKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkFCeGN0LWZ3dFNpM2J1cE5NNjhud0tHMDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85NDVkYmQtMmZiNy00ZGQxLTk2YTYt
MDU4NWRlNGQ0ZWU3LzEvbmVxSFQ0QzBIazhSSWNDb181endJNkN2OWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85NDVkYmQtMmZiNy00ZGQxLTk2YTYtMDU4NWRlNGQ0ZWU3
LzEvUkFCeGN0LWZ3dFNpM2J1cE5NNjhud0tHMDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVPWMA0G
CSqGSIb3DQEBCwUAA4IBAQDOeMnsG4X1js4Capib6ZqeNmqj5hbDRfxo5FsArR1j
GlOQT/uQJ3gMMjEIkEJQZDasf+Dbe9lQXC+O5CejmNah2qPSfxkuFig9AB7616Hy
9Oo1ZMAGiI5wDMRCNlrASo4GaG5/pbLNipueenUQqUD0YCwA/okGr0DoKyczP9AM
Zo9JwSq6kTk31vJXX/JJdlaf1AHCirVaQfihCstJYOxranPa3mQD5c/4Yn1HvebS
bRo36GMgWFZQrBqcr3tcBD8t+/LdZA2RKs6RxvTn0pEjcH+0UrbGdGRe8QVh2Mfz
mRKHLPwhXltYdI09YqHNgfH/TJURqIC785n1EK0cevkz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:51 2024 by rpki-client on console-ams.rpki-client.org