Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/XMctXGj5zoBrgJxWaWb8ZoDE-Bs.roa
File:                     XMctXGj5zoBrgJxWaWb8ZoDE-Bs.roa (raw, json)
Hash identifier:          jHnX+dZhlwmIL6Rng/DI80czdXt4xalfiWSoIBuABVU=
Subject key identifier:   5C:C7:2D:5C:68:F9:CE:80:6B:80:9C:56:69:66:FC:66:80:C4:F8:1B
Certificate issuer:       /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial:       018572FA607B11571E6AE16D647B956848EB
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/XMctXGj5zoBrgJxWaWb8ZoDE-Bs.roa
Signing time:             Mon 02 Jan 2023 14:54:49 +0000
ROA not before:           Mon 02 Jan 2023 14:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206046
IP address blocks:        92.60.165.0/24 maxlen: 24
                          92.60.163.0/24 maxlen: 24
                          92.60.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:fa:60:7b:11:57:1e:6a:e1:6d:64:7b:95:68:48:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
        Validity
            Not Before: Jan  2 14:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cc72d5c68f9ce806b809c566966fc6680c4f81b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:62:a7:f2:95:54:69:de:80:65:ef:9b:d7:e9:
                    f3:a8:43:ce:d9:d5:a1:31:1a:63:1a:6f:e7:1f:80:
                    9f:bb:0a:fc:4b:98:2c:4c:2f:76:75:49:44:e6:36:
                    e4:99:91:54:66:4a:c8:f6:02:2b:79:78:d9:3b:bb:
                    08:98:12:f9:d3:5b:2f:d6:17:1e:06:5f:ff:e3:26:
                    69:ca:a7:d3:fd:e0:12:41:04:fd:1b:a8:a8:ea:d3:
                    c1:60:67:f8:9d:dd:12:dc:9c:a2:74:8d:9e:c6:24:
                    67:b3:8c:f2:a3:d8:39:18:a8:5c:05:74:21:bf:6d:
                    be:20:a7:96:b8:20:7a:cb:d3:6a:46:50:fe:d6:10:
                    39:ea:e5:44:19:d8:40:33:90:7e:04:f8:bb:97:ea:
                    b8:14:b2:51:0d:67:ff:b3:d4:b1:c5:af:7d:66:ee:
                    c5:75:25:2e:79:02:34:b6:37:dc:1e:fe:49:c5:6e:
                    d5:a4:7c:8a:5c:91:b5:d2:1c:5b:c5:47:16:2e:6a:
                    72:70:79:bf:3b:64:ef:57:f3:c6:48:7a:b5:b2:d7:
                    93:2b:e9:ab:58:d1:79:78:8a:f1:40:c8:81:15:7f:
                    b3:17:17:49:3d:b5:e5:4c:6c:e8:d9:db:69:2b:e1:
                    d4:77:4b:24:56:79:f7:98:be:01:31:e1:e0:a8:85:
                    a5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C7:2D:5C:68:F9:CE:80:6B:80:9C:56:69:66:FC:66:80:C4:F8:1B
            X509v3 Authority Key Identifier:
                keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/XMctXGj5zoBrgJxWaWb8ZoDE-Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.162.0/23
                  92.60.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:47:f8:51:93:19:b2:f7:26:80:2d:19:a3:f5:60:91:a7:a9:
         ab:b5:5a:40:7d:44:28:2e:c3:b4:37:fd:71:06:a2:0e:1f:7e:
         a7:e3:70:40:44:bc:b0:9e:00:81:5a:0d:7c:c3:5b:72:48:33:
         1e:f3:02:1d:08:13:48:25:52:cd:23:e3:94:ac:f5:76:92:8b:
         3f:72:41:39:30:8f:66:ef:88:01:0c:1e:50:76:89:ad:b7:21:
         fb:2a:78:06:47:03:0a:1e:7b:ae:35:4b:fc:db:42:c1:ac:04:
         5e:a0:e3:eb:e5:14:73:b7:ca:61:ad:8b:ea:26:35:dd:9c:da:
         1d:d2:72:7b:7b:7c:e8:ce:38:35:6c:22:2a:f5:01:8f:dc:2a:
         03:e1:3c:95:7a:87:36:eb:21:6f:bc:ed:2c:28:83:00:3a:4b:
         6a:2d:33:88:b0:00:b8:89:ca:86:18:77:19:6b:bf:f6:b5:86:
         f0:09:e9:16:47:c6:0e:1a:45:e1:f1:f0:51:5c:04:d8:d5:b0:
         dd:bf:b8:49:04:2b:be:2f:3d:e5:b0:f2:69:8a:53:bd:72:72:
         4d:dd:5a:a1:75:01:77:9d:e0:09:c3:a9:99:ba:6c:3a:69:fc:
         91:f5:8c:1e:3c:fd:68:3c:48:8a:ba:2e:93:26:be:15:24:66:
         2a:d4:94:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVy+mB7EVceauFtZHuVaEjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMTAyMTQ1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2M3MmQ1YzY4ZjljZTgwNmI4MDljNTY2OTY2ZmM2NjgwYzRmODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2Kn8pVUad6AZe+b1+nzqEPO2dWh
MRpjGm/nH4Cfuwr8S5gsTC92dUlE5jbkmZFUZkrI9gIreXjZO7sImBL501sv1hce
Bl//4yZpyqfT/eASQQT9G6io6tPBYGf4nd0S3JyidI2exiRns4zyo9g5GKhcBXQh
v22+IKeWuCB6y9NqRlD+1hA56uVEGdhAM5B+BPi7l+q4FLJRDWf/s9Sxxa99Zu7F
dSUueQI0tjfcHv5JxW7VpHyKXJG10hxbxUcWLmpycHm/O2TvV/PGSHq1steTK+mr
WNF5eIrxQMiBFX+zFxdJPbXlTGzo2dtpK+HUd0skVnn3mL4BMeHgqIWl+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFzHLVxo+c6Aa4CcVmlm/GaAxPgbMB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvWE1jdFhHajV6b0JyZ0p4V2FXYjhab0RFLUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXDyiAwQA
XDylMA0GCSqGSIb3DQEBCwUAA4IBAQABR/hRkxmy9yaALRmj9WCRp6mrtVpAfUQo
LsO0N/1xBqIOH36n43BARLywngCBWg18w1tySDMe8wIdCBNIJVLNI+OUrPV2kos/
ckE5MI9m74gBDB5QdomttyH7KngGRwMKHnuuNUv820LBrAReoOPr5RRzt8phrYvq
JjXdnNod0nJ7e3zozjg1bCIq9QGP3CoD4TyVeoc26yFvvO0sKIMAOktqLTOIsAC4
icqGGHcZa7/2tYbwCekWR8YOGkXh8fBRXATY1bDdv7hJBCu+Lz3lsPJpilO9cnJN
3VqhdQF3neAJw6mZumw6afyR9YwePP1oPEiKui6TJr4VJGYq1JTe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:51 2024 by rpki-client on console-fra.rpki-client.org