Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/fKN0DjOFCCuVfCUu49VTI7ooU3o.roa
File:                     fKN0DjOFCCuVfCUu49VTI7ooU3o.roa (raw, json)
Hash identifier:          4KXytf95VilzEFnTsEEDWWt7miJ7nwcTo+cpsSgJrr8=
Subject key identifier:   7C:A3:74:0E:33:85:08:2B:95:7C:25:2E:E3:D5:53:23:BA:28:53:7A
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018D55BBAE4E099D085571D0CA33F0235735
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/fKN0DjOFCCuVfCUu49VTI7ooU3o.roa
Signing time:             Mon 29 Jan 2024 14:59:39 +0000
ROA not before:           Mon 29 Jan 2024 14:59:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43668
IP address blocks:        94.131.221.0/24 maxlen: 24
                          185.248.168.0/23 maxlen: 23
                          185.248.170.0/23 maxlen: 23
                          185.255.236.0/24 maxlen: 24
                          185.255.237.0/24 maxlen: 24
                          185.255.238.0/24 maxlen: 24
                          185.255.239.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:bb:ae:4e:09:9d:08:55:71:d0:ca:33:f0:23:57:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jan 29 14:59:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ca3740e3385082b957c252ee3d55323ba28537a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:39:2b:4b:4a:fe:ad:48:bf:9a:61:bc:fd:aa:
                    ab:1f:2e:06:e8:51:b8:a5:67:02:ca:89:86:f3:76:
                    d6:2f:86:bb:d4:a7:93:bf:e2:48:42:cf:40:c6:86:
                    3e:c2:8c:b3:b5:88:fc:53:6c:ac:92:41:98:a4:d9:
                    7e:cd:58:07:e1:91:f9:90:8b:83:3f:dc:ea:38:2e:
                    f1:4b:8a:fb:22:30:69:38:93:38:bb:f1:ac:55:bf:
                    4d:fc:40:b4:da:55:12:a5:23:88:1a:c3:3a:32:cf:
                    4f:f4:f5:1d:6a:10:05:f0:8d:2f:71:26:e0:25:f5:
                    c0:5b:d0:0d:39:7b:a6:e0:0d:45:a8:fc:7a:e1:02:
                    fd:2d:52:ee:79:c4:b1:f7:7f:ee:2a:2c:dc:7a:53:
                    3f:db:d6:4a:53:01:37:46:49:4b:56:4a:29:97:3b:
                    c4:79:45:89:d9:2c:c6:b4:d3:f2:ee:78:2f:b9:8f:
                    90:ac:35:97:62:e4:dc:52:c2:4d:61:d8:d3:8a:39:
                    cf:47:bd:55:98:41:61:c5:56:b6:2a:dc:b7:ab:33:
                    0c:d6:56:f8:d6:4f:83:74:56:ab:ce:1c:ff:d9:da:
                    91:87:58:2c:5b:e7:a0:c1:96:f3:db:c3:c3:6f:25:
                    79:e4:d2:98:07:69:72:10:5e:78:41:5b:91:c9:25:
                    ef:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A3:74:0E:33:85:08:2B:95:7C:25:2E:E3:D5:53:23:BA:28:53:7A
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/fKN0DjOFCCuVfCUu49VTI7ooU3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.221.0/24
                  185.248.168.0/22
                  185.255.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:26:61:35:54:78:bc:fb:92:f3:8f:c9:e6:ff:39:95:36:e9:
         a6:ae:5f:de:d7:ea:12:81:e3:b3:77:69:40:b6:63:7a:ce:4d:
         16:fa:11:32:cf:79:bc:86:86:6d:7a:3a:34:60:46:6d:e2:ab:
         b6:1e:9b:f6:35:e5:be:25:17:a1:ae:00:a1:16:2c:ed:0e:2d:
         d2:37:92:c4:2b:1e:94:b6:20:ab:02:1e:70:c6:61:e4:49:99:
         2b:73:a4:7b:0e:d0:3b:57:c2:24:d7:a6:c0:90:9d:7e:16:14:
         c5:de:20:35:60:11:c5:d4:f2:d8:ea:d2:38:af:e5:bd:0c:99:
         05:ea:41:d2:08:78:6e:aa:27:e8:79:5d:43:b0:50:bd:55:96:
         f3:2a:52:08:b9:41:0c:02:4f:4a:a4:84:0e:61:63:ab:b3:65:
         ce:58:6a:b4:62:45:10:78:66:f8:ff:0f:a2:be:b5:bd:e9:ed:
         6c:ff:4b:d7:5d:d7:d3:3b:06:ca:01:3e:27:3f:ca:3f:85:6e:
         35:c7:94:b1:a7:19:c8:d0:09:bf:3b:2a:8b:93:8e:dc:3a:23:
         e5:eb:bd:cf:fc:2c:38:ea:ac:a1:c9:8d:48:32:ab:ac:a2:92:
         61:ae:77:87:99:e3:42:a9:45:77:05:c5:3f:c4:86:c3:6e:c6:
         ba:be:69:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1Vu65OCZ0IVXHQyjPwI1c1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwMTI5MTQ1OTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2EzNzQwZTMzODUwODJiOTU3YzI1MmVlM2Q1NTMyM2JhMjg1MzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTkrS0r+rUi/mmG8/aqrHy4G6FG4
pWcCyomG83bWL4a71KeTv+JIQs9AxoY+woyztYj8U2yskkGYpNl+zVgH4ZH5kIuD
P9zqOC7xS4r7IjBpOJM4u/GsVb9N/EC02lUSpSOIGsM6Ms9P9PUdahAF8I0vcSbg
JfXAW9ANOXum4A1FqPx64QL9LVLuecSx93/uKizcelM/29ZKUwE3RklLVkoplzvE
eUWJ2SzGtNPy7ngvuY+QrDWXYuTcUsJNYdjTijnPR71VmEFhxVa2Kty3qzMM1lb4
1k+DdFarzhz/2dqRh1gsW+egwZbz28PDbyV55NKYB2lyEF54QVuRySXv6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHyjdA4zhQgrlXwlLuPVUyO6KFN6MB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvZktOMERqT0ZDQ3VWZkNVdTQ5VlRJN29vVTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXoPdAwQC
ufioAwQCuf/sMA0GCSqGSIb3DQEBCwUAA4IBAQCDJmE1VHi8+5Lzj8nm/zmVNumm
rl/e1+oSgeOzd2lAtmN6zk0W+hEyz3m8hoZtejo0YEZt4qu2Hpv2NeW+JRehrgCh
FiztDi3SN5LEKx6UtiCrAh5wxmHkSZkrc6R7DtA7V8Ik16bAkJ1+FhTF3iA1YBHF
1PLY6tI4r+W9DJkF6kHSCHhuqifoeV1DsFC9VZbzKlIIuUEMAk9KpIQOYWOrs2XO
WGq0YkUQeGb4/w+ivrW96e1s/0vXXdfTOwbKAT4nP8o/hW41x5SxpxnI0Am/OyqL
k47cOiPl673P/Cw46qyhyY1IMqusopJhrneHmeNCqUV3BcU/xIbDbsa6vmnJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:29 2024 by rpki-client on console-ams.rpki-client.org