Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/TT1SezRjP9dQWtThXu4X_vuIAJs.roa
File:                     TT1SezRjP9dQWtThXu4X_vuIAJs.roa (raw, json)
Hash identifier:          LL0r42YKOaDd/zrgNPomSdx35GE8LDrFnxylkL4EoOs=
Subject key identifier:   4D:3D:52:7B:34:63:3F:D7:50:5A:D4:E1:5E:EE:17:FE:FB:88:00:9B
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0187F58FA8E16787C2FBA311C89909CB0903
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/TT1SezRjP9dQWtThXu4X_vuIAJs.roa
Signing time:             Sun 07 May 2023 09:34:05 +0000
ROA not before:           Sun 07 May 2023 09:34:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20853
IP address blocks:        193.200.161.0/24 maxlen: 24
                          195.210.9.0/24 maxlen: 24
                          193.93.61.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f5:8f:a8:e1:67:87:c2:fb:a3:11:c8:99:09:cb:09:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: May  7 09:34:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4d3d527b34633fd7505ad4e15eee17fefb88009b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:2f:5e:fc:92:98:d1:28:ac:3f:09:7e:e3:c4:
                    9d:88:94:e7:a1:1e:d7:55:e4:c5:61:1d:74:d7:02:
                    cc:ae:0d:de:fe:b1:a5:be:bc:29:40:39:f1:a1:9a:
                    99:c6:1d:17:bb:32:ae:87:83:32:7f:48:d5:05:00:
                    45:eb:ce:5c:e1:e0:1a:c4:5c:22:bf:18:71:70:8a:
                    f5:16:d5:16:bc:ab:3c:61:d4:4d:81:98:bb:ab:7a:
                    17:71:40:96:80:67:f2:b3:55:e2:7f:0a:6e:fa:9c:
                    31:3f:da:ee:26:4d:5d:60:97:ff:d2:5f:8f:f0:58:
                    64:10:4d:7c:6d:60:7c:db:82:a2:d0:0d:77:f2:61:
                    a3:7e:32:40:f0:e1:c9:90:67:ea:d7:11:41:72:fb:
                    2c:00:cb:73:b2:30:42:85:8a:00:9f:99:c4:eb:5b:
                    7b:e6:3f:79:d9:f4:c6:46:91:17:2b:66:bd:2d:9d:
                    23:6f:fb:62:f0:69:42:db:9d:a2:c0:92:59:39:5b:
                    f5:06:38:89:d4:94:a6:dd:7c:8b:82:c2:24:ff:93:
                    64:a9:db:05:55:77:64:c8:76:9b:fa:55:1e:14:76:
                    15:8f:c5:6a:b9:f9:ce:1b:f4:8c:27:4d:ec:09:bd:
                    9b:ec:cf:c8:0c:1a:e1:8b:72:77:0a:b3:70:78:43:
                    94:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:3D:52:7B:34:63:3F:D7:50:5A:D4:E1:5E:EE:17:FE:FB:88:00:9B
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/TT1SezRjP9dQWtThXu4X_vuIAJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.61.0/24
                  193.200.161.0/24
                  195.210.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:78:45:7e:69:7e:f0:c9:1d:ff:26:95:de:f2:da:12:b1:f7:
         a4:89:e3:4f:ab:c2:af:21:6a:9f:ac:62:1f:fb:bb:06:62:d1:
         5e:22:fb:bf:cb:04:68:04:da:19:44:bb:22:78:f8:61:56:7f:
         3b:b0:d8:14:84:0e:86:7c:b9:5a:c4:5d:44:1e:04:28:c2:92:
         be:e7:56:0e:60:30:f6:cd:62:87:f8:73:27:30:0b:85:c8:2b:
         26:85:fb:f9:70:ae:ed:83:60:1f:25:48:39:32:95:cb:09:ed:
         09:f0:4e:a6:dc:af:4c:b9:df:36:7c:d1:74:5e:71:13:3a:29:
         32:7c:cf:63:e3:a4:5a:7b:fd:e0:d2:84:d7:c7:f6:b5:37:fa:
         9e:2e:10:70:f5:0d:f6:b2:32:99:1b:89:45:55:e4:74:32:e2:
         0e:3f:d9:4e:3c:82:8f:b6:84:6b:73:c3:d3:d8:e3:a0:75:50:
         a3:c6:b9:53:5c:40:36:03:9b:17:ed:66:11:1c:cf:62:5c:e4:
         88:17:26:1d:84:cf:c1:11:1d:4a:49:a1:e5:87:98:03:59:ef:
         e6:d1:24:f8:a8:94:9b:1e:ff:7f:1e:51:5d:d9:e9:1c:4f:ba:
         ea:f6:7f:50:b0:c7:1e:c7:e2:8d:82:c6:bd:e4:89:0d:22:fe:
         a9:75:ac:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYf1j6jhZ4fC+6MRyJkJywkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMwNTA3MDkzNDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDNkNTI3YjM0NjMzZmQ3NTA1YWQ0ZTE1ZWVlMTdmZWZiODgwMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAii9e/JKY0SisPwl+48SdiJTnoR7X
VeTFYR101wLMrg3e/rGlvrwpQDnxoZqZxh0XuzKuh4Myf0jVBQBF685c4eAaxFwi
vxhxcIr1FtUWvKs8YdRNgZi7q3oXcUCWgGfys1Xifwpu+pwxP9ruJk1dYJf/0l+P
8FhkEE18bWB824Ki0A138mGjfjJA8OHJkGfq1xFBcvssAMtzsjBChYoAn5nE61t7
5j952fTGRpEXK2a9LZ0jb/ti8GlC252iwJJZOVv1BjiJ1JSm3XyLgsIk/5NkqdsF
VXdkyHab+lUeFHYVj8VqufnOG/SMJ03sCb2b7M/IDBrhi3J3CrNweEOU7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE09Uns0Yz/XUFrU4V7uF/77iACbMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvVFQxU2V6UmpQOWRRV3RUaFh1NFhfdnVJQUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwV09AwQA
wcihAwQAw9IJMA0GCSqGSIb3DQEBCwUAA4IBAQBBeEV+aX7wyR3/JpXe8toSsfek
ieNPq8KvIWqfrGIf+7sGYtFeIvu/ywRoBNoZRLsiePhhVn87sNgUhA6GfLlaxF1E
HgQowpK+51YOYDD2zWKH+HMnMAuFyCsmhfv5cK7tg2AfJUg5MpXLCe0J8E6m3K9M
ud82fNF0XnETOikyfM9j46Rae/3g0oTXx/a1N/qeLhBw9Q32sjKZG4lFVeR0MuIO
P9lOPIKPtoRrc8PT2OOgdVCjxrlTXEA2A5sX7WYRHM9iXOSIFyYdhM/BER1KSaHl
h5gDWe/m0ST4qJSbHv9/HlFd2ekcT7rq9n9QsMcex+KNgsa95IkNIv6pdawb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org