Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/phizPU9EihakRpUVnXhgDEi6KV0.roa
File:                     phizPU9EihakRpUVnXhgDEi6KV0.roa (raw, json)
Hash identifier:          oG8qXhfA4IqHcct2UQKACwKEHPQ0FS11GA7gVDEOSLE=
Subject key identifier:   A6:18:B3:3D:4F:44:8A:16:A4:46:95:15:9D:78:60:0C:48:BA:29:5D
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       01856DC19988C60E702B01A168ADF5BAB5AA
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/phizPU9EihakRpUVnXhgDEi6KV0.roa
Signing time:             Sun 01 Jan 2023 14:34:42 +0000
ROA not before:           Sun 01 Jan 2023 14:34:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16262
IP address blocks:        194.150.178.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:c1:99:88:c6:0e:70:2b:01:a1:68:ad:f5:ba:b5:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 14:34:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a618b33d4f448a16a44695159d78600c48ba295d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b8:f8:7d:60:8e:8f:f8:6f:d5:fd:14:e9:e8:
                    23:cd:f3:b8:9c:fa:d8:87:b5:a2:1f:9b:ac:72:aa:
                    b8:b5:54:13:2a:c7:c5:da:c8:04:d2:36:c3:16:8c:
                    a9:c6:04:c9:fc:df:e9:d6:37:59:7e:cb:77:c0:74:
                    0d:f3:4e:9e:bf:ea:47:21:7c:8e:4d:a2:8c:bd:17:
                    48:58:31:5c:a3:cf:e7:ce:79:85:2b:f5:b9:53:6d:
                    0c:29:2e:61:19:0d:b8:f5:c2:11:ae:8b:f5:c5:ec:
                    98:f3:6f:b7:ae:0f:1d:e6:c7:7b:fb:f0:bf:a0:32:
                    2d:c1:91:2c:68:26:43:0e:49:32:7a:23:88:1b:89:
                    92:60:f8:75:f0:94:32:8f:72:c5:06:3e:eb:0f:80:
                    02:4f:4e:2a:ea:3d:d0:3d:7f:6c:f2:57:e5:fb:29:
                    77:48:64:78:e0:b1:a7:45:94:e0:18:73:90:2d:c1:
                    4e:28:60:1f:52:e7:64:90:45:1e:23:19:d2:a1:57:
                    b1:ba:8f:74:6e:57:25:75:ce:ba:9e:9d:cf:46:bf:
                    db:17:09:d0:cc:1f:93:c0:5a:b6:dd:1b:b2:11:11:
                    89:fa:7d:1f:43:35:7a:d5:e9:43:f3:40:c1:c8:ae:
                    ee:c6:27:fa:df:49:36:50:01:94:d2:f9:3b:a5:1e:
                    a6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:18:B3:3D:4F:44:8A:16:A4:46:95:15:9D:78:60:0C:48:BA:29:5D
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/phizPU9EihakRpUVnXhgDEi6KV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:29:e5:6f:d7:5b:28:e6:8d:aa:58:aa:33:07:b4:a9:16:9a:
         93:eb:de:f5:d4:d9:15:01:c7:f4:68:1d:41:08:da:aa:43:6d:
         f5:4b:ac:5a:b0:b5:d3:0a:6e:4a:df:04:8c:27:72:ac:81:44:
         03:b0:eb:ac:30:c1:c9:a2:13:3e:23:b8:d3:78:47:05:65:bc:
         46:72:ee:b4:bf:65:7e:25:56:22:e4:65:cc:57:d5:50:a4:54:
         35:9b:7c:06:87:7e:05:1b:40:bf:2d:e8:e4:3c:3b:03:15:fc:
         51:8b:32:5f:b7:2f:ab:48:af:c7:08:1d:4b:07:bf:72:a3:49:
         c1:cc:f6:d7:82:df:fe:28:af:6c:51:53:02:b5:d2:02:ee:99:
         5f:52:70:4d:e1:75:2a:d3:64:dd:53:2d:29:81:44:c2:c2:a2:
         63:27:1c:e9:66:7b:76:1c:5a:4a:f3:29:eb:20:a6:f0:ae:4e:
         c4:40:53:62:c8:a8:ea:84:79:79:1b:cf:6d:3e:57:46:40:b5:
         ba:26:1a:7d:c1:2f:e5:d0:d8:88:5e:6c:76:a9:80:07:65:e6:
         45:42:9c:8d:be:cc:ac:b8:27:a8:da:72:fc:be:5b:d8:4b:e9:
         80:0c:1d:bd:5c:01:94:95:5b:86:7f:be:b0:68:09:01:c7:47:
         e5:fd:d4:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtwZmIxg5wKwGhaK31urWqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMwMTAxMTQzNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjE4YjMzZDRmNDQ4YTE2YTQ0Njk1MTU5ZDc4NjAwYzQ4YmEyOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLj4fWCOj/hv1f0U6egjzfO4nPrY
h7WiH5uscqq4tVQTKsfF2sgE0jbDFoypxgTJ/N/p1jdZfst3wHQN806ev+pHIXyO
TaKMvRdIWDFco8/nznmFK/W5U20MKS5hGQ249cIRrov1xeyY82+3rg8d5sd7+/C/
oDItwZEsaCZDDkkyeiOIG4mSYPh18JQyj3LFBj7rD4ACT04q6j3QPX9s8lfl+yl3
SGR44LGnRZTgGHOQLcFOKGAfUudkkEUeIxnSoVexuo90blcldc66np3PRr/bFwnQ
zB+TwFq23RuyERGJ+n0fQzV61elD80DByK7uxif630k2UAGU0vk7pR6m5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYYsz1PRIoWpEaVFZ14YAxIuildMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvcGhpelBVOUVpaGFrUnBVVm5YaGdERWk2S1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpayMA0G
CSqGSIb3DQEBCwUAA4IBAQAdKeVv11so5o2qWKozB7SpFpqT69711NkVAcf0aB1B
CNqqQ231S6xasLXTCm5K3wSMJ3KsgUQDsOusMMHJohM+I7jTeEcFZbxGcu60v2V+
JVYi5GXMV9VQpFQ1m3wGh34FG0C/LejkPDsDFfxRizJfty+rSK/HCB1LB79yo0nB
zPbXgt/+KK9sUVMCtdIC7plfUnBN4XUq02TdUy0pgUTCwqJjJxzpZnt2HFpK8ynr
IKbwrk7EQFNiyKjqhHl5G89tPldGQLW6Jhp9wS/l0NiIXmx2qYAHZeZFQpyNvsys
uCeo2nL8vlvYS+mADB29XAGUlVuGf76waAkBx0fl/dSr
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:52 2024 by rpki-client on console-ams.rpki-client.org