Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/b49562-f157-4382-998e-8f934e71767c/1/DnOc8zdlv9qff2AeiVcC1o_Ppoo.roa
File:                     DnOc8zdlv9qff2AeiVcC1o_Ppoo.roa (raw, json)
Hash identifier:          HnRLcGS2wDUVsyfxeMFudMoJj4dTeN6fAExQN2wOhr0=
Subject key identifier:   0E:73:9C:F3:37:65:BF:DA:9F:7F:60:1E:89:57:02:D6:8F:CF:A6:8A
Certificate issuer:       /CN=46947c5c3d4c2fc4c4a4a7428b622a7fef392e29
Certificate serial:       01889096F415AE7BF521329C510A2A84700F
Authority key identifier: 46:94:7C:5C:3D:4C:2F:C4:C4:A4:A7:42:8B:62:2A:7F:EF:39:2E:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RpR8XD1ML8TEpKdCi2Iqf-85Lik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/b49562-f157-4382-998e-8f934e71767c/1/DnOc8zdlv9qff2AeiVcC1o_Ppoo.roa
Signing time:             Tue 06 Jun 2023 12:03:11 +0000
ROA not before:           Tue 06 Jun 2023 12:03:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205499
IP address blocks:        185.135.116.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:90:96:f4:15:ae:7b:f5:21:32:9c:51:0a:2a:84:70:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46947c5c3d4c2fc4c4a4a7428b622a7fef392e29
        Validity
            Not Before: Jun  6 12:03:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0e739cf33765bfda9f7f601e895702d68fcfa68a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:de:04:f8:66:32:6e:a5:51:70:5c:a8:a9:02:
                    64:16:94:f0:04:12:23:cc:e0:c4:2d:52:0a:3c:17:
                    ce:4a:d0:b7:92:a6:23:f5:06:e5:78:86:16:90:bd:
                    ff:0c:b1:70:cd:90:5c:1a:07:9a:88:d4:2c:d3:68:
                    77:67:8d:f3:b9:84:51:ce:d3:c0:61:11:99:13:72:
                    4a:a8:c7:37:91:5f:08:69:7d:ca:6e:13:f3:e3:e4:
                    6e:30:e0:f7:dd:7b:eb:9d:a6:6e:8f:2f:f8:7b:cf:
                    d4:13:b8:06:19:1e:6e:c6:62:be:8a:ef:df:72:c6:
                    d0:9f:f0:80:ce:f9:f7:0c:16:83:39:26:43:6a:34:
                    04:92:99:e4:70:3d:3f:cb:e9:7f:12:2f:9b:4d:1f:
                    b8:e5:81:eb:d1:ad:8a:86:b0:eb:d8:88:12:47:8b:
                    08:7a:9b:80:df:cf:d0:97:57:71:dc:e1:d3:a3:1d:
                    bd:f0:77:cc:7c:f1:ea:c3:b9:a3:7c:23:f2:f5:a7:
                    0b:23:19:cb:0d:e0:7e:86:eb:44:07:d7:b6:c8:0b:
                    ac:90:0a:83:85:e2:91:98:c3:45:6b:be:b8:2c:a6:
                    82:60:69:61:c5:55:a9:aa:a2:6b:e4:f3:28:04:92:
                    e0:06:9f:01:84:a2:27:0e:a5:7e:7a:5a:3d:0e:a9:
                    57:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:73:9C:F3:37:65:BF:DA:9F:7F:60:1E:89:57:02:D6:8F:CF:A6:8A
            X509v3 Authority Key Identifier:
                keyid:46:94:7C:5C:3D:4C:2F:C4:C4:A4:A7:42:8B:62:2A:7F:EF:39:2E:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RpR8XD1ML8TEpKdCi2Iqf-85Lik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b49562-f157-4382-998e-8f934e71767c/1/DnOc8zdlv9qff2AeiVcC1o_Ppoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b49562-f157-4382-998e-8f934e71767c/1/RpR8XD1ML8TEpKdCi2Iqf-85Lik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:1e:c3:d0:b0:42:2b:c1:15:24:5d:c2:36:a0:50:75:7b:7a:
         6a:c3:5c:d6:96:aa:e3:f7:0c:ca:b3:2c:da:8e:5a:fa:e9:dc:
         ea:3a:49:7e:17:82:ab:99:ac:ee:2c:25:10:5c:69:fc:4e:52:
         dd:30:06:f9:e5:fa:09:fe:91:94:f2:03:6c:fd:46:31:33:29:
         0a:bf:f6:26:e5:ec:68:92:36:12:d7:f1:d5:47:6e:b9:b1:42:
         9a:d1:8d:1e:1f:11:e6:d1:96:02:3e:d4:7c:0d:ae:27:ed:90:
         38:8e:78:c8:e5:b1:97:94:72:c6:dc:9e:2f:0c:35:56:ac:42:
         d3:8a:2a:63:53:92:b0:ad:30:d2:df:24:6f:6d:1b:66:4c:69:
         87:63:80:87:d6:2e:60:82:9a:1c:a6:50:f0:65:69:94:3d:9c:
         08:11:07:51:e3:bc:ac:f6:bb:51:a6:52:60:d1:bc:96:a6:05:
         38:1b:d9:9a:87:b7:93:0c:b0:f7:c9:30:d9:67:c9:c9:a5:7c:
         c8:48:e9:35:0f:23:99:a5:83:8d:df:6d:45:29:01:68:eb:90:
         0c:73:f6:9a:a2:78:e3:f8:4b:d7:15:e6:f6:e2:be:71:58:19:
         53:91:ad:95:d0:9f:0c:fc:e7:bb:d5:f7:d2:48:c3:52:9e:94:
         ca:1c:9e:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYiQlvQVrnv1ITKcUQoqhHAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OTQ3YzVjM2Q0YzJmYzRjNGE0YTc0MjhiNjIyYTdmZWYz
OTJlMjkwHhcNMjMwNjA2MTIwMzExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTczOWNmMzM3NjViZmRhOWY3ZjYwMWU4OTU3MDJkNjhmY2ZhNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxt4E+GYybqVRcFyoqQJkFpTwBBIj
zODELVIKPBfOStC3kqYj9QbleIYWkL3/DLFwzZBcGgeaiNQs02h3Z43zuYRRztPA
YRGZE3JKqMc3kV8IaX3KbhPz4+RuMOD33XvrnaZujy/4e8/UE7gGGR5uxmK+iu/f
csbQn/CAzvn3DBaDOSZDajQEkpnkcD0/y+l/Ei+bTR+45YHr0a2KhrDr2IgSR4sI
epuA38/Ql1dx3OHTox298HfMfPHqw7mjfCPy9acLIxnLDeB+hutEB9e2yAuskAqD
heKRmMNFa764LKaCYGlhxVWpqqJr5PMoBJLgBp8BhKInDqV+elo9DqlXMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5znPM3Zb/an39gHolXAtaPz6aKMB8GA1UdIwQY
MBaAFEaUfFw9TC/ExKSnQotiKn/vOS4pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnBSOFhEMU1MOFRFcEtkQ2kySXFmLTg1TGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iNDk1NjItZjE1Ny00MzgyLTk5OGUt
OGY5MzRlNzE3NjdjLzEvRG5PYzh6ZGx2OXFmZjJBZWlWY0Mxb19QcG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iNDk1NjItZjE1Ny00MzgyLTk5OGUtOGY5MzRlNzE3Njdj
LzEvUnBSOFhEMU1MOFRFcEtkQ2kySXFmLTg1TGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYd0MA0G
CSqGSIb3DQEBCwUAA4IBAQANHsPQsEIrwRUkXcI2oFB1e3pqw1zWlqrj9wzKsyza
jlr66dzqOkl+F4KrmazuLCUQXGn8TlLdMAb55foJ/pGU8gNs/UYxMykKv/Ym5exo
kjYS1/HVR265sUKa0Y0eHxHm0ZYCPtR8Da4n7ZA4jnjI5bGXlHLG3J4vDDVWrELT
iipjU5KwrTDS3yRvbRtmTGmHY4CH1i5ggpocplDwZWmUPZwIEQdR47ys9rtRplJg
0byWpgU4G9mah7eTDLD3yTDZZ8nJpXzISOk1DyOZpYON321FKQFo65AMc/aaonjj
+EvXFeb24r5xWBlTka2V0J8M/Oe71ffSSMNSnpTKHJ7k
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:00 2024 by rpki-client on console-fra.rpki-client.org