Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/F9ykdncbOLT82tkSHYLvCBYBhQs.roa
File:                     F9ykdncbOLT82tkSHYLvCBYBhQs.roa (raw, json)
Hash identifier:          4c79WXKPt7Mh/8za7FyEl6auXoKolUdE85BMcdWgRgw=
Subject key identifier:   17:DC:A4:76:77:1B:38:B4:FC:DA:D9:12:1D:82:EF:08:16:01:85:0B
Certificate issuer:       /CN=bfabf5a474afe7212331670e831e119da38f284f
Certificate serial:       018BB9BA9F3054951EF089928CE25CD17E86
Authority key identifier: BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/F9ykdncbOLT82tkSHYLvCBYBhQs.roa
Signing time:             Fri 10 Nov 2023 14:54:57 +0000
ROA not before:           Fri 10 Nov 2023 14:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15600
IP address blocks:        185.40.216.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b9:ba:9f:30:54:95:1e:f0:89:92:8c:e2:5c:d1:7e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfabf5a474afe7212331670e831e119da38f284f
        Validity
            Not Before: Nov 10 14:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17dca476771b38b4fcdad9121d82ef081601850b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a7:35:33:2f:53:d4:e1:aa:7a:8e:da:2b:5e:
                    00:bf:9a:74:b0:d6:6e:17:c0:ae:1b:42:57:eb:b0:
                    7c:8d:bf:83:e4:1c:b0:30:18:3b:7d:02:9d:45:97:
                    38:7e:54:c7:3a:08:ca:58:5b:d5:ff:f6:b8:1b:3d:
                    b6:1a:f2:cc:27:f7:37:69:41:e8:66:92:46:18:ec:
                    7a:21:f2:b8:19:0f:dc:34:05:29:7b:24:e9:2d:84:
                    ef:a4:51:77:86:75:61:99:17:a9:8d:e4:8c:b0:19:
                    1d:b3:e4:03:21:ed:40:19:1c:f9:03:25:d8:ec:39:
                    42:bd:a7:7b:8f:52:79:0c:6b:d1:d6:99:fb:e2:b2:
                    2c:75:3f:47:52:05:23:9b:8b:4c:33:6e:38:aa:23:
                    28:59:a0:35:4b:bb:fa:f5:95:f5:83:1a:d4:31:e9:
                    96:b3:dc:3d:80:13:ab:c3:3f:20:df:2c:d9:4b:bd:
                    6a:29:ea:e8:3f:24:97:b2:f5:6e:0a:f4:16:11:dd:
                    5a:c7:f6:33:0b:6f:a4:58:38:68:45:ba:92:55:d8:
                    64:31:cb:1e:37:1d:63:12:4f:99:89:99:55:38:af:
                    0e:48:66:52:f0:de:8b:e6:7f:ad:72:88:fd:5c:0a:
                    fa:14:a4:7e:67:b5:4b:87:5a:03:be:c8:e9:d8:c4:
                    12:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:DC:A4:76:77:1B:38:B4:FC:DA:D9:12:1D:82:EF:08:16:01:85:0B
            X509v3 Authority Key Identifier:
                keyid:BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/F9ykdncbOLT82tkSHYLvCBYBhQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/v6v1pHSv5yEjMWcOgx4RnaOPKE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:6d:df:ea:9c:47:74:55:cc:b6:33:6d:76:27:1d:12:fe:07:
         4f:f6:61:06:3f:97:90:4e:f6:5e:67:5f:03:aa:ad:42:a5:75:
         c3:27:85:1c:7d:f8:8b:1a:9e:6f:4d:fe:b9:50:4d:5d:d2:59:
         89:ce:85:cf:10:c0:74:5e:b5:aa:7f:bf:6a:5d:03:e1:0b:1c:
         74:0c:b4:9d:9d:c8:84:1a:f3:82:cb:83:27:f8:61:75:18:8e:
         de:37:2c:b7:6a:92:ac:2d:b4:1f:c9:89:73:0d:ef:b8:35:1e:
         8c:78:93:43:6e:38:56:b7:ce:32:99:75:f0:82:cb:69:c5:2e:
         7d:3b:39:16:29:fb:07:dd:74:8b:41:f1:ab:28:2e:60:ee:ea:
         9f:38:6d:0c:69:3e:a0:4d:1f:88:9c:d4:2d:0a:64:cd:d1:71:
         e0:39:91:3c:cc:52:29:42:4f:85:43:94:ee:7c:72:cf:e0:7b:
         ee:36:8d:e5:3b:45:e1:70:c2:41:e9:ec:4c:bd:3f:81:61:62:
         3e:e0:b8:5c:7a:e2:dc:3a:76:6d:81:8a:25:fa:8a:65:88:55:
         4e:de:ad:c3:29:16:73:43:cc:e0:ab:56:33:6c:f4:0d:c7:b8:
         4b:fb:b3:d4:b0:7f:89:49:12:4d:0f:40:ea:73:5f:78:e2:9f:
         33:25:81:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYu5up8wVJUe8ImSjOJc0X6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWJmNWE0NzRhZmU3MjEyMzMxNjcwZTgzMWUxMTlkYTM4
ZjI4NGYwHhcNMjMxMTEwMTQ1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2RjYTQ3Njc3MWIzOGI0ZmNkYWQ5MTIxZDgyZWYwODE2MDE4NTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkac1My9T1OGqeo7aK14Av5p0sNZu
F8CuG0JX67B8jb+D5BywMBg7fQKdRZc4flTHOgjKWFvV//a4Gz22GvLMJ/c3aUHo
ZpJGGOx6IfK4GQ/cNAUpeyTpLYTvpFF3hnVhmRepjeSMsBkds+QDIe1AGRz5AyXY
7DlCvad7j1J5DGvR1pn74rIsdT9HUgUjm4tMM244qiMoWaA1S7v69ZX1gxrUMemW
s9w9gBOrwz8g3yzZS71qKeroPySXsvVuCvQWEd1ax/YzC2+kWDhoRbqSVdhkMcse
Nx1jEk+ZiZlVOK8OSGZS8N6L5n+tcoj9XAr6FKR+Z7VLh1oDvsjp2MQSSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfcpHZ3Gzi0/NrZEh2C7wgWAYULMB8GA1UdIwQY
MBaAFL+r9aR0r+chIzFnDoMeEZ2jjyhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjZ2MXBIU3Y1eUVqTVdjT2d4NFJuYU9QS0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8wMTg4ZGEtMzY1NS00ODJkLTg4MWIt
ZmViYmM0YTNiNDViLzEvRjl5a2RuY2JPTFQ4MnRrU0hZTHZDQllCaFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8wMTg4ZGEtMzY1NS00ODJkLTg4MWItZmViYmM0YTNiNDVi
LzEvdjZ2MXBIU3Y1eUVqTVdjT2d4NFJuYU9QS0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSjYMA0G
CSqGSIb3DQEBCwUAA4IBAQBebd/qnEd0Vcy2M212Jx0S/gdP9mEGP5eQTvZeZ18D
qq1CpXXDJ4UcffiLGp5vTf65UE1d0lmJzoXPEMB0XrWqf79qXQPhCxx0DLSdnciE
GvOCy4Mn+GF1GI7eNyy3apKsLbQfyYlzDe+4NR6MeJNDbjhWt84ymXXwgstpxS59
OzkWKfsH3XSLQfGrKC5g7uqfOG0MaT6gTR+InNQtCmTN0XHgOZE8zFIpQk+FQ5Tu
fHLP4HvuNo3lO0XhcMJB6exMvT+BYWI+4LhceuLcOnZtgYol+opliFVO3q3DKRZz
Q8zgq1YzbPQNx7hL+7PUsH+JSRJND0Dqc1944p8zJYGK
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:02 2024 by rpki-client on console-ams.rpki-client.org