Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/WbqZJU5rNPqXY3ZetiwJ3MHyU-A.roa
File:                     WbqZJU5rNPqXY3ZetiwJ3MHyU-A.roa (raw, json)
Hash identifier:          ZWocvx/bs4yLvxiQLfDhhFF2riC+apb+V9YoZP7PVZg=
Subject key identifier:   59:BA:99:25:4E:6B:34:FA:97:63:76:5E:B6:2C:09:DC:C1:F2:53:E0
Certificate issuer:       /CN=bfabf5a474afe7212331670e831e119da38f284f
Certificate serial:       018CC79360575253BD9BBA193E9714300368
Authority key identifier: BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/WbqZJU5rNPqXY3ZetiwJ3MHyU-A.roa
Signing time:             Tue 02 Jan 2024 00:29:33 +0000
ROA not before:           Tue 02 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        185.40.216.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:60:57:52:53:bd:9b:ba:19:3e:97:14:30:03:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfabf5a474afe7212331670e831e119da38f284f
        Validity
            Not Before: Jan  2 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59ba99254e6b34fa9763765eb62c09dcc1f253e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fb:5d:e4:d5:33:bf:e6:60:7d:9f:05:e5:3e:
                    3b:79:ad:ad:3b:8b:5e:a8:2a:5f:12:9e:26:bb:c7:
                    50:2a:ad:a7:f5:78:36:c2:b6:80:4e:8a:31:15:b8:
                    12:a1:6b:25:5f:3b:18:c2:b7:2a:91:13:b5:c4:0b:
                    36:41:e9:89:04:6b:1d:94:66:48:a2:f4:c9:42:ef:
                    e9:9d:d6:c5:e1:e5:38:cf:7a:78:83:b4:ed:51:8b:
                    13:96:2d:30:86:64:0e:e2:b7:1b:b1:cb:8b:90:19:
                    86:ce:83:e4:58:2a:1c:81:98:a5:73:77:28:40:29:
                    2a:f8:dc:77:01:8c:7f:f1:6c:62:2f:e2:61:25:e8:
                    c9:d6:ca:85:6a:35:fd:84:ab:37:09:89:e7:85:f5:
                    74:f5:03:73:34:21:a9:36:6d:7e:12:a1:b4:a2:91:
                    a5:4a:24:b6:f9:c4:8a:be:f6:cc:f1:f9:c8:bf:ed:
                    5b:b7:86:cd:cf:a3:74:ac:c8:7b:ea:37:ef:4e:c7:
                    00:c6:78:1c:f1:7c:eb:9b:40:21:54:07:c5:88:a3:
                    ce:7e:6c:f5:46:45:e4:36:07:cc:a9:d4:41:a9:ce:
                    8e:c2:37:51:8e:c6:b1:43:f6:b0:b8:17:68:cf:e1:
                    ea:e8:fa:d2:46:bb:b5:02:9b:88:39:4a:32:6d:29:
                    eb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:BA:99:25:4E:6B:34:FA:97:63:76:5E:B6:2C:09:DC:C1:F2:53:E0
            X509v3 Authority Key Identifier:
                keyid:BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/WbqZJU5rNPqXY3ZetiwJ3MHyU-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/v6v1pHSv5yEjMWcOgx4RnaOPKE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:ef:64:a5:cf:44:fa:14:f7:5e:f1:74:03:b0:81:05:13:38:
         fa:b1:e1:c3:89:a5:d1:8c:4b:ab:de:f0:17:3f:48:bb:93:40:
         8c:c9:c2:f3:53:4f:ec:d9:bf:f9:62:3c:b9:90:c4:9b:0c:75:
         f0:80:3f:df:ba:a8:14:07:fc:04:49:46:31:80:6d:da:58:fc:
         cb:bf:ee:bb:1b:d5:e2:16:d3:27:ba:87:d8:ae:53:93:c8:a5:
         17:ca:37:16:23:09:8c:06:42:5c:a6:b2:4f:f5:0a:c7:ca:61:
         b3:1a:6a:d3:9a:a6:de:8b:ef:0b:5a:e2:2b:ff:df:6c:15:98:
         ed:72:c2:6d:49:1a:32:77:47:0c:95:08:26:6f:f7:f7:e7:e7:
         cc:35:cc:47:39:8b:e0:ad:c9:86:8c:c7:c7:3a:03:16:6e:17:
         18:51:39:7f:ae:ec:2b:4e:df:2b:a7:de:2a:1a:e4:dd:45:f1:
         06:50:34:48:6a:d4:dc:c6:2e:52:51:81:12:98:23:d4:d1:87:
         1d:05:b0:bb:94:c3:bd:5a:00:54:f8:4a:3f:64:11:14:3f:7a:
         44:d6:55:6f:fd:d6:87:00:2d:fd:3e:e0:42:92:54:a4:89:ae:
         d1:79:44:37:c9:b6:08:e3:c6:8f:a0:a8:d8:fd:f2:95:29:f2:
         06:04:da:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk2BXUlO9m7oZPpcUMANoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWJmNWE0NzRhZmU3MjEyMzMxNjcwZTgzMWUxMTlkYTM4
ZjI4NGYwHhcNMjQwMTAyMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWJhOTkyNTRlNmIzNGZhOTc2Mzc2NWViNjJjMDlkY2MxZjI1M2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovtd5NUzv+ZgfZ8F5T47ea2tO4te
qCpfEp4mu8dQKq2n9Xg2wraATooxFbgSoWslXzsYwrcqkRO1xAs2QemJBGsdlGZI
ovTJQu/pndbF4eU4z3p4g7TtUYsTli0whmQO4rcbscuLkBmGzoPkWCocgZilc3co
QCkq+Nx3AYx/8WxiL+JhJejJ1sqFajX9hKs3CYnnhfV09QNzNCGpNm1+EqG0opGl
SiS2+cSKvvbM8fnIv+1bt4bNz6N0rMh76jfvTscAxngc8Xzrm0AhVAfFiKPOfmz1
RkXkNgfMqdRBqc6OwjdRjsaxQ/awuBdoz+Hq6PrSRru1ApuIOUoybSnrBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFm6mSVOazT6l2N2XrYsCdzB8lPgMB8GA1UdIwQY
MBaAFL+r9aR0r+chIzFnDoMeEZ2jjyhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjZ2MXBIU3Y1eUVqTVdjT2d4NFJuYU9QS0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8wMTg4ZGEtMzY1NS00ODJkLTg4MWIt
ZmViYmM0YTNiNDViLzEvV2JxWkpVNXJOUHFYWTNaZXRpd0ozTUh5VS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8wMTg4ZGEtMzY1NS00ODJkLTg4MWItZmViYmM0YTNiNDVi
LzEvdjZ2MXBIU3Y1eUVqTVdjT2d4NFJuYU9QS0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSjYMA0G
CSqGSIb3DQEBCwUAA4IBAQCA72Slz0T6FPde8XQDsIEFEzj6seHDiaXRjEur3vAX
P0i7k0CMycLzU0/s2b/5Yjy5kMSbDHXwgD/fuqgUB/wESUYxgG3aWPzLv+67G9Xi
FtMnuofYrlOTyKUXyjcWIwmMBkJcprJP9QrHymGzGmrTmqbei+8LWuIr/99sFZjt
csJtSRoyd0cMlQgmb/f35+fMNcxHOYvgrcmGjMfHOgMWbhcYUTl/ruwrTt8rp94q
GuTdRfEGUDRIatTcxi5SUYESmCPU0YcdBbC7lMO9WgBU+Eo/ZBEUP3pE1lVv/daH
AC39PuBCklSkia7ReUQ3ybYI48aPoKjY/fKVKfIGBNpa
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:02 2024 by rpki-client on console-ams.rpki-client.org