Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/twSVXVFNsmgBQIfVxgVroGJoRQ4.roa
File:                     twSVXVFNsmgBQIfVxgVroGJoRQ4.roa (raw, json)
Hash identifier:          K738baI8Pw9uc3Xa3U/+u/U5dC1uBPDS1xQqxbhf3U8=
Subject key identifier:   B7:04:95:5D:51:4D:B2:68:01:40:87:D5:C6:05:6B:A0:62:68:45:0E
Certificate issuer:       /CN=3601c3cce6a71cab21a4bbadf0ab84dde3f2bab2
Certificate serial:       01856C53C1FAE438E0CC8CAC6B56E1EBFDB8
Authority key identifier: 36:01:C3:CC:E6:A7:1C:AB:21:A4:BB:AD:F0:AB:84:DD:E3:F2:BA:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NgHDzOanHKshpLut8KuE3ePyurI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/twSVXVFNsmgBQIfVxgVroGJoRQ4.roa
Signing time:             Sun 01 Jan 2023 07:55:06 +0000
ROA not before:           Sun 01 Jan 2023 07:55:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52143
IP address blocks:        188.94.0.0/21 maxlen: 24
                          188.94.5.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:c1:fa:e4:38:e0:cc:8c:ac:6b:56:e1:eb:fd:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3601c3cce6a71cab21a4bbadf0ab84dde3f2bab2
        Validity
            Not Before: Jan  1 07:55:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b704955d514db268014087d5c6056ba06268450e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7d:c3:30:07:29:30:2b:2e:40:35:5a:61:2c:
                    1a:87:6f:45:fa:93:e1:9e:54:05:31:cf:e1:d6:ad:
                    69:ae:e7:90:c8:c1:90:c9:1b:69:18:8f:09:a2:0f:
                    71:ab:48:9f:a5:92:00:cf:30:cf:8a:d6:4d:f3:5c:
                    86:8d:f6:57:ec:7f:01:63:0c:ee:57:01:73:9c:2b:
                    05:39:75:4c:02:01:e1:da:dd:5c:c1:1d:82:a3:e8:
                    be:99:fa:64:90:b3:27:0f:fc:8e:dc:f1:7c:67:db:
                    7a:56:be:c0:d8:90:8a:2e:c8:6d:7a:c8:4c:e1:e7:
                    b2:4b:00:79:aa:81:e2:dc:1f:af:35:e5:d3:1b:ad:
                    b9:28:e5:70:3d:0c:d5:cb:f8:2b:e0:ff:00:33:70:
                    53:a7:c0:26:60:47:94:88:14:d9:fd:40:05:1d:1f:
                    40:43:62:cd:36:51:0c:1b:05:da:46:7b:a7:39:40:
                    d1:d9:2b:87:c4:72:de:2a:6b:f1:f4:9f:25:99:36:
                    af:7d:4e:0f:be:6c:c4:65:d2:6f:a4:db:b7:6d:84:
                    7f:0a:71:41:26:34:31:89:5c:d2:33:5d:2e:48:7f:
                    63:80:d2:1b:43:f6:83:56:d3:73:0a:fa:cf:26:b4:
                    be:f4:57:f7:49:86:75:a9:44:98:1a:9f:97:71:de:
                    8c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:04:95:5D:51:4D:B2:68:01:40:87:D5:C6:05:6B:A0:62:68:45:0E
            X509v3 Authority Key Identifier:
                keyid:36:01:C3:CC:E6:A7:1C:AB:21:A4:BB:AD:F0:AB:84:DD:E3:F2:BA:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NgHDzOanHKshpLut8KuE3ePyurI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/twSVXVFNsmgBQIfVxgVroGJoRQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0f0a01-0cc4-4efc-9dd5-801ef38dea9c/1/NgHDzOanHKshpLut8KuE3ePyurI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.94.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         18:23:b7:33:da:e3:f6:33:d5:ee:15:41:f0:dc:e0:2d:a4:ee:
         a5:b6:39:9d:ff:fb:13:0f:06:c4:07:e1:ee:b4:88:60:ac:bc:
         ca:bd:c1:56:ee:63:21:e7:cd:a1:82:bc:0b:b1:51:95:50:3f:
         ba:75:f8:7a:aa:9a:e9:72:7b:a5:f3:6d:81:be:7c:8e:89:18:
         17:28:d6:49:38:60:79:20:43:d9:15:50:4d:5f:14:26:cf:33:
         95:c0:7a:7e:04:c8:c5:ac:a8:4c:2c:a8:e6:f9:93:e2:86:34:
         cd:ad:29:1a:72:2a:49:bc:93:6e:08:81:20:c1:94:4a:08:84:
         f3:01:78:ac:54:84:10:47:e0:cd:39:bc:ff:4e:e2:cc:c1:9b:
         ee:c8:4e:6a:ee:96:73:f3:6e:cd:36:cf:aa:d0:fa:05:d5:1e:
         c4:43:d7:b9:da:40:0e:bb:05:61:cb:95:f3:34:83:8d:7e:ce:
         c5:29:80:30:fd:f3:2e:46:53:4e:f4:ab:8d:14:06:f6:d1:58:
         85:ad:dc:37:75:00:48:79:08:8e:fa:8d:8e:9e:b6:24:1c:82:
         59:71:bd:23:5a:74:7b:f8:ac:e4:ea:0a:f1:61:0b:da:47:aa:
         89:75:8f:e7:1f:46:45:c7:9b:a1:00:83:fd:87:a4:1c:2b:68:
         bf:75:17:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsU8H65DjgzIysa1bh6/24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MDFjM2NjZTZhNzFjYWIyMWE0YmJhZGYwYWI4NGRkZTNm
MmJhYjIwHhcNMjMwMTAxMDc1NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzA0OTU1ZDUxNGRiMjY4MDE0MDg3ZDVjNjA1NmJhMDYyNjg0NTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqH3DMAcpMCsuQDVaYSwah29F+pPh
nlQFMc/h1q1prueQyMGQyRtpGI8Jog9xq0ifpZIAzzDPitZN81yGjfZX7H8BYwzu
VwFznCsFOXVMAgHh2t1cwR2Co+i+mfpkkLMnD/yO3PF8Z9t6Vr7A2JCKLshteshM
4eeySwB5qoHi3B+vNeXTG625KOVwPQzVy/gr4P8AM3BTp8AmYEeUiBTZ/UAFHR9A
Q2LNNlEMGwXaRnunOUDR2SuHxHLeKmvx9J8lmTavfU4PvmzEZdJvpNu3bYR/CnFB
JjQxiVzSM10uSH9jgNIbQ/aDVtNzCvrPJrS+9Ff3SYZ1qUSYGp+Xcd6MaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcElV1RTbJoAUCH1cYFa6BiaEUOMB8GA1UdIwQY
MBaAFDYBw8zmpxyrIaS7rfCrhN3j8rqyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmdIRHpPYW5IS3NocEx1dDhLdUUzZVB5dXJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8wZjBhMDEtMGNjNC00ZWZjLTlkZDUt
ODAxZWYzOGRlYTljLzEvdHdTVlhWRk5zbWdCUUlmVnhnVnJvR0pvUlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8wZjBhMDEtMGNjNC00ZWZjLTlkZDUtODAxZWYzOGRlYTlj
LzEvTmdIRHpPYW5IS3NocEx1dDhLdUUzZVB5dXJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvF4AMA0G
CSqGSIb3DQEBCwUAA4IBAQAYI7cz2uP2M9XuFUHw3OAtpO6ltjmd//sTDwbEB+Hu
tIhgrLzKvcFW7mMh582hgrwLsVGVUD+6dfh6qprpcnul822BvnyOiRgXKNZJOGB5
IEPZFVBNXxQmzzOVwHp+BMjFrKhMLKjm+ZPihjTNrSkacipJvJNuCIEgwZRKCITz
AXisVIQQR+DNObz/TuLMwZvuyE5q7pZz827NNs+q0PoF1R7EQ9e52kAOuwVhy5Xz
NIONfs7FKYAw/fMuRlNO9KuNFAb20ViFrdw3dQBIeQiO+o2OnrYkHIJZcb0jWnR7
+Kzk6grxYQvaR6qJdY/nH0ZFx5uhAIP9h6QcK2i/dRf0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:03 2024 by rpki-client on console-ams.rpki-client.org