Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/kerFcEs5BiMt5JjbznfI8M74WjU.roa
File:                     kerFcEs5BiMt5JjbznfI8M74WjU.roa (raw, json)
Hash identifier:          fcO2NDQb7jHdVOqfBDRXbvL4Lyvnew0OzBy/WaiI+XU=
Subject key identifier:   91:EA:C5:70:4B:39:06:23:2D:E4:98:DB:CE:77:C8:F0:CE:F8:5A:35
Certificate issuer:       /CN=d709c9021e40af92a208de35024ca70663d734e4
Certificate serial:       01855E789FA7652D4A02158E9F292DCD9E78
Authority key identifier: D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/kerFcEs5BiMt5JjbznfI8M74WjU.roa
Signing time:             Thu 29 Dec 2022 15:20:41 +0000
ROA not before:           Thu 29 Dec 2022 15:20:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207817
IP address blocks:        194.5.235.0/24 maxlen: 24
                          194.5.252.0/24 maxlen: 24
                          194.6.234.0/24 maxlen: 24
                          2a0d:9900::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:5e:78:9f:a7:65:2d:4a:02:15:8e:9f:29:2d:cd:9e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d709c9021e40af92a208de35024ca70663d734e4
        Validity
            Not Before: Dec 29 15:20:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91eac5704b3906232de498dbce77c8f0cef85a35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a9:75:d7:88:b4:e3:23:72:10:80:68:84:72:
                    f9:93:d2:2b:cb:61:7a:97:db:2e:52:44:93:89:47:
                    0b:08:9a:6b:ab:8d:61:e5:0b:bc:98:44:86:81:12:
                    df:1e:6a:f9:9a:dd:ba:02:13:f8:1a:4e:27:c3:1f:
                    19:95:84:87:b2:7a:72:da:e2:a8:7a:27:62:1f:74:
                    12:a3:88:ed:2b:17:a7:9b:e7:69:bc:d9:09:d6:0f:
                    35:9d:76:ce:6f:ef:77:81:4e:81:24:cf:74:19:c6:
                    78:bf:db:75:b3:cb:3f:6f:9a:7d:e8:5c:ab:7a:a6:
                    95:ee:bf:9d:7b:cb:4c:e3:d2:9d:9e:ef:3a:85:81:
                    30:88:22:ac:07:fb:32:ab:64:5a:99:78:0b:5d:d2:
                    9d:6e:74:86:b3:76:61:e9:cd:d0:a2:2d:8a:f1:d3:
                    28:80:9c:e1:99:4f:00:a6:b5:c7:bd:82:39:5d:f2:
                    ba:65:cc:82:74:86:01:6d:d5:4b:02:3e:a6:26:16:
                    73:84:a9:60:76:01:b0:42:f8:0b:01:a7:7b:4d:ac:
                    8d:70:63:31:da:73:76:79:d9:0f:99:ae:75:bf:d8:
                    67:93:56:62:8b:f2:d9:4c:e8:ae:68:e1:de:54:0a:
                    cb:b1:1c:c5:f9:51:7a:12:7b:9f:13:88:de:79:ce:
                    b2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EA:C5:70:4B:39:06:23:2D:E4:98:DB:CE:77:C8:F0:CE:F8:5A:35
            X509v3 Authority Key Identifier:
                keyid:D7:09:C9:02:1E:40:AF:92:A2:08:DE:35:02:4C:A7:06:63:D7:34:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wnJAh5Ar5KiCN41AkynBmPXNOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/kerFcEs5BiMt5JjbznfI8M74WjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f73cdb-8273-4f43-9f61-8aa7c4cb719f/1/1wnJAh5Ar5KiCN41AkynBmPXNOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.235.0/24
                  194.5.252.0/24
                  194.6.234.0/24
                IPv6:
                  2a0d:9900::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:12:38:e1:6e:31:71:bf:af:0a:17:02:bf:a1:28:3f:d5:12:
         cb:63:0b:76:bb:06:ce:4a:05:69:d7:bc:aa:fe:aa:99:94:09:
         55:38:12:c7:44:b0:87:27:e4:67:6f:2e:00:62:df:4e:93:9e:
         60:28:a7:cf:27:18:eb:19:33:d8:38:31:fc:bb:26:c7:68:65:
         98:69:07:94:0e:18:69:f9:60:6d:41:d3:a7:af:93:55:88:95:
         12:1d:49:21:47:88:28:08:11:8f:be:e8:df:83:5c:2e:3c:17:
         9d:e9:c3:dd:44:a7:40:88:1c:30:a1:6c:59:54:85:79:82:19:
         4d:c4:93:9a:6f:42:d4:c0:be:01:93:35:73:6f:ea:a8:7b:f1:
         52:ce:06:54:52:7b:90:c9:e3:d6:f3:24:2a:3e:5b:1c:d1:c8:
         32:56:9c:80:c2:0e:71:2f:41:1b:8c:48:ae:24:88:be:9a:57:
         1f:e9:27:34:92:71:c0:64:fa:3a:e1:5b:41:1d:e8:38:b1:46:
         62:45:aa:14:02:ee:08:04:c3:98:1c:1b:69:e5:b8:7d:6d:ef:
         25:12:a9:de:67:8f:24:f3:45:98:69:04:7d:70:8f:03:0c:1c:
         1b:06:31:ec:07:08:e8:25:c2:fe:ad:ff:dc:65:dd:25:a7:35:
         96:d1:3b:31
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVeeJ+nZS1KAhWOnyktzZ54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDljOTAyMWU0MGFmOTJhMjA4ZGUzNTAyNGNhNzA2NjNk
NzM0ZTQwHhcNMjIxMjI5MTUyMDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWVhYzU3MDRiMzkwNjIzMmRlNDk4ZGJjZTc3YzhmMGNlZjg1YTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKl114i04yNyEIBohHL5k9Iry2F6
l9suUkSTiUcLCJprq41h5Qu8mESGgRLfHmr5mt26AhP4Gk4nwx8ZlYSHsnpy2uKo
eidiH3QSo4jtKxenm+dpvNkJ1g81nXbOb+93gU6BJM90GcZ4v9t1s8s/b5p96Fyr
eqaV7r+de8tM49Kdnu86hYEwiCKsB/syq2RamXgLXdKdbnSGs3Zh6c3Qoi2K8dMo
gJzhmU8AprXHvYI5XfK6ZcyCdIYBbdVLAj6mJhZzhKlgdgGwQvgLAad7TayNcGMx
2nN2edkPma51v9hnk1Zii/LZTOiuaOHeVArLsRzF+VF6EnufE4jeec6y6QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJHqxXBLOQYjLeSY2853yPDO+Fo1MB8GA1UdIwQY
MBaAFNcJyQIeQK+SogjeNQJMpwZj1zTkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEt
OGFhN2M0Y2I3MTlmLzEva2VyRmNFczVCaU10NUpqYnpuZkk4TTc0V2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9mNzNjZGItODI3My00ZjQzLTlmNjEtOGFhN2M0Y2I3MTlm
LzEvMXduSkFoNUFyNUtpQ040MUFreW5CbVBYTk9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAwgXrAwQA
wgX8AwQAwgbqMA0EAgACMAcDBQMqDZkAMA0GCSqGSIb3DQEBCwUAA4IBAQBEEjjh
bjFxv68KFwK/oSg/1RLLYwt2uwbOSgVp17yq/qqZlAlVOBLHRLCHJ+Rnby4AYt9O
k55gKKfPJxjrGTPYODH8uybHaGWYaQeUDhhp+WBtQdOnr5NViJUSHUkhR4goCBGP
vujfg1wuPBed6cPdRKdAiBwwoWxZVIV5ghlNxJOab0LUwL4BkzVzb+qoe/FSzgZU
UnuQyePW8yQqPlsc0cgyVpyAwg5xL0EbjEiuJIi+mlcf6Sc0knHAZPo64VtBHeg4
sUZiRaoUAu4IBMOYHBtp5bh9be8lEqneZ48k80WYaQR9cI8DDBwbBjHsBwjoJcL+
rf/cZd0lpzWW0Tsx
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:02 2024 by rpki-client on console-fra.rpki-client.org