Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/9XVJDFR8A16QbSKqqXL1sy9v99Q.roa
File:                     9XVJDFR8A16QbSKqqXL1sy9v99Q.roa (raw, json)
Hash identifier:          qgNvZfdlnToi7KWRYl75cjYWSFN9y+ybuZO3lz4/MFo=
Subject key identifier:   F5:75:49:0C:54:7C:03:5E:90:6D:22:AA:A9:72:F5:B3:2F:6F:F7:D4
Certificate issuer:       /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial:       01856F2FD77A9AE3A7C62419278133DF78F6
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/9XVJDFR8A16QbSKqqXL1sy9v99Q.roa
Signing time:             Sun 01 Jan 2023 21:14:44 +0000
ROA not before:           Sun 01 Jan 2023 21:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59674
IP address blocks:        5.250.241.0/24 maxlen: 24
                          5.250.243.0/24 maxlen: 24
                          5.250.244.0/24 maxlen: 24
                          5.250.242.0/24 maxlen: 24
                          5.250.245.0/24 maxlen: 24
                          5.250.246.0/24 maxlen: 24
                          5.250.252.0/24 maxlen: 24
                          5.250.253.0/24 maxlen: 24
                          5.250.247.0/24 maxlen: 24
                          5.250.248.0/24 maxlen: 24
                          5.250.250.0/24 maxlen: 24
                          5.250.251.0/24 maxlen: 24
                          5.250.249.0/24 maxlen: 24
                          5.250.254.0/24 maxlen: 24
                          5.250.255.0/24 maxlen: 24
                          185.67.120.0/24 maxlen: 24
                          185.67.123.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.67.122.0/24 maxlen: 24
                          5.250.240.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:2f:d7:7a:9a:e3:a7:c6:24:19:27:81:33:df:78:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
        Validity
            Not Before: Jan  1 21:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f575490c547c035e906d22aaa972f5b32f6ff7d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:95:13:34:53:51:c5:2b:15:1c:8d:9d:65:78:
                    66:21:b3:91:bd:d0:3b:be:96:c5:9e:7e:d0:00:72:
                    fc:c1:76:12:29:67:4e:f8:25:ac:cf:5d:b4:cd:45:
                    e7:df:b2:7e:31:93:d7:56:a0:08:c7:52:6c:e2:dc:
                    0a:a1:2e:ed:8a:81:77:c2:be:e3:f3:8f:50:20:f2:
                    24:71:d0:a1:f8:0a:60:b9:e3:9d:22:3c:0d:f4:86:
                    52:a3:af:ed:6e:6f:0f:a3:63:e3:ca:7d:f6:4b:1f:
                    ea:4f:ca:2e:d7:13:e3:5d:7c:29:57:43:1e:38:7a:
                    5d:25:b1:5b:b6:cf:c4:bc:fb:77:41:8b:4f:a7:66:
                    2d:e4:42:00:e9:48:7e:a8:4f:59:b9:bf:bf:90:69:
                    3a:cd:59:ed:0b:1a:a1:81:46:bd:1c:2f:b9:2a:92:
                    73:54:4b:fb:bf:9d:1e:8d:60:d5:32:52:2c:e7:14:
                    0f:e5:98:01:7d:49:22:df:04:09:40:77:b0:51:60:
                    bb:83:92:c7:cd:ae:9b:57:45:8b:df:b2:15:4d:0f:
                    47:61:12:b1:d5:2d:3e:c3:d6:bb:a8:92:f5:da:1d:
                    53:9e:70:b9:6b:00:05:df:99:c6:db:03:9f:9f:0c:
                    ec:d2:52:bc:dc:43:9b:1a:54:3e:a6:3b:17:26:22:
                    d6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:75:49:0C:54:7C:03:5E:90:6D:22:AA:A9:72:F5:B3:2F:6F:F7:D4
            X509v3 Authority Key Identifier:
                keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/9XVJDFR8A16QbSKqqXL1sy9v99Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.240.0/20
                  185.67.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:40:99:b1:fd:ed:ac:a2:fa:ed:ad:9e:eb:3c:a1:9d:4c:22:
         ec:ea:bb:e7:2b:c4:bf:9c:bf:9e:fc:fd:76:61:d7:56:35:45:
         68:ec:89:76:93:18:a6:fd:39:79:66:1a:51:00:9d:e9:3f:42:
         26:25:25:ad:10:82:6d:36:13:20:6e:24:bb:77:ef:e0:22:f4:
         a7:48:7b:1b:e9:f9:43:f0:cc:5d:0d:e1:fe:61:86:77:8f:d1:
         79:f6:f8:11:97:71:df:67:13:6a:e2:05:6a:92:a9:28:3b:b6:
         7f:6c:d3:60:58:f7:5f:51:fa:e3:5f:54:33:8f:da:e7:8a:10:
         8f:08:24:53:fc:03:4f:28:3f:33:01:98:39:d2:10:df:8e:3b:
         4b:28:c0:93:8e:17:e0:38:44:d5:f0:26:9d:63:ef:78:77:5d:
         16:bc:98:93:c0:5b:68:5a:3f:af:89:47:67:33:a5:50:76:e1:
         74:37:37:78:96:81:fb:17:03:58:41:51:63:6c:48:5e:9a:25:
         4e:e8:1e:a0:cc:f8:98:32:59:6f:c5:19:a3:a8:45:27:bc:4a:
         83:ae:9c:52:c5:7e:fa:22:7d:90:f6:28:d8:59:6f:72:45:2b:
         e0:28:02:f4:df:c8:f5:48:05:f6:75:57:7f:ea:b0:b5:f1:71:
         0c:43:10:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvL9d6muOnxiQZJ4Ez33j2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwMTAxMjExNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTc1NDkwYzU0N2MwMzVlOTA2ZDIyYWFhOTcyZjViMzJmNmZmN2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6pUTNFNRxSsVHI2dZXhmIbORvdA7
vpbFnn7QAHL8wXYSKWdO+CWsz120zUXn37J+MZPXVqAIx1Js4twKoS7tioF3wr7j
849QIPIkcdCh+ApgueOdIjwN9IZSo6/tbm8Po2Pjyn32Sx/qT8ou1xPjXXwpV0Me
OHpdJbFbts/EvPt3QYtPp2Yt5EIA6Uh+qE9Zub+/kGk6zVntCxqhgUa9HC+5KpJz
VEv7v50ejWDVMlIs5xQP5ZgBfUki3wQJQHewUWC7g5LHza6bV0WL37IVTQ9HYRKx
1S0+w9a7qJL12h1TnnC5awAF35nG2wOfnwzs0lK83EObGlQ+pjsXJiLW3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPV1SQxUfANekG0iqqly9bMvb/fUMB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvOVhWSkRGUjhBMTZRYlNLcXFYTDFzeTl2OTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEBfrwAwQC
uUN4MA0GCSqGSIb3DQEBCwUAA4IBAQB8QJmx/e2sovrtrZ7rPKGdTCLs6rvnK8S/
nL+e/P12YddWNUVo7Il2kxim/Tl5ZhpRAJ3pP0ImJSWtEIJtNhMgbiS7d+/gIvSn
SHsb6flD8MxdDeH+YYZ3j9F59vgRl3HfZxNq4gVqkqkoO7Z/bNNgWPdfUfrjX1Qz
j9rnihCPCCRT/ANPKD8zAZg50hDfjjtLKMCTjhfgOETV8CadY+94d10WvJiTwFto
Wj+viUdnM6VQduF0Nzd4loH7FwNYQVFjbEhemiVO6B6gzPiYMllvxRmjqEUnvEqD
rpxSxX76In2Q9ijYWW9yRSvgKAL038j1SAX2dVd/6rC18XEMQxAZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:18 2024 by rpki-client on console-ams.rpki-client.org