Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/EDfZKDFKdoMjVe-axmbkQgBjt3c.roa
File:                     EDfZKDFKdoMjVe-axmbkQgBjt3c.roa (raw, json)
Hash identifier:          BBlgevxZjmV+674NEOsaw/Fj2d/NVMQ5YIeLy14vDvQ=
Subject key identifier:   10:37:D9:28:31:4A:76:83:23:55:EF:9A:C6:66:E4:42:00:63:B7:77
Certificate issuer:       /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial:       018CC26D3F06CA77F1BB184ED4787872C785
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/EDfZKDFKdoMjVe-axmbkQgBjt3c.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59674
IP address blocks:        5.250.241.0/24 maxlen: 24
                          5.250.245.0/24 maxlen: 24
                          5.250.246.0/24 maxlen: 24
                          5.250.243.0/24 maxlen: 24
                          5.250.244.0/24 maxlen: 24
                          5.250.242.0/24 maxlen: 24
                          5.250.247.0/24 maxlen: 24
                          5.250.248.0/24 maxlen: 24
                          5.250.252.0/24 maxlen: 24
                          5.250.250.0/24 maxlen: 24
                          5.250.251.0/24 maxlen: 24
                          5.250.249.0/24 maxlen: 24
                          185.67.123.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.67.122.0/24 maxlen: 24
                          5.250.240.0/24 maxlen: 24
                          2a05:e80::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3f:06:ca:77:f1:bb:18:4e:d4:78:78:72:c7:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1037d928314a76832355ef9ac666e4420063b777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e0:87:e5:3d:52:e5:78:33:99:48:5f:97:e1:
                    5f:27:21:da:9c:ff:eb:f9:30:7e:11:77:40:58:97:
                    ca:aa:e7:b9:bd:f5:a6:86:99:92:ff:98:35:5d:0b:
                    3f:9a:42:fd:7c:3d:c5:7c:4d:ed:9d:56:b0:8e:0d:
                    5f:7d:ab:4b:d5:3a:be:81:5d:be:0c:f5:f7:50:1d:
                    ae:70:99:68:e6:b3:dd:96:54:62:59:f1:62:1a:e7:
                    49:1e:54:06:bd:8a:4e:99:fb:4e:6a:6a:07:32:d4:
                    ce:7b:ff:15:72:66:0d:ec:be:37:b9:4a:11:d6:9e:
                    d2:72:b4:3c:6a:aa:d6:a1:dd:92:e5:ee:1f:96:3c:
                    09:db:43:3f:92:ba:dd:0c:28:67:06:8a:fc:09:e9:
                    d9:97:ab:f2:79:1e:5c:c7:df:2f:73:50:8b:4d:55:
                    e0:15:77:db:6d:de:26:07:f3:9a:90:96:60:27:bf:
                    a7:23:1d:16:0f:ab:c4:b6:34:89:09:e6:4a:74:30:
                    8b:3b:e2:a0:98:26:e0:85:d9:d6:02:c5:ca:f9:a2:
                    2b:d7:8e:9c:8e:2f:14:1d:09:37:fb:aa:54:ac:7c:
                    6c:a0:d5:a5:76:79:8b:5c:47:3c:a5:7b:9a:ae:d9:
                    e9:74:a8:9e:44:9f:55:92:0b:83:25:7f:92:59:bf:
                    c3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:37:D9:28:31:4A:76:83:23:55:EF:9A:C6:66:E4:42:00:63:B7:77
            X509v3 Authority Key Identifier:
                keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/EDfZKDFKdoMjVe-axmbkQgBjt3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.240.0-5.250.252.255
                  185.67.121.0-185.67.123.255
                IPv6:
                  2a05:e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:9b:24:ea:87:49:dc:e3:57:4c:59:8d:12:1d:06:61:6e:3a:
         f4:4e:aa:20:05:fb:ff:d6:87:d1:f4:45:26:57:33:46:e6:38:
         8a:10:77:78:26:9f:87:b1:aa:18:ae:c0:df:9e:71:55:6f:0e:
         aa:58:dd:61:85:cb:72:d5:13:dd:78:32:19:ee:63:2e:8d:ab:
         8d:b5:9e:92:8b:70:30:07:d5:a9:a2:96:04:7c:b7:5b:a5:a7:
         e4:29:d1:49:a7:61:d6:50:14:a5:17:15:16:af:eb:11:3a:ec:
         8c:25:35:6e:35:02:bf:2f:d8:3a:d3:b7:2a:9a:ae:96:74:2d:
         5e:18:d3:08:df:a0:9d:52:90:90:8e:55:c3:d4:18:63:ac:7e:
         cc:c8:14:01:47:64:6e:89:8e:78:88:15:49:8a:4a:8c:06:1a:
         ac:40:54:ae:37:6d:15:76:11:91:be:9d:4a:d1:d4:4a:11:32:
         88:44:bf:48:af:20:6b:a0:c4:ad:64:21:4b:e8:7a:41:a8:de:
         87:ea:2c:ab:38:61:13:41:98:27:08:59:c7:9f:5c:5d:f5:74:
         d1:c3:c1:49:46:2b:c8:8f:4a:6b:0c:6e:a5:d8:8d:aa:97:6f:
         36:e8:59:37:36:c6:fc:88:9d:39:5b:83:aa:9d:26:b2:4a:13:
         a7:6b:3e:a7
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYzCbT8GynfxuxhO1Hh4cseFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDM3ZDkyODMxNGE3NjgzMjM1NWVmOWFjNjY2ZTQ0MjAwNjNiNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOCH5T1S5XgzmUhfl+FfJyHanP/r
+TB+EXdAWJfKque5vfWmhpmS/5g1XQs/mkL9fD3FfE3tnVawjg1ffatL1Tq+gV2+
DPX3UB2ucJlo5rPdllRiWfFiGudJHlQGvYpOmftOamoHMtTOe/8VcmYN7L43uUoR
1p7ScrQ8aqrWod2S5e4fljwJ20M/krrdDChnBor8CenZl6vyeR5cx98vc1CLTVXg
FXfbbd4mB/OakJZgJ7+nIx0WD6vEtjSJCeZKdDCLO+KgmCbghdnWAsXK+aIr146c
ji8UHQk3+6pUrHxsoNWldnmLXEc8pXuartnpdKieRJ9VkguDJX+SWb/DeQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFBA32SgxSnaDI1XvmsZm5EIAY7d3MB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvRURmWktERktkb01qVmUtYXhtYmtRZ0JqdDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAiBAIAATAcMAwDBAQF+vAD
BAAF+vwwDAMEALlDeQMEArlDeDANBAIAAjAHAwUAKgUOgDANBgkqhkiG9w0BAQsF
AAOCAQEAXpsk6odJ3ONXTFmNEh0GYW469E6qIAX7/9aH0fRFJlczRuY4ihB3eCaf
h7GqGK7A355xVW8OqljdYYXLctUT3XgyGe5jLo2rjbWekotwMAfVqaKWBHy3W6Wn
5CnRSadh1lAUpRcVFq/rETrsjCU1bjUCvy/YOtO3KpqulnQtXhjTCN+gnVKQkI5V
w9QYY6x+zMgUAUdkbomOeIgVSYpKjAYarEBUrjdtFXYRkb6dStHUShEyiES/SK8g
a6DErWQhS+h6Qajeh+osqzhhE0GYJwhZx59cXfV00cPBSUYryI9KawxupdiNqpdv
NuhZNzbG/IidOVuDqp0mskoTp2s+pw==
-----END CERTIFICATE-----
Generated at Wed Jun 26 14:22:54 2024 by rpki-client on console-ams.rpki-client.org