Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/dR0cb1jOFc0kV7XeE8fLyGL6K0g.roa
File:                     dR0cb1jOFc0kV7XeE8fLyGL6K0g.roa (raw, json)
Hash identifier:          DwRkoNj9fpCgbyFC7uqkx7h54seRHRBs18HXPJ+bQtU=
Subject key identifier:   75:1D:1C:6F:58:CE:15:CD:24:57:B5:DE:13:C7:CB:C8:62:FA:2B:48
Certificate issuer:       /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial:       018953569871C7CFCE804BE903758E32D74D
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/dR0cb1jOFc0kV7XeE8fLyGL6K0g.roa
Signing time:             Fri 14 Jul 2023 07:38:51 +0000
ROA not before:           Fri 14 Jul 2023 07:38:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42910
IP address blocks:        5.250.242.0/24 maxlen: 24
                          5.250.241.0/24 maxlen: 24
                          5.250.245.0/24 maxlen: 24
                          5.250.244.0/24 maxlen: 24
                          5.250.243.0/24 maxlen: 24
                          5.250.246.0/24 maxlen: 24
                          5.250.252.0/24 maxlen: 24
                          5.250.251.0/24 maxlen: 24
                          5.250.250.0/24 maxlen: 24
                          5.250.253.0/24 maxlen: 24
                          5.250.249.0/24 maxlen: 24
                          5.250.248.0/24 maxlen: 24
                          5.250.247.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.67.123.0/24 maxlen: 24
                          185.67.122.0/24 maxlen: 24
                          5.250.240.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:53:56:98:71:c7:cf:ce:80:4b:e9:03:75:8e:32:d7:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
        Validity
            Not Before: Jul 14 07:38:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=751d1c6f58ce15cd2457b5de13c7cbc862fa2b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:54:94:28:7b:9d:95:31:45:14:40:1b:2a:4f:
                    3e:0a:78:df:3a:f9:88:43:05:67:63:93:c5:17:f7:
                    8d:32:09:91:22:91:2f:0c:5a:f1:52:ea:b9:02:2c:
                    df:2b:c1:c1:3e:67:00:68:d7:ac:2f:5f:40:03:b6:
                    c1:70:cf:d3:05:54:73:e3:37:18:06:f3:ff:9c:2d:
                    9b:57:96:83:d1:43:dd:11:aa:63:55:20:4f:f5:3f:
                    8d:df:53:39:a2:d8:a3:c7:ae:71:7b:dc:c7:89:b7:
                    89:05:ca:d3:a6:81:bc:0c:b8:77:b6:99:19:fc:4c:
                    b2:30:9e:db:53:ac:48:b1:11:e0:f5:fc:92:53:1f:
                    a9:04:bd:43:fa:c8:7c:ae:31:28:79:9b:16:c9:ee:
                    d3:4d:53:a5:c3:35:96:cf:2a:77:0a:5a:10:95:c3:
                    70:60:f1:80:85:99:44:44:da:a0:c2:b0:26:8d:e6:
                    bf:14:7d:56:b2:95:5e:8e:29:97:1a:c7:87:f1:db:
                    14:fa:28:fe:be:68:a3:48:31:1d:98:6f:16:f5:2e:
                    27:83:f1:6a:3c:1a:e8:58:ba:0b:38:14:ce:f0:b1:
                    0e:9b:45:f1:b2:a4:c3:00:84:d1:2f:0e:a3:48:49:
                    d0:f0:68:ab:3b:fb:c3:d0:86:57:89:c7:c0:a2:c8:
                    0d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:1D:1C:6F:58:CE:15:CD:24:57:B5:DE:13:C7:CB:C8:62:FA:2B:48
            X509v3 Authority Key Identifier:
                keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/dR0cb1jOFc0kV7XeE8fLyGL6K0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.240.0-5.250.253.255
                  185.67.121.0-185.67.123.255

    Signature Algorithm: sha256WithRSAEncryption
         7e:0b:d4:c9:0d:b9:6e:26:2a:97:65:59:fc:92:96:e0:e1:ed:
         6c:d1:cf:45:1f:0e:a8:4e:34:ea:28:81:70:a9:c3:32:67:b6:
         39:6b:88:19:8d:f7:b7:e3:8f:26:63:2f:8e:01:b4:79:9a:c9:
         7d:dd:9b:1b:4a:6c:bd:4f:bd:a9:0c:15:ed:fd:0c:61:9e:41:
         15:0a:99:65:01:b4:00:4f:f4:41:3f:40:e1:cf:b3:41:ef:c0:
         99:ca:f8:35:01:f6:5f:75:55:78:46:51:36:92:27:00:ae:4d:
         76:87:fe:de:8f:92:f5:40:28:f7:32:50:1a:dc:f7:02:0b:a9:
         fa:98:48:dd:29:f2:e7:e9:36:ba:a3:72:e5:1c:7e:7f:55:18:
         0c:cc:89:23:ff:ae:03:8e:19:fd:52:81:dd:b5:45:1b:e6:60:
         cd:a6:b7:e9:a0:b1:fd:70:32:a7:d1:40:9a:97:08:29:af:b0:
         e3:5a:99:a4:c3:8d:4b:8b:9d:e7:3d:51:53:42:a6:93:6c:2d:
         43:fa:13:19:49:9e:ee:0b:ba:b5:67:1f:25:61:f6:0f:95:a1:
         46:22:d4:0e:04:dd:62:42:a8:96:44:7b:03:9a:df:55:ec:0a:
         62:f3:60:22:86:97:5b:a0:5b:85:a4:fa:13:9e:c2:6b:20:fe:
         4a:bb:21:34
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYlTVphxx8/OgEvpA3WOMtdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwNzE0MDczODUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTFkMWM2ZjU4Y2UxNWNkMjQ1N2I1ZGUxM2M3Y2JjODYyZmEyYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlSUKHudlTFFFEAbKk8+CnjfOvmI
QwVnY5PFF/eNMgmRIpEvDFrxUuq5AizfK8HBPmcAaNesL19AA7bBcM/TBVRz4zcY
BvP/nC2bV5aD0UPdEapjVSBP9T+N31M5otijx65xe9zHibeJBcrTpoG8DLh3tpkZ
/EyyMJ7bU6xIsRHg9fySUx+pBL1D+sh8rjEoeZsWye7TTVOlwzWWzyp3CloQlcNw
YPGAhZlERNqgwrAmjea/FH1WspVejimXGseH8dsU+ij+vmijSDEdmG8W9S4ng/Fq
PBroWLoLOBTO8LEOm0XxsqTDAITRLw6jSEnQ8GirO/vD0IZXicfAosgNrwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHUdHG9YzhXNJFe13hPHy8hi+itIMB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvZFIwY2Ixak9GYzBrVjdYZUU4Zkx5R0w2SzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAQF+vAD
BAEF+vwwDAMEALlDeQMEArlDeDANBgkqhkiG9w0BAQsFAAOCAQEAfgvUyQ25biYq
l2VZ/JKW4OHtbNHPRR8OqE406iiBcKnDMme2OWuIGY33t+OPJmMvjgG0eZrJfd2b
G0psvU+9qQwV7f0MYZ5BFQqZZQG0AE/0QT9A4c+zQe/Amcr4NQH2X3VVeEZRNpIn
AK5Ndof+3o+S9UAo9zJQGtz3Agup+phI3Sny5+k2uqNy5Rx+f1UYDMyJI/+uA44Z
/VKB3bVFG+Zgzaa36aCx/XAyp9FAmpcIKa+w41qZpMONS4ud5z1RU0Kmk2wtQ/oT
GUme7gu6tWcfJWH2D5WhRiLUDgTdYkKolkR7A5rfVewKYvNgIoaXW6BbhaT6E57C
ayD+SrshNA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:11 2024 by rpki-client on console-fra.rpki-client.org