Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/mX1W7qrbr4OVJb0lonkA8nL8K-0.roa
File:                     mX1W7qrbr4OVJb0lonkA8nL8K-0.roa (raw, json)
Hash identifier:          lkD4XVwzdudTLnd89+vH6E+YKrnwYNcOI3lLSH5i2Jo=
Subject key identifier:   99:7D:56:EE:AA:DB:AF:83:95:25:BD:25:A2:79:00:F2:72:FC:2B:ED
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018CC56EF6D3F1A1D4C8D1B3E549A8DA20E2
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/mX1W7qrbr4OVJb0lonkA8nL8K-0.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207691
IP address blocks:        185.43.56.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f6:d3:f1:a1:d4:c8:d1:b3:e5:49:a8:da:20:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=997d56eeaadbaf839525bd25a27900f272fc2bed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:78:79:c7:56:6f:95:ba:fb:6b:14:3d:57:1b:
                    c3:bc:ba:be:1a:7e:83:2f:2c:5b:7e:d9:cd:73:34:
                    62:93:84:33:e9:12:7b:aa:36:0e:84:5d:e4:f5:e2:
                    24:02:cd:74:42:47:33:b9:5d:30:0a:39:d2:45:44:
                    52:46:97:cd:fc:a9:b2:fd:75:2e:36:bd:23:4d:81:
                    c5:6c:e3:4a:4a:e5:54:75:51:38:35:ab:2e:8f:32:
                    6e:a0:dc:eb:e6:58:d2:b3:e6:78:3f:df:e3:d8:0b:
                    04:a6:ef:a5:16:30:df:f8:8b:56:90:e9:1c:0d:92:
                    19:d1:88:40:d3:88:17:71:49:09:9d:b5:b3:d0:38:
                    d9:31:9e:c0:75:8f:c3:f7:7a:20:94:8c:9f:42:ef:
                    27:6d:19:ab:6a:f7:59:9a:cd:17:72:1d:65:15:13:
                    2c:d0:dd:3f:8c:88:33:84:07:21:9b:15:62:0e:91:
                    00:be:4d:1f:01:7d:24:8e:50:d0:b7:a2:e8:9f:62:
                    97:0d:b3:9a:6b:ed:36:27:80:b3:2d:25:c4:5d:69:
                    fa:38:a5:92:fa:89:fe:53:92:88:ab:96:58:e4:3c:
                    13:87:d4:28:a6:73:e0:73:cf:26:b6:db:84:67:39:
                    64:c3:e6:20:70:a3:c1:60:df:fe:04:34:21:b4:a6:
                    b2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:7D:56:EE:AA:DB:AF:83:95:25:BD:25:A2:79:00:F2:72:FC:2B:ED
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/mX1W7qrbr4OVJb0lonkA8nL8K-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:30:66:5a:6d:ad:83:58:e9:64:5b:74:32:3f:96:fc:e2:97:
         53:dc:4b:e0:13:fa:e9:2a:1d:d4:68:33:d6:f7:59:b0:c1:7e:
         d0:aa:17:ad:4e:04:89:d9:a1:5a:f7:5c:22:ab:aa:9f:ba:5d:
         84:e3:09:bd:ef:33:d2:00:e8:66:e8:a5:ac:0c:b0:3c:2c:b4:
         46:2d:7b:de:b9:55:d0:72:b0:a2:1f:d3:78:31:4c:8b:a9:7f:
         13:d5:57:6e:cf:10:34:b5:c7:eb:b7:67:5a:f8:92:e1:fc:3b:
         2c:01:51:ae:11:e4:2f:ad:df:1c:f5:bc:33:8b:05:b4:14:fb:
         73:6b:19:81:fb:c8:b5:d8:be:7f:38:df:56:92:3c:32:91:a9:
         35:05:da:d5:43:90:64:8d:62:b0:f7:8d:99:f2:d4:fe:95:f3:
         57:6c:dc:72:97:0b:8f:cd:6f:d0:72:c3:d5:2e:2f:22:37:5a:
         12:c4:a8:a0:32:be:4c:02:4b:bc:df:ce:c4:8b:9a:42:3f:33:
         ff:ca:9a:98:f3:f2:d8:c2:a5:8f:61:00:45:22:fe:7d:4e:b3:
         a4:0d:55:0f:9a:8c:5b:b2:98:bf:76:07:a0:6c:85:2c:6a:62:
         f1:51:e2:55:53:22:98:60:db:c4:53:fd:9e:7f:7b:34:22:60:
         99:a8:45:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvbT8aHUyNGz5Umo2iDiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTdkNTZlZWFhZGJhZjgzOTUyNWJkMjVhMjc5MDBmMjcyZmMyYmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHh5x1Zvlbr7axQ9VxvDvLq+Gn6D
LyxbftnNczRik4Qz6RJ7qjYOhF3k9eIkAs10QkczuV0wCjnSRURSRpfN/Kmy/XUu
Nr0jTYHFbONKSuVUdVE4NasujzJuoNzr5ljSs+Z4P9/j2AsEpu+lFjDf+ItWkOkc
DZIZ0YhA04gXcUkJnbWz0DjZMZ7AdY/D93oglIyfQu8nbRmravdZms0Xch1lFRMs
0N0/jIgzhAchmxViDpEAvk0fAX0kjlDQt6Lon2KXDbOaa+02J4CzLSXEXWn6OKWS
+on+U5KIq5ZY5DwTh9QopnPgc88mttuEZzlkw+YgcKPBYN/+BDQhtKayYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJl9Vu6q26+DlSW9JaJ5APJy/CvtMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvbVgxVzdxcmJyNE9WSmIwbG9ua0E4bkw4Sy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSs4MA0G
CSqGSIb3DQEBCwUAA4IBAQALMGZaba2DWOlkW3QyP5b84pdT3EvgE/rpKh3UaDPW
91mwwX7QqhetTgSJ2aFa91wiq6qful2E4wm97zPSAOhm6KWsDLA8LLRGLXveuVXQ
crCiH9N4MUyLqX8T1VduzxA0tcfrt2da+JLh/DssAVGuEeQvrd8c9bwziwW0FPtz
axmB+8i12L5/ON9Wkjwykak1BdrVQ5BkjWKw942Z8tT+lfNXbNxylwuPzW/QcsPV
Li8iN1oSxKigMr5MAku8387Ei5pCPzP/ypqY8/LYwqWPYQBFIv59TrOkDVUPmoxb
spi/dgegbIUsamLxUeJVUyKYYNvEU/2ef3s0ImCZqEV3
-----END CERTIFICATE-----
Generated at Wed Oct 23 11:59:33 2024 by rpki-client on console-fra.rpki-client.org