Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/F9_uz4Wzr_YrYOFUsIqsiua_th0.roa
File:                     F9_uz4Wzr_YrYOFUsIqsiua_th0.roa (raw, json)
Hash identifier:          8RSyzNzWn+506wjdGjRhbEytLwywNAOsT9KC/rqqN0o=
Subject key identifier:   17:DF:EE:CF:85:B3:AF:F6:2B:60:E1:54:B0:8A:AC:8A:E6:BF:B6:1D
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       01879F6A12651275A1EC52C603CEEA84DED8
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/F9_uz4Wzr_YrYOFUsIqsiua_th0.roa
Signing time:             Thu 20 Apr 2023 16:05:41 +0000
ROA not before:           Thu 20 Apr 2023 16:05:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        37.153.132.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9f:6a:12:65:12:75:a1:ec:52:c6:03:ce:ea:84:de:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr 20 16:05:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17dfeecf85b3aff62b60e154b08aac8ae6bfb61d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:43:02:b2:c4:86:c3:43:a5:5b:c2:97:10:87:
                    19:7d:7f:cb:76:49:04:21:ab:53:b7:c4:f1:4e:6d:
                    9c:85:4a:ca:47:77:04:f8:8b:b5:d7:2b:ea:3a:0b:
                    0e:5e:4b:51:48:de:65:6f:63:a6:03:90:61:21:14:
                    f6:9a:1e:19:7e:8e:f6:4c:aa:f7:81:21:93:de:33:
                    50:7c:54:b0:73:a7:dd:ed:ce:c3:97:53:56:e9:8e:
                    28:0d:7d:f1:77:82:94:af:99:19:85:d0:66:e5:69:
                    ed:ee:aa:e7:16:69:39:99:9f:8f:d6:73:8a:ae:04:
                    39:40:53:64:6d:35:0f:92:95:fc:a4:f0:9f:40:33:
                    92:c8:1e:31:84:7c:ec:41:df:25:de:a0:39:82:d4:
                    25:88:28:55:ea:c2:d4:e9:14:f3:40:05:a2:ec:7d:
                    43:b4:67:c8:ef:38:22:5c:05:95:ac:b4:d0:7b:9f:
                    32:e2:26:82:cd:d9:45:89:a4:79:79:b6:cc:c8:33:
                    6e:c5:79:c0:23:16:0e:5b:91:34:fb:81:6e:3b:86:
                    67:3a:11:64:02:d1:89:45:d6:b2:fc:ea:65:31:fa:
                    a2:9b:c0:92:e2:ef:5f:83:13:f2:60:10:1a:86:74:
                    c7:6b:40:b6:b4:bd:b6:2c:65:01:8d:09:de:b2:87:
                    ae:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:DF:EE:CF:85:B3:AF:F6:2B:60:E1:54:B0:8A:AC:8A:E6:BF:B6:1D
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/F9_uz4Wzr_YrYOFUsIqsiua_th0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.132.0/24
                  46.102.174.0/24
                  94.177.113.0/24
                  94.177.118.0/24
                  176.223.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:de:78:25:cc:ed:22:20:ec:db:86:3c:d7:a3:cf:8f:c8:bc:
         dc:b4:90:60:86:ea:c6:8c:5d:5d:2a:cb:37:24:5f:bc:3a:02:
         ed:96:72:21:af:e9:18:1f:64:52:60:01:58:97:b0:5c:a7:a2:
         9e:70:b8:b5:d6:1e:77:50:fb:d2:d9:71:05:fb:be:22:a9:ef:
         cc:1c:81:9a:f8:e7:15:15:a9:6d:2e:77:12:6e:4d:a4:27:c1:
         2c:ff:20:db:cb:7d:32:4a:25:c2:db:81:07:77:fb:9e:72:8f:
         52:ec:87:f4:b9:a8:07:05:d2:77:40:e9:8e:d2:77:51:80:42:
         10:ee:c1:4d:00:76:81:10:d9:bb:68:20:97:6d:e8:f4:ba:a0:
         36:e5:44:0d:bf:07:c5:1f:0d:76:1f:12:c5:69:c0:00:f5:80:
         36:b7:d4:c8:aa:ea:45:88:1b:dd:33:74:a6:52:a2:f3:fa:39:
         26:22:f0:b4:6b:9b:09:1c:05:7a:eb:de:07:17:09:f1:f9:79:
         9f:69:d1:b0:3e:08:21:ba:63:3e:d5:3f:ba:95:7e:3f:1d:63:
         ba:26:75:13:61:44:f0:b6:b3:bb:1b:02:ca:d6:91:c1:fa:45:
         82:61:d7:47:72:ee:c5:af:22:b2:3f:70:0b:dc:0a:cb:05:01:
         de:92:98:d1
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYefahJlEnWh7FLGA87qhN7YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDIwMTYwNTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2RmZWVjZjg1YjNhZmY2MmI2MGUxNTRiMDhhYWM4YWU2YmZiNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0MCssSGw0OlW8KXEIcZfX/LdkkE
IatTt8TxTm2chUrKR3cE+Iu11yvqOgsOXktRSN5lb2OmA5BhIRT2mh4Zfo72TKr3
gSGT3jNQfFSwc6fd7c7Dl1NW6Y4oDX3xd4KUr5kZhdBm5Wnt7qrnFmk5mZ+P1nOK
rgQ5QFNkbTUPkpX8pPCfQDOSyB4xhHzsQd8l3qA5gtQliChV6sLU6RTzQAWi7H1D
tGfI7zgiXAWVrLTQe58y4iaCzdlFiaR5ebbMyDNuxXnAIxYOW5E0+4FuO4ZnOhFk
AtGJRday/OplMfqim8CS4u9fgxPyYBAahnTHa0C2tL22LGUBjQnesoeu3wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBff7s+Fs6/2K2DhVLCKrIrmv7YdMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvRjlfdXo0V3pyX1lyWU9GVXNJcXNpdWFfdGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAJZmEAwQA
LmauAwQAXrFxAwQAXrF2AwQAsN++MA0GCSqGSIb3DQEBCwUAA4IBAQAl3nglzO0i
IOzbhjzXo8+PyLzctJBghurGjF1dKss3JF+8OgLtlnIhr+kYH2RSYAFYl7Bcp6Ke
cLi11h53UPvS2XEF+74iqe/MHIGa+OcVFaltLncSbk2kJ8Es/yDby30ySiXC24EH
d/ueco9S7If0uagHBdJ3QOmO0ndRgEIQ7sFNAHaBENm7aCCXbej0uqA25UQNvwfF
Hw12HxLFacAA9YA2t9TIqupFiBvdM3SmUqLz+jkmIvC0a5sJHAV6694HFwnx+Xmf
adGwPgghumM+1T+6lX4/HWO6JnUTYUTwtrO7GwLK1pHB+kWCYddHcu7FryKyP3AL
3ArLBQHekpjR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org