Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/b4Q41OmyH2rlZ5Jpm_SAsZhtHKs.roa
File:                     b4Q41OmyH2rlZ5Jpm_SAsZhtHKs.roa (raw, json)
Hash identifier:          FLK5TaUcvU/3IV8ZvmOLQpeHPMwOywX+h2kADUmpJxI=
Subject key identifier:   6F:84:38:D4:E9:B2:1F:6A:E5:67:92:69:9B:F4:80:B1:98:6D:1C:AB
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018B683F4188A4B36E57034B6D247A1FC6E6
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/b4Q41OmyH2rlZ5Jpm_SAsZhtHKs.roa
Signing time:             Wed 25 Oct 2023 19:10:57 +0000
ROA not before:           Wed 25 Oct 2023 19:10:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        93.115.155.0/24 maxlen: 24
                          86.104.209.0/24 maxlen: 24
                          217.19.1.0/24 maxlen: 24
                          185.77.249.0/24 maxlen: 24
                          84.247.59.0/24 maxlen: 24
                          77.81.1.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:68:3f:41:88:a4:b3:6e:57:03:4b:6d:24:7a:1f:c6:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Oct 25 19:10:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6f8438d4e9b21f6ae56792699bf480b1986d1cab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6b:67:c9:24:81:a3:6b:0d:b6:cb:16:2e:04:
                    99:99:d2:95:68:07:d7:08:c7:54:ca:84:4c:82:df:
                    0d:27:08:38:70:e7:7b:31:ee:3f:95:9f:cc:6f:b7:
                    9c:ee:0a:db:85:32:57:fe:f0:dd:4c:35:fd:13:e0:
                    13:fc:94:46:22:9f:af:20:af:4c:73:ca:71:21:68:
                    8a:bf:e3:48:9c:e3:aa:88:08:0d:67:06:59:78:c5:
                    b3:89:6b:d9:6a:14:90:0b:0b:74:90:cc:96:7e:82:
                    b5:3d:5d:ac:05:9c:93:1d:23:e3:8d:04:f9:63:d8:
                    bd:50:81:48:59:a9:80:e0:88:df:3d:c9:a7:1f:3e:
                    c7:9c:46:aa:a6:bd:64:5a:d5:bf:d6:77:01:5a:0b:
                    08:da:fe:2b:87:48:d1:d5:cc:c6:d5:9a:e8:7d:9e:
                    5d:6e:a3:b6:0b:28:40:3c:90:81:54:90:1c:50:5e:
                    64:e6:9d:c8:3e:22:6d:af:b4:07:56:ce:c5:cf:ad:
                    41:9a:23:e9:ee:f0:8f:89:aa:9c:84:d9:2f:2a:72:
                    7f:7f:0b:7e:f6:57:a7:30:08:c6:a5:42:de:c2:bc:
                    c7:27:a7:03:95:79:af:79:ac:88:74:fb:4e:aa:de:
                    37:9f:4d:bd:2d:d9:41:43:e9:75:0f:29:0e:38:94:
                    94:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:84:38:D4:E9:B2:1F:6A:E5:67:92:69:9B:F4:80:B1:98:6D:1C:AB
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/b4Q41OmyH2rlZ5Jpm_SAsZhtHKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.1.0/24
                  84.247.59.0/24
                  86.104.209.0/24
                  93.115.155.0/24
                  185.77.249.0/24
                  217.19.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:7a:af:32:83:ff:bc:18:e4:ce:2a:22:e7:28:e7:61:3a:86:
         68:49:46:f1:fc:7d:f4:b7:27:ca:54:ba:1a:c3:6f:6d:ef:3e:
         8e:a2:3e:0a:73:b0:fb:7f:51:9f:c3:db:48:e9:a8:7c:6d:06:
         91:9d:03:95:83:7f:6f:10:f3:f3:59:74:0e:c8:2d:e2:49:ae:
         64:9f:83:dd:67:09:72:38:fd:f9:95:9a:cb:0c:7e:30:62:fe:
         20:c7:2d:4e:90:0b:8a:3d:42:57:0d:59:14:75:1c:fe:14:b5:
         5e:a8:fb:75:e9:96:f2:d3:61:02:0c:b1:b1:48:27:86:59:4d:
         f6:0a:69:5e:cd:3e:fe:1a:8e:0c:db:d4:87:be:c4:49:c8:d6:
         d0:53:5a:47:6b:1a:13:20:38:8b:a7:5c:cc:81:6b:92:dc:af:
         90:3a:27:6e:62:98:a0:71:c7:0c:47:6d:d0:91:4e:c6:32:81:
         b7:e4:72:bd:3c:7c:f5:d0:8a:bb:1d:77:cc:28:f5:90:53:e6:
         57:54:be:f8:41:19:6c:d4:fb:bb:97:db:a3:86:5e:33:93:ad:
         b9:20:04:d5:1b:70:d3:28:54:59:1a:57:c2:1e:b7:0e:e9:9d:
         cc:95:c3:29:3c:59:cf:ee:2a:7c:aa:96:e0:b2:00:cc:bf:74:
         fd:7d:79:84
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYtoP0GIpLNuVwNLbSR6H8bmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMDI1MTkxMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjg0MzhkNGU5YjIxZjZhZTU2NzkyNjk5YmY0ODBiMTk4NmQxY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGtnySSBo2sNtssWLgSZmdKVaAfX
CMdUyoRMgt8NJwg4cOd7Me4/lZ/Mb7ec7grbhTJX/vDdTDX9E+AT/JRGIp+vIK9M
c8pxIWiKv+NInOOqiAgNZwZZeMWziWvZahSQCwt0kMyWfoK1PV2sBZyTHSPjjQT5
Y9i9UIFIWamA4IjfPcmnHz7HnEaqpr1kWtW/1ncBWgsI2v4rh0jR1czG1ZrofZ5d
bqO2CyhAPJCBVJAcUF5k5p3IPiJtr7QHVs7Fz61BmiPp7vCPiaqchNkvKnJ/fwt+
9lenMAjGpULewrzHJ6cDlXmveayIdPtOqt43n029LdlBQ+l1DykOOJSUVQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG+EONTpsh9q5WeSaZv0gLGYbRyrMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvYjRRNDFPbXlIMnJsWjVKcG1fU0FzWmh0SEtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQATVEBAwQA
VPc7AwQAVmjRAwQAXXObAwQAuU35AwQA2RMBMA0GCSqGSIb3DQEBCwUAA4IBAQAP
eq8yg/+8GOTOKiLnKOdhOoZoSUbx/H30tyfKVLoaw29t7z6Ooj4Kc7D7f1Gfw9tI
6ah8bQaRnQOVg39vEPPzWXQOyC3iSa5kn4PdZwlyOP35lZrLDH4wYv4gxy1OkAuK
PUJXDVkUdRz+FLVeqPt16Zby02ECDLGxSCeGWU32CmlezT7+Go4M29SHvsRJyNbQ
U1pHaxoTIDiLp1zMgWuS3K+QOiduYpigcccMR23QkU7GMoG35HK9PHz10Iq7HXfM
KPWQU+ZXVL74QRls1Pu7l9ujhl4zk625IATVG3DTKFRZGlfCHrcO6Z3MlcMpPFnP
7ip8qpbgsgDMv3T9fXmE
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org