Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/5EDCgZdgzST7wt32coBL_MGwTLs.roa
File:                     5EDCgZdgzST7wt32coBL_MGwTLs.roa (raw, json)
Hash identifier:          IZa515U/bR9BxSwo5IxSu2+HzrevDBQjibTptHK/p5I=
Subject key identifier:   E4:40:C2:81:97:60:CD:24:FB:C2:DD:F6:72:80:4B:FC:C1:B0:4C:BB
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018DC73955C6A0AEA775C66DF9DCD5059A12
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/5EDCgZdgzST7wt32coBL_MGwTLs.roa
Signing time:             Tue 20 Feb 2024 15:53:59 +0000
ROA not before:           Tue 20 Feb 2024 15:53:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206509
IP address blocks:        62.164.128.0/18 maxlen: 18
                          62.164.192.0/21 maxlen: 21
                          86.54.0.0/16 maxlen: 16
                          193.108.169.0/24 maxlen: 24
                          194.164.97.0/24 maxlen: 24
                          194.164.114.0/24 maxlen: 24
                          194.164.181.0/24 maxlen: 24
                          195.200.0.0/19 maxlen: 19
                          213.254.171.0/24 maxlen: 24
                          213.254.178.0/24 maxlen: 24
                          213.254.185.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:39:55:c6:a0:ae:a7:75:c6:6d:f9:dc:d5:05:9a:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Feb 20 15:53:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e440c2819760cd24fbc2ddf672804bfcc1b04cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:eb:7e:de:d7:46:1e:dc:f4:fd:f5:03:29:86:
                    92:47:b3:73:c1:8b:8f:c2:7b:1e:b1:3f:5e:a9:4a:
                    fb:66:34:c3:13:16:da:91:06:63:7a:a4:f1:21:b8:
                    30:11:ab:c4:74:83:57:c2:da:58:24:32:ff:01:a6:
                    de:75:3b:3c:c3:2f:25:90:3a:bc:83:31:f4:42:f2:
                    71:00:8d:ac:95:95:e7:24:b2:2d:0e:c7:fc:33:dd:
                    d0:53:f1:4f:6c:97:a2:de:fd:01:22:37:7c:ed:f1:
                    b4:68:5d:29:ce:4d:48:db:90:ce:27:2c:e6:b1:a3:
                    57:05:27:12:75:13:fb:e3:43:42:67:fb:8b:8f:9b:
                    2f:2f:ce:1d:12:8d:1c:7b:2a:f9:59:c2:8c:20:30:
                    b2:52:12:6f:dd:9c:24:aa:0a:ab:d3:66:65:66:2e:
                    0e:7a:f9:a6:7e:cc:62:93:e6:1c:4b:fe:35:83:5b:
                    f8:72:0a:5a:90:18:4e:75:fc:24:ac:96:c4:5e:41:
                    5e:c4:0c:63:16:d8:99:6e:d9:80:23:ef:eb:56:21:
                    81:42:ae:72:dd:05:98:d0:a5:2f:00:92:3d:bc:00:
                    fd:c8:1e:0d:f2:39:ab:aa:81:1c:4d:d3:8a:0c:ef:
                    0c:45:8c:46:0b:6b:10:b7:67:c3:8e:be:ec:06:ac:
                    a6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:40:C2:81:97:60:CD:24:FB:C2:DD:F6:72:80:4B:FC:C1:B0:4C:BB
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/5EDCgZdgzST7wt32coBL_MGwTLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0-62.164.199.255
                  86.54.0.0/16
                  193.108.169.0/24
                  194.164.97.0/24
                  194.164.114.0/24
                  194.164.181.0/24
                  195.200.0.0/19
                  213.254.171.0/24
                  213.254.178.0/24
                  213.254.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:7c:8a:2b:ae:91:1c:81:9a:9e:31:6f:d8:0e:33:e8:01:c7:
         be:c2:52:a2:60:96:0a:f6:f3:13:e9:9a:b7:73:22:f6:1d:8b:
         7f:23:dc:2c:16:35:3f:81:78:8b:35:83:73:5b:01:6a:ac:0c:
         d2:e1:4a:c3:1d:16:0d:9f:36:26:41:09:05:d3:99:58:17:0f:
         f6:ed:ad:48:aa:2d:95:dd:68:85:bc:30:a6:50:1b:8a:5f:0f:
         ca:9c:e2:b8:c4:44:6a:da:8f:9a:02:2d:7f:08:06:14:59:e6:
         22:9b:15:a7:ab:3e:52:88:e3:92:01:27:93:5c:38:36:29:ca:
         46:b8:3e:be:93:ef:05:70:78:f2:42:40:27:bf:d0:23:c5:c5:
         71:55:a4:9e:07:e6:e0:bb:b0:05:28:85:19:49:75:8c:3d:5c:
         b9:70:d5:ee:af:89:6d:6c:05:48:b9:f0:e2:4e:e6:20:31:07:
         cf:8b:ed:65:8d:ad:0f:7c:28:55:b8:fd:c4:e9:e5:6d:5a:66:
         bd:89:48:70:bc:a8:b3:86:f0:9c:72:8b:b2:63:09:1f:f8:ed:
         80:0b:3e:aa:0b:fd:48:50:8e:c6:87:b1:5c:b8:36:20:f5:43:
         de:7e:3d:6a:a8:04:70:3f:5c:b0:fb:3e:5b:a2:06:a1:66:4a:
         5d:c4:dc:66
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAY3HOVXGoK6ndcZt+dzVBZoSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjIwMTU1MzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDQwYzI4MTk3NjBjZDI0ZmJjMmRkZjY3MjgwNGJmY2MxYjA0Y2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzut+3tdGHtz0/fUDKYaSR7NzwYuP
wnsesT9eqUr7ZjTDExbakQZjeqTxIbgwEavEdINXwtpYJDL/AabedTs8wy8lkDq8
gzH0QvJxAI2slZXnJLItDsf8M93QU/FPbJei3v0BIjd87fG0aF0pzk1I25DOJyzm
saNXBScSdRP740NCZ/uLj5svL84dEo0ceyr5WcKMIDCyUhJv3Zwkqgqr02ZlZi4O
evmmfsxik+YcS/41g1v4cgpakBhOdfwkrJbEXkFexAxjFtiZbtmAI+/rViGBQq5y
3QWY0KUvAJI9vAD9yB4N8jmrqoEcTdOKDO8MRYxGC2sQt2fDjr7sBqymtQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFORAwoGXYM0k+8Ld9nKAS/zBsEy7MB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvNUVEQ2daZGd6U1Q3d3QzMmNvQkxfTUd3VExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAATBDMAwDBAc+pIAD
BAM+pMADAwBWNgMEAMFsqQMEAMKkYQMEAMKkcgMEAMKktQMEBcPIAAMEANX+qwME
ANX+sgMEANX+uTANBgkqhkiG9w0BAQsFAAOCAQEAB3yKK66RHIGanjFv2A4z6AHH
vsJSomCWCvbzE+mat3Mi9h2LfyPcLBY1P4F4izWDc1sBaqwM0uFKwx0WDZ82JkEJ
BdOZWBcP9u2tSKotld1ohbwwplAbil8PypziuMREatqPmgItfwgGFFnmIpsVp6s+
UojjkgEnk1w4NinKRrg+vpPvBXB48kJAJ7/QI8XFcVWkngfm4LuwBSiFGUl1jD1c
uXDV7q+JbWwFSLnw4k7mIDEHz4vtZY2tD3woVbj9xOnlbVpmvYlIcLyos4bwnHKL
smMJH/jtgAs+qgv9SFCOxoexXLg2IPVD3n49aqgEcD9csPs+W6IGoWZKXcTcZg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:16 2024 by rpki-client on console-fra.rpki-client.org