Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0OlpS81PUiMo36gTSXD2aKWCbHo.roa
File:                     0OlpS81PUiMo36gTSXD2aKWCbHo.roa (raw, json)
Hash identifier:          LoLqMXnIwvK2F3EEoQ3MxIziGf+S3nYT3nZqKV4xMlc=
Subject key identifier:   D0:E9:69:4B:CD:4F:52:23:28:DF:A8:13:49:70:F6:68:A5:82:6C:7A
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018653F2E5A3586DCF14AB9F66ADC1027F9D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0OlpS81PUiMo36gTSXD2aKWCbHo.roa
Signing time:             Wed 15 Feb 2023 07:21:12 +0000
ROA not before:           Wed 15 Feb 2023 07:21:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31732
IP address blocks:        82.97.240.0/20 maxlen: 24
                          5.34.208.0/20 maxlen: 24
                          185.220.236.0/22 maxlen: 24
                          188.209.155.0/24 maxlen: 24
                          45.137.180.0/22 maxlen: 24
                          213.173.32.0/22 maxlen: 24
                          185.129.108.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:53:f2:e5:a3:58:6d:cf:14:ab:9f:66:ad:c1:02:7f:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Feb 15 07:21:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d0e9694bcd4f522328dfa8134970f668a5826c7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:86:e6:ce:20:2d:5e:95:21:2d:49:7f:05:fd:
                    24:a2:52:ce:4e:25:9b:64:84:d0:d0:f8:fc:53:62:
                    61:41:71:19:7c:fe:79:72:96:4a:9d:f3:44:b0:79:
                    a4:bd:5e:dc:e2:78:ac:a5:16:14:c0:3c:df:82:39:
                    61:90:cd:51:63:0c:de:64:78:a3:ec:ab:64:68:4c:
                    d8:4d:74:74:de:4c:6c:ee:c5:e7:ba:dc:39:28:ed:
                    1a:d3:3f:4e:a0:87:92:6d:5f:a0:f7:1c:cb:8b:97:
                    9b:07:3b:8d:b6:04:51:fb:00:27:f6:99:ba:11:aa:
                    b8:a8:30:2d:9b:ca:85:92:4d:17:1a:88:c9:4d:6c:
                    02:64:03:91:97:9b:45:9f:d3:99:56:0c:5e:ea:16:
                    b8:dd:8f:4d:ca:ce:9a:9b:49:0a:78:6f:5f:6e:ba:
                    85:97:2a:93:b2:af:9a:41:e7:f5:d0:46:e6:53:32:
                    82:f8:bd:c8:94:80:c7:ba:41:99:12:38:da:6d:46:
                    2c:70:c5:9e:94:46:ca:61:55:43:9a:b4:b0:3c:03:
                    5a:44:d8:50:7e:0f:6a:04:a4:bf:00:ef:ba:94:40:
                    81:30:44:dd:11:fe:e4:a2:b6:42:e2:cd:35:52:2f:
                    c9:4f:d6:e5:93:55:0b:28:c8:8e:af:c3:b5:cf:9c:
                    2f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E9:69:4B:CD:4F:52:23:28:DF:A8:13:49:70:F6:68:A5:82:6C:7A
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0OlpS81PUiMo36gTSXD2aKWCbHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.208.0/20
                  45.137.180.0/22
                  82.97.240.0/20
                  185.129.108.0/22
                  185.220.236.0/22
                  188.209.155.0/24
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d8:2b:1e:3c:35:36:18:e6:69:9d:10:ce:c8:72:1f:c0:ee:79:
         8e:e4:dc:87:ce:80:08:48:77:df:67:19:ed:99:ec:a3:22:4e:
         03:85:9c:21:40:47:e3:2d:69:e8:c9:9e:07:4f:7c:d1:48:f3:
         35:33:a7:59:78:ed:56:b8:75:92:2a:e2:96:4c:e7:11:66:29:
         7e:17:62:16:66:a8:89:3f:40:fa:4c:20:f0:01:72:0f:01:b4:
         87:d2:b8:92:d9:ff:13:4a:3c:8c:63:62:42:d8:52:55:30:3b:
         6c:dc:62:84:eb:df:bb:fe:f9:07:40:f7:4b:5a:c2:db:ea:e1:
         c1:e1:86:f7:09:1a:16:c5:21:f4:99:d6:c3:7a:d2:68:26:f2:
         21:6e:b3:74:51:02:fd:ba:ac:41:fe:cc:20:46:e1:10:8f:71:
         95:29:3f:f1:09:ba:a4:35:b3:e0:1e:92:58:58:f7:ba:3b:f7:
         95:a2:82:65:22:c1:f5:b6:29:6d:95:d4:6f:35:21:7c:7c:70:
         27:5b:49:2a:05:96:ef:6e:01:bf:cb:d3:ca:92:2c:10:83:ee:
         8c:bd:d8:7c:f7:9b:af:51:64:c1:5d:d3:6f:a8:ce:32:4b:b1:
         89:04:1d:3f:27:85:59:30:c7:08:72:7f:fe:c0:e0:7c:63:5e:
         3d:19:c9:bb
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYZT8uWjWG3PFKufZq3BAn+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMjE1MDcyMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU5Njk0YmNkNGY1MjIzMjhkZmE4MTM0OTcwZjY2OGE1ODI2YzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuobmziAtXpUhLUl/Bf0kolLOTiWb
ZITQ0Pj8U2JhQXEZfP55cpZKnfNEsHmkvV7c4nispRYUwDzfgjlhkM1RYwzeZHij
7KtkaEzYTXR03kxs7sXnutw5KO0a0z9OoIeSbV+g9xzLi5ebBzuNtgRR+wAn9pm6
Eaq4qDAtm8qFkk0XGojJTWwCZAORl5tFn9OZVgxe6ha43Y9Nys6am0kKeG9fbrqF
lyqTsq+aQef10EbmUzKC+L3IlIDHukGZEjjabUYscMWelEbKYVVDmrSwPANaRNhQ
fg9qBKS/AO+6lECBMETdEf7korZC4s01Ui/JT9blk1ULKMiOr8O1z5wvewIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNDpaUvNT1IjKN+oE0lw9milgmx6MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvME9scFM4MVBVaU1vMzZnVFNYRDJhS1dDYkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQEBSLQAwQC
LYm0AwQEUmHwAwQCuYFsAwQCudzsAwQAvNGbAwQC1a0gMA0GCSqGSIb3DQEBCwUA
A4IBAQDYKx48NTYY5mmdEM7Ich/A7nmO5NyHzoAISHffZxntmeyjIk4DhZwhQEfj
LWnoyZ4HT3zRSPM1M6dZeO1WuHWSKuKWTOcRZil+F2IWZqiJP0D6TCDwAXIPAbSH
0riS2f8TSjyMY2JC2FJVMDts3GKE69+7/vkHQPdLWsLb6uHB4Yb3CRoWxSH0mdbD
etJoJvIhbrN0UQL9uqxB/swgRuEQj3GVKT/xCbqkNbPgHpJYWPe6O/eVooJlIsH1
tiltldRvNSF8fHAnW0kqBZbvbgG/y9PKkiwQg+6Mvdh895uvUWTBXdNvqM4yS7GJ
BB0/J4VZMMcIcn/+wOB8Y149Gcm7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org