Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ChtLkIj3moPYcgQghaTnaGDzvLw.roa
File:                     ChtLkIj3moPYcgQghaTnaGDzvLw.roa (raw, json)
Hash identifier:          oLI/hIJHOoiCDFlJhYPo253H8woK29iKIC+AZ2wZbOc=
Subject key identifier:   0A:1B:4B:90:88:F7:9A:83:D8:72:04:20:85:A4:E7:68:60:F3:BC:BC
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018AA031743AFC7350C68354EC3101544CF7
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ChtLkIj3moPYcgQghaTnaGDzvLw.roa
Signing time:             Sat 16 Sep 2023 22:51:50 +0000
ROA not before:           Sat 16 Sep 2023 22:51:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.115.0.0/21 maxlen: 24
                          185.129.108.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a0:31:74:3a:fc:73:50:c6:83:54:ec:31:01:54:4c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Sep 16 22:51:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a1b4b9088f79a83d872042085a4e76860f3bcbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c4:5a:4e:09:e2:ef:69:b5:c0:8a:46:8a:8c:
                    f4:bf:ee:fd:3e:19:86:77:cc:39:b7:59:22:73:d5:
                    ee:2e:9c:33:af:40:a9:34:b7:16:40:3d:04:36:ca:
                    08:f5:12:9c:b3:a4:97:7d:a9:d4:d2:27:cc:fa:b7:
                    5a:78:e8:f0:4f:2e:73:97:1a:5a:87:86:f2:55:61:
                    39:33:d8:7a:35:fb:b7:b2:e0:fa:d2:a8:b0:8b:8c:
                    b4:f6:a1:15:7c:b3:8e:ec:8c:d7:f5:78:b6:ea:13:
                    13:71:ba:b8:c0:f7:25:2d:5d:de:3d:f3:cb:30:d6:
                    66:a4:f6:15:99:b3:b9:d5:80:33:3e:3c:af:82:ff:
                    34:e9:e2:df:a1:8f:b4:77:46:30:31:fd:b3:eb:37:
                    9f:5a:af:ad:2f:06:24:ba:02:af:89:49:14:15:47:
                    f4:90:93:13:b7:b4:34:11:1b:a3:18:f8:1b:6b:33:
                    f6:08:bb:32:f5:46:57:03:0a:ed:b1:4b:15:84:a4:
                    e1:18:98:12:e7:5d:6e:22:f3:9e:c1:c2:fa:04:86:
                    80:42:e5:35:a4:ef:d2:4f:22:0e:d8:78:a5:9f:ec:
                    fa:93:2b:7c:bb:84:41:a3:ee:dc:be:14:88:78:3c:
                    82:c1:10:3a:f1:27:6c:75:42:b3:f2:81:c6:e0:96:
                    5c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:1B:4B:90:88:F7:9A:83:D8:72:04:20:85:A4:E7:68:60:F3:BC:BC
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ChtLkIj3moPYcgQghaTnaGDzvLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.0.0/21
                  185.129.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:f8:d0:29:85:e3:37:75:4c:e6:18:73:94:84:61:93:36:e6:
         46:4e:3d:5a:57:74:f1:7f:52:ac:d1:85:b4:c3:14:e3:34:1f:
         c1:63:9d:42:9c:79:8b:e5:50:ec:81:18:63:8d:29:02:52:27:
         03:3c:ab:d1:31:fd:d6:09:8f:a0:5c:50:5c:82:30:e3:97:7d:
         ac:2f:d1:73:f9:35:f3:97:82:e3:58:a7:d3:c9:6f:ea:9e:ee:
         78:3e:6f:f4:6f:74:26:6c:8e:37:72:bf:b0:0a:22:67:3d:63:
         98:44:85:4c:70:19:c3:35:82:36:db:c7:c4:55:94:4b:7e:df:
         5d:17:1d:9e:0b:0d:66:2f:9a:3b:07:ac:82:11:48:f2:7d:85:
         52:38:e9:b8:4a:5d:39:01:c2:fa:9b:3e:2b:80:2e:57:f9:4a:
         2e:02:73:b7:b4:77:d5:ee:cc:69:90:20:af:e5:e4:bd:1a:3a:
         18:25:d6:47:11:b8:3b:4a:e2:db:d6:96:4e:00:a3:cf:bf:fb:
         8e:5f:a1:e3:19:74:ce:3a:b2:92:6b:3b:d0:7b:14:90:1b:70:
         27:ee:ce:23:f2:60:c6:9f:2d:ce:e5:4d:f1:6d:f8:3e:fe:61:
         19:dc:6b:28:4f:11:3e:3e:cd:1d:36:e1:1e:e8:51:37:0b:37:
         70:54:0e:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYqgMXQ6/HNQxoNU7DEBVEz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwOTE2MjI1MTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTFiNGI5MDg4Zjc5YTgzZDg3MjA0MjA4NWE0ZTc2ODYwZjNiY2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8RaTgni72m1wIpGioz0v+79PhmG
d8w5t1kic9XuLpwzr0CpNLcWQD0ENsoI9RKcs6SXfanU0ifM+rdaeOjwTy5zlxpa
h4byVWE5M9h6Nfu3suD60qiwi4y09qEVfLOO7IzX9Xi26hMTcbq4wPclLV3ePfPL
MNZmpPYVmbO51YAzPjyvgv806eLfoY+0d0YwMf2z6zefWq+tLwYkugKviUkUFUf0
kJMTt7Q0ERujGPgbazP2CLsy9UZXAwrtsUsVhKThGJgS511uIvOewcL6BIaAQuU1
pO/STyIO2Hiln+z6kyt8u4RBo+7cvhSIeDyCwRA68SdsdUKz8oHG4JZcLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAobS5CI95qD2HIEIIWk52hg87y8MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQ2h0TGtJajNtb1BZY2dRZ2hhVG5hR0R6dkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUnMAAwQB
uYFsMA0GCSqGSIb3DQEBCwUAA4IBAQAi+NApheM3dUzmGHOUhGGTNuZGTj1aV3Tx
f1Ks0YW0wxTjNB/BY51CnHmL5VDsgRhjjSkCUicDPKvRMf3WCY+gXFBcgjDjl32s
L9Fz+TXzl4LjWKfTyW/qnu54Pm/0b3QmbI43cr+wCiJnPWOYRIVMcBnDNYI228fE
VZRLft9dFx2eCw1mL5o7B6yCEUjyfYVSOOm4Sl05AcL6mz4rgC5X+UouAnO3tHfV
7sxpkCCv5eS9GjoYJdZHEbg7SuLb1pZOAKPPv/uOX6HjGXTOOrKSazvQexSQG3An
7s4j8mDGny3O5U3xbfg+/mEZ3GsoTxE+Ps0dNuEe6FE3CzdwVA7y
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org