Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DQRnGfaayuFimqFG4xl2dp81Skk.roa
File:                     DQRnGfaayuFimqFG4xl2dp81Skk.roa (raw, json)
Hash identifier:          H+NEAS+vp6J9udjUw1dJUYcuFjjfLUgAVLhJ4UvmHi8=
Subject key identifier:   0D:04:67:19:F6:9A:CA:E1:62:9A:A1:46:E3:19:76:76:9F:35:4A:49
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018AF4257C019315DB55FB263BD11D80AEFA
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DQRnGfaayuFimqFG4xl2dp81Skk.roa
Signing time:             Tue 03 Oct 2023 06:06:51 +0000
ROA not before:           Tue 03 Oct 2023 06:06:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.129.108.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f4:25:7c:01:93:15:db:55:fb:26:3b:d1:1d:80:ae:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct  3 06:06:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0d046719f69acae1629aa146e31976769f354a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b2:3f:bd:c5:b3:4e:19:4f:73:70:b1:88:5e:
                    ac:66:ad:c7:42:d3:a2:b4:41:fc:30:2b:88:2b:df:
                    e9:16:71:7e:32:13:cd:52:aa:db:42:87:6b:9c:d0:
                    63:12:9c:8b:5a:bb:f9:28:32:ba:39:be:97:32:f9:
                    19:25:cc:1c:23:f0:7e:cf:9f:77:a6:9d:7c:95:5a:
                    a0:c1:60:9e:a5:69:3a:ea:d8:d6:9b:47:6b:8f:95:
                    fa:7c:d5:84:fe:09:cb:7a:07:0a:ec:70:bc:f2:c9:
                    e4:4d:1f:a3:ea:b3:21:23:d0:ab:72:d5:e6:6a:f5:
                    a4:96:4f:a6:b9:c9:61:c7:37:9a:69:49:53:45:9e:
                    bf:92:99:7b:53:2a:94:a6:a0:bc:21:33:ad:2d:76:
                    30:93:43:12:26:9b:8a:21:2d:a2:13:bc:1a:87:f2:
                    f9:db:75:4d:6d:ae:f2:cf:ce:de:70:b6:fe:40:43:
                    fc:77:4a:91:43:22:15:ea:23:a3:c3:dc:37:24:41:
                    08:a8:e6:35:ce:01:9e:39:c2:e6:3e:46:b2:be:dc:
                    04:12:7f:2d:4c:f5:9e:33:8f:bb:81:06:18:87:09:
                    57:59:2c:26:72:ac:e6:dd:86:e4:88:fa:39:db:85:
                    86:2b:ac:5c:3c:77:46:db:e5:6e:e1:54:20:6c:24:
                    60:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:04:67:19:F6:9A:CA:E1:62:9A:A1:46:E3:19:76:76:9F:35:4A:49
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/DQRnGfaayuFimqFG4xl2dp81Skk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d4:b8:19:c1:cf:d2:90:fc:58:34:4d:d5:61:81:84:2c:f4:97:
         bd:3c:00:27:c4:38:f2:fc:67:45:9e:9d:81:5b:29:16:7d:da:
         33:25:7c:de:e6:24:9f:a3:0d:bd:8e:ef:20:63:22:19:b0:4c:
         1c:f4:5e:8a:d2:f6:e4:e6:c5:65:27:3c:87:eb:fa:c6:94:41:
         22:38:62:43:12:9d:b2:20:39:c2:9f:9e:2c:94:53:e4:54:a6:
         37:b7:dc:82:3b:d3:08:73:9a:df:b0:20:8a:bb:f7:ce:b3:84:
         3a:45:c7:be:a3:af:48:55:39:70:48:8c:d2:33:5f:54:f1:d0:
         0e:c3:2c:99:d8:ff:c4:f3:83:0f:b5:0b:8d:51:42:8c:de:62:
         63:57:50:52:83:e1:d4:9f:2b:6c:93:b6:72:22:d5:05:76:7d:
         cf:69:44:6f:56:60:9a:b2:93:b4:4a:3b:d7:ac:8d:75:82:1f:
         d3:e6:11:c1:df:81:86:35:da:0c:c7:84:7b:92:9b:d0:cd:6a:
         09:6d:a5:df:34:bd:39:e8:d5:8e:e1:8a:22:f3:2c:09:a8:11:
         0e:fe:27:c7:94:ab:7d:de:1b:29:ac:79:d0:c9:8a:e5:51:22:
         76:17:2c:0d:0e:0a:78:32:e8:46:30:af:9f:0e:bc:41:de:c4:
         fb:1d:aa:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYr0JXwBkxXbVfsmO9EdgK76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMxMDAzMDYwNjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDA0NjcxOWY2OWFjYWUxNjI5YWExNDZlMzE5NzY3NjlmMzU0YTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbI/vcWzThlPc3CxiF6sZq3HQtOi
tEH8MCuIK9/pFnF+MhPNUqrbQodrnNBjEpyLWrv5KDK6Ob6XMvkZJcwcI/B+z593
pp18lVqgwWCepWk66tjWm0drj5X6fNWE/gnLegcK7HC88snkTR+j6rMhI9CrctXm
avWklk+muclhxzeaaUlTRZ6/kpl7UyqUpqC8ITOtLXYwk0MSJpuKIS2iE7wah/L5
23VNba7yz87ecLb+QEP8d0qRQyIV6iOjw9w3JEEIqOY1zgGeOcLmPkayvtwEEn8t
TPWeM4+7gQYYhwlXWSwmcqzm3YbkiPo524WGK6xcPHdG2+Vu4VQgbCRgMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0EZxn2msrhYpqhRuMZdnafNUpJMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRFFSbkdmYWF5dUZpbXFGRzR4bDJkcDgxU2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYFsMA0G
CSqGSIb3DQEBCwUAA4IBAQDUuBnBz9KQ/Fg0TdVhgYQs9Je9PAAnxDjy/GdFnp2B
WykWfdozJXze5iSfow29ju8gYyIZsEwc9F6K0vbk5sVlJzyH6/rGlEEiOGJDEp2y
IDnCn54slFPkVKY3t9yCO9MIc5rfsCCKu/fOs4Q6Rce+o69IVTlwSIzSM19U8dAO
wyyZ2P/E84MPtQuNUUKM3mJjV1BSg+HUnytsk7ZyItUFdn3PaURvVmCaspO0SjvX
rI11gh/T5hHB34GGNdoMx4R7kpvQzWoJbaXfNL056NWO4Yoi8ywJqBEO/ifHlKt9
3hsprHnQyYrlUSJ2FywNDgp4MuhGMK+fDrxB3sT7HapS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org