Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/d1085b4a-f573-42f3-825c-1cf0c872b152/0/3230322e31302e35372e302f32342d3234203d3e2039343632.roa
File:                     3230322e31302e35372e302f32342d3234203d3e2039343632.roa (raw, json)
Hash identifier:          /+EkV8PNk95J4hFTeCC9f4/izzfZ26U1iXrr0HFeyIY=
Subject key identifier:   16:9F:71:81:13:29:B7:5B:5B:98:F8:DC:B0:FB:8A:73:60:23:75:81
Certificate issuer:       /CN=B6EE1F61D6E8E9EEC640CCC1D791DBA124993CA3
Certificate serial:       79CA294F957EDB330D35E9DC1EB756F3E6A8F169
Authority key identifier: B6:EE:1F:61:D6:E8:E9:EE:C6:40:CC:C1:D7:91:DB:A1:24:99:3C:A3
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B6EE1F61D6E8E9EEC640CCC1D791DBA124993CA3.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/d1085b4a-f573-42f3-825c-1cf0c872b152/0/3230322e31302e35372e302f32342d3234203d3e2039343632.roa
Signing time:             Fri 19 May 2023 09:42:08 +0000
ROA not before:           Fri 19 May 2023 09:37:08 +0000
ROA not after:            Fri 17 May 2024 09:42:08 +0000
asID:                     9462
IP address blocks:        202.10.57.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:ca:29:4f:95:7e:db:33:0d:35:e9:dc:1e:b7:56:f3:e6:a8:f1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B6EE1F61D6E8E9EEC640CCC1D791DBA124993CA3
        Validity
            Not Before: May 19 09:37:08 2023 GMT
            Not After : May 17 09:42:08 2024 GMT
        Subject: CN=169F71811329B75B5B98F8DCB0FB8A7360237581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:9e:a2:1b:2f:8b:b9:14:c3:c4:92:0c:db:f1:
                    38:d5:09:fa:a4:84:d7:64:69:b3:13:5f:17:91:91:
                    2b:16:63:8e:0f:46:21:56:2d:3a:59:7a:71:49:d9:
                    50:b8:0e:c8:56:9e:af:eb:ac:45:05:6b:07:2c:33:
                    0a:b3:1d:28:57:78:05:95:cb:00:8a:4b:15:10:b0:
                    a7:3d:6f:ab:f9:89:87:bf:8f:59:43:3f:e3:1a:2e:
                    ed:0c:31:d9:c6:04:b3:f4:a6:b6:66:e2:f9:bd:09:
                    93:ed:e3:f5:b8:b2:b6:99:4e:51:b4:f6:77:d3:d0:
                    59:ac:90:e9:4d:45:ed:b2:61:5d:b6:e3:c1:ff:44:
                    26:55:64:1e:df:1c:4c:31:86:78:8e:8b:ea:42:a0:
                    b8:7c:93:fe:af:ea:d5:73:c9:4c:c0:3f:7b:d5:5e:
                    56:c9:50:48:f6:68:1a:0b:e7:69:80:0b:d4:e5:fe:
                    95:69:30:0c:e4:31:b2:bb:48:4a:aa:82:46:8f:d3:
                    34:a7:4d:16:e0:2c:f7:47:95:82:bd:7d:07:6a:5b:
                    04:e8:75:8a:7a:91:47:02:d3:c1:72:19:50:61:fe:
                    e1:d2:96:36:af:ba:9a:52:1a:d0:2c:02:18:63:82:
                    e6:76:72:d1:c8:93:79:58:00:b4:45:2e:46:91:8f:
                    f4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:9F:71:81:13:29:B7:5B:5B:98:F8:DC:B0:FB:8A:73:60:23:75:81
            X509v3 Authority Key Identifier:
                keyid:B6:EE:1F:61:D6:E8:E9:EE:C6:40:CC:C1:D7:91:DB:A1:24:99:3C:A3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/d1085b4a-f573-42f3-825c-1cf0c872b152/0/B6EE1F61D6E8E9EEC640CCC1D791DBA124993CA3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/B6EE1F61D6E8E9EEC640CCC1D791DBA124993CA3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/d1085b4a-f573-42f3-825c-1cf0c872b152/0/3230322e31302e35372e302f32342d3234203d3e2039343632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.10.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:2e:ad:63:59:21:5e:10:34:ad:70:64:50:f3:ce:28:12:c5:
         40:08:8b:1a:8e:6a:55:8b:ac:fe:48:55:5f:d0:dc:49:fc:78:
         95:b1:d5:20:4c:ec:50:9f:37:00:e5:c7:7f:ae:07:00:b3:f8:
         c9:2e:1d:5d:74:16:c1:77:73:85:b6:3f:75:31:00:4b:4b:e2:
         58:81:97:ad:fb:fa:f6:0f:e4:99:50:53:87:2b:d5:f3:fe:65:
         50:29:e8:5c:5d:6a:ed:93:e1:5d:a8:a0:60:2e:0e:7b:c3:ef:
         9c:09:8a:5e:f3:b7:31:73:8a:75:86:ac:0b:78:1f:7d:0a:a2:
         81:00:0b:c3:59:6f:67:3f:3c:48:83:93:61:57:c4:14:f3:25:
         d6:cc:4d:ae:c9:85:ac:0f:59:72:a0:9c:1c:f6:1c:8e:fb:6d:
         0d:ef:4e:71:26:89:6e:38:3b:9a:da:ae:31:a7:2d:df:3b:04:
         46:b8:72:22:ed:9c:44:40:5d:00:ed:18:d6:9e:ac:ad:5a:db:
         a8:d3:9f:03:4d:34:4c:9b:2a:74:54:49:c3:9c:50:f5:f2:62:
         75:a3:65:15:78:2c:18:67:54:b7:59:c9:56:30:63:01:f8:4f:
         2f:58:17:72:d5:73:4e:d5:8f:7f:2b:7a:d4:e3:f5:47:c7:e7:
         40:cb:3f:85
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUecopT5V+2zMNNencHrdW8+ao8WkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjZFRTFGNjFENkU4RTlFRUM2NDBDQ0MxRDc5MURCQTEy
NDk5M0NBMzAeFw0yMzA1MTkwOTM3MDhaFw0yNDA1MTcwOTQyMDhaMDMxMTAvBgNV
BAMTKDE2OUY3MTgxMTMyOUI3NUI1Qjk4RjhEQ0IwRkI4QTczNjAyMzc1ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxnqIbL4u5FMPEkgzb8TjVCfqk
hNdkabMTXxeRkSsWY44PRiFWLTpZenFJ2VC4DshWnq/rrEUFawcsMwqzHShXeAWV
ywCKSxUQsKc9b6v5iYe/j1lDP+MaLu0MMdnGBLP0prZm4vm9CZPt4/W4sraZTlG0
9nfT0FmskOlNRe2yYV2248H/RCZVZB7fHEwxhniOi+pCoLh8k/6v6tVzyUzAP3vV
XlbJUEj2aBoL52mAC9Tl/pVpMAzkMbK7SEqqgkaP0zSnTRbgLPdHlYK9fQdqWwTo
dYp6kUcC08FyGVBh/uHSljavuppSGtAsAhhjguZ2ctHIk3lYALRFLkaRj/SpAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUFp9xgRMpt1tbmPjcsPuKc2AjdYEwHwYDVR0j
BBgwFoAUtu4fYdbo6e7GQMzB15HboSSZPKMwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9k
MTA4NWI0YS1mNTczLTQyZjMtODI1Yy0xY2YwYzg3MmIxNTIvMC9CNkVFMUY2MUQ2
RThFOUVFQzY0MENDQzFENzkxREJBMTI0OTkzQ0EzLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQjZFRTFGNjFENkU4RTlFRUM2NDBDQ0MxRDc5MURCQTEyNDk5
M0NBMy5jZXIwgZ0GCCsGAQUFBwELBIGQMIGNMIGKBggrBgEFBQcwC4Z+cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vZDEwODViNGEtZjU3My00MmYzLTgy
NWMtMWNmMGM4NzJiMTUyLzAvMzIzMDMyMmUzMTMwMmUzNTM3MmUzMDJmMzIzNDJk
MzIzNDIwM2QzZTIwMzkzNDM2MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADKCjkwDQYJKoZIhvcNAQEL
BQADggEBAAUurWNZIV4QNK1wZFDzzigSxUAIixqOalWLrP5IVV/Q3En8eJWx1SBM
7FCfNwDlx3+uBwCz+MkuHV10FsF3c4W2P3UxAEtL4liBl637+vYP5JlQU4cr1fP+
ZVAp6Fxdau2T4V2ooGAuDnvD75wJil7ztzFzinWGrAt4H30KooEAC8NZb2c/PEiD
k2FXxBTzJdbMTa7JhawPWXKgnBz2HI77bQ3vTnEmiW44O5rarjGnLd87BEa4ciLt
nERAXQDtGNaerK1a26jTnwNNNEybKnRUScOcUPXyYnWjZRV4LBhnVLdZyVYwYwH4
Ty9YF3LVc07Vj38retTj9UfH50DLP4U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:16 2024 by rpki-client on console-fra.rpki-client.org