Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2719whoxZ6vSmFyg9zKE98kO47Y.roa
File:                     2719whoxZ6vSmFyg9zKE98kO47Y.roa (raw, json)
Hash identifier:          D5/V4v79qWvE2eNfv8y/PvUep8EzDJz53Mkd3b0IDr8=
Subject key identifier:   DB:BD:7D:C2:1A:31:67:AB:D2:98:5C:A0:F7:32:84:F7:C9:0E:E3:B6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0188AFE958273674F90D94D6FD12DA7D7458
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2719whoxZ6vSmFyg9zKE98kO47Y.roa
Signing time:             Mon 12 Jun 2023 14:01:25 +0000
ROA not before:           Mon 12 Jun 2023 14:01:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213200
IP address blocks:        81.161.231.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:af:e9:58:27:36:74:f9:0d:94:d6:fd:12:da:7d:74:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 12 14:01:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbbd7dc21a3167abd2985ca0f73284f7c90ee3b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a9:84:b6:1c:17:d5:3c:41:7a:2b:12:a6:f5:
                    db:23:31:8a:02:20:32:ee:36:00:8f:fd:eb:88:ce:
                    23:a4:ff:09:82:2c:8d:70:4c:1b:ac:3f:6a:18:2c:
                    70:3c:23:33:8e:60:6a:a9:8c:d6:50:55:9c:46:fd:
                    4a:f1:50:07:46:e4:5b:fe:12:3e:16:c7:89:8d:54:
                    8f:94:b6:ee:b4:94:93:47:e4:4c:94:d7:fd:fd:48:
                    6d:52:ca:e2:e5:d5:0d:4b:dd:c4:78:68:ec:ff:3b:
                    ce:6b:bc:a6:e0:ae:39:b4:57:f3:9d:66:c4:da:7d:
                    0b:8c:8d:69:3a:8e:a7:3c:f2:39:2e:22:27:0f:de:
                    f0:dd:bf:d8:70:a7:12:18:c9:9d:7e:f2:51:b3:59:
                    2e:6a:2a:37:be:be:b6:ad:30:ba:73:55:72:00:db:
                    0e:cc:49:42:d7:b2:3e:97:e4:3e:63:21:27:52:4c:
                    b9:d0:4f:0b:80:fd:0d:4b:bd:25:67:3a:8b:92:47:
                    56:d6:01:e8:53:4d:45:b7:84:1f:dc:b1:57:83:a3:
                    c8:97:2a:bc:9d:1e:33:06:b8:5c:ed:fb:9b:2c:c4:
                    35:76:d6:1a:63:bd:94:a1:97:b4:c4:a7:54:2b:49:
                    35:15:c7:ed:bb:c3:56:9e:69:3b:59:27:97:fb:7c:
                    f7:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:BD:7D:C2:1A:31:67:AB:D2:98:5C:A0:F7:32:84:F7:C9:0E:E3:B6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2719whoxZ6vSmFyg9zKE98kO47Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.231.0/24
                  87.121.59.0/24
                  93.123.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:c3:58:64:3f:a8:f3:6e:4c:ed:c8:79:64:76:de:f2:98:59:
         5b:3e:ef:57:b9:05:68:75:4f:2e:2f:f9:54:2f:a6:49:24:56:
         05:0b:f2:ee:f2:ae:1e:4e:06:1c:7f:57:d3:be:8c:b3:37:d0:
         56:2a:22:64:70:73:a7:86:79:74:d5:84:0d:45:fc:76:a8:1c:
         58:97:f6:0f:ee:54:35:a0:1c:26:a3:df:18:9d:fe:99:03:8f:
         b7:bf:6c:89:f8:8c:cf:39:60:ce:17:d6:f2:9e:3a:f5:cc:ad:
         93:4c:8d:82:a2:22:14:e5:48:40:25:81:87:d7:1e:dd:a9:fa:
         7c:bd:81:02:33:76:2c:6c:82:44:a4:61:ef:f9:4e:c7:f4:fe:
         5a:52:6f:4a:73:53:2b:f4:b2:16:6f:b1:b9:ae:35:1e:38:19:
         f2:a4:2a:bb:cd:5e:ef:0d:ad:a7:0d:64:b6:79:c5:aa:1b:71:
         73:f4:d8:f0:ab:93:fb:f9:7b:90:44:0b:7c:78:fe:a5:0b:ee:
         15:b4:82:72:73:0c:dc:c6:2a:57:80:df:96:f7:ef:18:ee:54:
         62:c8:2b:f6:12:6a:50:f7:c4:6d:79:6e:5a:d0:7b:b5:48:a9:
         80:52:f8:b9:4b:f2:fe:76:fa:b0:bf:93:92:1e:39:1d:fc:c4:
         6b:11:c7:36
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYiv6VgnNnT5DZTW/RLafXRYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjEyMTQwMTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmJkN2RjMjFhMzE2N2FiZDI5ODVjYTBmNzMyODRmN2M5MGVlM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6mEthwX1TxBeisSpvXbIzGKAiAy
7jYAj/3riM4jpP8JgiyNcEwbrD9qGCxwPCMzjmBqqYzWUFWcRv1K8VAHRuRb/hI+
FseJjVSPlLbutJSTR+RMlNf9/UhtUsri5dUNS93EeGjs/zvOa7ym4K45tFfznWbE
2n0LjI1pOo6nPPI5LiInD97w3b/YcKcSGMmdfvJRs1kuaio3vr62rTC6c1VyANsO
zElC17I+l+Q+YyEnUky50E8LgP0NS70lZzqLkkdW1gHoU01Ft4Qf3LFXg6PIlyq8
nR4zBrhc7fubLMQ1dtYaY72UoZe0xKdUK0k1Fcftu8NWnmk7WSeX+3z3UQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNu9fcIaMWer0phcoPcyhPfJDuO2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMjcxOXdob3haNnZTbUZ5Zzl6S0U5OGtPNDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUaHnAwQA
V3k7AwQAXXtVMA0GCSqGSIb3DQEBCwUAA4IBAQB0w1hkP6jzbkztyHlkdt7ymFlb
Pu9XuQVodU8uL/lUL6ZJJFYFC/Lu8q4eTgYcf1fTvoyzN9BWKiJkcHOnhnl01YQN
Rfx2qBxYl/YP7lQ1oBwmo98Ynf6ZA4+3v2yJ+IzPOWDOF9bynjr1zK2TTI2CoiIU
5UhAJYGH1x7dqfp8vYECM3YsbIJEpGHv+U7H9P5aUm9Kc1Mr9LIWb7G5rjUeOBny
pCq7zV7vDa2nDWS2ecWqG3Fz9Njwq5P7+XuQRAt8eP6lC+4VtIJycwzcxipXgN+W
9+8Y7lRiyCv2EmpQ98RteW5a0Hu1SKmAUvi5S/L+dvqwv5OSHjkd/MRrEcc2
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org