Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Oo1bCUuvIisMPVxxLWmsMzdkiz4.roa
File:                     Oo1bCUuvIisMPVxxLWmsMzdkiz4.roa (raw, json)
Hash identifier:          ABaOl30tvuIKUVTv72PRAQvLXorfHe7AKk9s4T9IZ0c=
Subject key identifier:   3A:8D:5B:09:4B:AF:22:2B:0C:3D:5C:71:2D:69:AC:33:37:64:8B:3E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A74807ECC50FBCBF66A1C36BF08EDB6D9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Oo1bCUuvIisMPVxxLWmsMzdkiz4.roa
Signing time:             Fri 08 Sep 2023 11:14:52 +0000
ROA not before:           Fri 08 Sep 2023 11:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3214
IP address blocks:        87.120.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:74:80:7e:cc:50:fb:cb:f6:6a:1c:36:bf:08:ed:b6:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  8 11:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a8d5b094baf222b0c3d5c712d69ac3337648b3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3c:de:07:16:5b:0a:57:19:0a:28:ba:bf:b1:
                    f5:65:d8:1e:68:62:e7:82:bd:58:31:c1:dd:37:1a:
                    9e:a8:d5:03:76:74:d2:88:33:13:79:3d:d0:0a:e2:
                    70:7d:64:15:33:96:15:63:4e:81:da:90:b8:79:d9:
                    93:49:ea:6f:26:f3:4a:ff:d3:14:64:6a:bf:2f:f0:
                    00:d9:b4:37:c2:6f:36:1c:c8:52:38:5b:ee:cb:0d:
                    45:ff:a2:46:01:11:10:0a:b6:b1:f6:db:ea:24:67:
                    3d:6e:df:94:e8:9a:cc:5b:a7:0c:a1:08:41:e0:d7:
                    fc:79:e1:d4:d2:d5:2f:0e:49:08:17:cd:81:d3:7a:
                    30:8a:ee:c7:56:77:b0:01:1f:94:71:35:23:94:5b:
                    7f:26:04:52:12:61:e9:e4:f3:59:09:60:0e:a0:bb:
                    02:3b:08:ef:b2:06:da:c5:24:84:34:2b:6a:b0:75:
                    a6:8f:69:45:2a:a5:fe:d5:3c:a3:50:4e:12:d3:14:
                    8c:c4:9a:10:8d:07:f5:0f:da:62:b6:0a:24:4c:3d:
                    bd:e8:6e:c5:71:9b:7f:21:a3:67:31:dd:e7:8c:c4:
                    0e:d6:33:74:c5:71:fa:da:64:a7:85:ec:2f:70:56:
                    cf:7b:1c:42:94:e7:15:34:5b:7d:ed:ce:cc:86:10:
                    f7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:8D:5B:09:4B:AF:22:2B:0C:3D:5C:71:2D:69:AC:33:37:64:8B:3E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Oo1bCUuvIisMPVxxLWmsMzdkiz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e2:42:41:11:0e:db:38:be:c1:c1:eb:1b:cf:45:58:2a:f6:
         6d:03:3d:7a:fa:93:10:46:c5:21:e1:7e:ca:30:8c:12:c7:8f:
         a5:b4:3c:b9:e1:cc:75:09:31:5e:84:05:c4:a1:bf:40:0d:65:
         e2:02:7a:c3:f8:49:0d:d0:d8:0a:0d:1a:f4:43:5f:f0:ee:21:
         a4:f6:6d:f2:68:7d:0b:b8:4b:a6:aa:9f:b6:9c:57:ba:c9:f4:
         ca:eb:4e:d6:a8:c8:47:f2:ff:3d:29:b9:da:90:07:1c:6e:2e:
         51:90:ae:93:43:05:4e:de:64:69:0c:06:33:fe:ff:bb:0f:95:
         6d:bc:32:01:da:db:b9:ee:af:64:95:a0:89:af:11:ed:ed:18:
         c9:f1:db:a2:c8:cb:ee:cd:ac:c1:06:61:a0:5f:3d:5b:cf:c5:
         dd:49:71:a5:8f:a8:3f:58:4e:8b:a1:ee:2a:0c:53:80:ef:7a:
         a7:97:e5:a8:60:c1:0a:6b:2d:68:83:fd:14:37:77:ef:9b:94:
         5a:99:bf:46:96:98:17:34:75:59:4a:6f:b8:7e:01:54:72:0d:
         6e:bf:7d:7a:8d:1a:fb:3a:d5:14:e7:a1:cd:81:5c:a8:e5:0f:
         65:38:a5:08:78:7a:c9:57:5f:8e:b0:71:e1:f4:15:4f:48:97:
         b8:41:a6:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYp0gH7MUPvL9mocNr8I7bbZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTA4MTExNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYThkNWIwOTRiYWYyMjJiMGMzZDVjNzEyZDY5YWMzMzM3NjQ4YjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzzeBxZbClcZCii6v7H1ZdgeaGLn
gr1YMcHdNxqeqNUDdnTSiDMTeT3QCuJwfWQVM5YVY06B2pC4edmTSepvJvNK/9MU
ZGq/L/AA2bQ3wm82HMhSOFvuyw1F/6JGAREQCrax9tvqJGc9bt+U6JrMW6cMoQhB
4Nf8eeHU0tUvDkkIF82B03owiu7HVnewAR+UcTUjlFt/JgRSEmHp5PNZCWAOoLsC
OwjvsgbaxSSENCtqsHWmj2lFKqX+1TyjUE4S0xSMxJoQjQf1D9pitgokTD296G7F
cZt/IaNnMd3njMQO1jN0xXH62mSnhewvcFbPexxClOcVNFt97c7MhhD3OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqNWwlLryIrDD1ccS1prDM3ZIs+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT28xYkNVdXZJaXNNUFZ4eExXbXNNemRraXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3jaMA0G
CSqGSIb3DQEBCwUAA4IBAQB64kJBEQ7bOL7Bwesbz0VYKvZtAz16+pMQRsUh4X7K
MIwSx4+ltDy54cx1CTFehAXEob9ADWXiAnrD+EkN0NgKDRr0Q1/w7iGk9m3yaH0L
uEumqp+2nFe6yfTK607WqMhH8v89KbnakAccbi5RkK6TQwVO3mRpDAYz/v+7D5Vt
vDIB2tu57q9klaCJrxHt7RjJ8duiyMvuzazBBmGgXz1bz8XdSXGlj6g/WE6Loe4q
DFOA73qnl+WoYMEKay1og/0UN3fvm5Ramb9GlpgXNHVZSm+4fgFUcg1uv316jRr7
OtUU56HNgVyo5Q9lOKUIeHrJV1+OsHHh9BVPSJe4QaaN
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org