Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Sjf5LppVxfIVWT86YB2imCAhwIU.roa
File:                     Sjf5LppVxfIVWT86YB2imCAhwIU.roa (raw, json)
Hash identifier:          LKP7Bb5k3cqbwQHYjUMogsEId83PEGzfr73qjwHDoro=
Subject key identifier:   4A:37:F9:2E:9A:55:C5:F2:15:59:3F:3A:60:1D:A2:98:20:21:C0:85
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018698304D167A66C7A99A2F5FC0D12CBCFA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Sjf5LppVxfIVWT86YB2imCAhwIU.roa
Signing time:             Tue 28 Feb 2023 13:22:27 +0000
ROA not before:           Tue 28 Feb 2023 13:22:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43561
IP address blocks:        31.13.252.0/24 maxlen: 24
                          31.13.253.0/24 maxlen: 24
                          31.13.254.0/24 maxlen: 24
                          31.13.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:98:30:4d:16:7a:66:c7:a9:9a:2f:5f:c0:d1:2c:bc:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 28 13:22:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a37f92e9a55c5f215593f3a601da2982021c085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:22:76:7e:69:83:81:bd:73:6f:c4:72:b6:ce:
                    34:27:b7:01:3a:47:95:d5:fa:aa:8e:46:b6:da:ad:
                    f4:b9:38:97:52:bd:ff:e5:5f:a8:c3:04:1f:97:a8:
                    69:b8:85:2d:86:59:7a:68:5d:bd:1f:5d:70:a4:50:
                    e3:89:44:a0:8e:ff:4d:0d:fc:62:12:48:9a:8e:18:
                    de:ce:e9:11:d6:7f:03:59:de:c1:4b:0e:28:53:84:
                    bd:76:62:e1:96:f5:3d:3c:7c:69:72:89:da:b5:56:
                    13:38:26:d9:1b:e5:20:d3:4e:b6:ca:c9:17:9d:fd:
                    87:c9:9a:41:46:8e:ff:1d:e2:9f:07:f2:16:58:d9:
                    9c:e1:1e:9e:f2:c0:cf:b1:42:8a:3b:28:83:08:cd:
                    f6:9b:c7:60:d9:03:1f:fe:8a:72:f3:0c:01:67:0c:
                    77:06:15:cd:be:60:1e:47:a2:57:49:47:03:2f:03:
                    6c:95:95:e6:6b:c3:cf:c3:87:8b:bf:fd:03:6b:91:
                    1a:fe:ee:d7:91:0b:ff:6b:a8:a3:a1:c9:a1:43:5e:
                    b9:78:3b:ea:9f:21:60:2a:44:64:e7:37:6b:b9:eb:
                    b1:b1:c9:55:71:66:9e:b0:5e:67:35:72:0f:84:b3:
                    51:dc:24:21:51:4e:e3:0a:bb:52:14:8b:06:2a:de:
                    c3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:37:F9:2E:9A:55:C5:F2:15:59:3F:3A:60:1D:A2:98:20:21:C0:85
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Sjf5LppVxfIVWT86YB2imCAhwIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:4c:cb:18:81:e3:88:f4:d3:35:69:13:06:6e:52:be:37:0b:
         ac:25:82:7e:ac:14:11:33:21:e6:1c:26:6a:8c:0e:2b:cc:3e:
         11:ca:1a:f9:b9:5c:c8:45:b2:27:e7:cc:85:9f:5c:6a:71:64:
         0d:1c:b4:37:ec:82:76:b1:8e:41:8a:d0:1d:41:4e:03:65:a7:
         77:a2:ad:30:f3:25:da:35:bb:22:4c:82:df:dd:fd:3c:35:26:
         5d:00:6f:f8:d6:a8:06:40:bb:dc:6d:ad:10:87:d6:91:cb:91:
         a8:48:b8:1c:12:ae:a0:d5:23:9c:48:b2:14:ea:91:47:88:67:
         ee:b8:8e:05:74:01:b4:27:67:8c:38:de:7d:4a:52:a5:99:ca:
         6c:6a:9f:e7:33:31:f2:86:87:ad:0d:c0:8c:c7:8c:60:5b:f6:
         6e:69:da:09:23:74:a4:57:75:d3:87:20:f6:3b:8a:45:85:13:
         c4:22:3b:02:0d:04:b1:9e:08:0a:6c:f5:b9:56:59:2d:e8:8d:
         87:64:9a:e9:c0:01:da:f4:7c:75:47:a0:97:28:36:c0:3d:93:
         58:ba:6b:df:c0:23:98:b0:68:3f:ba:8a:d2:24:35:ef:2f:07:
         de:8c:fa:d0:4d:2d:70:72:57:6e:f7:de:5a:78:b9:2f:19:ad:
         a6:56:3e:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYaYME0WembHqZovX8DRLLz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjI4MTMyMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTM3ZjkyZTlhNTVjNWYyMTU1OTNmM2E2MDFkYTI5ODIwMjFjMDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCJ2fmmDgb1zb8Ryts40J7cBOkeV
1fqqjka22q30uTiXUr3/5V+owwQfl6hpuIUthll6aF29H11wpFDjiUSgjv9NDfxi
EkiajhjezukR1n8DWd7BSw4oU4S9dmLhlvU9PHxpconatVYTOCbZG+Ug0062yskX
nf2HyZpBRo7/HeKfB/IWWNmc4R6e8sDPsUKKOyiDCM32m8dg2QMf/opy8wwBZwx3
BhXNvmAeR6JXSUcDLwNslZXma8PPw4eLv/0Da5Ea/u7XkQv/a6ijocmhQ165eDvq
nyFgKkRk5zdrueuxsclVcWaesF5nNXIPhLNR3CQhUU7jCrtSFIsGKt7DqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEo3+S6aVcXyFVk/OmAdopggIcCFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvU2pmNUxwcFZ4ZklWV1Q4NllCMmltQ0Fod0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHw38MA0G
CSqGSIb3DQEBCwUAA4IBAQBpTMsYgeOI9NM1aRMGblK+NwusJYJ+rBQRMyHmHCZq
jA4rzD4Ryhr5uVzIRbIn58yFn1xqcWQNHLQ37IJ2sY5BitAdQU4DZad3oq0w8yXa
NbsiTILf3f08NSZdAG/41qgGQLvcba0Qh9aRy5GoSLgcEq6g1SOcSLIU6pFHiGfu
uI4FdAG0J2eMON59SlKlmcpsap/nMzHyhoetDcCMx4xgW/ZuadoJI3SkV3XThyD2
O4pFhRPEIjsCDQSxnggKbPW5Vlkt6I2HZJrpwAHa9Hx1R6CXKDbAPZNYumvfwCOY
sGg/uorSJDXvLwfejPrQTS1wcldu995aeLkvGa2mVj64
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:33 2024 by rpki-client on console-ams.rpki-client.org