Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/J3MvnyoGRC9fQ8if8sAhatqzLn4.roa
File:                     J3MvnyoGRC9fQ8if8sAhatqzLn4.roa (raw, json)
Hash identifier:          AbZmYsOVICY7gLLLLRT2L9/GrBsKOrK6YgXQCXotf0o=
Subject key identifier:   27:73:2F:9F:2A:06:44:2F:5F:43:C8:9F:F2:C0:21:6A:DA:B3:2E:7E
Certificate issuer:       /CN=83991afcd455eb1b174fcf89f8e10eaf7f70b355
Certificate serial:       018571B9E5BAA278C978929164C3C867CCB2
Authority key identifier: 83:99:1A:FC:D4:55:EB:1B:17:4F:CF:89:F8:E1:0E:AF:7F:70:B3:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g5ka_NRV6xsXT8-J-OEOr39ws1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/J3MvnyoGRC9fQ8if8sAhatqzLn4.roa
Signing time:             Mon 02 Jan 2023 09:04:46 +0000
ROA not before:           Mon 02 Jan 2023 09:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203061
IP address blocks:        92.249.16.0/22 maxlen: 32
                          31.223.187.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b9:e5:ba:a2:78:c9:78:92:91:64:c3:c8:67:cc:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83991afcd455eb1b174fcf89f8e10eaf7f70b355
        Validity
            Not Before: Jan  2 09:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=27732f9f2a06442f5f43c89ff2c0216adab32e7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a3:30:7e:3b:40:7e:87:a5:cc:09:9b:60:23:
                    2b:d9:1d:24:1e:14:4b:a3:b6:3a:79:d7:98:43:73:
                    f1:e8:b2:bf:8e:ce:0a:6a:66:97:b4:5c:e3:6c:51:
                    11:9a:7d:13:62:06:58:05:ae:2f:eb:e0:6c:e0:21:
                    8e:b1:d7:aa:89:3c:6f:a8:7e:92:51:01:fd:0d:f9:
                    03:3c:66:de:9f:46:e8:96:04:2f:9b:64:4a:62:fe:
                    46:37:95:3f:7f:e1:d7:cd:aa:ac:38:5d:5b:3f:d3:
                    af:9d:dd:a6:7c:80:e2:76:7c:ed:2e:4e:e2:8a:0f:
                    8c:c4:45:3d:d4:84:03:6c:a6:16:de:8c:9a:43:86:
                    86:a0:2b:ed:84:2e:1c:b0:09:02:cc:89:aa:b7:94:
                    f9:0e:79:05:1e:be:b3:6f:9d:f7:3f:1a:6b:e5:a8:
                    9f:33:b0:c2:71:ef:04:14:01:ed:6b:d4:2c:5b:e4:
                    2e:97:38:6d:65:c4:2e:6b:f6:8e:82:05:27:bc:a7:
                    90:5c:97:b9:97:ac:96:f0:e4:8d:dd:e2:50:c5:4b:
                    40:a4:b5:2f:d2:d3:03:59:cb:b7:b8:a9:c1:0b:65:
                    b4:34:c4:da:d2:aa:85:ad:c6:95:9a:58:af:51:6f:
                    37:57:18:cf:ba:ed:ec:21:bb:da:24:14:90:8a:d5:
                    c1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:73:2F:9F:2A:06:44:2F:5F:43:C8:9F:F2:C0:21:6A:DA:B3:2E:7E
            X509v3 Authority Key Identifier:
                keyid:83:99:1A:FC:D4:55:EB:1B:17:4F:CF:89:F8:E1:0E:AF:7F:70:B3:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g5ka_NRV6xsXT8-J-OEOr39ws1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/J3MvnyoGRC9fQ8if8sAhatqzLn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/g5ka_NRV6xsXT8-J-OEOr39ws1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.187.0/24
                  92.249.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:b5:73:93:f3:8a:cb:e8:3d:95:ec:55:01:c8:69:ef:ee:80:
         46:7c:b3:5e:03:25:b4:24:49:50:88:59:2e:74:77:ea:72:4e:
         3b:b8:cf:39:ee:88:57:6a:df:09:da:14:34:2c:a7:65:3d:45:
         05:da:0f:51:fb:8b:e7:e0:a1:16:c7:4b:a4:36:2c:87:48:0c:
         e4:bf:30:9c:29:09:e9:35:b9:df:5f:27:54:cb:ad:c2:08:f5:
         96:4a:b3:d3:a2:95:84:19:b7:6f:bf:07:e6:32:29:cb:d2:d6:
         6d:c0:27:0b:4e:2e:3f:86:d6:3c:b7:a6:f2:a2:d0:f0:8f:5e:
         f4:ca:2e:05:ba:fd:2d:ae:f5:b2:c9:b0:7a:6d:6b:26:c7:9c:
         a4:f7:0d:00:a3:31:e2:15:ab:d5:50:1f:ab:1d:4a:bc:1e:11:
         e8:b5:25:9b:d6:ae:e6:b9:be:31:7b:24:33:d2:7d:76:cb:1d:
         2a:55:ec:e7:1e:49:76:d1:aa:99:cc:ad:ff:6e:ec:8a:de:ee:
         d9:46:a5:ad:ee:e5:12:3f:e2:2b:c1:50:92:02:26:25:a5:84:
         27:35:e3:14:88:26:55:47:c0:47:a8:ee:9e:86:cd:80:f1:64:
         9f:d1:c2:5e:2e:c3:83:bf:cf:08:98:c5:77:4b:de:1c:1a:8e:
         0f:fe:44:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxueW6onjJeJKRZMPIZ8yyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOTkxYWZjZDQ1NWViMWIxNzRmY2Y4OWY4ZTEwZWFmN2Y3
MGIzNTUwHhcNMjMwMTAyMDkwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzczMmY5ZjJhMDY0NDJmNWY0M2M4OWZmMmMwMjE2YWRhYjMyZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaMwfjtAfoelzAmbYCMr2R0kHhRL
o7Y6edeYQ3Px6LK/js4KamaXtFzjbFERmn0TYgZYBa4v6+Bs4CGOsdeqiTxvqH6S
UQH9DfkDPGben0bolgQvm2RKYv5GN5U/f+HXzaqsOF1bP9Ovnd2mfIDidnztLk7i
ig+MxEU91IQDbKYW3oyaQ4aGoCvthC4csAkCzImqt5T5DnkFHr6zb533Pxpr5aif
M7DCce8EFAHta9QsW+QulzhtZcQua/aOggUnvKeQXJe5l6yW8OSN3eJQxUtApLUv
0tMDWcu3uKnBC2W0NMTa0qqFrcaVmlivUW83VxjPuu3sIbvaJBSQitXBZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCdzL58qBkQvX0PIn/LAIWrasy5+MB8GA1UdIwQY
MBaAFIOZGvzUVesbF0/PifjhDq9/cLNVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzVrYV9OUlY2eHNYVDgtSi1PRU9yMzl3czFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS82OWVkMjktYWY0ZS00NTI0LWFkZmIt
ZTE1NDM3MzgwMDk5LzEvSjNNdm55b0dSQzlmUThpZjhzQWhhdHF6TG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS82OWVkMjktYWY0ZS00NTI0LWFkZmItZTE1NDM3MzgwMDk5
LzEvZzVrYV9OUlY2eHNYVDgtSi1PRU9yMzl3czFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH9+7AwQC
XPkQMA0GCSqGSIb3DQEBCwUAA4IBAQAPtXOT84rL6D2V7FUByGnv7oBGfLNeAyW0
JElQiFkudHfqck47uM857ohXat8J2hQ0LKdlPUUF2g9R+4vn4KEWx0ukNiyHSAzk
vzCcKQnpNbnfXydUy63CCPWWSrPTopWEGbdvvwfmMinL0tZtwCcLTi4/htY8t6by
otDwj170yi4Fuv0trvWyybB6bWsmx5yk9w0AozHiFavVUB+rHUq8HhHotSWb1q7m
ub4xeyQz0n12yx0qVeznHkl20aqZzK3/buyK3u7ZRqWt7uUSP+IrwVCSAiYlpYQn
NeMUiCZVR8BHqO6ehs2A8WSf0cJeLsODv88ImMV3S94cGo4P/kTZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:07 2024 by rpki-client on console-fra.rpki-client.org