Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/T2Oe8f_FyPwHUTdQBPXIycWU9_g.roa
File:                     T2Oe8f_FyPwHUTdQBPXIycWU9_g.roa (raw, json)
Hash identifier:          Z/zrESMq34H074CxwKvzYfdQi9wmYfViT3PsMnJsYdw=
Subject key identifier:   4F:63:9E:F1:FF:C5:C8:FC:07:51:37:50:04:F5:C8:C9:C5:94:F7:F8
Certificate issuer:       /CN=6811e125cb357076f2fa3138c93e9a2681b17893
Certificate serial:       0184D37C6072886E0BA0F88B90517EA30BBF
Authority key identifier: 68:11:E1:25:CB:35:70:76:F2:FA:31:38:C9:3E:9A:26:81:B1:78:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBHhJcs1cHby-jE4yT6aJoGxeJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/T2Oe8f_FyPwHUTdQBPXIycWU9_g.roa
Signing time:             Fri 02 Dec 2022 15:37:34 +0000
ROA not before:           Fri 02 Dec 2022 15:37:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     19905
IP address blocks:        31.186.226.0/24 maxlen: 24
                          31.186.243.0/24 maxlen: 24
                          95.172.76.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d3:7c:60:72:88:6e:0b:a0:f8:8b:90:51:7e:a3:0b:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6811e125cb357076f2fa3138c93e9a2681b17893
        Validity
            Not Before: Dec  2 15:37:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4f639ef1ffc5c8fc0751375004f5c8c9c594f7f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:27:e1:62:08:5c:a3:46:c6:e5:4a:6d:53:a0:
                    09:e2:fe:84:67:05:4e:14:f6:44:30:67:45:70:57:
                    f3:a6:c2:c4:28:b5:e1:25:80:34:06:c0:c5:ea:72:
                    ea:2c:e5:e8:c2:1d:24:df:25:e1:4f:78:86:4b:0c:
                    b2:c0:e7:2e:bc:1c:ea:45:19:2f:8a:a7:7a:af:27:
                    50:71:f2:e8:cb:a9:66:4c:8b:ba:32:66:6f:bd:9a:
                    3c:1d:70:99:07:1d:29:8d:48:f8:40:0a:20:5c:40:
                    85:e3:4a:2b:fa:a7:54:6d:e3:e2:a9:4b:92:05:97:
                    2a:91:32:3e:04:da:db:ff:29:8a:3a:7d:0a:1c:5d:
                    c7:98:88:77:4c:47:78:c3:a9:3d:9e:f5:1e:d0:3d:
                    ab:51:87:24:a8:77:6e:21:51:c3:47:d5:e4:9a:17:
                    02:ba:29:5a:12:69:15:17:49:bf:98:d7:7a:ee:c0:
                    d0:c6:76:a4:4b:96:70:c1:61:fd:8f:d4:30:fe:a4:
                    98:75:e7:c3:22:24:5b:4e:03:a6:ae:ba:e0:c2:36:
                    41:2f:fe:fd:f4:b7:93:9a:fd:7a:68:c3:7a:69:b3:
                    34:2d:87:c9:90:41:ca:a7:8d:35:7c:e8:21:ed:86:
                    14:8a:e2:7e:f0:61:29:00:89:6c:9e:02:38:84:d4:
                    3f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:63:9E:F1:FF:C5:C8:FC:07:51:37:50:04:F5:C8:C9:C5:94:F7:F8
            X509v3 Authority Key Identifier:
                keyid:68:11:E1:25:CB:35:70:76:F2:FA:31:38:C9:3E:9A:26:81:B1:78:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBHhJcs1cHby-jE4yT6aJoGxeJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/T2Oe8f_FyPwHUTdQBPXIycWU9_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/aBHhJcs1cHby-jE4yT6aJoGxeJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.226.0/24
                  31.186.243.0/24
                  95.172.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:de:3b:45:34:12:55:01:d2:4e:25:7b:63:d7:1d:bc:51:2e:
         bb:e1:3d:78:66:6b:37:a1:ba:05:34:79:c5:97:60:68:8a:39:
         07:0e:31:e9:00:c1:00:bb:37:8f:37:bf:83:b9:80:9f:bd:5c:
         a5:74:1d:50:59:7d:53:bc:7d:3f:d6:ea:49:c7:0f:43:a0:c8:
         b2:17:b2:a7:c7:64:da:e0:87:20:28:99:1a:f9:1e:a5:43:5b:
         b5:f6:cb:df:e8:d2:a1:d9:3d:6c:82:82:31:80:f7:c8:90:24:
         f7:24:cf:f4:de:3d:e0:52:b4:f8:c7:bb:16:a3:72:c8:bd:ae:
         08:92:38:54:6d:1f:4c:cc:ca:ff:3a:5b:f8:76:ba:6a:db:2e:
         09:b1:20:fd:30:d2:a3:58:61:ce:7c:cc:c1:0e:e9:bb:09:53:
         4d:f3:c0:be:d1:0b:b9:02:be:70:b9:e2:69:f7:f8:10:b7:5c:
         24:18:9c:0c:d6:7d:bf:de:90:48:d6:e4:31:35:c4:80:32:b7:
         2d:46:41:69:e5:10:76:13:16:05:78:63:54:e5:ec:cb:28:e9:
         ac:fa:c2:46:79:37:7e:f4:7e:95:88:e2:49:c4:9d:1d:4f:b8:
         6d:ac:e0:07:f9:11:3c:bf:49:78:9a:ae:8d:ca:49:28:0f:bb:
         22:64:43:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYTTfGByiG4LoPiLkFF+owu/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTFlMTI1Y2IzNTcwNzZmMmZhMzEzOGM5M2U5YTI2ODFi
MTc4OTMwHhcNMjIxMjAyMTUzNzM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjYzOWVmMWZmYzVjOGZjMDc1MTM3NTAwNGY1YzhjOWM1OTRmN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCfhYghco0bG5UptU6AJ4v6EZwVO
FPZEMGdFcFfzpsLEKLXhJYA0BsDF6nLqLOXowh0k3yXhT3iGSwyywOcuvBzqRRkv
iqd6rydQcfLoy6lmTIu6MmZvvZo8HXCZBx0pjUj4QAogXECF40or+qdUbePiqUuS
BZcqkTI+BNrb/ymKOn0KHF3HmIh3TEd4w6k9nvUe0D2rUYckqHduIVHDR9XkmhcC
uilaEmkVF0m/mNd67sDQxnakS5ZwwWH9j9Qw/qSYdefDIiRbTgOmrrrgwjZBL/79
9LeTmv16aMN6abM0LYfJkEHKp401fOgh7YYUiuJ+8GEpAIlsngI4hNQ/mwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE9jnvH/xcj8B1E3UAT1yMnFlPf4MB8GA1UdIwQY
MBaAFGgR4SXLNXB28voxOMk+miaBsXiTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJIaEpjczFjSGJ5LWpFNHlUNmFKb0d4ZUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lYmFjYmQtODE5MC00ZTVhLWEwM2Et
Y2Q0Mzk0OTJiN2FlLzEvVDJPZThmX0Z5UHdIVVRkUUJQWEl5Y1dVOV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lYmFjYmQtODE5MC00ZTVhLWEwM2EtY2Q0Mzk0OTJiN2Fl
LzEvYUJIaEpjczFjSGJ5LWpFNHlUNmFKb0d4ZUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH7riAwQA
H7rzAwQAX6xMMA0GCSqGSIb3DQEBCwUAA4IBAQCT3jtFNBJVAdJOJXtj1x28US67
4T14Zms3oboFNHnFl2BoijkHDjHpAMEAuzePN7+DuYCfvVyldB1QWX1TvH0/1upJ
xw9DoMiyF7Knx2Ta4IcgKJka+R6lQ1u19svf6NKh2T1sgoIxgPfIkCT3JM/03j3g
UrT4x7sWo3LIva4IkjhUbR9MzMr/Olv4drpq2y4JsSD9MNKjWGHOfMzBDum7CVNN
88C+0Qu5Ar5wueJp9/gQt1wkGJwM1n2/3pBI1uQxNcSAMrctRkFp5RB2ExYFeGNU
5ezLKOms+sJGeTd+9H6ViOJJxJ0dT7htrOAH+RE8v0l4mq6NykkoD7siZEMC
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:08 2024 by rpki-client on console-ams.rpki-client.org