Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0vCium_9xgLZw-VOWI5kmlPCFDU.roa
File:                     0vCium_9xgLZw-VOWI5kmlPCFDU.roa (raw, json)
Hash identifier:          75VZUm7xx/qBCXeSHKAlJVoxk3KqpAem5YBHybbEqjs=
Subject key identifier:   D2:F0:A2:BA:6F:FD:C6:02:D9:C3:E5:4E:58:8E:64:9A:53:C2:14:35
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB35960308C74348EE8E2F87DF50A3
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0vCium_9xgLZw-VOWI5kmlPCFDU.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206005
IP address blocks:        185.15.137.0/24 maxlen: 24
                          89.40.35.0/24 maxlen: 24
                          185.243.140.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:35:96:03:08:c7:43:48:ee:8e:2f:87:df:50:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2f0a2ba6ffdc602d9c3e54e588e649a53c21435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:29:e2:83:6d:ab:34:b1:65:01:88:be:e4:c0:
                    39:a7:e5:15:9c:b5:46:4a:40:6e:55:f0:83:67:ed:
                    dd:91:3b:a2:73:9d:b7:8a:ef:fb:4f:71:ff:b6:a1:
                    39:76:6b:d4:34:38:23:df:93:cd:cd:7e:b7:f8:9b:
                    de:af:3e:84:4f:7f:ce:a7:73:f4:25:3d:26:4f:c9:
                    ea:8e:2e:ea:bf:6a:b2:19:39:d0:90:8a:2a:94:cb:
                    3a:f1:b8:e5:95:6c:0d:28:6e:22:a7:93:34:bd:bd:
                    51:ee:03:f2:5d:46:17:dc:2f:0b:a0:53:33:3e:d6:
                    f6:ca:c7:bb:7d:5f:a6:58:9f:e3:06:40:85:eb:a9:
                    2c:60:d7:58:ec:bd:14:5b:69:c7:2b:58:22:52:e7:
                    92:2d:57:3b:c8:1a:27:69:b4:91:b2:73:e3:c4:cc:
                    a2:1d:f0:13:66:fa:4e:2c:c0:44:5d:d2:fb:90:56:
                    36:57:f1:91:ba:ba:29:06:e8:3b:2f:18:9c:77:11:
                    94:18:4d:2f:05:30:f2:e2:3b:1b:e5:68:9a:8a:a5:
                    92:39:51:81:95:d0:18:52:a7:10:50:37:c7:b2:01:
                    58:a1:da:08:9e:7f:7e:42:6a:94:25:bd:22:b2:79:
                    cc:79:96:59:c0:d6:d2:6d:39:29:ef:1a:b0:9d:18:
                    46:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:F0:A2:BA:6F:FD:C6:02:D9:C3:E5:4E:58:8E:64:9A:53:C2:14:35
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0vCium_9xgLZw-VOWI5kmlPCFDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.35.0/24
                  185.15.137.0/24
                  185.243.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:a9:fe:13:f5:1d:37:66:31:41:df:0e:d2:31:03:3a:d6:a2:
         cd:c4:1b:17:c5:37:15:5b:7d:a4:10:88:e4:83:21:1a:d8:a9:
         a3:73:60:45:53:c6:96:a2:8e:73:b7:09:c2:13:42:e0:ec:83:
         59:e9:af:bc:20:b6:0d:27:22:ef:3c:24:da:5d:97:cc:69:36:
         44:91:83:42:7c:a9:83:20:4f:19:f1:73:9a:bd:85:ed:c2:a5:
         28:e5:03:17:52:1c:9c:e5:86:18:a3:d8:2a:30:25:a6:8b:73:
         e9:f3:13:61:a7:03:5f:37:84:62:c8:3b:38:f9:57:13:5d:f2:
         21:6f:d8:b6:29:45:01:0d:0a:9f:01:f4:17:db:1b:c9:5b:0f:
         77:8e:4c:9e:43:fd:01:2b:7e:90:a0:21:ce:b8:05:ff:1e:93:
         99:1c:57:1f:ec:5b:a1:08:40:28:9e:e4:29:a0:ef:1f:53:ac:
         93:bf:9c:68:82:4f:1c:f7:07:a0:37:0a:5e:16:d8:7f:8d:38:
         64:76:34:b6:56:a4:6f:21:ca:46:4c:cb:8c:76:95:6a:e5:96:
         68:44:e5:5c:d1:c9:7d:0b:03:1b:0b:a0:aa:86:78:0e:48:fc:
         e5:e4:43:bd:d7:66:8b:af:ff:d1:a8:cb:1f:cc:17:11:d5:70:
         1f:bc:ea:59
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2zWWAwjHQ0juji+H31CjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmYwYTJiYTZmZmRjNjAyZDljM2U1NGU1ODhlNjQ5YTUzYzIxNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwynig22rNLFlAYi+5MA5p+UVnLVG
SkBuVfCDZ+3dkTuic523iu/7T3H/tqE5dmvUNDgj35PNzX63+Jverz6ET3/Op3P0
JT0mT8nqji7qv2qyGTnQkIoqlMs68bjllWwNKG4ip5M0vb1R7gPyXUYX3C8LoFMz
Ptb2yse7fV+mWJ/jBkCF66ksYNdY7L0UW2nHK1giUueSLVc7yBonabSRsnPjxMyi
HfATZvpOLMBEXdL7kFY2V/GRuropBug7LxicdxGUGE0vBTDy4jsb5WiaiqWSOVGB
ldAYUqcQUDfHsgFYodoInn9+QmqUJb0isnnMeZZZwNbSbTkp7xqwnRhGYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNLworpv/cYC2cPlTliOZJpTwhQ1MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvMHZDaXVtXzl4Z0xady1WT1dJNWttbFBDRkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSgjAwQA
uQ+JAwQCufOMMA0GCSqGSIb3DQEBCwUAA4IBAQAjqf4T9R03ZjFB3w7SMQM61qLN
xBsXxTcVW32kEIjkgyEa2Kmjc2BFU8aWoo5ztwnCE0Lg7INZ6a+8ILYNJyLvPCTa
XZfMaTZEkYNCfKmDIE8Z8XOavYXtwqUo5QMXUhyc5YYYo9gqMCWmi3Pp8xNhpwNf
N4RiyDs4+VcTXfIhb9i2KUUBDQqfAfQX2xvJWw93jkyeQ/0BK36QoCHOuAX/HpOZ
HFcf7FuhCEAonuQpoO8fU6yTv5xogk8c9wegNwpeFth/jThkdjS2VqRvIcpGTMuM
dpVq5ZZoROVc0cl9CwMbC6CqhngOSPzl5EO912aLr//RqMsfzBcR1XAfvOpZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org