Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JXdENKQdfx-1WxzGxSSRRp8Pt8A.roa
File:                     JXdENKQdfx-1WxzGxSSRRp8Pt8A.roa (raw, json)
Hash identifier:          Zr61xuqXKsXkPubkOAylG3DU4wA1OO3S70YYz4PS7Q0=
Subject key identifier:   25:77:44:34:A4:1D:7F:1F:B5:5B:1C:C6:C5:24:91:46:9F:0F:B7:C0
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0183B8336E565C4F2A11A33EC7EA0C011785
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JXdENKQdfx-1WxzGxSSRRp8Pt8A.roa
Signing time:             Sat 08 Oct 2022 15:25:21 +0000
ROA not before:           Sat 08 Oct 2022 15:25:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206005
IP address blocks:        185.15.137.0/24 maxlen: 24
                          185.243.140.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b8:33:6e:56:5c:4f:2a:11:a3:3e:c7:ea:0c:01:17:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Oct  8 15:25:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=25774434a41d7f1fb55b1cc6c52491469f0fb7c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:72:13:f9:44:b9:09:81:78:90:95:30:44:29:
                    8d:3d:79:d9:75:9c:fe:92:65:7d:4c:16:76:08:7d:
                    70:4d:60:86:d9:b8:a7:37:9b:54:f2:72:44:f1:99:
                    59:00:19:03:a9:7b:8b:3d:a8:8a:a9:ce:b9:96:56:
                    48:a5:d8:9f:65:98:4f:15:9a:02:38:0c:08:ae:8f:
                    58:a9:b5:b2:b1:67:55:39:d2:02:de:51:99:f1:e3:
                    29:bf:e5:5b:b4:dd:e1:f9:07:fb:18:0f:f5:25:06:
                    30:1c:4f:68:09:66:c3:f8:d4:1e:5a:54:eb:16:f3:
                    9f:de:54:48:e4:12:eb:c7:e8:51:d2:f3:77:9a:cc:
                    9b:07:ba:cc:b6:57:6b:22:92:8c:dc:e4:9b:c5:cb:
                    76:14:da:33:ae:a6:08:36:34:5f:1f:1f:83:72:ae:
                    fe:c2:6e:4b:55:11:da:35:05:60:61:79:20:aa:d9:
                    21:8a:d8:5a:0c:e1:e5:5d:1a:b5:f6:74:91:21:60:
                    bc:f8:b9:02:9b:d2:60:c5:f8:ef:5d:85:cf:81:97:
                    7a:0b:80:a9:91:51:62:01:22:07:4c:df:00:cc:23:
                    04:14:9e:64:b7:37:fd:a3:35:83:b8:9e:b9:4c:2b:
                    7a:38:9b:ea:66:02:5f:8a:b1:f8:3a:c8:c6:c8:7f:
                    80:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:77:44:34:A4:1D:7F:1F:B5:5B:1C:C6:C5:24:91:46:9F:0F:B7:C0
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JXdENKQdfx-1WxzGxSSRRp8Pt8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.137.0/24
                  185.243.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:34:39:ef:34:3a:4b:fa:e8:8d:d3:7c:c4:83:00:bd:c3:cf:
         8c:40:f4:ab:3b:48:2e:55:4e:bc:e8:05:41:a4:90:98:30:23:
         5a:32:04:0a:ce:82:5d:8f:eb:04:57:b8:40:7a:d0:ca:5d:91:
         54:c7:76:2d:c6:e9:d8:53:26:83:7d:19:70:29:5e:47:14:e2:
         d3:60:6b:5b:2d:02:9d:c5:c1:90:3a:c8:1a:61:c6:14:cd:24:
         25:10:b7:74:d7:ac:2e:69:4c:3c:fc:0f:3d:d9:03:27:40:46:
         db:ac:62:04:61:6d:29:54:f8:78:c4:14:d7:42:e0:71:91:b1:
         b6:28:9a:e7:21:88:7f:fa:0f:46:b9:16:5f:64:3d:27:00:ff:
         ca:49:09:0f:3a:81:65:71:df:26:4b:01:6a:e8:cb:13:78:ea:
         d7:48:f3:cf:9e:5a:b0:c9:56:6e:83:6e:e3:9b:f8:0e:15:ab:
         9a:69:ab:0d:0d:c6:83:81:65:9e:aa:e7:bf:73:52:51:7e:6f:
         3f:8c:32:ef:23:22:cc:72:c0:5b:16:74:cd:13:41:48:30:b5:
         7d:84:40:4e:c4:fb:ae:cc:56:70:9d:9b:86:2e:09:e0:82:8e:
         3f:77:e9:7d:dc:6b:ea:29:2b:c3:d4:42:64:fc:22:99:f6:f2:
         f8:5e:a0:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYO4M25WXE8qEaM+x+oMAReFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMDA4MTUyNTIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTc3NDQzNGE0MWQ3ZjFmYjU1YjFjYzZjNTI0OTE0NjlmMGZiN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHIT+US5CYF4kJUwRCmNPXnZdZz+
kmV9TBZ2CH1wTWCG2binN5tU8nJE8ZlZABkDqXuLPaiKqc65llZIpdifZZhPFZoC
OAwIro9YqbWysWdVOdIC3lGZ8eMpv+VbtN3h+Qf7GA/1JQYwHE9oCWbD+NQeWlTr
FvOf3lRI5BLrx+hR0vN3msybB7rMtldrIpKM3OSbxct2FNozrqYINjRfHx+Dcq7+
wm5LVRHaNQVgYXkgqtkhithaDOHlXRq19nSRIWC8+LkCm9JgxfjvXYXPgZd6C4Cp
kVFiASIHTN8AzCMEFJ5ktzf9ozWDuJ65TCt6OJvqZgJfirH4OsjGyH+A1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCV3RDSkHX8ftVscxsUkkUafD7fAMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvSlhkRU5LUWRmeC0xV3h6R3hTU1JScDhQdDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQ+JAwQC
ufOMMA0GCSqGSIb3DQEBCwUAA4IBAQBhNDnvNDpL+uiN03zEgwC9w8+MQPSrO0gu
VU686AVBpJCYMCNaMgQKzoJdj+sEV7hAetDKXZFUx3YtxunYUyaDfRlwKV5HFOLT
YGtbLQKdxcGQOsgaYcYUzSQlELd016wuaUw8/A892QMnQEbbrGIEYW0pVPh4xBTX
QuBxkbG2KJrnIYh/+g9GuRZfZD0nAP/KSQkPOoFlcd8mSwFq6MsTeOrXSPPPnlqw
yVZug27jm/gOFauaaasNDcaDgWWeque/c1JRfm8/jDLvIyLMcsBbFnTNE0FIMLV9
hEBOxPuuzFZwnZuGLgnggo4/d+l93GvqKSvD1EJk/CKZ9vL4XqCt
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org