Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/aL8xGGeEUu729781d5PO41Upu_o.roa
File:                     aL8xGGeEUu729781d5PO41Upu_o.roa (raw, json)
Hash identifier:          pyvM3BwrC6a6BRuKw6HPrAK4o49hG9w5/OTiLoF0JBs=
Subject key identifier:   68:BF:31:18:67:84:52:EE:F6:F7:BF:35:77:93:CE:E3:55:29:BB:FA
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0189E4F091B50DA8D06A7AD1ADD7EB9563AC
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/aL8xGGeEUu729781d5PO41Upu_o.roa
Signing time:             Fri 11 Aug 2023 14:11:58 +0000
ROA not before:           Fri 11 Aug 2023 14:11:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206535
IP address blocks:        185.15.137.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e4:f0:91:b5:0d:a8:d0:6a:7a:d1:ad:d7:eb:95:63:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug 11 14:11:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=68bf3118678452eef6f7bf357793cee35529bbfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:de:23:f3:9c:4f:59:4c:a6:86:77:29:fd:64:
                    8a:f7:b6:9b:5c:7a:29:ca:7d:3d:84:81:2c:4c:dc:
                    5c:21:47:24:18:13:e9:fe:cb:95:38:92:52:c8:7a:
                    fa:00:b3:5b:2d:8f:a2:ae:d9:0a:f3:4b:c6:33:bc:
                    df:d8:79:21:b4:a8:59:36:5f:28:08:30:bf:a8:b2:
                    37:d0:0b:d7:44:91:de:0d:04:8c:ae:08:f5:fc:f5:
                    69:f8:d6:4d:a4:7a:bd:43:bd:0d:e7:42:64:86:cf:
                    f6:60:eb:d0:f1:4a:55:ba:cc:de:12:d3:c5:da:bf:
                    c3:a6:1d:51:52:7e:81:c2:a4:99:1d:64:88:4e:4a:
                    ce:67:3f:63:3e:fd:e6:40:ce:98:c9:a2:9c:0a:81:
                    cb:f0:ce:73:0e:0b:35:fb:77:49:cd:70:37:5f:2d:
                    14:e3:1f:3a:eb:c8:dc:ae:39:b8:0e:cf:79:ac:79:
                    58:84:54:ee:c1:a8:b9:b6:61:99:75:a4:6b:5a:1c:
                    8b:2a:12:65:0a:1b:3b:25:fe:77:98:34:c5:d4:b2:
                    65:1f:89:3d:4a:d1:32:1b:53:c4:60:45:9b:2b:09:
                    67:8b:f5:35:dd:7b:ad:76:c1:16:0b:b5:42:f1:fc:
                    b9:1d:32:f1:8a:a4:d1:ca:64:0b:34:36:1e:7b:b0:
                    cd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:BF:31:18:67:84:52:EE:F6:F7:BF:35:77:93:CE:E3:55:29:BB:FA
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/aL8xGGeEUu729781d5PO41Upu_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:01:53:5c:b8:dc:a0:e7:40:18:aa:4a:94:9a:87:93:52:75:
         95:d6:ea:42:7a:f8:c2:94:76:43:38:9d:96:51:5f:cc:f0:f8:
         d9:ae:79:c9:49:70:36:99:7d:2b:32:5b:75:03:1b:31:ca:bf:
         3a:85:29:1c:ed:a6:8c:d7:13:e5:9c:fd:f1:d3:ea:1d:74:8c:
         ec:ed:79:70:01:e3:80:9f:68:da:d4:79:92:87:4f:15:96:85:
         58:4b:02:1b:eb:bd:a7:b3:52:bc:7e:b2:e2:73:68:50:8a:91:
         66:7f:ad:31:c3:a6:b0:13:05:4f:81:09:be:40:51:df:23:0e:
         df:a2:d2:37:6d:8c:37:cc:d2:fd:e4:e2:0f:86:70:18:8d:3c:
         fa:59:1f:6c:08:4c:9a:51:49:e4:41:01:af:9b:ca:0f:68:ea:
         b1:53:3b:c6:83:d1:4d:8e:ba:92:0c:f8:db:60:7c:93:70:7f:
         2d:dc:cd:58:8e:30:25:31:4c:cc:eb:34:09:e2:1b:52:16:32:
         c1:4f:36:27:dd:3a:e2:c8:d7:8e:b9:3b:01:b4:99:21:a1:b8:
         df:93:12:63:5e:ce:9d:76:69:53:c5:9d:fc:8a:92:eb:58:59:
         82:c7:ba:97:45:1c:5f:36:97:6e:46:9c:4d:04:73:82:d6:40:
         a4:4c:af:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYnk8JG1DajQanrRrdfrlWOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwODExMTQxMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGJmMzExODY3ODQ1MmVlZjZmN2JmMzU3NzkzY2VlMzU1MjliYmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzt4j85xPWUymhncp/WSK97abXHop
yn09hIEsTNxcIUckGBPp/suVOJJSyHr6ALNbLY+irtkK80vGM7zf2HkhtKhZNl8o
CDC/qLI30AvXRJHeDQSMrgj1/PVp+NZNpHq9Q70N50Jkhs/2YOvQ8UpVuszeEtPF
2r/Dph1RUn6BwqSZHWSITkrOZz9jPv3mQM6YyaKcCoHL8M5zDgs1+3dJzXA3Xy0U
4x8668jcrjm4Ds95rHlYhFTuwai5tmGZdaRrWhyLKhJlChs7Jf53mDTF1LJlH4k9
StEyG1PEYEWbKwlni/U13XutdsEWC7VC8fy5HTLxiqTRymQLNDYee7DNSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGi/MRhnhFLu9ve/NXeTzuNVKbv6MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvYUw4eEdHZUVVdTcyOTc4MWQ1UE80MVVwdV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ+JMA0G
CSqGSIb3DQEBCwUAA4IBAQAsAVNcuNyg50AYqkqUmoeTUnWV1upCevjClHZDOJ2W
UV/M8PjZrnnJSXA2mX0rMlt1Axsxyr86hSkc7aaM1xPlnP3x0+oddIzs7XlwAeOA
n2ja1HmSh08VloVYSwIb672ns1K8frLic2hQipFmf60xw6awEwVPgQm+QFHfIw7f
otI3bYw3zNL95OIPhnAYjTz6WR9sCEyaUUnkQQGvm8oPaOqxUzvGg9FNjrqSDPjb
YHyTcH8t3M1YjjAlMUzM6zQJ4htSFjLBTzYn3TriyNeOuTsBtJkhobjfkxJjXs6d
dmlTxZ38ipLrWFmCx7qXRRxfNpduRpxNBHOC1kCkTK/q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org