Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/jAWHOUynwbEVjwmS0a9uq1j6ZO0.roa
File:                     jAWHOUynwbEVjwmS0a9uq1j6ZO0.roa (raw, json)
Hash identifier:          v2Iwf0ivULk0oMkLcAsPousfhdIvdTN34NOtGXkGHpg=
Subject key identifier:   8C:05:87:39:4C:A7:C1:B1:15:8F:09:92:D1:AF:6E:AB:58:FA:64:ED
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018682F3B59F4B7CA028B68E241CC67CF5C8
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/jAWHOUynwbEVjwmS0a9uq1j6ZO0.roa
Signing time:             Fri 24 Feb 2023 10:24:15 +0000
ROA not before:           Fri 24 Feb 2023 10:24:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7029
IP address blocks:        193.30.30.0/24 maxlen: 24
                          185.180.145.0/24 maxlen: 24
                          193.46.220.0/24 maxlen: 24
                          91.201.107.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:82:f3:b5:9f:4b:7c:a0:28:b6:8e:24:1c:c6:7c:f5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Feb 24 10:24:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8c0587394ca7c1b1158f0992d1af6eab58fa64ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:04:0d:aa:a9:e2:d2:90:b7:6f:d9:d6:f6:a5:
                    dc:48:24:28:5d:04:d5:3c:85:41:24:ed:60:67:b4:
                    3a:7d:5f:e0:fb:68:0d:8b:46:33:c2:2c:1f:18:f1:
                    3b:76:2d:bb:44:fa:69:b7:20:5d:f7:58:4c:20:79:
                    67:67:39:75:08:2e:f6:bd:51:3c:cf:07:2d:55:83:
                    49:e8:98:85:b8:ae:df:ed:14:da:c6:7d:15:33:88:
                    37:26:0c:1e:d0:f8:73:72:d6:13:d1:d4:42:43:05:
                    c2:af:ba:8e:d5:69:a4:e4:0f:89:5a:be:45:99:b1:
                    18:ef:45:8d:57:49:8f:3c:f5:1c:06:ea:4b:bf:bb:
                    45:51:57:58:79:b5:b3:ad:83:71:70:1e:cc:63:d1:
                    e7:4f:f7:75:ee:11:43:52:18:74:8c:c9:75:50:cc:
                    4e:a5:0f:d4:40:3f:2f:4b:2b:d6:91:e9:29:fd:11:
                    50:5d:69:46:85:c3:86:00:af:6b:c7:c0:ab:dc:ec:
                    94:9d:7a:06:e3:de:bb:94:9d:34:20:9d:d0:e1:1c:
                    1e:ab:93:91:cc:24:fa:cf:9a:5a:c7:33:ab:f8:99:
                    e0:6b:19:fe:dd:42:9b:6c:64:9f:a0:98:cc:24:2f:
                    f0:40:18:f7:b2:75:e6:4f:0e:d1:98:44:73:5d:76:
                    68:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:05:87:39:4C:A7:C1:B1:15:8F:09:92:D1:AF:6E:AB:58:FA:64:ED
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/jAWHOUynwbEVjwmS0a9uq1j6ZO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.107.0/24
                  185.180.145.0/24
                  193.30.30.0/24
                  193.46.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:b9:d2:82:5d:96:05:51:1e:21:a9:8e:5c:90:bf:00:83:ce:
         6d:9c:5a:ec:f2:3d:38:5a:54:3a:a4:70:23:e6:15:a4:54:e6:
         7f:fc:67:74:6b:ed:e4:8b:76:31:ba:f1:0f:73:12:3d:41:9c:
         77:14:2b:a3:b6:34:40:a5:e7:ed:31:f3:46:34:14:fc:c8:82:
         1d:f7:82:07:ea:de:51:b1:cf:44:74:ec:b8:f3:52:2e:4b:a5:
         c9:ae:60:bc:71:42:6d:e9:a3:e9:03:3d:50:cc:a8:cf:d9:bf:
         60:a8:19:d9:19:aa:b4:e3:30:10:e1:92:ef:ee:c9:ce:f0:2b:
         6b:e7:df:be:91:c0:81:58:63:6b:68:11:2c:32:57:6b:e2:0d:
         c0:16:e7:8f:87:06:b0:23:1a:ff:b2:a0:dc:09:41:b3:fa:05:
         9e:f4:32:af:77:c2:01:04:fe:f5:9a:3b:9a:d3:42:64:c7:02:
         9f:2a:2b:39:92:36:fb:74:7e:1f:78:31:7e:c1:85:02:65:d7:
         53:57:d1:20:ff:4a:80:4f:f1:02:1b:71:ea:a0:e3:3a:41:54:
         a5:08:97:d3:fc:14:76:f8:7b:37:fb:c6:b5:94:93:26:9a:87:
         be:e6:71:c5:a6:f8:b0:4c:0c:f3:9f:94:18:42:88:92:93:77:
         46:e2:da:3d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYaC87WfS3ygKLaOJBzGfPXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwMjI0MTAyNDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzA1ODczOTRjYTdjMWIxMTU4ZjA5OTJkMWFmNmVhYjU4ZmE2NGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwQNqqni0pC3b9nW9qXcSCQoXQTV
PIVBJO1gZ7Q6fV/g+2gNi0YzwiwfGPE7di27RPpptyBd91hMIHlnZzl1CC72vVE8
zwctVYNJ6JiFuK7f7RTaxn0VM4g3Jgwe0PhzctYT0dRCQwXCr7qO1Wmk5A+JWr5F
mbEY70WNV0mPPPUcBupLv7tFUVdYebWzrYNxcB7MY9HnT/d17hFDUhh0jMl1UMxO
pQ/UQD8vSyvWkekp/RFQXWlGhcOGAK9rx8Cr3OyUnXoG4967lJ00IJ3Q4Rweq5OR
zCT6z5paxzOr+Jngaxn+3UKbbGSfoJjMJC/wQBj3snXmTw7RmERzXXZoxQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIwFhzlMp8GxFY8JktGvbqtY+mTtMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvakFXSE9VeW53YkVWandtUzBhOXVxMWo2Wk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW8lrAwQA
ubSRAwQAwR4eAwQAwS7cMA0GCSqGSIb3DQEBCwUAA4IBAQAxudKCXZYFUR4hqY5c
kL8Ag85tnFrs8j04WlQ6pHAj5hWkVOZ//Gd0a+3ki3YxuvEPcxI9QZx3FCujtjRA
peftMfNGNBT8yIId94IH6t5Rsc9EdOy481IuS6XJrmC8cUJt6aPpAz1QzKjP2b9g
qBnZGaq04zAQ4ZLv7snO8Ctr59++kcCBWGNraBEsMldr4g3AFuePhwawIxr/sqDc
CUGz+gWe9DKvd8IBBP71mjua00JkxwKfKis5kjb7dH4feDF+wYUCZddTV9Eg/0qA
T/ECG3HqoOM6QVSlCJfT/BR2+Hs3+8a1lJMmmoe+5nHFpviwTAzzn5QYQoiSk3dG
4to9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org