Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/LLxBaPoTcluXSyaD6s0d-T8Jy3s.roa
File:                     LLxBaPoTcluXSyaD6s0d-T8Jy3s.roa (raw, json)
Hash identifier:          YOFjO26b7OXM1rS7vunq2G99HP8eBmpa8bU7XbCVMSk=
Subject key identifier:   2C:BC:41:68:FA:13:72:5B:97:4B:26:83:EA:CD:1D:F9:3F:09:CB:7B
Certificate issuer:       /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial:       0186130A076EFEA61B2F8F77B34633C876A0
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/LLxBaPoTcluXSyaD6s0d-T8Jy3s.roa
Signing time:             Thu 02 Feb 2023 16:51:09 +0000
ROA not before:           Thu 02 Feb 2023 16:51:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211193
IP address blocks:        87.117.150.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:13:0a:07:6e:fe:a6:1b:2f:8f:77:b3:46:33:c8:76:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
        Validity
            Not Before: Feb  2 16:51:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2cbc4168fa13725b974b2683eacd1df93f09cb7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ac:ac:ee:f1:7c:01:88:af:0b:0d:18:57:c5:
                    43:a0:d6:8e:27:de:57:77:b0:40:b2:1e:1b:26:32:
                    02:44:4f:4d:ae:a1:f5:f4:74:f0:b9:0f:e3:87:bc:
                    9b:f0:cb:17:f0:35:ab:f9:41:fe:81:b5:86:98:35:
                    fc:8b:15:2f:04:ee:29:48:6e:ed:a5:59:08:d2:1e:
                    4c:33:76:9a:a0:2c:87:ba:dd:d9:9c:b1:f4:15:45:
                    b5:b7:7b:d3:ab:83:62:e5:3e:9f:2e:11:e8:aa:59:
                    ea:f0:9b:2e:d4:52:3c:93:0e:e5:38:f0:8a:24:ae:
                    17:3f:58:dc:de:a3:56:50:fa:1e:a0:10:12:e2:9f:
                    94:0e:a0:cc:d6:c8:0e:59:d6:4e:93:eb:6d:58:f1:
                    a6:25:e2:6f:e4:a5:2c:9e:a7:b5:20:08:ae:69:e4:
                    60:ad:1b:d4:89:48:a8:ce:81:00:ba:fc:8b:ca:f1:
                    4f:9e:e4:04:2d:a4:34:fa:af:19:40:96:f6:04:ec:
                    0d:ce:d5:bc:b7:35:c5:37:23:95:ae:8d:e7:93:56:
                    bf:2c:3b:29:48:ea:d5:3d:32:72:93:6e:73:67:59:
                    af:02:0a:10:0d:54:37:82:fe:d7:b6:e2:85:e3:26:
                    b3:60:52:42:1f:4f:fd:8c:b6:cf:91:52:36:88:b3:
                    fc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:BC:41:68:FA:13:72:5B:97:4B:26:83:EA:CD:1D:F9:3F:09:CB:7B
            X509v3 Authority Key Identifier:
                keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/LLxBaPoTcluXSyaD6s0d-T8Jy3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.117.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:78:6f:ce:b9:07:fa:7e:17:0b:af:f8:8a:53:4a:5b:43:3e:
         39:f7:40:46:02:46:da:7e:be:84:77:4c:a1:21:88:e3:34:03:
         07:e2:35:c5:e4:8d:a9:2a:a5:f8:71:46:5e:56:bd:0b:f7:49:
         cd:e6:f9:18:96:da:e4:4e:6a:2c:f7:71:5d:bf:80:ce:c8:0b:
         e5:26:26:b4:d3:e5:ba:e9:b1:ad:9b:ac:fa:38:db:7e:53:bb:
         ca:f2:e6:de:6f:d1:01:c5:46:ba:0f:fa:7a:13:1b:e3:89:3d:
         88:4e:ea:f4:15:ba:e6:e6:78:8e:bd:3a:8b:67:4d:61:84:57:
         fd:39:6c:10:22:f2:7b:80:fd:3c:e3:d9:7e:66:50:7b:d3:ba:
         be:a5:29:6b:26:71:3c:a1:ef:f8:8f:e7:f0:00:ba:82:8c:85:
         ca:aa:94:66:23:5f:0e:08:57:85:7d:f8:b4:8d:e2:17:bd:3b:
         bc:f0:73:21:f0:30:ec:01:2d:78:fd:76:d9:66:8a:ba:48:fe:
         75:c9:d8:12:19:5f:68:8b:cb:77:86:f7:11:06:93:63:6b:53:
         09:c5:01:a1:2f:dd:2a:15:a8:d9:b1:b7:87:00:02:c9:33:01:
         e9:05:59:44:7e:6b:2a:aa:b5:4b:ba:40:24:1f:de:1c:55:7a:
         61:f8:03:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYTCgdu/qYbL493s0YzyHagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMjAyMTY1MTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2JjNDE2OGZhMTM3MjViOTc0YjI2ODNlYWNkMWRmOTNmMDljYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6ys7vF8AYivCw0YV8VDoNaOJ95X
d7BAsh4bJjICRE9NrqH19HTwuQ/jh7yb8MsX8DWr+UH+gbWGmDX8ixUvBO4pSG7t
pVkI0h5MM3aaoCyHut3ZnLH0FUW1t3vTq4Ni5T6fLhHoqlnq8Jsu1FI8kw7lOPCK
JK4XP1jc3qNWUPoeoBAS4p+UDqDM1sgOWdZOk+ttWPGmJeJv5KUsnqe1IAiuaeRg
rRvUiUiozoEAuvyLyvFPnuQELaQ0+q8ZQJb2BOwNztW8tzXFNyOVro3nk1a/LDsp
SOrVPTJyk25zZ1mvAgoQDVQ3gv7XtuKF4yazYFJCH0/9jLbPkVI2iLP8WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCy8QWj6E3Jbl0smg+rNHfk/Cct7MB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvTEx4QmFQb1RjbHVYU3lhRDZzMGQtVDhKeTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3WWMA0G
CSqGSIb3DQEBCwUAA4IBAQA8eG/OuQf6fhcLr/iKU0pbQz4590BGAkbafr6Ed0yh
IYjjNAMH4jXF5I2pKqX4cUZeVr0L90nN5vkYltrkTmos93Fdv4DOyAvlJia00+W6
6bGtm6z6ONt+U7vK8ubeb9EBxUa6D/p6ExvjiT2ITur0Fbrm5niOvTqLZ01hhFf9
OWwQIvJ7gP0849l+ZlB707q+pSlrJnE8oe/4j+fwALqCjIXKqpRmI18OCFeFffi0
jeIXvTu88HMh8DDsAS14/XbZZoq6SP51ydgSGV9oi8t3hvcRBpNja1MJxQGhL90q
FajZsbeHAALJMwHpBVlEfmsqqrVLukAkH94cVXph+AOB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org