Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/NJLmS5dlFCkpVRcHL0y6V28H6w8.roa
File:                     NJLmS5dlFCkpVRcHL0y6V28H6w8.roa (raw, json)
Hash identifier:          208cBkHs3qMAm3Urg/SA8MrVGj3FYtATR24zCqcic2E=
Subject key identifier:   34:92:E6:4B:97:65:14:29:29:55:17:07:2F:4C:BA:57:6F:07:EB:0F
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018475E92585E7BD3E2000C9F69D7E9157F8
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/NJLmS5dlFCkpVRcHL0y6V28H6w8.roa
Signing time:             Mon 14 Nov 2022 11:32:04 +0000
ROA not before:           Mon 14 Nov 2022 11:32:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212384
IP address blocks:        185.108.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:75:e9:25:85:e7:bd:3e:20:00:c9:f6:9d:7e:91:57:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Nov 14 11:32:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3492e64b97651429295517072f4cba576f07eb0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:22:dc:70:d9:8a:87:7f:9b:c5:7d:d9:94:b7:
                    96:b7:a6:e6:ae:26:18:ba:cd:e0:e7:33:72:e6:78:
                    65:4f:31:9d:70:dc:36:23:cf:60:8c:61:35:fd:91:
                    8a:c0:86:d4:df:70:80:3c:64:1b:9b:3c:5f:ea:e4:
                    06:52:cc:a1:2e:db:4e:b9:81:32:8d:a0:ce:0d:e0:
                    2b:0f:a5:0f:ae:8a:16:7d:50:f2:50:21:07:12:37:
                    35:1a:49:9d:6b:e9:52:d9:b5:fc:7f:ba:9d:7c:76:
                    37:75:ed:ff:1e:e5:e5:c8:a9:a1:18:8b:34:7c:b2:
                    db:1c:f1:d7:b7:d4:9e:06:59:87:88:55:12:c2:fa:
                    3d:fb:29:a3:c2:b4:36:c7:cb:29:6f:bb:46:cc:f7:
                    40:e1:de:e6:4d:a7:3f:dd:e0:75:de:65:e1:01:58:
                    fb:73:50:da:03:35:10:ec:7e:67:8a:2e:40:05:c9:
                    f5:3a:40:81:46:14:5d:57:ee:e3:56:35:4e:a8:21:
                    e2:5e:5c:1a:d8:18:7c:68:3d:94:7e:ed:e5:84:2d:
                    9e:c0:90:39:93:a3:d7:93:2c:98:04:5e:0c:77:60:
                    bb:f6:a0:df:24:d5:23:58:f7:1b:5c:b4:5e:e6:61:
                    3d:b4:6d:d9:d1:4d:ab:4a:79:8f:57:ac:4e:0c:0a:
                    48:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:92:E6:4B:97:65:14:29:29:55:17:07:2F:4C:BA:57:6F:07:EB:0F
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/NJLmS5dlFCkpVRcHL0y6V28H6w8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:26:64:1a:f1:89:8d:6d:86:21:87:64:e9:ef:9c:c9:4a:57:
         31:ca:6d:11:ce:f5:8e:c5:ee:f5:9d:fb:9a:75:22:53:ab:c5:
         9c:15:a5:1f:26:fa:0b:e2:ea:ee:88:81:fc:ac:bf:fe:81:c8:
         47:c0:9f:e7:57:80:df:3f:55:12:76:47:d5:8a:78:c9:d4:bd:
         08:af:71:f4:a1:cf:0c:d3:6b:f4:19:44:98:a0:87:6a:79:15:
         5a:7e:a3:93:3f:f8:71:ce:41:d4:ac:ef:46:3e:5f:53:80:cf:
         40:89:fe:df:46:09:d9:02:d5:a9:a6:34:56:09:65:29:e2:cc:
         3e:01:67:a2:5e:b2:a3:4b:57:31:d2:97:6c:47:17:96:53:79:
         66:89:4c:ff:de:f9:36:d0:1e:6d:b9:02:9a:7d:00:6d:29:42:
         f0:08:b6:67:e9:21:dc:fa:d7:ab:81:f8:53:a1:5d:7e:08:70:
         52:72:18:2f:c7:3e:84:c6:c0:27:d7:b1:0b:70:d3:61:3c:c4:
         20:f5:93:52:e0:11:d8:50:ab:a0:4b:1b:a1:ce:a2:41:31:6d:
         92:31:b6:1a:b4:75:75:24:bc:f8:0a:34:0c:86:b4:b5:00:23:
         f6:a1:74:38:6e:27:2a:cd:4f:5f:de:dc:d5:ab:3c:71:b0:cc:
         5a:a6:01:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYR16SWF570+IADJ9p1+kVf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjIxMTE0MTEzMjA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDkyZTY0Yjk3NjUxNDI5Mjk1NTE3MDcyZjRjYmE1NzZmMDdlYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiLccNmKh3+bxX3ZlLeWt6bmriYY
us3g5zNy5nhlTzGdcNw2I89gjGE1/ZGKwIbU33CAPGQbmzxf6uQGUsyhLttOuYEy
jaDODeArD6UProoWfVDyUCEHEjc1Gkmda+lS2bX8f7qdfHY3de3/HuXlyKmhGIs0
fLLbHPHXt9SeBlmHiFUSwvo9+ymjwrQ2x8spb7tGzPdA4d7mTac/3eB13mXhAVj7
c1DaAzUQ7H5nii5ABcn1OkCBRhRdV+7jVjVOqCHiXlwa2Bh8aD2Ufu3lhC2ewJA5
k6PXkyyYBF4Md2C79qDfJNUjWPcbXLRe5mE9tG3Z0U2rSnmPV6xODApI5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSS5kuXZRQpKVUXBy9MuldvB+sPMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvTkpMbVM1ZGxGQ2twVlJjSEwweTZWMjhINnc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWzPMA0G
CSqGSIb3DQEBCwUAA4IBAQABJmQa8YmNbYYhh2Tp75zJSlcxym0RzvWOxe71nfua
dSJTq8WcFaUfJvoL4uruiIH8rL/+gchHwJ/nV4DfP1USdkfVinjJ1L0Ir3H0oc8M
02v0GUSYoIdqeRVafqOTP/hxzkHUrO9GPl9TgM9Aif7fRgnZAtWppjRWCWUp4sw+
AWeiXrKjS1cx0pdsRxeWU3lmiUz/3vk20B5tuQKafQBtKULwCLZn6SHc+tergfhT
oV1+CHBSchgvxz6ExsAn17ELcNNhPMQg9ZNS4BHYUKugSxuhzqJBMW2SMbYatHV1
JLz4CjQMhrS1ACP2oXQ4bicqzU9f3tzVqzxxsMxapgHB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:13 2024 by rpki-client on console-fra.rpki-client.org