Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Sc8D8zy6GX9Gv7bSybPG1E9rtAs.roa
File:                     Sc8D8zy6GX9Gv7bSybPG1E9rtAs.roa (raw, json)
Hash identifier:          rFmdulWh1tD+kMtuHDjeG7YJoB2DfjH9WLj0yC/u3aI=
Subject key identifier:   49:CF:03:F3:3C:BA:19:7F:46:BF:B6:D2:C9:B3:C6:D4:4F:6B:B4:0B
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       04C31D5B
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Sc8D8zy6GX9Gv7bSybPG1E9rtAs.roa
Signing time:             Mon 04 Jul 2022 17:59:14 +0000
ROA not before:           Mon 04 Jul 2022 17:59:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     142430
IP address blocks:        185.108.206.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79895899 (0x4c31d5b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul  4 17:59:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=49cf03f33cba197f46bfb6d2c9b3c6d44f6bb40b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:19:36:17:e2:f8:62:14:6d:1e:43:cf:3b:4e:
                    80:bd:9e:2b:cd:47:69:95:ec:b8:1c:20:7b:72:13:
                    10:8b:00:f8:c1:91:f7:7e:88:b7:f7:70:02:c6:8b:
                    70:39:0b:80:a8:6e:90:2e:3c:9a:03:de:f3:7e:83:
                    1b:98:5a:f4:01:5a:36:2d:b8:1b:f4:85:ec:d0:85:
                    c5:15:a9:9c:cc:5a:5e:5d:d3:ac:c0:3c:87:23:90:
                    c6:d3:6f:f9:eb:6e:d4:9b:8b:c4:e8:ba:a1:c4:ed:
                    c1:f1:4f:37:3b:25:fc:9c:10:3d:d0:14:a8:64:cc:
                    5f:78:bd:d7:93:8e:27:57:4f:79:a2:b1:1a:30:b1:
                    6d:34:d1:39:71:56:91:ab:11:9c:db:1b:0f:7c:4d:
                    a8:6b:47:19:8c:6c:2a:6c:33:65:a6:50:41:43:6c:
                    61:85:28:5f:14:b6:0d:20:ad:19:29:5e:41:28:f8:
                    14:46:39:cd:4b:f1:75:22:a9:c3:7d:55:c6:2e:c2:
                    8c:df:a6:0c:b8:c7:7f:ff:c2:22:b8:97:27:d9:8f:
                    fa:41:36:ca:d4:4c:c1:5e:03:4d:a8:01:51:aa:80:
                    20:2d:47:77:9c:ee:e6:2e:95:15:56:78:f1:18:fd:
                    0e:cc:f8:a0:64:18:91:d1:c7:5e:69:32:3c:ec:69:
                    7f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:CF:03:F3:3C:BA:19:7F:46:BF:B6:D2:C9:B3:C6:D4:4F:6B:B4:0B
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Sc8D8zy6GX9Gv7bSybPG1E9rtAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:20:07:51:79:7a:df:d7:88:96:68:bd:a0:cd:60:d5:56:ec:
         9c:ea:e8:5d:62:e0:1c:8e:44:76:23:5e:ba:a7:c6:7b:cc:10:
         63:b9:9a:55:95:be:fe:84:32:7f:1e:d9:6f:32:8a:ff:ae:73:
         19:0c:f3:50:50:22:87:8f:3e:f0:ba:21:af:5d:44:58:49:b8:
         ec:34:8a:c9:85:dc:ad:7a:bc:2f:39:57:fa:8c:6a:f5:0f:b8:
         02:9b:b5:f3:c0:b3:70:5d:0a:89:e2:5f:d0:27:44:99:7d:80:
         20:fb:fe:0c:2d:3e:e7:1e:24:77:82:5c:cd:53:2b:63:8f:ac:
         ea:4a:ca:cd:d3:53:36:29:4f:09:eb:2f:aa:08:e0:d2:c9:ee:
         9b:cd:83:fb:0f:c9:02:27:5e:18:aa:13:3a:2c:9c:b2:15:d2:
         ce:a8:e2:e9:e9:4d:4f:4a:b2:a6:f8:fa:9d:81:ec:3c:2e:84:
         ad:04:f3:39:d4:d2:1f:1a:2f:b9:37:5e:a4:a6:6d:55:49:7f:
         e8:e8:f2:e8:b1:ca:39:2d:be:16:4a:97:70:24:0c:93:ba:6e:
         2a:76:9f:24:be:2e:37:a2:d5:2b:89:cf:bf:41:36:bd:11:66:
         3f:57:06:1b:dc:fe:88:e8:73:a3:8b:7b:f1:db:e6:0a:a7:7e:
         a2:2a:20:8e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBMMdWzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NjhiZmI4YTVlZWU0OTA4MmVhNjI4ZGYyNWE0YTVkNTBmM2FhOWIzMB4XDTIyMDcw
NDE3NTkxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDljZjAzZjMzY2Jh
MTk3ZjQ2YmZiNmQyYzliM2M2ZDQ0ZjZiYjQwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALAZNhfi+GIUbR5DzztOgL2eK81HaZXsuBwge3ITEIsA+MGR
936It/dwAsaLcDkLgKhukC48mgPe836DG5ha9AFaNi24G/SF7NCFxRWpnMxaXl3T
rMA8hyOQxtNv+etu1JuLxOi6ocTtwfFPNzsl/JwQPdAUqGTMX3i915OOJ1dPeaKx
GjCxbTTROXFWkasRnNsbD3xNqGtHGYxsKmwzZaZQQUNsYYUoXxS2DSCtGSleQSj4
FEY5zUvxdSKpw31Vxi7CjN+mDLjHf//CIriXJ9mP+kE2ytRMwV4DTagBUaqAIC1H
d5zu5i6VFVZ48Rj9Dsz4oGQYkdHHXmkyPOxpf4UCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRJzwPzPLoZf0a/ttLJs8bUT2u0CzAfBgNVHSMEGDAWgBQ2i/uKXu5JCC6m
KN8lpKXVDzqpszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8x
L1NjOEQ4enk2R1g5R3Y3YlN5YlBHMUU5cnRBcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8xL05vdjdpbDd1U1Fn
dXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlszjANBgkqhkiG9w0BAQsFAAOC
AQEAMSAHUXl639eIlmi9oM1g1VbsnOroXWLgHI5EdiNeuqfGe8wQY7maVZW+/oQy
fx7ZbzKK/65zGQzzUFAih48+8Lohr11EWEm47DSKyYXcrXq8LzlX+oxq9Q+4Apu1
88CzcF0KieJf0CdEmX2AIPv+DC0+5x4kd4JczVMrY4+s6krKzdNTNilPCesvqgjg
0snum82D+w/JAideGKoTOiycshXSzqji6elNT0qypvj6nYHsPC6ErQTzOdTSHxov
uTdepKZtVUl/6Ojy6LHKOS2+FkqXcCQMk7puKnafJL4uN6LVK4nPv0E2vRFmP1cG
G9z+iOhzo4t78dvmCqd+oiogjg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:13 2024 by rpki-client on console-fra.rpki-client.org