Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/8EbImGy_4N22kC1MySs_n45vpgs.roa
File:                     8EbImGy_4N22kC1MySs_n45vpgs.roa (raw, json)
Hash identifier:          TOnNNs6gj8DvyvC/9J9FvjGx7HDsPCrdpjCaTK55468=
Subject key identifier:   F0:46:C8:98:6C:BF:E0:DD:B6:90:2D:4C:C9:2B:3F:9F:8E:6F:A6:0B
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       0183122E3D6FAF8FC9EF202D4CE15F97DFC1
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/8EbImGy_4N22kC1MySs_n45vpgs.roa
Signing time:             Tue 06 Sep 2022 09:42:43 +0000
ROA not before:           Tue 06 Sep 2022 09:42:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60117
IP address blocks:        166.108.212.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:12:2e:3d:6f:af:8f:c9:ef:20:2d:4c:e1:5f:97:df:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Sep  6 09:42:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f046c8986cbfe0ddb6902d4cc92b3f9f8e6fa60b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ce:88:82:45:30:5e:67:15:d2:76:dc:06:56:
                    2e:5c:bd:74:2a:8d:a7:ee:ff:02:4e:bd:15:56:26:
                    b0:29:82:fc:35:f4:da:af:da:f6:64:3b:b3:c7:bc:
                    d0:70:fa:34:94:17:18:80:56:27:ee:ad:d9:8c:26:
                    ec:5a:27:6e:3a:1a:13:ff:3d:be:e3:7c:ee:03:54:
                    0c:f0:10:5d:ec:83:30:38:0d:e8:97:f1:bc:61:a7:
                    13:a0:b6:b4:aa:97:32:ac:01:ab:26:aa:ee:3a:6f:
                    61:b1:d2:33:d7:62:33:0e:78:33:60:7a:6b:d4:b0:
                    50:b4:44:ed:7b:f5:07:46:6b:a9:5e:58:83:38:af:
                    de:f0:3f:51:0d:af:8e:86:4f:ef:15:2c:bf:34:10:
                    9d:55:c2:71:7c:69:64:43:92:62:69:e4:eb:3a:10:
                    f7:cc:db:f4:63:c9:6e:6e:af:49:78:78:9f:7f:f6:
                    1f:f8:91:4f:6e:60:19:9c:5c:63:59:52:d9:93:fb:
                    6c:a1:d7:ae:93:ca:71:f3:c4:5e:27:f9:00:13:8c:
                    ec:f5:87:e7:a3:9a:e1:78:49:e0:e3:f8:90:89:f1:
                    3e:a4:7d:23:a8:0e:de:8a:43:d1:cb:2e:f8:a8:97:
                    9a:e4:12:cf:cc:ae:87:84:5b:22:49:19:65:76:ab:
                    f1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:46:C8:98:6C:BF:E0:DD:B6:90:2D:4C:C9:2B:3F:9F:8E:6F:A6:0B
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/8EbImGy_4N22kC1MySs_n45vpgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:d8:0b:00:80:b9:27:a2:e2:87:a2:d7:9c:33:ca:34:09:56:
         dd:b5:02:7b:b2:e2:a2:f4:8d:51:59:2c:6b:c0:4c:9f:21:d2:
         a0:bb:d3:5b:67:b0:7a:a7:73:ec:57:00:06:32:28:a8:6f:24:
         02:5d:20:aa:ac:06:6d:f2:0d:aa:36:22:7e:53:70:de:f1:d9:
         0f:c1:f1:96:e2:43:9d:de:82:70:37:9c:6d:f3:e1:15:18:97:
         1a:55:02:b5:d1:6e:02:72:bb:21:d9:24:f9:30:2e:1f:a3:c6:
         4b:eb:58:d4:05:3a:6c:16:39:a7:c9:fb:5b:d4:02:45:f7:53:
         14:58:53:9d:0e:0f:1f:57:34:4d:0a:35:1d:c5:44:51:6b:80:
         aa:14:cf:85:34:cf:aa:0d:2e:9d:87:a8:e6:00:e4:10:41:4d:
         5e:e6:99:07:32:78:45:b3:fd:a6:4b:74:e2:62:90:4e:2f:c7:
         1d:e4:94:10:6a:9d:6d:b7:37:48:eb:80:49:7b:05:98:ea:8d:
         52:77:8b:d5:e6:de:d1:df:84:10:3e:67:1e:b5:a1:d2:dc:87:
         54:8d:e4:69:18:8d:4e:d7:b2:57:0d:b0:a3:98:ab:0e:f9:52:
         1a:a4:ce:bb:6e:c3:f4:22:4b:a5:2b:70:05:ea:90:61:f0:76:
         1b:cf:e0:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYMSLj1vr4/J7yAtTOFfl9/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIwOTA2MDk0MjQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQ2Yzg5ODZjYmZlMGRkYjY5MDJkNGNjOTJiM2Y5ZjhlNmZhNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus6IgkUwXmcV0nbcBlYuXL10Ko2n
7v8CTr0VViawKYL8NfTar9r2ZDuzx7zQcPo0lBcYgFYn7q3ZjCbsWiduOhoT/z2+
43zuA1QM8BBd7IMwOA3ol/G8YacToLa0qpcyrAGrJqruOm9hsdIz12IzDngzYHpr
1LBQtETte/UHRmupXliDOK/e8D9RDa+Ohk/vFSy/NBCdVcJxfGlkQ5JiaeTrOhD3
zNv0Y8lubq9JeHiff/Yf+JFPbmAZnFxjWVLZk/tsodeuk8px88ReJ/kAE4zs9Yfn
o5rheEng4/iQifE+pH0jqA7eikPRyy74qJea5BLPzK6HhFsiSRlldqvxbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBGyJhsv+DdtpAtTMkrP5+Ob6YLMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvOEViSW1HeV80TjIya0MxTXlTc19uNDV2cGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCpmzUMA0G
CSqGSIb3DQEBCwUAA4IBAQBw2AsAgLknouKHotecM8o0CVbdtQJ7suKi9I1RWSxr
wEyfIdKgu9NbZ7B6p3PsVwAGMiiobyQCXSCqrAZt8g2qNiJ+U3De8dkPwfGW4kOd
3oJwN5xt8+EVGJcaVQK10W4Ccrsh2ST5MC4fo8ZL61jUBTpsFjmnyftb1AJF91MU
WFOdDg8fVzRNCjUdxURRa4CqFM+FNM+qDS6dh6jmAOQQQU1e5pkHMnhFs/2mS3Ti
YpBOL8cd5JQQap1ttzdI64BJewWY6o1Sd4vV5t7R34QQPmcetaHS3IdUjeRpGI1O
17JXDbCjmKsO+VIapM67bsP0IkulK3AF6pBh8HYbz+DY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:46 2024 by rpki-client on console-fra.rpki-client.org