Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/rZ_m7NHraizOOuxQRePY5GyFHgU.roa
File:                     rZ_m7NHraizOOuxQRePY5GyFHgU.roa (raw, json)
Hash identifier:          /PblUGmJlExj1HgoIBRH5OjM73pHQ9Gnv9rbYQU3eys=
Subject key identifier:   AD:9F:E6:EC:D1:EB:6A:2C:CE:3A:EC:50:45:E3:D8:E4:6C:85:1E:05
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       0185719577472E18CE362C5EEFA04751D64C
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/rZ_m7NHraizOOuxQRePY5GyFHgU.roa
Signing time:             Mon 02 Jan 2023 08:24:58 +0000
ROA not before:           Mon 02 Jan 2023 08:24:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        166.108.240.0/23 maxlen: 24
                          166.108.234.0/23 maxlen: 24
                          166.108.236.0/23 maxlen: 24
                          166.108.238.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:77:47:2e:18:ce:36:2c:5e:ef:a0:47:51:d6:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Jan  2 08:24:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad9fe6ecd1eb6a2cce3aec5045e3d8e46c851e05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:01:af:ef:17:a0:a7:12:4f:84:54:13:2d:d0:
                    a9:9c:ea:77:aa:5f:78:26:20:1e:3b:96:0a:f9:f8:
                    cb:c7:5b:57:3c:9a:b1:d8:ab:7b:2f:70:0a:66:04:
                    02:71:2d:87:fa:c0:3b:8d:02:cc:dd:3c:52:d5:1b:
                    e7:fb:b4:cd:50:07:b9:cb:89:f4:d6:72:5a:72:66:
                    2e:03:98:10:f9:1a:30:f8:ed:c9:63:64:f8:83:0c:
                    0b:92:e9:36:7a:de:a9:cf:3c:f5:97:1b:d9:46:1a:
                    33:82:7d:4f:02:a8:99:2b:7f:66:a0:35:51:1b:d0:
                    bb:c9:79:b8:52:05:a4:7e:1f:03:5c:c2:8f:bf:5e:
                    e8:7f:68:eb:f0:f7:4f:bd:f6:8b:97:76:dd:20:b7:
                    a5:1f:3b:be:f5:1d:6c:c9:b6:6d:92:1c:36:1a:3e:
                    88:10:16:d7:58:a5:fa:7a:c1:3d:6a:b6:a9:af:9f:
                    9b:39:47:fc:98:1e:18:72:05:43:2b:54:66:c0:eb:
                    67:61:d1:3c:23:7d:d6:1d:4b:58:49:59:20:95:0a:
                    a9:6d:0f:f4:67:e0:d4:6f:1d:c3:a3:ee:db:3c:6e:
                    18:59:3e:97:6d:7d:fc:85:bd:76:e5:f0:d8:2b:57:
                    b5:ff:2d:85:ce:b7:8b:c8:cf:75:0e:a5:85:df:87:
                    ae:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9F:E6:EC:D1:EB:6A:2C:CE:3A:EC:50:45:E3:D8:E4:6C:85:1E:05
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/rZ_m7NHraizOOuxQRePY5GyFHgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.234.0-166.108.241.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:1b:67:db:8a:54:f0:1b:d4:3b:e2:4e:0b:14:ea:ca:a2:d4:
         2e:d4:a6:c5:56:6e:e9:2f:d1:03:65:f4:95:7d:b8:48:fe:d5:
         1b:7c:b0:6b:9c:87:28:86:de:63:13:fb:08:d3:81:8f:05:8b:
         6f:d6:f2:32:84:2c:dc:c2:85:73:3c:5a:39:f7:84:60:ee:8a:
         32:a1:cb:cf:66:d7:eb:0a:97:27:20:6c:94:c9:56:6f:7c:4a:
         84:c4:7a:e3:c4:f9:b7:f8:a8:b3:8a:91:fe:bb:b5:fd:5a:ec:
         16:cc:d4:56:84:02:e8:b5:8b:35:b9:00:01:8a:26:2e:77:6e:
         22:e3:63:10:4f:1f:51:c8:5e:29:49:05:b4:81:d4:24:70:84:
         12:82:83:c1:99:4d:28:e4:b1:51:0e:64:77:39:b8:24:ef:a4:
         52:2b:b6:2e:f6:f9:0e:5d:a0:e9:79:83:a3:a9:6b:d2:d6:1b:
         ac:fa:b3:d3:62:1a:a7:f3:92:1a:b1:fc:dd:09:52:80:3b:1a:
         a0:d0:e6:6a:b4:af:c6:47:d5:6e:e9:df:e5:f5:c1:58:f2:0f:
         c9:90:85:95:9a:0d:ab:e2:27:59:64:3a:a6:50:c6:78:e0:41:
         b9:90:5b:7f:13:a2:ca:a0:41:96:a9:96:c3:76:94:d8:51:76:
         27:d8:a5:66
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVxlXdHLhjONixe76BHUdZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMTAyMDgyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDlmZTZlY2QxZWI2YTJjY2UzYWVjNTA0NWUzZDhlNDZjODUxZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QGv7xegpxJPhFQTLdCpnOp3ql94
JiAeO5YK+fjLx1tXPJqx2Kt7L3AKZgQCcS2H+sA7jQLM3TxS1Rvn+7TNUAe5y4n0
1nJacmYuA5gQ+Row+O3JY2T4gwwLkuk2et6pzzz1lxvZRhozgn1PAqiZK39moDVR
G9C7yXm4UgWkfh8DXMKPv17of2jr8PdPvfaLl3bdILelHzu+9R1sybZtkhw2Gj6I
EBbXWKX6esE9arapr5+bOUf8mB4YcgVDK1RmwOtnYdE8I33WHUtYSVkglQqpbQ/0
Z+DUbx3Do+7bPG4YWT6XbX38hb125fDYK1e1/y2FzreLyM91DqWF34eulQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK2f5uzR62oszjrsUEXj2ORshR4FMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvclpfbTdOSHJhaXpPT3V4UVJlUFk1R3lGSGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAGmbOoD
BAGmbPAwDQYJKoZIhvcNAQELBQADggEBAKobZ9uKVPAb1DviTgsU6sqi1C7UpsVW
bukv0QNl9JV9uEj+1Rt8sGuchyiG3mMT+wjTgY8Fi2/W8jKELNzChXM8Wjn3hGDu
ijKhy89m1+sKlycgbJTJVm98SoTEeuPE+bf4qLOKkf67tf1a7BbM1FaEAui1izW5
AAGKJi53biLjYxBPH1HIXilJBbSB1CRwhBKCg8GZTSjksVEOZHc5uCTvpFIrti72
+Q5doOl5g6Opa9LWG6z6s9NiGqfzkhqx/N0JUoA7GqDQ5mq0r8ZH1W7p3+X1wVjy
D8mQhZWaDaviJ1lkOqZQxnjgQbmQW38TosqgQZaplsN2lNhRdifYpWY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:32 2024 by rpki-client on console-ams.rpki-client.org