Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/l8DUUauPuFkSZkQ-1RoVA8aWHF8.roa
File:                     l8DUUauPuFkSZkQ-1RoVA8aWHF8.roa (raw, json)
Hash identifier:          qJ1lGWkphe4QZW7lRFXqMDSHwqeLGjeMY3N1jpUyaOo=
Subject key identifier:   97:C0:D4:51:AB:8F:B8:59:12:66:44:3E:D5:1A:15:03:C6:96:1C:5F
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018B3802C048F3F82136126D5A0A77B5883F
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/l8DUUauPuFkSZkQ-1RoVA8aWHF8.roa
Signing time:             Mon 16 Oct 2023 10:23:06 +0000
ROA not before:           Mon 16 Oct 2023 10:23:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50167
IP address blocks:        62.233.59.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:38:02:c0:48:f3:f8:21:36:12:6d:5a:0a:77:b5:88:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Oct 16 10:23:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=97c0d451ab8fb8591266443ed51a1503c6961c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:be:59:29:d9:95:d7:29:a4:e0:a5:a7:af:00:
                    88:78:bf:25:9c:a1:a5:76:3a:d2:c5:cc:98:85:4a:
                    c3:4f:55:18:17:11:b7:53:99:23:27:37:d5:03:72:
                    5f:3d:af:66:cd:c3:ad:70:35:00:36:ef:41:bd:bb:
                    5f:46:b1:78:0b:76:e6:98:8b:d9:e1:f5:ce:f4:03:
                    f5:e9:1a:40:44:b8:a7:ad:71:80:4b:f5:0b:7f:a3:
                    db:00:fa:9e:1e:03:51:d7:bb:89:cc:41:e5:b8:30:
                    c6:96:90:f6:25:8d:30:67:c0:12:70:e6:2b:5f:55:
                    e8:b0:39:05:53:b7:0c:ca:99:d6:55:20:82:ac:9e:
                    06:5a:44:2d:ca:6f:65:5c:ce:70:66:f4:12:5f:68:
                    82:cf:94:e4:55:73:5b:38:72:d8:46:4c:91:7c:23:
                    84:53:0e:bc:ef:46:a1:fb:e5:c3:b9:12:e0:34:da:
                    c7:d0:bf:60:bd:04:e9:77:03:78:b2:e2:08:29:82:
                    dd:38:78:7a:be:70:0e:c3:b0:ba:77:a3:18:8f:98:
                    19:b3:48:3d:80:c5:46:7d:a0:a7:46:68:f5:f7:f9:
                    b6:40:29:78:69:7e:bf:c4:7e:8e:06:4b:ef:f3:99:
                    24:39:38:9f:7e:22:6a:91:0d:1d:21:08:b3:14:5a:
                    be:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:C0:D4:51:AB:8F:B8:59:12:66:44:3E:D5:1A:15:03:C6:96:1C:5F
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/l8DUUauPuFkSZkQ-1RoVA8aWHF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:ad:23:25:50:f0:bb:50:d0:9d:60:b5:fe:29:e0:da:19:32:
         19:62:a9:ec:f8:4b:9d:ae:51:53:90:43:87:19:d1:36:ce:cf:
         a3:e9:55:9f:bf:e9:cc:46:79:e3:68:6e:cd:e0:f9:b0:9a:99:
         0e:87:13:75:96:20:cb:84:97:64:b4:29:ec:b1:0d:fe:b8:6a:
         2f:20:e1:f8:83:f7:fe:4b:43:f6:34:e6:ea:b4:17:4a:d4:68:
         81:77:27:c7:e9:21:ab:e1:8d:fa:50:99:c2:0f:71:a4:ca:62:
         74:f0:f6:1e:23:07:38:45:bd:ab:00:50:ba:84:6f:40:33:a3:
         84:16:8a:c6:f3:92:01:38:16:9e:23:08:ef:12:c2:0f:f7:04:
         67:5e:f8:e6:04:a8:96:58:bd:bc:30:09:a6:1d:cc:1f:f5:28:
         68:d9:86:fb:cf:f7:a0:e5:6a:60:2b:87:c4:10:98:67:a0:bc:
         67:87:86:34:38:37:f5:09:19:a6:d3:f1:0a:65:44:9b:96:df:
         36:53:0f:6b:44:12:0e:8e:51:43:77:08:27:d3:f0:ee:d4:cc:
         23:52:59:e2:c7:41:c2:da:fa:6b:1b:20:10:a7:4e:9a:ff:61:
         de:93:cf:c5:5e:62:60:4e:24:67:0c:bc:a5:c2:08:de:35:9a:
         a5:6c:93:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYs4AsBI8/ghNhJtWgp3tYg/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjMxMDE2MTAyMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2MwZDQ1MWFiOGZiODU5MTI2NjQ0M2VkNTFhMTUwM2M2OTYxYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn75ZKdmV1ymk4KWnrwCIeL8lnKGl
djrSxcyYhUrDT1UYFxG3U5kjJzfVA3JfPa9mzcOtcDUANu9BvbtfRrF4C3bmmIvZ
4fXO9AP16RpARLinrXGAS/ULf6PbAPqeHgNR17uJzEHluDDGlpD2JY0wZ8AScOYr
X1XosDkFU7cMypnWVSCCrJ4GWkQtym9lXM5wZvQSX2iCz5TkVXNbOHLYRkyRfCOE
Uw6870ah++XDuRLgNNrH0L9gvQTpdwN4suIIKYLdOHh6vnAOw7C6d6MYj5gZs0g9
gMVGfaCnRmj19/m2QCl4aX6/xH6OBkvv85kkOTiffiJqkQ0dIQizFFq+WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfA1FGrj7hZEmZEPtUaFQPGlhxfMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvbDhEVVVhdVB1RmtTWmtRLTFSb1ZBOGFXSEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuk7MA0G
CSqGSIb3DQEBCwUAA4IBAQCBrSMlUPC7UNCdYLX+KeDaGTIZYqns+EudrlFTkEOH
GdE2zs+j6VWfv+nMRnnjaG7N4PmwmpkOhxN1liDLhJdktCnssQ3+uGovIOH4g/f+
S0P2NObqtBdK1GiBdyfH6SGr4Y36UJnCD3GkymJ08PYeIwc4Rb2rAFC6hG9AM6OE
ForG85IBOBaeIwjvEsIP9wRnXvjmBKiWWL28MAmmHcwf9Sho2Yb7z/eg5WpgK4fE
EJhnoLxnh4Y0ODf1CRmm0/EKZUSblt82Uw9rRBIOjlFDdwgn0/Du1MwjUlnix0HC
2vprGyAQp06a/2Hek8/FXmJgTiRnDLylwgjeNZqlbJOA
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:21 2024 by rpki-client on console-ams.rpki-client.org