Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/ZvzoYyOAboT7eWL4x1UXpmPFgnA.roa
File:                     ZvzoYyOAboT7eWL4x1UXpmPFgnA.roa (raw, json)
Hash identifier:          RVojn2xnDyh/NRAcx0eUC1EDO5biBNseVJyL2D0tbMU=
Subject key identifier:   66:FC:E8:63:23:80:6E:84:FB:79:62:F8:C7:55:17:A6:63:C5:82:70
Certificate issuer:       /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial:       018CC3B6A39B17CCA6C6A894A29B8D910BF3
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/ZvzoYyOAboT7eWL4x1UXpmPFgnA.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39153
IP address blocks:        31.24.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a3:9b:17:cc:a6:c6:a8:94:a2:9b:8d:91:0b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66fce86323806e84fb7962f8c75517a663c58270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:aa:cd:18:48:52:a2:d5:09:db:62:5c:56:c3:
                    22:af:23:e1:c3:bb:cf:bd:dd:ed:fc:4a:02:73:5b:
                    7b:e9:73:57:07:ad:ff:8d:16:dc:f9:59:a9:a4:5a:
                    d0:82:f7:74:08:9f:37:8d:fe:36:f9:cd:1f:99:19:
                    87:9b:95:a5:b4:8f:83:ef:fe:ee:2a:a7:b3:29:99:
                    c7:db:49:b3:b8:9e:98:1f:ba:cf:01:6b:15:f7:ca:
                    93:5a:48:af:f8:de:a7:7b:1a:95:dc:62:4c:76:9d:
                    07:75:06:12:94:88:17:cb:89:c8:87:76:dd:57:43:
                    14:a7:11:ea:9e:3c:75:e3:1e:0f:e2:ca:47:94:cf:
                    48:c3:4a:67:2c:6c:68:08:68:bb:18:68:b1:89:c7:
                    ff:d1:10:7a:77:7b:2e:2d:e9:ad:d2:49:58:ef:bf:
                    44:b0:d3:a2:e5:42:5e:67:59:40:f1:c2:f6:d3:27:
                    d5:d9:d8:66:c6:54:21:c8:b8:2f:f5:58:dc:32:ba:
                    d4:3d:97:74:4c:a1:d5:d8:c5:22:e2:3d:56:43:ca:
                    a9:b8:15:49:1e:db:94:8b:b1:4c:8c:d3:c7:35:35:
                    76:d5:f9:b1:32:d7:ea:05:fe:34:fb:96:a5:fd:5d:
                    7a:f7:12:b5:17:0e:a0:66:db:b8:20:30:fe:40:73:
                    81:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FC:E8:63:23:80:6E:84:FB:79:62:F8:C7:55:17:A6:63:C5:82:70
            X509v3 Authority Key Identifier:
                keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/ZvzoYyOAboT7eWL4x1UXpmPFgnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:f5:63:2b:88:4a:31:33:54:cc:56:71:3f:bc:13:c6:eb:06:
         48:84:64:e3:b0:84:28:83:f8:98:3b:01:11:bd:47:29:20:f9:
         bd:f7:2a:a4:22:d8:ea:bb:2a:d3:75:f3:cb:9f:5f:5a:c8:b4:
         7b:5f:09:63:b6:9c:2d:f6:df:da:57:61:69:dd:5a:dd:6f:0a:
         94:c2:70:da:4b:d0:a7:73:77:52:9a:54:bd:ef:ea:9a:33:95:
         34:0d:81:4c:74:b6:f1:60:11:d3:5b:93:81:1b:1a:1e:73:a0:
         c9:17:89:2c:44:f5:cc:f2:61:35:b4:59:fc:71:34:c3:97:f0:
         1c:0a:2a:aa:91:da:06:8b:bb:93:a6:8b:35:c3:16:a8:8b:fe:
         23:a2:24:f6:65:34:db:7b:39:95:cd:f6:94:b8:67:89:c4:26:
         b9:16:34:eb:5c:36:1f:2d:b5:49:02:5d:11:af:db:03:31:0e:
         93:29:e9:7d:de:ba:df:4f:7b:9e:8c:56:b0:08:50:04:78:d5:
         69:46:b1:d3:56:b8:fb:04:ee:62:8a:ef:ee:b3:f8:0c:12:be:
         cd:81:67:e5:d8:46:a2:52:02:ea:19:fb:2e:b2:5e:80:ce:bf:
         a5:45:a0:1f:ce:2b:1f:99:9c:ba:ba:42:ef:b3:82:0f:78:5b:
         1e:eb:0c:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqObF8ymxqiUopuNkQvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmZjZTg2MzIzODA2ZTg0ZmI3OTYyZjhjNzU1MTdhNjYzYzU4MjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6rNGEhSotUJ22JcVsMiryPhw7vP
vd3t/EoCc1t76XNXB63/jRbc+VmppFrQgvd0CJ83jf42+c0fmRmHm5WltI+D7/7u
KqezKZnH20mzuJ6YH7rPAWsV98qTWkiv+N6nexqV3GJMdp0HdQYSlIgXy4nIh3bd
V0MUpxHqnjx14x4P4spHlM9Iw0pnLGxoCGi7GGixicf/0RB6d3suLemt0klY779E
sNOi5UJeZ1lA8cL20yfV2dhmxlQhyLgv9VjcMrrUPZd0TKHV2MUi4j1WQ8qpuBVJ
HtuUi7FMjNPHNTV21fmxMtfqBf40+5al/V169xK1Fw6gZtu4IDD+QHOBBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGb86GMjgG6E+3li+MdVF6ZjxYJwMB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvWnZ6b1l5T0Fib1Q3ZVdMNHgxVVhwbVBGZ25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxj/MA0G
CSqGSIb3DQEBCwUAA4IBAQAy9WMriEoxM1TMVnE/vBPG6wZIhGTjsIQog/iYOwER
vUcpIPm99yqkItjquyrTdfPLn19ayLR7Xwljtpwt9t/aV2Fp3VrdbwqUwnDaS9Cn
c3dSmlS97+qaM5U0DYFMdLbxYBHTW5OBGxoec6DJF4ksRPXM8mE1tFn8cTTDl/Ac
CiqqkdoGi7uTpos1wxaoi/4joiT2ZTTbezmVzfaUuGeJxCa5FjTrXDYfLbVJAl0R
r9sDMQ6TKel93rrfT3uejFawCFAEeNVpRrHTVrj7BO5iiu/us/gMEr7NgWfl2Eai
UgLqGfsusl6Azr+lRaAfzisfmZy6ukLvs4IPeFse6wy/
-----END CERTIFICATE-----
Generated at Mon Aug 5 13:06:54 2024 by rpki-client on console-fra.rpki-client.org