Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/781Tr9t8UzSsNzjinmobk-jVc8M.roa
File:                     781Tr9t8UzSsNzjinmobk-jVc8M.roa (raw, json)
Hash identifier:          sYMkDvA7nY7Os199hrxQFfmb4yDJI5KE6hb2qV0n4Nw=
Subject key identifier:   EF:CD:53:AF:DB:7C:53:34:AC:37:38:E2:9E:6A:1B:93:E8:D5:73:C3
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE2EF612DC4424742FC9405AA2D1B6
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/781Tr9t8UzSsNzjinmobk-jVc8M.roa
Signing time:             Tue 02 Jan 2024 06:30:53 +0000
ROA not before:           Tue 02 Jan 2024 06:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27176
IP address blocks:        85.31.48.0/22 maxlen: 22
                          84.54.8.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2e:f6:12:dc:44:24:74:2f:c9:40:5a:a2:d1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efcd53afdb7c5334ac3738e29e6a1b93e8d573c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fc:5c:fc:7e:06:e8:03:0d:e2:37:d2:37:0e:
                    79:32:57:69:84:08:49:81:0b:87:91:e9:05:62:ca:
                    ed:3f:f2:50:79:ed:03:83:64:93:d3:5f:e7:25:69:
                    e3:9e:0c:04:a0:2c:f4:da:02:1c:11:9e:eb:f1:14:
                    48:25:cf:8f:07:ea:94:47:f7:26:60:d2:0c:68:2c:
                    9c:a1:06:c0:9d:12:55:47:cc:a1:57:3c:38:56:7f:
                    16:f9:0e:56:bf:be:0d:99:f2:fd:8b:03:ad:0a:0d:
                    3c:c1:97:09:01:f2:d7:dc:6e:d4:2c:9d:0c:52:93:
                    40:6a:18:4b:f9:b1:56:37:96:10:d6:c0:48:88:8e:
                    7a:33:24:33:aa:8b:5f:b7:dc:a1:c0:3c:2b:8e:4c:
                    e6:59:fa:ed:9c:81:3f:3b:d6:a8:96:d1:19:e5:2b:
                    c1:dc:66:e4:4c:a7:2c:f8:f6:cb:38:12:84:6c:81:
                    dd:c0:7b:ef:0d:c9:23:2f:01:a3:ca:c0:f6:a0:c2:
                    1d:21:71:74:54:d2:53:32:ad:8b:53:00:c5:15:70:
                    b9:4f:40:5e:44:39:95:81:da:3c:8b:9d:16:5a:14:
                    48:ce:fd:a9:f3:49:e9:b8:67:9e:59:1c:c8:5e:17:
                    d1:dc:d3:c6:67:a4:d3:f8:17:a2:26:c3:00:c5:aa:
                    ef:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CD:53:AF:DB:7C:53:34:AC:37:38:E2:9E:6A:1B:93:E8:D5:73:C3
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/781Tr9t8UzSsNzjinmobk-jVc8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.8.0/22
                  85.31.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:98:4b:8d:7b:ad:90:d6:13:9f:74:fc:a9:ef:ab:d5:c0:d8:
         4a:84:d3:de:5e:c3:07:b1:39:ad:33:51:dd:83:97:a5:cd:20:
         64:c6:58:e6:5c:3b:d6:0b:b5:8a:22:c4:5e:20:1e:b4:c0:cb:
         e4:a9:d6:ee:e2:b5:86:b0:23:1d:11:71:d2:be:d3:87:47:e8:
         cb:79:ac:bc:ec:9b:be:25:06:da:14:40:18:49:c8:25:6f:83:
         9a:5b:e0:0f:4d:d8:72:01:85:9d:ba:87:ca:c0:70:d4:7f:fd:
         23:a8:d6:e2:54:ac:cc:fb:5b:42:1c:a7:fe:d3:cd:e7:64:28:
         fd:80:e5:e5:f9:b4:1b:33:59:9d:de:b2:8c:2c:44:04:5a:87:
         bc:f2:9b:8f:35:c8:0c:7a:31:02:c1:e8:bf:08:6b:0f:3a:cb:
         da:46:5d:45:1d:10:0b:cd:39:52:42:84:7d:5b:d7:73:9d:f7:
         9b:c9:f2:4d:15:fb:db:73:76:c5:c2:53:d5:a3:42:0b:59:88:
         89:f4:4b:c7:3b:51:c4:ed:fe:6f:4e:9d:a4:ff:ec:9a:e6:45:
         99:91:5d:12:e1:f4:ff:d9:a4:bd:d3:a5:da:a7:e7:4a:d7:e0:
         21:b4:00:42:ea:8c:66:55:b4:1e:49:01:11:ac:ef:1f:fe:f2:
         15:3e:18:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3i72EtxEJHQvyUBaotG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmNkNTNhZmRiN2M1MzM0YWMzNzM4ZTI5ZTZhMWI5M2U4ZDU3M2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfxc/H4G6AMN4jfSNw55MldphAhJ
gQuHkekFYsrtP/JQee0Dg2ST01/nJWnjngwEoCz02gIcEZ7r8RRIJc+PB+qUR/cm
YNIMaCycoQbAnRJVR8yhVzw4Vn8W+Q5Wv74NmfL9iwOtCg08wZcJAfLX3G7ULJ0M
UpNAahhL+bFWN5YQ1sBIiI56MyQzqotft9yhwDwrjkzmWfrtnIE/O9aoltEZ5SvB
3GbkTKcs+PbLOBKEbIHdwHvvDckjLwGjysD2oMIdIXF0VNJTMq2LUwDFFXC5T0Be
RDmVgdo8i50WWhRIzv2p80npuGeeWRzIXhfR3NPGZ6TT+BeiJsMAxarvIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO/NU6/bfFM0rDc44p5qG5Po1XPDMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvNzgxVHI5dDhVelNzTnpqaW5tb2JrLWpWYzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVDYIAwQC
VR8wMA0GCSqGSIb3DQEBCwUAA4IBAQCvmEuNe62Q1hOfdPyp76vVwNhKhNPeXsMH
sTmtM1Hdg5elzSBkxljmXDvWC7WKIsReIB60wMvkqdbu4rWGsCMdEXHSvtOHR+jL
eay87Ju+JQbaFEAYScglb4OaW+APTdhyAYWduofKwHDUf/0jqNbiVKzM+1tCHKf+
083nZCj9gOXl+bQbM1md3rKMLEQEWoe88puPNcgMejECwei/CGsPOsvaRl1FHRAL
zTlSQoR9W9dznfebyfJNFfvbc3bFwlPVo0ILWYiJ9EvHO1HE7f5vTp2k/+ya5kWZ
kV0S4fT/2aS906Xap+dK1+AhtABC6oxmVbQeSQERrO8f/vIVPhjb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org