Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/db5651-95f1-47c1-acf0-eafca5854257/1/JABhB9nwP6PjygCtmmqNZlCLL3Y.roa
File:                     JABhB9nwP6PjygCtmmqNZlCLL3Y.roa (raw, json)
Hash identifier:          BKGuIPTTnJm28lXps0ZgtjFo3UOnFlDpa1Zc79mQUMs=
Subject key identifier:   24:00:61:07:D9:F0:3F:A3:E3:CA:00:AD:9A:6A:8D:66:50:8B:2F:76
Certificate issuer:       /CN=ff994630fc74556ce508026870901545fb7b04cd
Certificate serial:       11FAABB3
Authority key identifier: FF:99:46:30:FC:74:55:6C:E5:08:02:68:70:90:15:45:FB:7B:04:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_5lGMPx0VWzlCAJocJAVRft7BM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/db5651-95f1-47c1-acf0-eafca5854257/1/JABhB9nwP6PjygCtmmqNZlCLL3Y.roa
Signing time:             Sat 01 Jan 2022 04:55:21 +0000
ROA not before:           Sat 01 Jan 2022 04:55:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12684
IP address blocks:        84.235.141.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 301640627 (0x11faabb3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff994630fc74556ce508026870901545fb7b04cd
        Validity
            Not Before: Jan  1 04:55:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=24006107d9f03fa3e3ca00ad9a6a8d66508b2f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:49:2b:f0:d4:c8:b1:15:ae:bc:95:53:3f:cd:
                    42:52:d7:d1:71:3f:52:ed:e4:d3:60:d3:6d:25:3f:
                    92:26:cb:29:a9:ca:fb:7a:d6:74:9e:84:04:d1:25:
                    67:ba:9d:8a:9a:bd:31:ac:01:ce:56:e7:75:3d:c0:
                    14:3f:67:f7:c2:74:f4:56:eb:27:a2:aa:bc:40:26:
                    fd:e6:8b:77:b4:48:29:0f:24:09:95:39:c4:62:25:
                    40:8d:7e:2c:df:42:eb:36:69:25:8c:fc:74:18:8f:
                    06:c7:6a:ef:c6:c3:5c:a4:ee:22:75:68:3a:a0:1e:
                    d1:ba:86:89:fe:11:b3:f8:9e:7a:1d:d5:ea:44:ee:
                    ad:1f:58:88:87:7c:85:d2:4d:f6:03:48:ec:f3:2d:
                    81:9b:09:52:cb:50:6b:04:98:d0:a4:d9:4e:62:5c:
                    be:cd:dd:72:2d:b4:80:4e:26:db:72:fe:20:43:88:
                    cf:a3:b2:24:e6:20:8b:63:f4:c1:02:4c:6a:ff:61:
                    18:fc:a2:b9:6a:b8:cf:99:cd:7c:b7:ab:bc:ac:d9:
                    cd:36:cd:74:0f:5a:d0:11:d7:f5:48:c9:68:4f:4f:
                    b9:3d:3b:c0:65:42:ad:20:86:65:b8:7b:bb:af:d7:
                    f1:55:c9:80:08:e9:48:e2:57:0d:65:2d:6c:8e:46:
                    5a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:00:61:07:D9:F0:3F:A3:E3:CA:00:AD:9A:6A:8D:66:50:8B:2F:76
            X509v3 Authority Key Identifier:
                keyid:FF:99:46:30:FC:74:55:6C:E5:08:02:68:70:90:15:45:FB:7B:04:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_5lGMPx0VWzlCAJocJAVRft7BM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/db5651-95f1-47c1-acf0-eafca5854257/1/JABhB9nwP6PjygCtmmqNZlCLL3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/db5651-95f1-47c1-acf0-eafca5854257/1/_5lGMPx0VWzlCAJocJAVRft7BM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.235.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:89:3d:ea:69:71:b9:d6:3e:bf:05:71:fd:ac:6d:35:8e:3f:
         59:d2:03:f9:43:23:ec:69:67:1b:de:eb:0b:59:d0:99:93:f5:
         de:fd:bf:34:54:e5:79:68:ba:6e:9d:86:25:87:70:c6:b4:a3:
         d5:91:de:74:53:d9:9f:ff:b5:9a:ee:33:59:7a:73:4d:99:3c:
         85:5e:24:c2:12:fa:73:19:aa:77:fd:35:9f:c1:44:3f:b0:8e:
         ac:3b:59:db:37:11:88:3c:a7:64:d5:72:dd:cc:27:b6:f1:7d:
         35:fd:c3:1a:f1:df:74:95:d4:30:74:2f:d0:83:89:ad:0b:3d:
         7a:bb:49:a1:d5:80:7a:db:6e:44:e6:1b:74:20:1b:60:33:8e:
         df:36:4c:8f:f4:79:62:e4:36:05:c1:c5:f7:76:cf:c2:16:89:
         b8:b6:98:7c:6c:d9:3e:46:66:57:d6:92:31:02:8a:bb:39:5f:
         4e:42:da:e0:80:f6:3f:81:95:93:26:3b:53:64:9b:ab:eb:a1:
         d3:18:a4:a0:69:02:2d:46:41:95:ca:94:6d:92:28:ad:a6:1b:
         dd:a7:8b:b5:5f:17:dc:31:39:59:f4:79:b4:c2:4b:30:fb:27:
         34:dc:a7:70:42:00:2f:d0:68:53:db:a0:a6:b1:90:88:f4:85:
         30:95:e0:9f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEfqrszANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
Zjk5NDYzMGZjNzQ1NTZjZTUwODAyNjg3MDkwMTU0NWZiN2IwNGNkMB4XDTIyMDEw
MTA0NTUyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjQwMDYxMDdkOWYw
M2ZhM2UzY2EwMGFkOWE2YThkNjY1MDhiMmY3NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALBJK/DUyLEVrryVUz/NQlLX0XE/Uu3k02DTbSU/kibLKanK
+3rWdJ6EBNElZ7qdipq9MawBzlbndT3AFD9n98J09FbrJ6KqvEAm/eaLd7RIKQ8k
CZU5xGIlQI1+LN9C6zZpJYz8dBiPBsdq78bDXKTuInVoOqAe0bqGif4Rs/ieeh3V
6kTurR9YiId8hdJN9gNI7PMtgZsJUstQawSY0KTZTmJcvs3dci20gE4m23L+IEOI
z6OyJOYgi2P0wQJMav9hGPyiuWq4z5nNfLervKzZzTbNdA9a0BHX9UjJaE9PuT07
wGVCrSCGZbh7u6/X8VXJgAjpSOJXDWUtbI5GWhECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQkAGEH2fA/o+PKAK2aao1mUIsvdjAfBgNVHSMEGDAWgBT/mUYw/HRVbOUI
AmhwkBVF+3sEzTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L181bEdNUHgwVld6bENBSm9jSkFWUmZ0N0JNMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWMvZGI1NjUxLTk1ZjEtNDdjMS1hY2YwLWVhZmNhNTg1NDI1Ny8x
L0pBQmhCOW53UDZQanlnQ3RtbXFOWmxDTEwzWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWMv
ZGI1NjUxLTk1ZjEtNDdjMS1hY2YwLWVhZmNhNTg1NDI1Ny8xL181bEdNUHgwVld6
bENBSm9jSkFWUmZ0N0JNMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFTrjTANBgkqhkiG9w0BAQsFAAOC
AQEA14k96mlxudY+vwVx/axtNY4/WdID+UMj7GlnG97rC1nQmZP13v2/NFTleWi6
bp2GJYdwxrSj1ZHedFPZn/+1mu4zWXpzTZk8hV4kwhL6cxmqd/01n8FEP7COrDtZ
2zcRiDynZNVy3cwntvF9Nf3DGvHfdJXUMHQv0IOJrQs9ertJodWAettuROYbdCAb
YDOO3zZMj/R5YuQ2BcHF93bPwhaJuLaYfGzZPkZmV9aSMQKKuzlfTkLa4ID2P4GV
kyY7U2Sbq+uh0xikoGkCLUZBlcqUbZIoraYb3aeLtV8X3DE5WfR5tMJLMPsnNNyn
cEIAL9BoU9ugprGQiPSFMJXgnw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:44 2023 by rpki-client on console-ams.rpki-client.org