Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/p8zdTssIMDu7uf2_c0tBz9HifT0.roa
File:                     p8zdTssIMDu7uf2_c0tBz9HifT0.roa (raw, json)
Hash identifier:          JkjAlBJKArxOm/slQSLjkHOLfxNDVrvYV572sADqVPY=
Subject key identifier:   A7:CC:DD:4E:CB:08:30:3B:BB:B9:FD:BF:73:4B:41:CF:D1:E2:7D:3D
Certificate issuer:       /CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
Certificate serial:       018CC56EAA730DA46FECFA5BDFF4DF5A9FD3
Authority key identifier: 6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/p8zdTssIMDu7uf2_c0tBz9HifT0.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211190
IP address blocks:        176.97.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:aa:73:0d:a4:6f:ec:fa:5b:df:f4:df:5a:9f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7ccdd4ecb08303bbbb9fdbf734b41cfd1e27d3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e9:e5:56:c9:2a:b4:2b:80:9a:4f:aa:4e:22:
                    85:6c:d1:29:68:48:8e:a7:15:47:48:77:ea:97:7e:
                    6f:48:ab:ad:f0:61:86:80:62:9e:37:a7:75:eb:8e:
                    b7:03:0b:50:5c:7d:df:96:96:5d:08:4b:9e:82:19:
                    d5:60:18:98:24:30:04:65:1b:e5:5d:06:f9:c1:17:
                    b0:f1:48:4d:e7:26:7a:96:66:2e:81:4b:0a:11:b3:
                    00:2c:ec:20:12:27:65:13:e1:f6:7e:f3:d9:1a:c5:
                    e3:a5:2d:74:f6:53:54:4b:3b:87:9f:40:77:6e:1f:
                    14:e1:1b:5f:7a:af:9d:db:1c:1e:02:3e:85:24:a2:
                    0b:c4:ab:3f:ec:37:70:c0:43:73:a8:f1:4b:ab:70:
                    b5:03:68:f6:b2:0c:43:b6:8f:d4:8b:ec:42:39:71:
                    3f:fe:70:18:45:4b:df:f4:cc:d1:9e:10:c3:c6:58:
                    a3:a7:7f:5b:97:db:df:9a:c7:1f:bf:a0:3d:35:a8:
                    16:9d:cc:e6:0b:53:b0:d5:a9:2d:15:36:dd:31:9d:
                    9b:ae:c4:91:73:d6:76:b3:c6:23:72:af:cb:e7:3a:
                    16:66:57:e4:a5:69:a4:54:00:5d:c1:91:e0:7a:b9:
                    2a:a7:72:81:ed:e8:f5:68:f9:37:f0:43:a7:32:5c:
                    d6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:CC:DD:4E:CB:08:30:3B:BB:B9:FD:BF:73:4B:41:CF:D1:E2:7D:3D
            X509v3 Authority Key Identifier:
                keyid:6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/p8zdTssIMDu7uf2_c0tBz9HifT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:1d:e3:cf:d8:e6:2c:85:81:13:d2:0a:73:99:10:9a:6f:3c:
         85:fd:97:86:c2:11:76:5d:54:65:ce:68:a5:19:d0:74:77:82:
         80:ac:8a:be:11:6b:39:8f:8c:a9:34:57:91:67:12:4b:6d:a8:
         30:ab:d4:e6:dc:9d:df:6f:69:5a:b2:13:13:bf:98:67:7f:92:
         b8:0c:da:47:6a:b1:62:35:c0:4f:c4:20:22:aa:83:36:ff:82:
         23:76:86:67:59:a5:f6:6e:1c:9c:69:2f:fc:c3:20:7a:9d:1b:
         c7:1f:5b:6f:9b:66:d5:9c:71:c7:d2:97:7f:4c:bc:46:31:54:
         33:0a:52:40:02:a3:a0:fa:d0:ca:75:d6:2d:dd:d2:ea:8e:5f:
         b1:e6:db:65:d6:cb:8e:48:9b:a1:fd:30:bf:d8:6f:f7:18:4a:
         8a:12:16:9d:1a:5b:5a:5d:85:d5:c3:6c:0a:7a:57:6b:e9:cb:
         2a:2a:43:2a:70:00:c9:a3:44:26:07:46:93:24:e4:81:4c:2e:
         6f:f1:ff:df:51:58:ff:80:d2:6e:a4:c1:79:e7:25:8d:a6:da:
         a5:07:12:dd:1a:3f:1c:66:86:d0:18:e5:2f:0a:24:db:7b:06:
         91:bb:c6:f5:44:89:76:f8:e0:3d:e4:d6:20:9b:f6:b2:7c:f3:
         8d:41:41:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqpzDaRv7Ppb3/TfWp/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYWEwNWM2ZjhmOWJmZDcwZTNkNDFmZTA1YmFmYzUwZDEy
NTNiZjUwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2NjZGQ0ZWNiMDgzMDNiYmJiOWZkYmY3MzRiNDFjZmQxZTI3ZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+nlVskqtCuAmk+qTiKFbNEpaEiO
pxVHSHfql35vSKut8GGGgGKeN6d16463AwtQXH3flpZdCEueghnVYBiYJDAEZRvl
XQb5wRew8UhN5yZ6lmYugUsKEbMALOwgEidlE+H2fvPZGsXjpS109lNUSzuHn0B3
bh8U4Rtfeq+d2xweAj6FJKILxKs/7DdwwENzqPFLq3C1A2j2sgxDto/Ui+xCOXE/
/nAYRUvf9MzRnhDDxlijp39bl9vfmscfv6A9NagWnczmC1Ow1aktFTbdMZ2brsSR
c9Z2s8Yjcq/L5zoWZlfkpWmkVABdwZHgerkqp3KB7ej1aPk38EOnMlzWXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfM3U7LCDA7u7n9v3NLQc/R4n09MB8GA1UdIwQY
MBaAFGuqBcb4+b/XDj1B/gW6/FDRJTv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYt
ZjMyMTFkOTE1MjBkLzEvcDh6ZFRzc0lNRHU3dWYyX2MwdEJ6OUhpZlQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYtZjMyMTFkOTE1MjBk
LzEvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGHdMA0G
CSqGSIb3DQEBCwUAA4IBAQB1HePP2OYshYET0gpzmRCabzyF/ZeGwhF2XVRlzmil
GdB0d4KArIq+EWs5j4ypNFeRZxJLbagwq9Tm3J3fb2lashMTv5hnf5K4DNpHarFi
NcBPxCAiqoM2/4IjdoZnWaX2bhycaS/8wyB6nRvHH1tvm2bVnHHH0pd/TLxGMVQz
ClJAAqOg+tDKddYt3dLqjl+x5ttl1suOSJuh/TC/2G/3GEqKEhadGltaXYXVw2wK
eldr6csqKkMqcADJo0QmB0aTJOSBTC5v8f/fUVj/gNJupMF55yWNptqlBxLdGj8c
ZobQGOUvCiTbewaRu8b1RIl2+OA95NYgm/ayfPONQUEc
-----END CERTIFICATE-----
Generated at Wed Oct 16 13:21:10 2024 by rpki-client on console-ams.rpki-client.org