Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/jclZ_qCdGXDuXHchdtHN9azG-YA.roa
File:                     jclZ_qCdGXDuXHchdtHN9azG-YA.roa (raw, json)
Hash identifier:          tUWqsd5BZR/sqhH4N5DxgQWtA/Uk3CSlh4gSehDaghQ=
Subject key identifier:   8D:C9:59:FE:A0:9D:19:70:EE:5C:77:21:76:D1:CD:F5:AC:C6:F9:80
Certificate issuer:       /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial:       018769E62151FB02DF823C28E8F3F444D076
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/jclZ_qCdGXDuXHchdtHN9azG-YA.roa
Signing time:             Mon 10 Apr 2023 06:41:42 +0000
ROA not before:           Mon 10 Apr 2023 06:41:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.182.170.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:69:e6:21:51:fb:02:df:82:3c:28:e8:f3:f4:44:d0:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
        Validity
            Not Before: Apr 10 06:41:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8dc959fea09d1970ee5c772176d1cdf5acc6f980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a3:d3:0a:44:97:05:ff:84:56:7c:28:d8:51:
                    68:c1:9a:48:66:06:fd:e0:84:3c:90:d4:5f:bb:53:
                    86:99:8f:59:f0:90:35:21:84:05:db:1d:e9:59:ee:
                    54:04:75:0b:8a:6e:88:79:6e:37:01:17:aa:a9:90:
                    64:c8:89:50:e5:07:04:1a:87:51:f6:0f:f9:50:42:
                    41:06:4b:88:e9:94:ff:67:ae:2f:01:04:d7:86:68:
                    9c:b7:77:8b:3b:8e:2b:a6:48:1d:1e:e3:f4:ed:ef:
                    61:1f:b6:84:86:dd:d3:8e:53:0e:8b:f1:9b:ab:4c:
                    0b:0e:57:c5:b9:78:ec:0a:d5:ac:55:f2:09:01:56:
                    d9:78:41:d1:c8:a9:2f:d7:7b:c8:35:3b:ac:c1:bb:
                    15:7d:c5:51:a1:d3:af:bd:7c:04:3c:c4:ce:d8:f5:
                    90:4e:51:00:3f:ed:4d:ac:7f:82:6d:06:ac:f1:08:
                    81:61:41:c0:0a:34:26:35:5c:53:05:2e:01:1b:bb:
                    10:8d:19:fc:6b:68:7b:1a:70:a4:44:61:8c:f6:9a:
                    12:16:b1:7f:6f:a1:54:9c:61:37:f7:59:7b:66:cd:
                    5b:25:ea:7d:ee:94:a6:94:b0:c2:22:41:14:72:07:
                    c7:64:94:0a:27:61:2f:d9:b3:ac:98:09:27:8b:7d:
                    d9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:C9:59:FE:A0:9D:19:70:EE:5C:77:21:76:D1:CD:F5:AC:C6:F9:80
            X509v3 Authority Key Identifier:
                keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/jclZ_qCdGXDuXHchdtHN9azG-YA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:79:f1:4c:3d:9d:05:66:77:f3:3c:6e:cd:6d:fd:c3:dd:6f:
         63:f1:9e:35:83:fb:79:89:fd:46:42:53:1c:d7:3c:e4:d0:8d:
         a5:22:d0:46:23:be:8d:e4:7e:a3:2b:5e:e2:80:2a:04:e8:23:
         0b:d2:6d:52:44:12:a0:3f:3a:54:47:29:86:f1:a0:1e:41:5d:
         14:8a:35:90:36:10:05:21:72:62:69:ee:1c:6f:a3:35:de:6d:
         26:8c:ac:5e:d8:26:95:09:a8:9d:58:ce:06:4f:61:34:03:ec:
         a1:ac:fe:48:8c:f7:a1:95:b1:99:40:2f:47:69:90:de:41:30:
         e5:93:cf:69:3c:ca:78:ef:d2:23:04:1e:ae:6d:b0:d0:ed:fa:
         25:ec:33:c9:06:28:91:c8:78:60:62:c5:48:b4:3f:aa:91:54:
         d9:d7:95:18:4a:6b:07:19:e5:ab:a0:8d:73:a0:5c:05:fe:26:
         46:5e:a1:14:07:5e:3f:4d:b9:ac:5e:35:b7:73:ae:bb:a9:15:
         b8:78:15:55:01:e4:19:c9:f5:ae:a2:fa:0e:49:64:ce:10:c2:
         e5:37:37:f5:b1:41:08:05:e0:b0:fe:de:e6:f9:38:05:68:ed:
         b9:04:04:46:8c:ec:67:8b:ca:e0:06:21:0d:af:59:16:a8:52:
         53:a7:08:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdp5iFR+wLfgjwo6PP0RNB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNDEwMDY0MTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGM5NTlmZWEwOWQxOTcwZWU1Yzc3MjE3NmQxY2RmNWFjYzZmOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KPTCkSXBf+EVnwo2FFowZpIZgb9
4IQ8kNRfu1OGmY9Z8JA1IYQF2x3pWe5UBHULim6IeW43AReqqZBkyIlQ5QcEGodR
9g/5UEJBBkuI6ZT/Z64vAQTXhmict3eLO44rpkgdHuP07e9hH7aEht3TjlMOi/Gb
q0wLDlfFuXjsCtWsVfIJAVbZeEHRyKkv13vINTuswbsVfcVRodOvvXwEPMTO2PWQ
TlEAP+1NrH+CbQas8QiBYUHACjQmNVxTBS4BG7sQjRn8a2h7GnCkRGGM9poSFrF/
b6FUnGE391l7Zs1bJep97pSmlLDCIkEUcgfHZJQKJ2Ev2bOsmAkni33Z6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3JWf6gnRlw7lx3IXbRzfWsxvmAMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvamNsWl9xQ2RHWER1WEhjaGR0SE45YXpHLVlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPraqMA0G
CSqGSIb3DQEBCwUAA4IBAQAxefFMPZ0FZnfzPG7Nbf3D3W9j8Z41g/t5if1GQlMc
1zzk0I2lItBGI76N5H6jK17igCoE6CML0m1SRBKgPzpURymG8aAeQV0UijWQNhAF
IXJiae4cb6M13m0mjKxe2CaVCaidWM4GT2E0A+yhrP5IjPehlbGZQC9HaZDeQTDl
k89pPMp479IjBB6ubbDQ7fol7DPJBiiRyHhgYsVItD+qkVTZ15UYSmsHGeWroI1z
oFwF/iZGXqEUB14/TbmsXjW3c667qRW4eBVVAeQZyfWuovoOSWTOEMLlNzf1sUEI
BeCw/t7m+TgFaO25BARGjOxni8rgBiENr1kWqFJTpwjp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:04 2024 by rpki-client on console-fra.rpki-client.org