Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/Nbcr8bwvvkurRbJGVvkrQ4psj8c.roa
File:                     Nbcr8bwvvkurRbJGVvkrQ4psj8c.roa (raw, json)
Hash identifier:          zHKT7pbl5c2gaJzIAJE3iBP0kZQzY8Kf3MyHPe2QP4Q=
Subject key identifier:   35:B7:2B:F1:BC:2F:BE:4B:AB:45:B2:46:56:F9:2B:43:8A:6C:8F:C7
Certificate issuer:       /CN=a04845af1dc0087b274cee52a4a9e0880335435d
Certificate serial:       018DC5430B8F344ABBFCA11A3AEE4BF16438
Authority key identifier: A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/Nbcr8bwvvkurRbJGVvkrQ4psj8c.roa
Signing time:             Tue 20 Feb 2024 06:45:21 +0000
ROA not before:           Tue 20 Feb 2024 06:45:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        46.235.8.0/24 maxlen: 32
                          46.235.9.0/24 maxlen: 24
                          46.235.10.0/24 maxlen: 32
                          46.235.11.0/24 maxlen: 32
                          178.210.160.0/24 maxlen: 24
                          178.210.161.0/24 maxlen: 24
                          178.210.162.0/24 maxlen: 24
                          178.210.163.0/24 maxlen: 24
                          178.210.164.0/24 maxlen: 24
                          178.210.165.0/24 maxlen: 24
                          178.210.166.0/24 maxlen: 24
                          178.210.167.0/24 maxlen: 24
                          178.210.168.0/24 maxlen: 24
                          178.210.169.0/24 maxlen: 24
                          178.210.170.0/24 maxlen: 24
                          178.210.171.0/24 maxlen: 24
                          178.210.172.0/24 maxlen: 24
                          178.210.173.0/24 maxlen: 24
                          178.210.174.0/24 maxlen: 24
                          178.210.175.0/24 maxlen: 24
                          178.210.176.0/24 maxlen: 24
                          178.210.177.0/24 maxlen: 24
                          178.210.178.0/24 maxlen: 32
                          178.210.179.0/24 maxlen: 32
                          178.210.180.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:43:0b:8f:34:4a:bb:fc:a1:1a:3a:ee:4b:f1:64:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a04845af1dc0087b274cee52a4a9e0880335435d
        Validity
            Not Before: Feb 20 06:45:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35b72bf1bc2fbe4bab45b24656f92b438a6c8fc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8c:0e:75:f5:e6:ce:04:18:37:e8:58:c7:b4:
                    3c:77:fb:39:cf:8d:f8:07:27:79:08:59:7f:76:25:
                    89:5c:49:8e:5c:cb:ce:c5:3e:40:c5:45:bc:54:c7:
                    98:b8:b9:3f:18:48:6b:6b:5c:f2:a8:dd:88:41:7e:
                    5f:d2:f0:7f:c1:ed:2a:88:23:95:23:3c:de:16:c5:
                    d1:c3:41:17:b1:67:65:d3:a1:07:47:06:5e:65:95:
                    1d:42:4a:9b:4c:c2:86:06:94:42:97:ac:e9:7f:2c:
                    34:95:ef:7e:56:09:e1:eb:bf:15:44:29:aa:02:4f:
                    8c:bb:50:0e:2b:29:67:5a:77:02:8b:31:5e:c2:55:
                    ce:e8:a6:1b:7b:8c:a9:f1:1f:98:ca:da:1a:6e:76:
                    93:63:d6:be:f9:90:72:01:88:3f:f3:0e:1b:ea:3f:
                    e2:73:bc:53:85:d6:e5:d9:c1:4f:70:cf:1d:86:00:
                    04:5b:62:e9:21:85:b2:c4:c6:8f:02:07:eb:91:ee:
                    5d:50:b6:71:f4:d0:ec:55:f7:fe:74:6e:dc:b6:11:
                    dd:51:7f:0c:c7:7c:de:3e:6e:05:f4:4d:b8:2b:b5:
                    f5:03:26:8a:b9:2e:ae:7b:35:7d:c8:5e:ee:8d:a4:
                    2e:f1:4a:02:a4:30:0b:94:5e:df:e2:62:69:3f:1a:
                    2b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B7:2B:F1:BC:2F:BE:4B:AB:45:B2:46:56:F9:2B:43:8A:6C:8F:C7
            X509v3 Authority Key Identifier:
                keyid:A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/Nbcr8bwvvkurRbJGVvkrQ4psj8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/oEhFrx3ACHsnTO5SpKngiAM1Q10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.8.0/22
                  178.210.160.0-178.210.180.255

    Signature Algorithm: sha256WithRSAEncryption
         99:3f:e1:d3:5d:7c:02:06:99:e8:c8:38:b4:09:07:f9:78:49:
         aa:05:53:93:5b:69:4b:6a:3f:39:da:12:f3:13:23:23:f5:de:
         72:77:23:45:be:20:78:d0:6e:4c:99:d4:74:4b:c1:04:b9:12:
         fe:1f:d7:0f:6d:a8:0a:32:3f:50:1c:62:2b:50:c1:ba:59:11:
         cd:06:40:38:f4:75:fb:e6:32:4f:0d:0c:07:1b:75:f7:63:e6:
         07:2d:ac:b4:d3:11:0f:77:9a:69:c9:99:71:2b:08:b7:8e:d8:
         3a:16:a8:33:1c:39:bc:72:6b:2f:b2:5e:35:59:e6:eb:e4:f9:
         53:db:d6:bf:a2:1f:05:65:55:f6:ff:03:4d:9e:c3:e7:29:5e:
         3c:70:fb:b1:33:27:a5:e4:2a:4c:b8:6c:78:df:fb:a6:ad:60:
         31:23:c1:45:1e:14:44:70:05:b8:28:88:30:81:69:ca:0c:54:
         84:75:be:77:b2:78:64:64:af:59:8a:18:3d:ec:8f:b6:6e:af:
         ce:3b:9d:55:62:34:c8:a1:f3:7f:91:71:6f:2e:ed:a3:a5:9e:
         74:25:a5:a3:21:ad:8f:3e:99:51:40:4d:ad:dc:57:d7:06:57:
         11:bb:8c:38:83:5b:c9:b3:13:cb:a9:6d:c1:09:e4:24:7e:24:
         3d:ff:33:1d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY3FQwuPNEq7/KEaOu5L8WQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNDg0NWFmMWRjMDA4N2IyNzRjZWU1MmE0YTllMDg4MDMz
NTQzNWQwHhcNMjQwMjIwMDY0NTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWI3MmJmMWJjMmZiZTRiYWI0NWIyNDY1NmY5MmI0MzhhNmM4ZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IwOdfXmzgQYN+hYx7Q8d/s5z434
Byd5CFl/diWJXEmOXMvOxT5AxUW8VMeYuLk/GEhra1zyqN2IQX5f0vB/we0qiCOV
IzzeFsXRw0EXsWdl06EHRwZeZZUdQkqbTMKGBpRCl6zpfyw0le9+Vgnh678VRCmq
Ak+Mu1AOKylnWncCizFewlXO6KYbe4yp8R+YytoabnaTY9a++ZByAYg/8w4b6j/i
c7xThdbl2cFPcM8dhgAEW2LpIYWyxMaPAgfrke5dULZx9NDsVff+dG7cthHdUX8M
x3zePm4F9E24K7X1AyaKuS6uezV9yF7ujaQu8UoCpDALlF7f4mJpPxorwQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDW3K/G8L75Lq0WyRlb5K0OKbI/HMB8GA1UdIwQY
MBaAFKBIRa8dwAh7J0zuUqSp4IgDNUNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjct
NTA3MDExNTcwZWU2LzEvTmJjcjhid3Z2a3VyUmJKR1Z2a3JRNHBzajhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjctNTA3MDExNTcwZWU2
LzEvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCLusIMAwD
BAWy0qADBACy0rQwDQYJKoZIhvcNAQELBQADggEBAJk/4dNdfAIGmejIOLQJB/l4
SaoFU5NbaUtqPznaEvMTIyP13nJ3I0W+IHjQbkyZ1HRLwQS5Ev4f1w9tqAoyP1Ac
YitQwbpZEc0GQDj0dfvmMk8NDAcbdfdj5gctrLTTEQ93mmnJmXErCLeO2DoWqDMc
Obxyay+yXjVZ5uvk+VPb1r+iHwVlVfb/A02ew+cpXjxw+7EzJ6XkKky4bHjf+6at
YDEjwUUeFERwBbgoiDCBacoMVIR1vneyeGRkr1mKGD3sj7Zur847nVViNMih83+R
cW8u7aOlnnQlpaMhrY8+mVFATa3cV9cGVxG7jDiDW8mzE8upbcEJ5CR+JD3/Mx0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:35 2024 by rpki-client on console-fra.rpki-client.org