Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/2kXJtwAYLlgHbuatV-hSXHAL23k.roa
File:                     2kXJtwAYLlgHbuatV-hSXHAL23k.roa (raw, json)
Hash identifier:          kN3dV/tjZCssLimsk4/mmyHpwtM1JjtVM1L+DQ3zlo0=
Subject key identifier:   DA:45:C9:B7:00:18:2E:58:07:6E:E6:AD:57:E8:52:5C:70:0B:DB:79
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       018F85DD9E21FD726AF00BB4A456217E78BD
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/2kXJtwAYLlgHbuatV-hSXHAL23k.roa
Signing time:             Fri 17 May 2024 09:24:04 +0000
ROA not before:           Fri 17 May 2024 09:24:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215211
IP address blocks:        31.56.0.0/15 maxlen: 15
                          31.57.0.0/16 maxlen: 16
                          31.58.0.0/15 maxlen: 15
                          31.59.0.0/16 maxlen: 16
                          151.238.0.0/15 maxlen: 15
                          151.247.207.0/24 maxlen: 24
                          2a0e:5:a::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:85:dd:9e:21:fd:72:6a:f0:0b:b4:a4:56:21:7e:78:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: May 17 09:24:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da45c9b700182e58076ee6ad57e8525c700bdb79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c8:01:6c:50:d4:21:b0:4b:9c:67:8a:62:98:
                    22:94:91:5e:4e:b5:6d:ac:af:ca:b8:eb:51:d2:c8:
                    69:25:72:6f:50:1c:69:71:cf:94:60:b8:27:54:fb:
                    47:d2:ca:02:27:64:be:28:6c:85:ec:b0:e2:db:23:
                    7a:a5:d8:98:a7:42:e6:40:b8:36:4c:34:5f:e1:30:
                    ae:cb:80:c3:52:60:4b:a5:48:04:72:27:64:d7:8b:
                    73:f3:3f:74:94:eb:4b:cd:24:2a:19:08:54:f7:14:
                    5b:7b:16:98:43:f5:a0:1d:cb:0e:4d:ed:5f:84:d0:
                    3c:37:26:35:ff:06:48:d1:c2:2e:6e:fd:e2:f8:87:
                    a4:2c:ed:83:cb:84:b4:79:cd:b2:20:a0:00:80:c9:
                    9b:11:f0:7f:20:76:ad:f8:e7:29:39:5d:19:e8:77:
                    75:be:58:cc:9d:d4:11:65:0b:fc:91:04:6b:5f:66:
                    ea:57:00:66:01:29:eb:cc:7c:cc:e3:09:4b:c5:df:
                    3e:f2:62:54:d8:36:e9:1c:bd:16:b1:f4:2d:a0:15:
                    a9:33:f9:40:2c:de:27:f9:09:24:4f:6a:b0:34:c0:
                    d7:65:da:c2:74:a9:f6:79:c5:f1:47:48:2d:4d:68:
                    95:62:13:fe:be:9f:0a:3c:6b:71:7d:ff:3b:38:53:
                    23:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:45:C9:B7:00:18:2E:58:07:6E:E6:AD:57:E8:52:5C:70:0B:DB:79
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/2kXJtwAYLlgHbuatV-hSXHAL23k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.0.0/14
                  151.238.0.0/15
                  151.247.207.0/24
                IPv6:
                  2a0e:5:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:93:d4:58:69:74:6a:bd:0c:4f:e9:a1:a1:1d:0e:52:ba:e3:
         94:39:f7:1e:84:51:63:cc:ed:1a:3c:f2:a0:f3:38:a9:e0:15:
         6b:b4:58:21:f6:03:0f:ca:ef:1e:5a:26:3a:4f:00:a8:f9:4b:
         11:de:d4:df:e6:34:06:ee:f4:22:b5:01:68:f7:8e:20:bd:96:
         91:8f:cf:2a:5f:27:75:da:44:b7:a1:7b:b9:27:79:a3:b5:0f:
         1c:d4:34:66:e0:82:35:33:6f:d3:d6:64:af:08:26:0c:13:e7:
         8a:6f:44:5a:f0:3b:ef:63:e8:8b:f7:72:56:99:ba:d5:a5:75:
         6e:ab:3c:a3:19:ce:e9:38:76:c6:41:06:78:c5:6e:5e:72:1f:
         5a:0c:37:54:35:78:76:43:23:9d:f5:9d:02:c6:8d:13:b6:f5:
         1f:a6:c8:7e:4a:0e:6c:26:89:19:94:b4:90:f1:3e:43:54:26:
         07:e0:98:e3:53:84:4a:b0:18:70:71:85:ec:7f:be:42:0c:77:
         71:05:f1:b7:6d:b0:54:f8:46:c8:e9:0e:c2:7f:06:c6:a8:22:
         bc:49:66:59:88:08:8b:92:2e:ea:26:3a:29:d3:2b:f2:95:bd:
         98:ea:d1:98:3c:42:54:14:a0:b3:05:e1:fb:3f:68:12:b1:75:
         8b:ef:b9:da
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY+F3Z4h/XJq8Au0pFYhfni9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwNTE3MDkyNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTQ1YzliNzAwMTgyZTU4MDc2ZWU2YWQ1N2U4NTI1YzcwMGJkYjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8gBbFDUIbBLnGeKYpgilJFeTrVt
rK/KuOtR0shpJXJvUBxpcc+UYLgnVPtH0soCJ2S+KGyF7LDi2yN6pdiYp0LmQLg2
TDRf4TCuy4DDUmBLpUgEcidk14tz8z90lOtLzSQqGQhU9xRbexaYQ/WgHcsOTe1f
hNA8NyY1/wZI0cIubv3i+IekLO2Dy4S0ec2yIKAAgMmbEfB/IHat+OcpOV0Z6Hd1
vljMndQRZQv8kQRrX2bqVwBmASnrzHzM4wlLxd8+8mJU2DbpHL0WsfQtoBWpM/lA
LN4n+QkkT2qwNMDXZdrCdKn2ecXxR0gtTWiVYhP+vp8KPGtxff87OFMjXQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNpFybcAGC5YB27mrVfoUlxwC9t5MB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvMmtYSnR3QVlMbGdIYnVhdFYtaFNYSEFMMjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAWBAIAATAQAwMCHzgDAwGX
7gMEAJf3zzAPBAIAAjAJAwcAKg4ABQAKMA0GCSqGSIb3DQEBCwUAA4IBAQBkk9RY
aXRqvQxP6aGhHQ5SuuOUOfcehFFjzO0aPPKg8zip4BVrtFgh9gMPyu8eWiY6TwCo
+UsR3tTf5jQG7vQitQFo944gvZaRj88qXyd12kS3oXu5J3mjtQ8c1DRm4II1M2/T
1mSvCCYME+eKb0Ra8DvvY+iL93JWmbrVpXVuqzyjGc7pOHbGQQZ4xW5ech9aDDdU
NXh2QyOd9Z0Cxo0TtvUfpsh+Sg5sJokZlLSQ8T5DVCYH4JjjU4RKsBhwcYXsf75C
DHdxBfG3bbBU+EbI6Q7CfwbGqCK8SWZZiAiLki7qJjop0yvylb2Y6tGYPEJUFKCz
BeH7P2gSsXWL77na
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:51 2024 by rpki-client on console-fra.rpki-client.org