Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/tGUQDtGVjp9vwx4RNyvKuMLFygo.roa
File:                     tGUQDtGVjp9vwx4RNyvKuMLFygo.roa (raw, json)
Hash identifier:          dA/NUxZ7SYyVz2Zu3wCsHiSZ5tkE/U1yHEsb/rkBMO0=
Subject key identifier:   B4:65:10:0E:D1:95:8E:9F:6F:C3:1E:11:37:2B:CA:B8:C2:C5:CA:0A
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       018ED6B7B2A97BB465C5F241D62689B1350E
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/tGUQDtGVjp9vwx4RNyvKuMLFygo.roa
Signing time:             Sat 13 Apr 2024 09:09:06 +0000
ROA not before:           Sat 13 Apr 2024 09:09:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215211
IP address blocks:        31.57.0.0/16 maxlen: 16
                          31.58.0.0/16 maxlen: 16
                          151.247.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d6:b7:b2:a9:7b:b4:65:c5:f2:41:d6:26:89:b1:35:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: Apr 13 09:09:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b465100ed1958e9f6fc31e11372bcab8c2c5ca0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:15:f8:3c:32:ec:7c:d7:48:46:ee:f1:98:5e:
                    e0:97:99:42:37:b7:e8:a7:28:d7:c2:fe:56:f5:d2:
                    47:31:22:88:9e:16:f6:c6:d2:27:82:dc:92:8b:19:
                    28:ef:15:f7:2c:a0:5f:b7:de:c4:b9:e7:b3:be:a9:
                    8d:1c:7f:e9:05:e5:2e:fc:79:7b:fa:93:fb:5a:a6:
                    3b:21:21:e5:01:3f:36:90:d1:50:d5:d0:7b:99:ce:
                    8b:4c:ed:2d:28:7e:7e:c0:18:39:3f:c2:19:27:a4:
                    a4:4f:05:8d:b0:9f:38:c9:70:44:aa:82:8c:31:ff:
                    cd:12:c9:82:4a:a2:ae:1c:01:22:cb:90:c0:4d:89:
                    22:6b:76:0f:e5:90:4c:ca:fc:9c:46:a6:fc:f5:d2:
                    20:0d:f1:f9:9a:47:f5:42:6f:85:0f:07:ff:1d:ea:
                    85:72:e2:70:a0:63:5b:ef:bb:33:c5:d3:c7:7b:5a:
                    8f:0a:b0:f0:c8:fd:b3:16:84:d5:e4:15:58:82:88:
                    f8:00:88:13:a9:14:8f:64:f3:39:fd:33:82:31:1a:
                    ca:2f:ec:af:37:6d:84:05:87:46:22:a1:87:a8:72:
                    2e:07:05:36:0b:73:08:b7:13:5a:30:ce:e2:08:f5:
                    72:73:59:43:87:0c:16:d2:89:01:e3:e9:ec:7b:9c:
                    fb:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:65:10:0E:D1:95:8E:9F:6F:C3:1E:11:37:2B:CA:B8:C2:C5:CA:0A
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/tGUQDtGVjp9vwx4RNyvKuMLFygo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.0.0-31.58.255.255
                  151.247.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:a1:99:e6:8f:af:87:ec:b7:12:42:06:10:37:1d:2a:b4:9b:
         74:54:90:c4:de:91:fd:2f:54:5c:dd:d3:0f:c4:5d:37:98:83:
         0e:02:62:98:a5:db:ce:e7:81:af:15:9e:44:0e:b2:58:f0:e4:
         1f:49:92:a5:fc:c8:01:d8:ac:f5:e6:c3:06:b7:b5:95:c8:ec:
         0c:18:b5:5d:f1:6c:70:33:30:06:20:fa:84:fe:28:81:c0:ec:
         b5:5e:ba:3c:12:c1:d0:6c:0f:2c:35:93:d6:8d:6a:70:5c:70:
         6b:cb:64:64:0f:a1:2c:40:f2:3b:a0:c3:03:b8:eb:e5:a0:98:
         b5:4b:bf:7e:c4:ca:24:5b:36:af:51:89:07:f3:1d:60:cb:6b:
         00:5e:0c:02:f0:ec:39:34:33:26:c8:85:65:99:7f:da:cc:8d:
         78:7a:38:e0:d7:df:38:4f:d2:b0:d1:ea:a7:f0:ce:ed:17:53:
         a2:69:d8:00:03:5c:ad:a0:61:ba:4b:29:14:75:9e:61:ec:5f:
         af:6f:5d:c0:81:b6:60:37:48:98:6c:f5:44:41:1f:5b:d1:9c:
         98:d6:fe:5c:f4:49:59:5c:7d:ae:3d:76:37:9f:44:8a:24:ee:
         3b:bb:a8:d5:b2:67:eb:02:ea:b2:ce:86:b7:91:d0:fc:2f:b6:
         38:af:0f:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7Wt7Kpe7RlxfJB1iaJsTUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwNDEzMDkwOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY1MTAwZWQxOTU4ZTlmNmZjMzFlMTEzNzJiY2FiOGMyYzVjYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxX4PDLsfNdIRu7xmF7gl5lCN7fo
pyjXwv5W9dJHMSKInhb2xtIngtySixko7xX3LKBft97EueezvqmNHH/pBeUu/Hl7
+pP7WqY7ISHlAT82kNFQ1dB7mc6LTO0tKH5+wBg5P8IZJ6SkTwWNsJ84yXBEqoKM
Mf/NEsmCSqKuHAEiy5DATYkia3YP5ZBMyvycRqb89dIgDfH5mkf1Qm+FDwf/HeqF
cuJwoGNb77szxdPHe1qPCrDwyP2zFoTV5BVYgoj4AIgTqRSPZPM5/TOCMRrKL+yv
N22EBYdGIqGHqHIuBwU2C3MItxNaMM7iCPVyc1lDhwwW0okB4+nse5z7AwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLRlEA7RlY6fb8MeETcryrjCxcoKMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvdEdVUUR0R1ZqcDl2d3g0Uk55dkt1TUxGeWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASMAoDAwAfOQMD
AB86AwQAl/fPMA0GCSqGSIb3DQEBCwUAA4IBAQBUoZnmj6+H7LcSQgYQNx0qtJt0
VJDE3pH9L1Rc3dMPxF03mIMOAmKYpdvO54GvFZ5EDrJY8OQfSZKl/MgB2Kz15sMG
t7WVyOwMGLVd8WxwMzAGIPqE/iiBwOy1Xro8EsHQbA8sNZPWjWpwXHBry2RkD6Es
QPI7oMMDuOvloJi1S79+xMokWzavUYkH8x1gy2sAXgwC8Ow5NDMmyIVlmX/azI14
ejjg1984T9Kw0eqn8M7tF1OiadgAA1ytoGG6SykUdZ5h7F+vb13AgbZgN0iYbPVE
QR9b0ZyY1v5c9ElZXH2uPXY3n0SKJO47u6jVsmfrAuqyzoa3kdD8L7Y4rw+Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:52 2024 by rpki-client on console-fra.rpki-client.org