Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/3VLfM0WH9GXLA5Cjxjw-iXIZ6A0.roa
File:                     3VLfM0WH9GXLA5Cjxjw-iXIZ6A0.roa (raw, json)
Hash identifier:          96ElJc29qLcVNCL/7UBJvsttIBamvJwHpmnRHDsnzmo=
Subject key identifier:   DD:52:DF:33:45:87:F4:65:CB:03:90:A3:C6:3C:3E:89:72:19:E8:0D
Certificate issuer:       /CN=7cd162dec78209bc03add081527d54b27e84d26e
Certificate serial:       0183D0D1405C22A282605B1108EBE3CFFCCD
Authority key identifier: 7C:D1:62:DE:C7:82:09:BC:03:AD:D0:81:52:7D:54:B2:7E:84:D2:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNFi3seCCbwDrdCBUn1Usn6E0m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/3VLfM0WH9GXLA5Cjxjw-iXIZ6A0.roa
Signing time:             Thu 13 Oct 2022 10:08:37 +0000
ROA not before:           Thu 13 Oct 2022 10:08:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43073
IP address blocks:        91.240.106.0/23 maxlen: 23
                          193.32.36.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:d0:d1:40:5c:22:a2:82:60:5b:11:08:eb:e3:cf:fc:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cd162dec78209bc03add081527d54b27e84d26e
        Validity
            Not Before: Oct 13 10:08:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dd52df334587f465cb0390a3c63c3e897219e80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:30:e1:44:48:fb:10:f0:31:a9:a3:88:de:f2:
                    e6:9e:44:dd:2c:2e:e6:9e:8c:da:c0:11:d0:3b:a5:
                    a0:70:28:a9:d7:c6:c6:ba:99:e2:dc:b0:88:af:36:
                    2d:de:09:18:a7:8d:3e:9e:d5:e6:c0:09:ab:39:a3:
                    88:c2:84:b6:36:8a:4a:a3:53:1c:6f:25:06:56:d0:
                    ab:9d:1d:d2:4e:e1:97:9f:4c:71:74:3b:b5:8c:ab:
                    b4:40:38:68:07:d9:b4:da:14:f2:e7:f2:aa:ec:b6:
                    2e:2e:57:65:e4:fa:9d:7a:c5:59:2f:d4:da:78:02:
                    01:21:c0:cd:af:09:86:8e:2f:a8:eb:28:6b:b2:fe:
                    18:64:20:d8:e5:e0:38:82:ea:6c:c5:80:a6:43:25:
                    0b:fa:3d:f8:47:04:d0:15:ac:ce:eb:d5:7d:9a:6b:
                    0b:76:33:31:f6:96:43:4f:50:55:f1:c0:31:d2:c9:
                    13:e6:e1:ff:dc:7e:7c:39:96:c9:a4:80:99:0a:71:
                    b8:5d:80:20:81:6f:bd:3b:66:3f:32:3f:e9:de:7d:
                    43:9e:cb:a0:44:1d:5f:0b:90:5b:91:65:b3:97:92:
                    e9:4e:43:84:f5:c6:88:39:7f:02:59:0c:b2:2a:11:
                    38:9b:69:3b:54:75:c9:72:72:c1:33:16:c8:af:5c:
                    e2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:52:DF:33:45:87:F4:65:CB:03:90:A3:C6:3C:3E:89:72:19:E8:0D
            X509v3 Authority Key Identifier:
                keyid:7C:D1:62:DE:C7:82:09:BC:03:AD:D0:81:52:7D:54:B2:7E:84:D2:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNFi3seCCbwDrdCBUn1Usn6E0m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/3VLfM0WH9GXLA5Cjxjw-iXIZ6A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/fNFi3seCCbwDrdCBUn1Usn6E0m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.106.0/23
                  193.32.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:43:15:c2:94:df:f9:61:b4:26:29:11:6d:50:bc:26:81:42:
         b8:fd:2d:4f:79:50:c0:c6:c5:c2:51:19:03:41:e7:b8:7d:4b:
         0a:56:f5:a5:25:78:51:59:28:84:e1:7d:c5:28:3b:39:c8:61:
         55:2c:71:81:ff:0d:bb:e0:f6:67:6c:c9:ac:9e:e4:60:e8:c2:
         95:c3:9c:73:7e:01:05:cc:3e:ee:0e:a1:39:f5:72:0f:fa:d4:
         6a:2d:d8:9b:29:ea:8a:83:cb:6c:9d:f6:eb:48:f9:71:c8:c1:
         74:57:09:a5:e3:f8:dd:d6:a1:d8:37:09:63:99:39:1c:77:0f:
         70:43:9e:59:31:fe:f7:ce:94:44:49:bd:57:82:7d:25:cd:31:
         42:55:d6:fa:d3:3e:11:41:42:82:59:36:f9:55:b2:08:36:11:
         7b:09:8a:56:03:d2:15:15:87:f0:20:0a:64:10:77:83:93:63:
         57:e7:93:67:cd:5e:40:bb:68:d2:01:ee:98:61:bd:0b:ef:df:
         f4:76:e9:14:0f:7d:d6:d4:d9:a6:8d:42:e3:ad:0e:15:67:1d:
         54:50:b2:bc:1b:83:74:ff:bb:f9:da:64:d2:99:dc:8e:3c:a2:
         96:6d:a1:c6:5f:f6:e4:5d:62:ae:81:5c:e2:8a:5a:0c:5e:c6:
         8f:4f:11:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYPQ0UBcIqKCYFsRCOvjz/zNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDE2MmRlYzc4MjA5YmMwM2FkZDA4MTUyN2Q1NGIyN2U4
NGQyNmUwHhcNMjIxMDEzMTAwODM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDUyZGYzMzQ1ODdmNDY1Y2IwMzkwYTNjNjNjM2U4OTcyMTllODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjDhREj7EPAxqaOI3vLmnkTdLC7m
nozawBHQO6WgcCip18bGupni3LCIrzYt3gkYp40+ntXmwAmrOaOIwoS2NopKo1Mc
byUGVtCrnR3STuGXn0xxdDu1jKu0QDhoB9m02hTy5/Kq7LYuLldl5PqdesVZL9Ta
eAIBIcDNrwmGji+o6yhrsv4YZCDY5eA4gupsxYCmQyUL+j34RwTQFazO69V9mmsL
djMx9pZDT1BV8cAx0skT5uH/3H58OZbJpICZCnG4XYAggW+9O2Y/Mj/p3n1Dnsug
RB1fC5BbkWWzl5LpTkOE9caIOX8CWQyyKhE4m2k7VHXJcnLBMxbIr1ziTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN1S3zNFh/RlywOQo8Y8PolyGegNMB8GA1UdIwQY
MBaAFHzRYt7Hggm8A63QgVJ9VLJ+hNJuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5GaTNzZUNDYndEcmRDQlVuMVVzbjZFMG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8wMzExMDAtNDU4YS00NzRlLTkyN2Mt
ZGYwMjc5MTZjZTUwLzEvM1ZMZk0wV0g5R1hMQTVDanhqdy1pWElaNkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8wMzExMDAtNDU4YS00NzRlLTkyN2MtZGYwMjc5MTZjZTUw
LzEvZk5GaTNzZUNDYndEcmRDQlVuMVVzbjZFMG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW/BqAwQA
wSAkMA0GCSqGSIb3DQEBCwUAA4IBAQB/QxXClN/5YbQmKRFtULwmgUK4/S1PeVDA
xsXCURkDQee4fUsKVvWlJXhRWSiE4X3FKDs5yGFVLHGB/w274PZnbMmsnuRg6MKV
w5xzfgEFzD7uDqE59XIP+tRqLdibKeqKg8tsnfbrSPlxyMF0Vwml4/jd1qHYNwlj
mTkcdw9wQ55ZMf73zpRESb1Xgn0lzTFCVdb60z4RQUKCWTb5VbIINhF7CYpWA9IV
FYfwIApkEHeDk2NX55NnzV5Au2jSAe6YYb0L79/0dukUD33W1NmmjULjrQ4VZx1U
ULK8G4N0/7v52mTSmdyOPKKWbaHGX/bkXWKugVziiloMXsaPTxFx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:21 2024 by rpki-client on console-ams.rpki-client.org