Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/3Tb9eA6Zw4xz7vwoIaTyqaEoiK8.roa
File:                     3Tb9eA6Zw4xz7vwoIaTyqaEoiK8.roa (raw, json)
Hash identifier:          CPqlKfdhECmqbe9zhj+8MBxMZoPrkaKwC/QK6nmqkCM=
Subject key identifier:   DD:36:FD:78:0E:99:C3:8C:73:EE:FC:28:21:A4:F2:A9:A1:28:88:AF
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018AA561E1E068353B928ABD7C9348D13345
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/3Tb9eA6Zw4xz7vwoIaTyqaEoiK8.roa
Signing time:             Sun 17 Sep 2023 23:02:50 +0000
ROA not before:           Sun 17 Sep 2023 23:02:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60683
IP address blocks:        188.132.229.0/24 maxlen: 24
                          188.132.240.0/24 maxlen: 24
                          188.132.242.0/24 maxlen: 24
                          77.92.145.0/24 maxlen: 24
                          77.92.147.0/24 maxlen: 24
                          212.68.48.0/24 maxlen: 24
                          212.68.55.0/24 maxlen: 24
                          31.210.48.0/24 maxlen: 24
                          188.132.184.0/24 maxlen: 24
                          188.132.200.0/24 maxlen: 24
                          188.132.210.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a5:61:e1:e0:68:35:3b:92:8a:bd:7c:93:48:d1:33:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Sep 17 23:02:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd36fd780e99c38c73eefc2821a4f2a9a12888af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:70:af:c1:17:dc:7d:15:3f:26:9a:70:3c:ee:
                    7d:3c:1e:9b:b9:5e:32:79:14:5c:32:0a:d9:bf:b9:
                    1b:9b:8a:7b:bd:8b:a7:45:af:c3:3d:4c:fb:5e:ec:
                    f7:18:26:63:62:10:d3:c9:93:5a:a8:64:63:97:03:
                    2f:7e:bd:c4:80:73:f4:a2:ad:58:2f:13:64:9f:b3:
                    d9:dc:e8:dd:fd:c3:cb:24:1b:cc:3b:1f:54:b6:ac:
                    4d:c8:d3:41:8c:ac:48:e0:c7:9c:e0:f8:20:e0:27:
                    52:51:9b:17:5b:2e:a0:fc:a0:7f:c8:e1:99:70:ee:
                    30:bd:33:2e:d2:2a:c6:7a:4c:22:b0:04:2d:40:5d:
                    00:a6:e6:06:83:0c:42:10:28:75:5e:97:24:a9:2e:
                    46:7a:7f:d1:ed:f3:9b:4d:03:c3:bd:9d:0a:88:81:
                    97:dc:c1:34:b7:f9:f7:76:3a:2c:9c:00:6c:b0:19:
                    a7:8f:8c:81:28:50:01:f6:61:cd:07:f2:4a:06:b8:
                    68:2a:d0:5e:f1:28:64:d9:1b:b8:cd:51:20:3c:95:
                    e9:ef:bb:30:e6:28:e8:25:86:96:6f:f4:27:27:1a:
                    95:1d:3f:cc:6a:8e:84:47:ea:ce:75:02:46:10:db:
                    3b:6a:ff:c9:37:df:d9:b4:05:b0:e8:87:47:6d:45:
                    c3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:36:FD:78:0E:99:C3:8C:73:EE:FC:28:21:A4:F2:A9:A1:28:88:AF
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/3Tb9eA6Zw4xz7vwoIaTyqaEoiK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.48.0/24
                  77.92.145.0/24
                  77.92.147.0/24
                  188.132.184.0/24
                  188.132.200.0/24
                  188.132.210.0/24
                  188.132.229.0/24
                  188.132.240.0/24
                  188.132.242.0/24
                  212.68.48.0/24
                  212.68.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:8b:7b:84:35:32:69:0b:cf:9e:fd:33:a3:5e:55:53:49:4e:
         f0:a4:1f:20:67:6c:5e:27:ab:49:18:48:69:e0:b3:5e:8c:ef:
         7a:27:b9:81:5f:dc:0a:33:62:be:92:85:28:72:26:1c:55:9a:
         d7:df:b4:5d:6e:2b:23:38:af:5e:76:c5:22:68:ff:34:dd:23:
         b2:60:a0:b5:c4:ad:4b:15:5a:af:07:44:12:c1:34:6d:16:48:
         c7:d7:fc:92:8e:3b:06:e3:7a:5f:61:0e:7e:13:92:ec:6f:25:
         18:51:ea:4a:a7:9e:c7:0a:05:3c:be:5c:0d:cf:29:d0:a1:7f:
         80:4a:7f:1e:30:a3:b3:c2:58:e7:16:2c:08:5b:2f:0c:ea:4b:
         18:70:46:5a:8e:a2:bd:44:70:ba:16:cb:8c:12:94:25:da:b8:
         18:5b:21:97:93:d6:29:4f:ec:26:ba:ba:5f:81:26:7b:0d:f7:
         99:5f:53:de:6f:cb:18:de:75:db:9e:30:d1:3d:c1:05:00:ec:
         da:1e:d7:6a:06:f9:f9:f1:36:c9:e2:13:0b:11:96:9a:33:83:
         6a:4c:fa:f5:90:b2:69:15:a3:c7:92:0c:51:8d:3e:84:17:ad:
         bb:04:76:c1:1f:92:35:54:9b:22:d8:f8:c2:34:a7:51:fe:43:
         8f:31:c5:f2
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYqlYeHgaDU7koq9fJNI0TNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMwOTE3MjMwMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM2ZmQ3ODBlOTljMzhjNzNlZWZjMjgyMWE0ZjJhOWExMjg4OGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3CvwRfcfRU/JppwPO59PB6buV4y
eRRcMgrZv7kbm4p7vYunRa/DPUz7Xuz3GCZjYhDTyZNaqGRjlwMvfr3EgHP0oq1Y
LxNkn7PZ3Ojd/cPLJBvMOx9UtqxNyNNBjKxI4Mec4Pgg4CdSUZsXWy6g/KB/yOGZ
cO4wvTMu0irGekwisAQtQF0ApuYGgwxCECh1XpckqS5Gen/R7fObTQPDvZ0KiIGX
3ME0t/n3djosnABssBmnj4yBKFAB9mHNB/JKBrhoKtBe8Shk2Ru4zVEgPJXp77sw
5ijoJYaWb/QnJxqVHT/Mao6ER+rOdQJGENs7av/JN9/ZtAWw6IdHbUXDowIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFN02/XgOmcOMc+78KCGk8qmhKIivMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvM1RiOWVBNlp3NHh6N3Z3b0lhVHlxYUVvaUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAH9IwAwQA
TVyRAwQATVyTAwQAvIS4AwQAvITIAwQAvITSAwQAvITlAwQAvITwAwQAvITyAwQA
1EQwAwQA1EQ3MA0GCSqGSIb3DQEBCwUAA4IBAQBxi3uENTJpC8+e/TOjXlVTSU7w
pB8gZ2xeJ6tJGEhp4LNejO96J7mBX9wKM2K+koUociYcVZrX37RdbisjOK9edsUi
aP803SOyYKC1xK1LFVqvB0QSwTRtFkjH1/ySjjsG43pfYQ5+E5LsbyUYUepKp57H
CgU8vlwNzynQoX+ASn8eMKOzwljnFiwIWy8M6ksYcEZajqK9RHC6FsuMEpQl2rgY
WyGXk9YpT+wmurpfgSZ7DfeZX1Peb8sY3nXbnjDRPcEFAOzaHtdqBvn58TbJ4hML
EZaaM4NqTPr1kLJpFaPHkgxRjT6EF627BHbBH5I1VJsi2PjCNKdR/kOPMcXy
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:53 2024 by rpki-client on console-ams.rpki-client.org