Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/0P8nyJXjxFuXUnOlxkrHZdgoNT4.roa
File:                     0P8nyJXjxFuXUnOlxkrHZdgoNT4.roa (raw, json)
Hash identifier:          txPqnnFkd7RYpXkyhbG3cBXeS6VsB1bX1cNWizUEBKo=
Subject key identifier:   D0:FF:27:C8:95:E3:C4:5B:97:52:73:A5:C6:4A:C7:65:D8:28:35:3E
Certificate issuer:       /CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
Certificate serial:       17D71FF7
Authority key identifier: 73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/0P8nyJXjxFuXUnOlxkrHZdgoNT4.roa
Signing time:             Thu 24 Mar 2022 09:31:42 +0000
ROA not before:           Thu 24 Mar 2022 09:31:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60876
IP address blocks:        185.24.168.0/22 maxlen: 24
                          85.204.120.0/23 maxlen: 24
                          85.204.132.0/23 maxlen: 24
                          85.204.136.0/23 maxlen: 24
                          212.237.96.0/20 maxlen: 24
                          85.204.194.0/23 maxlen: 24
                          195.192.248.0/23 maxlen: 24
                          185.166.120.0/22 maxlen: 24
                          2a00:7660::/29 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 399974391 (0x17d71ff7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
        Validity
            Not Before: Mar 24 09:31:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d0ff27c895e3c45b975273a5c64ac765d828353e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:49:22:e0:7c:bd:ba:9b:08:c1:39:79:65:df:
                    e0:e4:cc:7a:87:49:0e:d6:2f:6c:60:e3:50:5b:a8:
                    04:e7:4a:06:88:44:e0:d2:55:f8:51:05:5c:4b:e7:
                    79:31:c5:7b:2c:52:a7:58:10:8b:00:fc:c3:37:98:
                    55:89:59:60:99:ba:a2:0d:e2:94:de:62:9f:3b:aa:
                    4a:f5:4a:e7:33:26:e0:59:cf:ff:c9:8b:0a:64:0d:
                    5d:6a:b3:b4:09:ec:76:80:45:fd:a8:85:61:dc:3d:
                    5a:e4:02:63:2d:39:d9:fb:65:17:fb:0f:ec:3b:e4:
                    ec:40:cf:65:e5:2a:86:eb:cf:7a:c7:bf:91:b0:28:
                    46:a5:fb:69:bf:64:b0:9c:fb:5b:d7:33:16:dc:05:
                    e4:c4:f0:c3:ca:46:94:43:66:7d:e3:c8:12:5f:9c:
                    f9:48:a2:92:cb:9d:c0:9a:47:fc:aa:90:c1:75:ef:
                    40:12:ae:f1:db:8f:3a:bc:bb:9a:33:fc:93:98:6e:
                    3e:4e:62:fb:bf:6c:59:ff:6c:cd:69:8c:b0:c9:e2:
                    2e:6d:54:97:9f:f8:44:3c:51:9e:c4:3b:9f:58:5a:
                    44:67:03:99:db:04:16:0e:50:2e:20:24:25:7b:55:
                    32:d6:8a:28:d3:2e:d2:ff:e2:43:87:22:7e:6a:45:
                    eb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:FF:27:C8:95:E3:C4:5B:97:52:73:A5:C6:4A:C7:65:D8:28:35:3E
            X509v3 Authority Key Identifier:
                keyid:73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/0P8nyJXjxFuXUnOlxkrHZdgoNT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/cxidJrrn-Fy04Gq1q1Nt5agMFqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.120.0/23
                  85.204.132.0/23
                  85.204.136.0/23
                  85.204.194.0/23
                  185.24.168.0/22
                  185.166.120.0/22
                  195.192.248.0/23
                  212.237.96.0/20
                IPv6:
                  2a00:7660::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:dc:f9:ba:b5:75:ba:44:26:a8:05:f3:51:a8:48:82:5e:3a:
         d6:a7:33:47:89:ba:17:58:cb:2c:06:0c:87:42:69:ed:1a:0c:
         a5:8a:ce:7d:47:c5:d4:59:55:a6:b1:15:fc:1c:9b:bd:5b:80:
         ea:04:1f:e3:ac:bb:45:d0:78:ab:2b:5d:1f:8b:12:da:92:0b:
         0c:05:f4:c8:82:ba:11:81:d6:8c:ad:fe:45:1b:a7:7e:70:5a:
         95:c3:da:b9:5d:96:9b:08:f0:69:b3:fa:6c:50:20:66:01:e9:
         70:43:34:57:f1:12:cc:60:c5:d1:9d:95:07:30:11:01:2d:de:
         41:29:5d:88:38:61:3f:ea:c6:06:57:30:7a:2f:63:1b:e5:c0:
         20:3a:1e:09:75:7f:5b:5e:fc:51:b9:dc:c8:01:bb:28:20:4c:
         57:82:f5:10:f3:cf:94:8e:dd:2c:fc:b6:bb:00:47:db:e3:b8:
         a9:ee:d5:89:16:f6:f0:17:db:46:65:45:d2:88:5d:55:c6:61:
         01:c6:c4:7e:d5:0e:ac:2f:ed:ed:c1:b7:f3:51:61:f8:93:38:
         5d:ed:01:54:8b:42:f6:88:f6:ac:1d:17:af:8e:c7:a4:bb:54:
         8e:f5:b8:7d:dd:55:84:0b:71:cc:70:d9:ee:ac:d5:0f:ff:29:
         57:1c:d9:08
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIEF9cf9zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MzE4OWQyNmJhZTdmODVjYjRlMDZhYjVhYjUzNmRlNWE4MGMxNmExMB4XDTIyMDMy
NDA5MzE0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDBmZjI3Yzg5NWUz
YzQ1Yjk3NTI3M2E1YzY0YWM3NjVkODI4MzUzZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANhJIuB8vbqbCME5eWXf4OTMeodJDtYvbGDjUFuoBOdKBohE
4NJV+FEFXEvneTHFeyxSp1gQiwD8wzeYVYlZYJm6og3ilN5inzuqSvVK5zMm4FnP
/8mLCmQNXWqztAnsdoBF/aiFYdw9WuQCYy052ftlF/sP7Dvk7EDPZeUqhuvPese/
kbAoRqX7ab9ksJz7W9czFtwF5MTww8pGlENmfePIEl+c+UiiksudwJpH/KqQwXXv
QBKu8duPOry7mjP8k5huPk5i+79sWf9szWmMsMniLm1Ul5/4RDxRnsQ7n1haRGcD
mdsEFg5QLiAkJXtVMtaKKNMu0v/iQ4cifmpF6w8CAwEAAaOCAkIwggI+MB0GA1Ud
DgQWBBTQ/yfIlePEW5dSc6XGSsdl2Cg1PjAfBgNVHSMEGDAWgBRzGJ0muuf4XLTg
arWrU23lqAwWoTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2N4aWRKcnJuLUZ5MDRHcTFxMU50NWFnTUZxRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWIvMzYwYTlkLWIxMjEtNDVhZS04MzBkLTA2NmI2MzIzN2Q4NS8x
LzBQOG55SlhqeEZ1WFVuT2x4a3JIWmRnb05UNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIv
MzYwYTlkLWIxMjEtNDVhZS04MzBkLTA2NmI2MzIzN2Q4NS8xL2N4aWRKcnJuLUZ5
MDRHcTFxMU50NWFnTUZxRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBY
BggrBgEFBQcBBwEB/wRJMEcwNgQCAAEwMAMEAVXMeAMEAVXMhAMEAVXMiAMEAVXM
wgMEArkYqAMEArmmeAMEAcPA+AMEBNTtYDANBAIAAjAHAwUDKgB2YDANBgkqhkiG
9w0BAQsFAAOCAQEAH9z5urV1ukQmqAXzUahIgl461qczR4m6F1jLLAYMh0Jp7RoM
pYrOfUfF1FlVprEV/BybvVuA6gQf46y7RdB4qytdH4sS2pILDAX0yIK6EYHWjK3+
RRunfnBalcPauV2WmwjwabP6bFAgZgHpcEM0V/ESzGDF0Z2VBzARAS3eQSldiDhh
P+rGBlcwei9jG+XAIDoeCXV/W178UbncyAG7KCBMV4L1EPPPlI7dLPy2uwBH2+O4
qe7ViRb28BfbRmVF0ohdVcZhAcbEftUOrC/t7cG381Fh+JM4Xe0BVItC9oj2rB0X
r47HpLtUjvW4fd1VhAtxzHDZ7qzVD/8pVxzZCA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:41 2024 by rpki-client on console-ams.rpki-client.org