Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/HYvcQ6u4Bdxz37HAU3cwfofz1KA.roa
File:                     HYvcQ6u4Bdxz37HAU3cwfofz1KA.roa (raw, json)
Hash identifier:          NCrXcje5t+UbE0fy5f8C0/guH7ziyrn+l0WD6QZniR8=
Subject key identifier:   1D:8B:DC:43:AB:B8:05:DC:73:DF:B1:C0:53:77:30:7E:87:F3:D4:A0
Certificate issuer:       /CN=cdc84082be96e609d9de9808fbc37866feb4c54b
Certificate serial:       0187B7A601240EF155A6768994E94A0E19DD
Authority key identifier: CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/HYvcQ6u4Bdxz37HAU3cwfofz1KA.roa
Signing time:             Tue 25 Apr 2023 09:02:02 +0000
ROA not before:           Tue 25 Apr 2023 09:02:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61138
IP address blocks:        37.235.121.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b7:a6:01:24:0e:f1:55:a6:76:89:94:e9:4a:0e:19:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdc84082be96e609d9de9808fbc37866feb4c54b
        Validity
            Not Before: Apr 25 09:02:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d8bdc43abb805dc73dfb1c05377307e87f3d4a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:da:fb:8d:2d:5a:f9:78:67:0f:28:fb:be:ac:
                    a0:a4:aa:0c:a0:98:4a:a2:d9:cc:21:f2:31:45:28:
                    8d:94:00:3a:07:31:13:b6:1e:37:44:aa:ad:47:55:
                    30:c7:55:bd:84:00:55:42:01:ce:70:d2:34:24:35:
                    7b:88:0d:da:02:9a:2a:df:ff:82:5d:f3:f2:0e:a4:
                    76:53:bb:45:74:b9:80:7a:f6:da:28:7e:b2:e5:2a:
                    04:2a:31:fe:7a:b8:dd:6c:d2:43:38:95:bb:7a:7d:
                    b7:af:0e:94:55:65:92:3a:45:0f:74:f3:f4:6c:08:
                    ac:45:bf:4a:e1:5c:6d:2d:a5:fa:4e:61:92:c8:11:
                    3a:08:44:ea:96:99:48:5c:80:c5:3e:6a:0d:b4:20:
                    e0:97:17:1d:ed:93:c5:0e:4b:54:be:45:55:34:82:
                    bc:cd:f5:5b:90:a1:76:46:1c:3f:ac:07:f1:37:92:
                    33:ec:15:41:20:69:03:c3:7d:62:2c:c5:09:75:cd:
                    74:2d:6c:bb:3e:34:27:04:25:45:00:9c:c9:c8:2f:
                    e4:7d:06:06:cc:d7:29:c2:47:b9:13:65:85:4f:88:
                    b5:5e:4d:18:d6:e3:09:f0:a9:ea:c9:d0:7d:89:fa:
                    1d:fd:b8:34:1d:a3:7b:86:e5:32:ba:a5:42:1d:64:
                    18:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:8B:DC:43:AB:B8:05:DC:73:DF:B1:C0:53:77:30:7E:87:F3:D4:A0
            X509v3 Authority Key Identifier:
                keyid:CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/HYvcQ6u4Bdxz37HAU3cwfofz1KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/zchAgr6W5gnZ3pgI-8N4Zv60xUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:12:36:57:6f:34:d6:aa:0b:32:9e:37:39:8b:7e:a7:95:e3:
         fc:0c:a8:71:25:57:14:ea:d4:de:c3:ee:21:fd:a8:6d:4b:d5:
         11:92:81:3e:48:cd:2a:49:f4:3b:0b:df:95:b8:cd:b8:27:6a:
         59:81:82:53:80:51:ae:4d:d9:67:df:fe:7c:81:d1:d3:80:f3:
         2c:d7:cb:b3:56:10:24:c0:60:55:36:96:da:d9:fc:ae:7c:54:
         cf:0b:9d:73:4e:46:40:d5:1d:ab:5b:c0:52:fc:97:83:d3:6d:
         c9:76:e9:d5:9a:30:b4:ec:46:6d:28:5a:a0:e5:4d:39:10:05:
         ba:ad:df:a9:e7:76:d5:b6:4b:f1:81:56:49:d5:94:e0:a4:00:
         8c:5c:00:e1:90:5d:4e:fd:db:da:8f:69:bd:c5:3a:5f:f8:0f:
         ea:1b:37:8a:fd:e8:94:46:31:67:95:24:cb:b6:3b:0d:ac:9a:
         91:79:74:68:4d:75:13:dc:1c:12:65:28:2d:f1:5f:5f:1a:e9:
         47:f2:57:3d:bf:54:8a:a2:a7:80:22:7f:ec:12:cc:62:04:eb:
         a5:6e:7d:25:ad:16:16:27:6a:37:5a:d8:e0:86:44:f5:74:6a:
         f2:c9:23:c6:0f:1d:0e:f2:34:59:33:16:58:73:f1:3b:69:a5:
         d6:d8:c0:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYe3pgEkDvFVpnaJlOlKDhndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYzg0MDgyYmU5NmU2MDlkOWRlOTgwOGZiYzM3ODY2ZmVi
NGM1NGIwHhcNMjMwNDI1MDkwMjAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDhiZGM0M2FiYjgwNWRjNzNkZmIxYzA1Mzc3MzA3ZTg3ZjNkNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNr7jS1a+XhnDyj7vqygpKoMoJhK
otnMIfIxRSiNlAA6BzETth43RKqtR1Uwx1W9hABVQgHOcNI0JDV7iA3aApoq3/+C
XfPyDqR2U7tFdLmAevbaKH6y5SoEKjH+erjdbNJDOJW7en23rw6UVWWSOkUPdPP0
bAisRb9K4VxtLaX6TmGSyBE6CETqlplIXIDFPmoNtCDglxcd7ZPFDktUvkVVNIK8
zfVbkKF2Rhw/rAfxN5Iz7BVBIGkDw31iLMUJdc10LWy7PjQnBCVFAJzJyC/kfQYG
zNcpwke5E2WFT4i1Xk0Y1uMJ8KnqydB9ifod/bg0HaN7huUyuqVCHWQY/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2L3EOruAXcc9+xwFN3MH6H89SgMB8GA1UdIwQY
MBaAFM3IQIK+luYJ2d6YCPvDeGb+tMVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMt
Y2JmMTY0ZThiZTAxLzEvSFl2Y1E2dTRCZHh6MzdIQVUzY3dmb2Z6MUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMtY2JmMTY0ZThiZTAx
LzEvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJet5MA0G
CSqGSIb3DQEBCwUAA4IBAQAyEjZXbzTWqgsynjc5i36nleP8DKhxJVcU6tTew+4h
/ahtS9URkoE+SM0qSfQ7C9+VuM24J2pZgYJTgFGuTdln3/58gdHTgPMs18uzVhAk
wGBVNpba2fyufFTPC51zTkZA1R2rW8BS/JeD023JdunVmjC07EZtKFqg5U05EAW6
rd+p53bVtkvxgVZJ1ZTgpACMXADhkF1O/dvaj2m9xTpf+A/qGzeK/eiURjFnlSTL
tjsNrJqReXRoTXUT3BwSZSgt8V9fGulH8lc9v1SKoqeAIn/sEsxiBOulbn0lrRYW
J2o3WtjghkT1dGryySPGDx0O8jRZMxZYc/E7aaXW2MDR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:07 2024 by rpki-client on console-ams.rpki-client.org