Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/eM0y2wsa8Nz6H4p2R5-z5pruH3U.roa
File:                     eM0y2wsa8Nz6H4p2R5-z5pruH3U.roa (raw, json)
Hash identifier:          YtPqIE7R51JDJ0Wl5huFi1gDKj8NFGmQ5JZ1/KToE1k=
Subject key identifier:   78:CD:32:DB:0B:1A:F0:DC:FA:1F:8A:76:47:9F:B3:E6:9A:EE:1F:75
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01849FC0FE1658395BDDB6887F670E6B7A99
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/eM0y2wsa8Nz6H4p2R5-z5pruH3U.roa
Signing time:             Tue 22 Nov 2022 14:32:15 +0000
ROA not before:           Tue 22 Nov 2022 14:32:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.22.0/24 maxlen: 24
                          31.129.21.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          46.16.12.0/24 maxlen: 24
                          46.16.15.0/24 maxlen: 24
                          46.16.14.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:c0:fe:16:58:39:5b:dd:b6:88:7f:67:0e:6b:7a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Nov 22 14:32:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=78cd32db0b1af0dcfa1f8a76479fb3e69aee1f75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8c:11:96:6d:d7:2f:b2:69:53:aa:10:f7:87:
                    f5:0c:53:f8:10:2d:80:ab:81:4f:60:8e:2a:46:ba:
                    32:d6:63:ca:c0:f3:46:92:07:b3:51:69:29:af:60:
                    0d:61:56:ad:6f:9d:fc:fc:a2:ef:6d:31:1f:8d:25:
                    94:94:25:32:8e:1b:e8:28:29:31:1a:83:c7:d1:11:
                    fe:7a:ef:ee:d7:3f:6e:89:93:67:e5:a8:a7:17:55:
                    2a:fe:6b:bd:c9:9f:60:c4:92:87:0b:28:bb:42:ef:
                    6e:30:5f:8b:9d:3d:0e:b6:27:6c:98:8c:e6:5c:68:
                    c8:b4:49:8e:4c:93:7d:ab:dc:33:e9:8d:c2:57:6c:
                    b6:e9:95:9e:b2:13:65:26:f6:1a:2d:a5:43:1c:11:
                    fc:b7:d6:d0:36:86:c1:97:b5:04:35:cd:9f:46:be:
                    6b:23:ed:35:c7:e0:99:92:a0:70:a7:cb:04:36:48:
                    fc:2c:73:8d:23:ed:d2:fe:a6:88:8f:bd:23:09:d8:
                    b2:ce:47:1f:55:f3:ca:87:97:72:0a:2c:82:b3:9d:
                    df:a1:18:0b:18:dd:ec:be:95:1e:0e:f1:d4:42:6c:
                    9e:64:df:01:81:82:d5:91:b9:91:dd:bc:01:ea:d3:
                    f2:b1:9e:74:88:50:03:ef:15:84:d7:02:9b:1f:82:
                    d0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:CD:32:DB:0B:1A:F0:DC:FA:1F:8A:76:47:9F:B3:E6:9A:EE:1F:75
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/eM0y2wsa8Nz6H4p2R5-z5pruH3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.29.255
                  31.129.31.0/24
                  46.16.12.0/24
                  46.16.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:b9:9f:07:75:e6:92:48:8f:01:74:23:0e:e7:8a:96:fd:f4:
         ed:32:dd:ea:59:66:fe:8e:04:02:f3:fc:42:72:aa:15:73:b8:
         b4:6b:71:dc:c4:f1:25:47:c7:2e:0e:58:18:2a:39:df:5b:1b:
         51:40:5f:07:72:e9:9b:c4:ba:f5:fc:d9:80:fa:46:e9:a9:18:
         4e:97:c6:9e:62:1f:da:94:4b:91:9e:e4:7b:c4:5c:9d:9b:54:
         ee:5d:74:47:00:d3:a9:4b:e5:d8:6f:9f:ba:b7:13:3f:c2:da:
         2f:ea:b6:58:ff:bd:a3:84:ec:44:d2:ba:6f:d2:98:39:c3:66:
         2f:06:97:ed:10:a8:14:26:40:e6:82:b3:6d:a8:96:ec:3a:fb:
         70:27:bc:bf:6c:e6:f1:0a:ad:84:50:15:fd:99:7f:62:6e:84:
         74:e7:84:a0:1a:33:f0:a4:41:c3:67:3a:16:66:c9:74:5c:34:
         c9:8e:6a:e6:6e:ce:d4:ee:83:1c:71:2b:d5:96:1d:18:e7:77:
         61:e3:ce:74:f8:03:18:f3:a5:37:29:ed:53:6b:a5:38:3d:11:
         a5:1f:7b:16:89:f9:ec:9e:bb:2c:11:0c:d8:66:5d:8a:5a:f0:
         af:78:8b:41:c5:3b:76:be:3c:5b:5d:e3:38:00:6f:67:f1:e8:
         ca:e3:b3:f5
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYSfwP4WWDlb3baIf2cOa3qZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMTIyMTQzMjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGNkMzJkYjBiMWFmMGRjZmExZjhhNzY0NzlmYjNlNjlhZWUxZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYwRlm3XL7JpU6oQ94f1DFP4EC2A
q4FPYI4qRroy1mPKwPNGkgezUWkpr2ANYVatb538/KLvbTEfjSWUlCUyjhvoKCkx
GoPH0RH+eu/u1z9uiZNn5ainF1Uq/mu9yZ9gxJKHCyi7Qu9uMF+LnT0OtidsmIzm
XGjItEmOTJN9q9wz6Y3CV2y26ZWeshNlJvYaLaVDHBH8t9bQNobBl7UENc2fRr5r
I+01x+CZkqBwp8sENkj8LHONI+3S/qaIj70jCdiyzkcfVfPKh5dyCiyCs53foRgL
GN3svpUeDvHUQmyeZN8BgYLVkbmR3bwB6tPysZ50iFAD7xWE1wKbH4LQWQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHjNMtsLGvDc+h+Kdkefs+aa7h91MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvZU0weTJ3c2E4Tno2SDRwMlI1LXo1cHJ1SDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfMAsDAwAfgQME
AR+BHAMEAB+BHwMEAC4QDAMEAS4QDjANBgkqhkiG9w0BAQsFAAOCAQEAibmfB3Xm
kkiPAXQjDueKlv307TLd6llm/o4EAvP8QnKqFXO4tGtx3MTxJUfHLg5YGCo531sb
UUBfB3Lpm8S69fzZgPpG6akYTpfGnmIf2pRLkZ7ke8RcnZtU7l10RwDTqUvl2G+f
urcTP8LaL+q2WP+9o4TsRNK6b9KYOcNmLwaX7RCoFCZA5oKzbaiW7Dr7cCe8v2zm
8QqthFAV/Zl/Ym6EdOeEoBoz8KRBw2c6FmbJdFw0yY5q5m7O1O6DHHEr1ZYdGOd3
YePOdPgDGPOlNyntU2ulOD0RpR97Fon57J67LBEM2GZdilrwr3iLQcU7dr48W13j
OABvZ/HoyuOz9Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org