Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/mGTYcAl8K71ZG3nnoB2-96tfk-g.roa
File:                     mGTYcAl8K71ZG3nnoB2-96tfk-g.roa (raw, json)
Hash identifier:          ozbkCNf0EhGMrOwp4nlu4N8kQveqq2lagg1okuGU5vs=
Subject key identifier:   98:64:D8:70:09:7C:2B:BD:59:1B:79:E7:A0:1D:BE:F7:AB:5F:93:E8
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01865F708ED66038CCCD4B4BD65D94714BB9
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/mGTYcAl8K71ZG3nnoB2-96tfk-g.roa
Signing time:             Fri 17 Feb 2023 12:54:17 +0000
ROA not before:           Fri 17 Feb 2023 12:54:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210512
IP address blocks:        31.129.21.0/24 maxlen: 24
                          194.5.94.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:5f:70:8e:d6:60:38:cc:cd:4b:4b:d6:5d:94:71:4b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Feb 17 12:54:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9864d870097c2bbd591b79e7a01dbef7ab5f93e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e8:34:c4:b5:a7:e1:1e:0d:04:14:31:42:1c:
                    3e:3e:69:4b:b1:52:3a:fb:c4:5e:6f:6d:de:13:d9:
                    d9:9b:38:48:b8:49:40:b5:c6:14:d5:d7:12:c9:eb:
                    3d:6b:74:a7:80:bd:a0:43:a1:5a:01:bc:ae:eb:07:
                    73:4d:f2:e5:b6:8c:f1:76:c7:dd:18:4d:63:0e:a8:
                    dd:e7:8a:43:1e:0e:34:e2:52:e1:71:b0:21:35:df:
                    1f:3a:51:f2:bb:9e:0a:c2:54:4c:cc:25:17:ef:33:
                    de:5f:9a:1d:a2:0d:5d:24:36:da:cf:7c:d5:fe:69:
                    63:b9:e8:e7:06:d5:37:73:9d:81:43:b9:73:6f:b5:
                    06:63:48:59:c0:72:30:cc:67:a7:e4:31:42:ef:81:
                    81:48:8e:70:de:5b:2f:b0:ca:13:97:39:53:9f:57:
                    bb:0f:1a:66:5a:b7:1f:2a:7f:31:ad:f4:5d:d0:49:
                    9e:c7:49:e5:11:3c:00:7a:db:e4:20:52:96:d6:c0:
                    ff:12:b0:af:05:4f:ab:e2:96:c5:d6:58:a6:b1:76:
                    8f:90:0f:14:90:3d:87:45:72:a1:a8:2f:08:ca:10:
                    02:33:7d:d3:c2:d4:8e:d9:4a:8e:99:c1:27:aa:d2:
                    e6:83:77:b0:8a:26:4d:7e:55:d6:5c:3a:c6:bb:6e:
                    8b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:64:D8:70:09:7C:2B:BD:59:1B:79:E7:A0:1D:BE:F7:AB:5F:93:E8
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/mGTYcAl8K71ZG3nnoB2-96tfk-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.21.0/24
                  194.5.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:3f:06:83:04:e9:d4:04:b1:af:3d:2c:d0:aa:4d:29:ef:c4:
         35:bf:55:c2:ff:27:f3:24:08:70:32:5c:69:87:0b:70:7e:c4:
         20:84:0b:a4:1c:4f:88:ba:92:92:8a:10:f1:f5:ee:38:34:db:
         21:d3:70:f2:47:64:7a:4a:cf:55:01:cf:60:9e:be:24:08:cd:
         f0:87:b0:eb:60:86:79:e9:5e:16:95:ca:63:50:18:9f:c3:31:
         ce:7c:4c:7f:fe:b3:e4:d9:26:0a:83:58:f1:a0:51:da:81:13:
         38:b6:82:db:cb:31:b9:5b:ad:8a:6c:bd:15:cb:3e:59:29:66:
         f5:e4:a9:1b:2f:06:9b:6f:18:38:60:e9:18:48:4f:73:bc:03:
         a5:8b:cd:68:42:42:9f:35:08:35:1f:d0:cb:36:2b:d4:a4:00:
         cd:be:c1:24:4f:ae:d4:5b:9a:23:34:5a:61:1b:a2:c0:81:f9:
         5c:05:0d:0b:00:61:26:2c:7c:30:eb:e0:4d:0c:fe:b9:44:91:
         91:43:a9:9c:a1:67:e5:7d:bb:64:95:55:3d:57:11:f4:3c:1a:
         66:52:ce:ad:6a:f7:d2:a1:e9:3a:88:35:43:7c:e2:a4:2e:a3:
         8d:a4:c5:37:bd:79:52:48:f0:4a:45:ff:c5:23:a0:7f:59:eb:
         d3:d0:5b:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYZfcI7WYDjMzUtL1l2UcUu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMjE3MTI1NDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODY0ZDg3MDA5N2MyYmJkNTkxYjc5ZTdhMDFkYmVmN2FiNWY5M2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+g0xLWn4R4NBBQxQhw+PmlLsVI6
+8Reb23eE9nZmzhIuElAtcYU1dcSyes9a3SngL2gQ6FaAbyu6wdzTfLltozxdsfd
GE1jDqjd54pDHg404lLhcbAhNd8fOlHyu54KwlRMzCUX7zPeX5odog1dJDbaz3zV
/mljuejnBtU3c52BQ7lzb7UGY0hZwHIwzGen5DFC74GBSI5w3lsvsMoTlzlTn1e7
DxpmWrcfKn8xrfRd0Emex0nlETwAetvkIFKW1sD/ErCvBU+r4pbF1limsXaPkA8U
kD2HRXKhqC8IyhACM33TwtSO2UqOmcEnqtLmg3ewiiZNflXWXDrGu26LxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhk2HAJfCu9WRt556AdvverX5PoMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvbUdUWWNBbDhLNzFaRzNubm9CMi05NnRmay1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH4EVAwQA
wgVeMA0GCSqGSIb3DQEBCwUAA4IBAQCMPwaDBOnUBLGvPSzQqk0p78Q1v1XC/yfz
JAhwMlxphwtwfsQghAukHE+IupKSihDx9e44NNsh03DyR2R6Ss9VAc9gnr4kCM3w
h7DrYIZ56V4WlcpjUBifwzHOfEx//rPk2SYKg1jxoFHagRM4toLbyzG5W62KbL0V
yz5ZKWb15KkbLwabbxg4YOkYSE9zvAOli81oQkKfNQg1H9DLNivUpADNvsEkT67U
W5ojNFphG6LAgflcBQ0LAGEmLHww6+BNDP65RJGRQ6mcoWflfbtklVU9VxH0PBpm
Us6tavfSoek6iDVDfOKkLqONpMU3vXlSSPBKRf/FI6B/WevT0FsQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:55 2024 by rpki-client on console-fra.rpki-client.org