Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/Zcp6QlxIlH1OG6lpsv766QZDVXE.roa
File:                     Zcp6QlxIlH1OG6lpsv766QZDVXE.roa (raw, json)
Hash identifier:          roZ4vsf0Vz2eOawoyE7wQILLfhiIRQOib4OLVLLeciY=
Subject key identifier:   65:CA:7A:42:5C:48:94:7D:4E:1B:A9:69:B2:FE:FA:E9:06:43:55:71
Certificate issuer:       /CN=36261c261756fa03ac57d1bfc4db856ef808975a
Certificate serial:       01856BD33B62D8580222A659E5A696C5EF0C
Authority key identifier: 36:26:1C:26:17:56:FA:03:AC:57:D1:BF:C4:DB:85:6E:F8:08:97:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/Zcp6QlxIlH1OG6lpsv766QZDVXE.roa
Signing time:             Sun 01 Jan 2023 05:34:43 +0000
ROA not before:           Sun 01 Jan 2023 05:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20860
IP address blocks:        185.35.77.0/24 maxlen: 24
                          185.35.79.0/24 maxlen: 24
                          2a00:e120::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:d3:3b:62:d8:58:02:22:a6:59:e5:a6:96:c5:ef:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36261c261756fa03ac57d1bfc4db856ef808975a
        Validity
            Not Before: Jan  1 05:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65ca7a425c48947d4e1ba969b2fefae906435571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:68:ca:6a:b0:c5:1e:87:3e:7f:ee:a8:14:2c:
                    16:41:e6:d9:c8:da:63:62:50:c9:76:bc:e0:69:fb:
                    40:7d:05:e6:14:f8:47:e8:79:c6:dd:cb:8f:c8:4a:
                    6f:58:fa:0b:e5:bf:79:f5:50:96:c2:4e:02:82:d2:
                    16:11:6f:26:fe:70:63:26:66:a4:89:a5:9d:9b:4b:
                    4d:5f:2e:c5:7f:d4:c5:4b:72:22:4d:2a:27:a1:aa:
                    b0:bf:21:b6:71:15:a6:43:79:37:9a:bd:ea:60:47:
                    12:06:09:39:4f:07:46:69:70:26:61:6a:b6:9c:00:
                    08:58:f6:39:81:03:86:5c:88:6f:57:51:85:b8:3c:
                    21:2c:56:ab:f2:55:c6:c7:58:07:21:6e:e4:6a:ba:
                    82:29:bd:95:16:fc:16:1a:6d:40:8a:a8:50:c0:97:
                    f6:5e:54:0f:90:ac:34:ea:2f:7e:47:23:b1:29:e9:
                    71:32:ac:40:f6:7c:bd:5b:d8:9e:8b:f4:f2:8c:66:
                    7d:93:2b:fc:47:cb:c3:9e:5b:83:d5:8e:67:75:fc:
                    f2:b7:eb:0e:1b:6f:36:6e:63:71:c5:53:9c:dc:5a:
                    7f:79:44:23:91:bb:d7:3c:35:81:15:97:ed:c7:90:
                    9d:d4:9c:59:55:e7:5e:8e:ed:4d:78:a3:de:8c:c3:
                    83:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CA:7A:42:5C:48:94:7D:4E:1B:A9:69:B2:FE:FA:E9:06:43:55:71
            X509v3 Authority Key Identifier:
                keyid:36:26:1C:26:17:56:FA:03:AC:57:D1:BF:C4:DB:85:6E:F8:08:97:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/Zcp6QlxIlH1OG6lpsv766QZDVXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/NiYcJhdW-gOsV9G_xNuFbvgIl1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.77.0/24
                  185.35.79.0/24
                IPv6:
                  2a00:e120::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:68:77:07:02:66:55:f7:4e:28:94:9d:80:f6:2e:96:37:fe:
         9e:14:16:5c:3a:9e:3d:bd:e1:17:1f:bb:1e:b5:7c:92:ad:fe:
         4a:5e:b9:44:ab:fa:f6:7b:4c:ce:29:9d:be:06:ec:cf:2e:52:
         d9:a5:c7:46:7d:2d:35:2e:14:15:f8:8e:a8:7f:f1:1b:26:fc:
         10:c9:ec:d1:d0:d7:6c:ef:22:7f:89:1e:30:4e:9d:3e:22:49:
         5b:93:9f:1c:55:93:7c:77:43:9e:56:30:be:3a:2d:db:40:c0:
         fd:3c:76:e6:73:a8:d8:ff:e2:86:75:71:4f:e1:4a:d3:91:a9:
         1b:61:10:4f:0f:87:1a:6f:6d:b8:33:bf:08:22:96:70:10:d9:
         b7:8e:8a:3c:ee:7e:81:6b:83:d4:9e:ce:18:ea:e5:34:1a:36:
         0e:be:28:73:10:f5:1a:06:54:5a:83:17:49:93:4d:9f:24:e4:
         b4:e0:68:80:c5:3c:25:52:09:10:52:34:1e:70:7b:b3:e2:cc:
         7a:04:04:f4:34:f9:29:51:13:cc:68:54:5e:d5:57:a2:3c:b2:
         73:9e:56:3b:f6:0f:ea:d2:1c:2e:94:08:e6:39:b5:b5:e3:1f:
         c3:d3:81:24:7b:84:05:63:10:d5:a1:a2:d5:37:1c:ba:fc:f4:
         69:89:dc:13
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVr0zti2FgCIqZZ5aaWxe8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjYxYzI2MTc1NmZhMDNhYzU3ZDFiZmM0ZGI4NTZlZjgw
ODk3NWEwHhcNMjMwMTAxMDUzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNhN2E0MjVjNDg5NDdkNGUxYmE5NjliMmZlZmFlOTA2NDM1NTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2jKarDFHoc+f+6oFCwWQebZyNpj
YlDJdrzgaftAfQXmFPhH6HnG3cuPyEpvWPoL5b959VCWwk4CgtIWEW8m/nBjJmak
iaWdm0tNXy7Ff9TFS3IiTSonoaqwvyG2cRWmQ3k3mr3qYEcSBgk5TwdGaXAmYWq2
nAAIWPY5gQOGXIhvV1GFuDwhLFar8lXGx1gHIW7karqCKb2VFvwWGm1AiqhQwJf2
XlQPkKw06i9+RyOxKelxMqxA9ny9W9iei/TyjGZ9kyv8R8vDnluD1Y5ndfzyt+sO
G282bmNxxVOc3Fp/eUQjkbvXPDWBFZftx5Cd1JxZVedeju1NeKPejMOD4QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGXKekJcSJR9ThupabL++ukGQ1VxMB8GA1UdIwQY
MBaAFDYmHCYXVvoDrFfRv8TbhW74CJdaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlZY0poZFctZ09zVjlHX3hOdUZidmdJbDFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYmFiMWYtOTJkNi00MmYwLWI5NTIt
NDQyYzA4MGFlNTQxLzEvWmNwNlFseElsSDFPRzZscHN2NzY2UVpEVlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYmFiMWYtOTJkNi00MmYwLWI5NTItNDQyYzA4MGFlNTQx
LzEvTmlZY0poZFctZ09zVjlHX3hOdUZidmdJbDFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuSNNAwQA
uSNPMA0EAgACMAcDBQAqAOEgMA0GCSqGSIb3DQEBCwUAA4IBAQBkaHcHAmZV904o
lJ2A9i6WN/6eFBZcOp49veEXH7setXySrf5KXrlEq/r2e0zOKZ2+BuzPLlLZpcdG
fS01LhQV+I6of/EbJvwQyezR0Nds7yJ/iR4wTp0+Iklbk58cVZN8d0OeVjC+Oi3b
QMD9PHbmc6jY/+KGdXFP4UrTkakbYRBPD4cab224M78IIpZwENm3joo87n6Ba4PU
ns4Y6uU0GjYOvihzEPUaBlRagxdJk02fJOS04GiAxTwlUgkQUjQecHuz4sx6BAT0
NPkpURPMaFRe1VeiPLJznlY79g/q0hwulAjmObW14x/D04Eke4QFYxDVoaLVNxy6
/PRpidwT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:45 2024 by rpki-client on console-fra.rpki-client.org