Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1nySnsakCK6__RlZjvl49o0YpBo.roa
File:                     1nySnsakCK6__RlZjvl49o0YpBo.roa (raw, json)
Hash identifier:          FIk4rQMphINl8ze8tlzvt2GNolTYnH/TC3f3JSkwpwM=
Subject key identifier:   D6:7C:92:9E:C6:A4:08:AE:BF:FD:19:59:8E:F9:78:F6:8D:18:A4:1A
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01879455C559111F666D43F08C06C60D34DD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1nySnsakCK6__RlZjvl49o0YpBo.roa
Signing time:             Tue 18 Apr 2023 12:27:41 +0000
ROA not before:           Tue 18 Apr 2023 12:27:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35409
IP address blocks:        185.230.250.0/24 maxlen: 24
                          185.229.107.0/24 maxlen: 24
                          89.47.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:94:55:c5:59:11:1f:66:6d:43:f0:8c:06:c6:0d:34:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 18 12:27:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d67c929ec6a408aebffd19598ef978f68d18a41a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f4:56:65:6a:2d:8f:62:28:53:c6:12:4a:3e:
                    c4:d6:b2:94:04:d4:83:81:f0:a9:b3:8c:57:b0:c8:
                    70:9c:d9:1b:3b:e5:f6:01:2e:57:0b:e2:f0:e9:fc:
                    06:db:cd:5e:2c:3b:2e:5c:f5:89:93:e3:b1:74:dd:
                    b8:c0:82:ce:c4:0b:24:d9:4f:50:35:2a:38:6b:57:
                    32:27:c7:39:e0:ee:10:9c:d0:61:02:87:05:d9:cb:
                    ec:dd:68:35:a2:0f:05:8f:b9:ed:4d:e1:4d:be:a3:
                    37:28:e0:43:58:c4:be:a2:b7:18:5f:a1:cb:41:61:
                    b5:ee:03:53:fd:81:2e:4c:d7:c0:e0:0b:18:1f:b4:
                    56:b6:f4:0e:7e:70:04:e6:99:b8:47:08:43:40:79:
                    a6:ff:29:9e:5a:4e:4f:6f:be:c8:98:67:f8:9f:59:
                    75:78:e0:c2:bc:9b:6d:1f:7e:d8:06:59:26:63:0f:
                    7c:f6:34:c3:b5:9f:79:a8:1a:81:2a:13:73:a7:c0:
                    89:6c:8f:7e:3e:1a:55:12:67:1c:3c:4a:1c:4e:a1:
                    ee:8f:31:7e:ae:42:c6:86:45:6f:42:3d:d0:24:df:
                    5b:68:fe:74:e5:c1:a4:e5:59:0b:b6:8a:3e:5a:71:
                    80:d5:cd:27:1e:a2:bc:4d:4f:5c:81:54:33:bf:1c:
                    62:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:7C:92:9E:C6:A4:08:AE:BF:FD:19:59:8E:F9:78:F6:8D:18:A4:1A
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1nySnsakCK6__RlZjvl49o0YpBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.89.0/24
                  185.229.107.0/24
                  185.230.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:15:5f:c6:30:4e:15:bb:7a:f3:89:7e:f8:ea:5c:a4:a7:40:
         4d:3c:83:31:ac:68:07:bd:16:e3:31:27:df:80:d4:3a:91:37:
         02:41:be:df:51:d1:b9:9f:f6:0f:76:a8:e6:3d:cc:c6:a7:c2:
         7b:1a:b7:c2:63:1a:f1:d8:22:46:d0:d4:d3:88:38:47:fc:93:
         e9:aa:fd:3a:85:33:33:8e:f2:74:36:f4:bd:69:09:ec:89:46:
         21:33:9f:2f:a0:99:12:8c:31:71:63:20:1f:51:06:13:04:63:
         fe:6c:fa:ed:9b:39:a6:74:2e:f2:9e:d6:72:47:4a:c7:04:41:
         c3:ff:f6:20:10:02:d6:3e:9f:6a:4f:ea:56:98:4f:ff:54:7c:
         67:e3:1b:80:71:90:a0:83:4b:42:fa:c8:b2:37:75:08:46:35:
         a2:5f:bd:fd:19:80:ca:ed:b2:3d:45:08:68:d0:41:b1:a8:00:
         ed:e7:a8:8d:76:15:3c:96:df:f2:81:8c:d4:50:01:b6:d6:d1:
         f6:03:23:0e:65:1b:59:b0:b1:b5:ce:c1:25:b5:ec:a9:71:23:
         2a:42:91:b7:16:d1:95:e3:a7:1a:05:26:d4:aa:bf:56:49:93:
         55:3c:a2:c1:59:42:e4:d5:39:19:c8:66:65:09:95:7e:84:b5:
         ea:3e:b3:d6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYeUVcVZER9mbUPwjAbGDTTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDE4MTIyNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjdjOTI5ZWM2YTQwOGFlYmZmZDE5NTk4ZWY5NzhmNjhkMThhNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPRWZWotj2IoU8YSSj7E1rKUBNSD
gfCps4xXsMhwnNkbO+X2AS5XC+Lw6fwG281eLDsuXPWJk+OxdN24wILOxAsk2U9Q
NSo4a1cyJ8c54O4QnNBhAocF2cvs3Wg1og8Fj7ntTeFNvqM3KOBDWMS+orcYX6HL
QWG17gNT/YEuTNfA4AsYH7RWtvQOfnAE5pm4RwhDQHmm/ymeWk5Pb77ImGf4n1l1
eODCvJttH37YBlkmYw989jTDtZ95qBqBKhNzp8CJbI9+PhpVEmccPEocTqHujzF+
rkLGhkVvQj3QJN9baP505cGk5VkLtoo+WnGA1c0nHqK8TU9cgVQzvxxiSQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNZ8kp7GpAiuv/0ZWY75ePaNGKQaMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMW55U25zYWtDSzZfX1JsWmp2bDQ5bzBZcEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWS9ZAwQA
ueVrAwQAueb6MA0GCSqGSIb3DQEBCwUAA4IBAQA9FV/GME4Vu3rziX746lykp0BN
PIMxrGgHvRbjMSffgNQ6kTcCQb7fUdG5n/YPdqjmPczGp8J7GrfCYxrx2CJG0NTT
iDhH/JPpqv06hTMzjvJ0NvS9aQnsiUYhM58voJkSjDFxYyAfUQYTBGP+bPrtmzmm
dC7yntZyR0rHBEHD//YgEALWPp9qT+pWmE//VHxn4xuAcZCgg0tC+siyN3UIRjWi
X739GYDK7bI9RQho0EGxqADt56iNdhU8lt/ygYzUUAG21tH2AyMOZRtZsLG1zsEl
teypcSMqQpG3FtGV46caBSbUqr9WSZNVPKLBWULk1TkZyGZlCZV+hLXqPrPW
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org