Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2Chmc5sru-OKPkJT4uD3Tb8ik-s.roa
File:                     2Chmc5sru-OKPkJT4uD3Tb8ik-s.roa (raw, json)
Hash identifier:          2CvSNLa5euWHm14XAMU3TuM7PE8Mj67lb6EP9T/A+Kg=
Subject key identifier:   D8:28:66:73:9B:2B:BB:E3:8A:3E:42:53:E2:E0:F7:4D:BF:22:93:EB
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018721E7BA18D876B03FB3578B4CF9A4787D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2Chmc5sru-OKPkJT4uD3Tb8ik-s.roa
Signing time:             Mon 27 Mar 2023 07:10:47 +0000
ROA not before:           Mon 27 Mar 2023 07:10:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     135752
IP address blocks:        178.239.203.0/24 maxlen: 24
                          89.40.160.0/24 maxlen: 24
                          185.9.55.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:21:e7:ba:18:d8:76:b0:3f:b3:57:8b:4c:f9:a4:78:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 27 07:10:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d82866739b2bbbe38a3e4253e2e0f74dbf2293eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:40:6a:7f:7b:5a:3b:9a:3c:3b:eb:7b:07:fc:
                    9f:81:89:85:31:54:eb:ce:4a:c7:62:f7:ac:66:fb:
                    86:bd:55:1e:ca:f1:d4:42:de:b2:9f:e5:05:3a:ff:
                    ec:4b:67:42:6b:2c:92:13:33:bd:2c:35:3b:0f:80:
                    f7:00:98:fc:6b:0a:dd:40:1f:e2:11:4e:28:60:38:
                    c6:77:13:ca:6d:61:70:c5:31:d9:f1:98:57:4a:5a:
                    ff:b9:25:dc:66:43:10:b7:97:47:5f:00:68:2f:84:
                    b0:d4:00:7f:ed:04:c5:74:4a:52:ec:a9:b7:c5:ad:
                    8c:d9:2f:0f:69:67:58:7a:98:44:33:2d:a5:cf:60:
                    fd:8c:ac:8e:fc:ac:85:6b:01:df:c3:ee:79:30:52:
                    f6:33:e7:cb:37:81:4a:aa:a6:7b:cd:d9:b6:09:35:
                    f0:27:3b:47:84:94:28:d1:e3:b3:dc:cc:91:27:55:
                    cb:7c:38:ce:d0:32:e3:56:98:7e:89:a1:00:97:d5:
                    ce:0c:e3:4a:4d:bc:f8:8e:eb:fe:16:3d:4a:fa:ce:
                    13:71:4b:37:77:70:a4:59:77:75:53:b4:9b:5e:d5:
                    a2:e8:76:b8:b5:87:4c:2a:59:44:0c:a9:82:7a:b3:
                    a8:97:8e:dd:06:56:c4:f7:ee:f6:9e:4b:e3:96:86:
                    5b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:28:66:73:9B:2B:BB:E3:8A:3E:42:53:E2:E0:F7:4D:BF:22:93:EB
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2Chmc5sru-OKPkJT4uD3Tb8ik-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.160.0/24
                  178.239.203.0/24
                  185.9.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:f5:6d:3e:ba:ae:b0:c9:ff:cb:7d:ef:54:c4:c7:3a:cb:fd:
         cf:56:ce:03:60:39:88:e3:9d:3d:9e:df:4a:00:c1:e9:0a:59:
         56:8d:ce:7e:02:1e:f9:69:de:07:5c:4c:03:d7:2a:08:a7:b8:
         23:86:c5:7c:e5:39:8f:9c:3d:97:58:2d:de:e5:40:d4:68:ed:
         52:96:f5:18:80:c3:c9:cb:9d:96:dc:4f:3a:8e:c6:84:07:90:
         c3:de:1c:2f:46:fe:b9:7f:a5:c2:e8:d1:00:cc:da:4d:18:96:
         1b:e4:c4:b7:dc:c1:24:7c:82:6a:63:98:60:99:3a:e8:85:8a:
         d1:f9:ba:28:ae:7d:21:5f:c8:d4:f8:da:a3:2d:01:dc:5b:06:
         37:d2:18:78:bb:b7:55:87:48:93:a7:7a:55:68:da:7b:87:80:
         9a:68:72:b4:9d:e8:e7:0d:4a:6b:61:52:90:3a:79:fb:87:85:
         8d:46:1d:c6:50:43:5e:df:c2:78:84:43:e7:2a:76:d2:78:f7:
         89:79:fe:68:7c:ac:d6:4b:62:e6:83:5d:73:5f:68:f9:e3:b7:
         f3:3c:c3:6b:19:4f:20:95:44:58:1c:7c:30:bf:c0:99:b8:48:
         29:2b:5d:06:ba:dd:af:4a:4f:fd:c7:28:95:1d:67:c3:09:75:
         89:7f:44:82
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYch57oY2HawP7NXi0z5pHh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MDcxMDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODI4NjY3MzliMmJiYmUzOGEzZTQyNTNlMmUwZjc0ZGJmMjI5M2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEBqf3taO5o8O+t7B/yfgYmFMVTr
zkrHYvesZvuGvVUeyvHUQt6yn+UFOv/sS2dCayySEzO9LDU7D4D3AJj8awrdQB/i
EU4oYDjGdxPKbWFwxTHZ8ZhXSlr/uSXcZkMQt5dHXwBoL4Sw1AB/7QTFdEpS7Km3
xa2M2S8PaWdYephEMy2lz2D9jKyO/KyFawHfw+55MFL2M+fLN4FKqqZ7zdm2CTXw
JztHhJQo0eOz3MyRJ1XLfDjO0DLjVph+iaEAl9XODONKTbz4juv+Fj1K+s4TcUs3
d3CkWXd1U7SbXtWi6Ha4tYdMKllEDKmCerOol47dBlbE9+72nkvjloZb9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNgoZnObK7vjij5CU+Lg902/IpPrMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMkNobWM1c3J1LU9LUGtKVDR1RDNUYjhpay1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSigAwQA
su/LAwQAuQk3MA0GCSqGSIb3DQEBCwUAA4IBAQAL9W0+uq6wyf/Lfe9UxMc6y/3P
Vs4DYDmI4509nt9KAMHpCllWjc5+Ah75ad4HXEwD1yoIp7gjhsV85TmPnD2XWC3e
5UDUaO1SlvUYgMPJy52W3E86jsaEB5DD3hwvRv65f6XC6NEAzNpNGJYb5MS33MEk
fIJqY5hgmTrohYrR+boorn0hX8jU+NqjLQHcWwY30hh4u7dVh0iTp3pVaNp7h4Ca
aHK0nejnDUprYVKQOnn7h4WNRh3GUENe38J4hEPnKnbSePeJef5ofKzWS2Lmg11z
X2j547fzPMNrGU8glURYHHwwv8CZuEgpK10Gut2vSk/9xyiVHWfDCXWJf0SC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org