Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/355NQwmQvupUw1wtO20yJoevXXs.roa
File:                     355NQwmQvupUw1wtO20yJoevXXs.roa (raw, json)
Hash identifier:          KuedJ3L776jSPaPsxQswkCN5+ubraff6olaQ3wmrW18=
Subject key identifier:   DF:9E:4D:43:09:90:BE:EA:54:C3:5C:2D:3B:6D:32:26:87:AF:5D:7B
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01869D36A54530A8702F72074B302E3A6BCF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/355NQwmQvupUw1wtO20yJoevXXs.roa
Signing time:             Wed 01 Mar 2023 12:47:29 +0000
ROA not before:           Wed 01 Mar 2023 12:47:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        93.115.254.0/23 maxlen: 24
                          89.40.76.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          193.42.52.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          213.32.251.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          91.188.204.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:9d:36:a5:45:30:a8:70:2f:72:07:4b:30:2e:3a:6b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  1 12:47:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df9e4d430990beea54c35c2d3b6d322687af5d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:53:2d:ac:b2:6f:29:fc:aa:5a:ff:5f:e6:a5:
                    19:31:8e:e5:b3:e2:59:00:4e:45:ff:8b:77:19:a5:
                    4a:32:19:2b:06:b7:39:69:04:5f:1f:74:47:8e:f3:
                    68:30:40:07:fa:39:23:a7:79:95:da:92:e8:9d:a9:
                    49:d3:de:80:cc:35:60:d9:10:ef:17:e0:91:44:d3:
                    b8:e6:27:93:b9:33:7c:d5:66:64:2b:6f:be:8d:df:
                    78:f8:59:cb:b1:42:7c:d0:3d:3d:9b:c2:25:d4:54:
                    bf:83:5e:ea:96:a6:ba:e3:1d:fc:4e:0d:9b:24:aa:
                    77:7f:5a:24:d0:bf:3c:25:dc:e3:4d:f4:68:fe:72:
                    dd:64:97:39:eb:f0:ef:d0:43:d5:6f:e3:d1:a3:49:
                    f5:74:2c:bc:4d:a6:5f:1d:b0:55:63:92:ee:3f:ce:
                    24:4a:57:e4:2e:71:bb:2b:bf:c6:9b:14:34:29:1a:
                    5a:1c:39:6c:99:34:fc:88:8f:68:0c:88:57:13:55:
                    72:c0:af:b1:40:25:62:b3:54:21:29:f0:22:a0:95:
                    da:7c:1d:1c:d9:21:cf:43:55:45:95:96:bb:11:6a:
                    1f:76:ea:42:90:66:00:74:b6:02:2d:74:ce:2d:b7:
                    39:db:4c:0b:ba:42:f1:3f:85:ec:5e:27:4b:3e:44:
                    d1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9E:4D:43:09:90:BE:EA:54:C3:5C:2D:3B:6D:32:26:87:AF:5D:7B
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/355NQwmQvupUw1wtO20yJoevXXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.148.0/23
                  89.40.76.0/24
                  91.188.204.0/24
                  93.115.254.0/23
                  185.103.72.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.169.0-185.255.171.255
                  193.42.52.0/24
                  213.32.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:d2:c0:50:24:1a:2a:65:ac:27:8e:25:c0:77:24:83:af:ad:
         86:f9:5e:99:3d:a8:c8:86:3a:5f:b8:f9:8c:ea:89:93:7b:f6:
         81:4e:dc:b3:30:e0:3a:4a:b0:e9:98:16:a8:bf:e4:b3:a3:06:
         e6:8a:63:37:04:e3:57:af:e8:33:02:95:3f:ab:0b:22:b4:64:
         a8:3a:f4:b5:ac:8c:41:72:b6:c9:1a:af:03:d2:d4:53:ab:75:
         a0:5a:2c:c0:71:2f:77:57:60:9e:33:81:e5:06:ab:8c:1e:c7:
         3b:73:28:97:cb:85:f8:54:08:c3:1c:d3:bb:ca:c4:1d:79:4b:
         18:6c:93:f5:38:7a:6b:2e:e4:86:b9:19:e5:c7:16:fa:d4:53:
         e9:d7:28:7e:97:95:43:38:0c:07:23:c3:d3:77:58:c5:b1:59:
         91:b0:0b:39:83:47:4a:30:3a:2e:c3:e9:32:aa:43:d0:8e:bd:
         73:b7:27:6a:93:0f:06:b2:2d:b6:d4:3c:97:64:ac:ce:3c:93:
         fb:67:0d:c6:26:c0:e1:e7:c2:97:9e:47:db:ae:25:2e:4c:51:
         ae:24:bb:f4:fa:8c:80:c3:71:dd:18:60:d5:b4:01:07:94:72:
         4a:e5:f6:ea:22:9a:ff:a8:77:de:6b:59:33:d9:fa:2e:ad:b8:
         ee:86:61:0b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYadNqVFMKhwL3IHSzAuOmvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzAxMTI0NzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjllNGQ0MzA5OTBiZWVhNTRjMzVjMmQzYjZkMzIyNjg3YWY1ZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFMtrLJvKfyqWv9f5qUZMY7ls+JZ
AE5F/4t3GaVKMhkrBrc5aQRfH3RHjvNoMEAH+jkjp3mV2pLonalJ096AzDVg2RDv
F+CRRNO45ieTuTN81WZkK2++jd94+FnLsUJ80D09m8Il1FS/g17qlqa64x38Tg2b
JKp3f1ok0L88JdzjTfRo/nLdZJc56/Dv0EPVb+PRo0n1dCy8TaZfHbBVY5LuP84k
SlfkLnG7K7/GmxQ0KRpaHDlsmTT8iI9oDIhXE1VywK+xQCVis1QhKfAioJXafB0c
2SHPQ1VFlZa7EWofdupCkGYAdLYCLXTOLbc520wLukLxP4XsXidLPkTRawIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFN+eTUMJkL7qVMNcLTttMiaHr117MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMzU1TlF3bVF2dXBVdzF3dE8yMHlKb2V2WFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBV/eUAwQA
WShMAwQAW7zMAwQBXXP+AwQAuWdIAwQAue4KAwQBufHSMAwDBAC5/6kDBAK5/6gD
BADBKjQDBADVIPswDQYJKoZIhvcNAQELBQADggEBABPSwFAkGiplrCeOJcB3JIOv
rYb5Xpk9qMiGOl+4+YzqiZN79oFO3LMw4DpKsOmYFqi/5LOjBuaKYzcE41ev6DMC
lT+rCyK0ZKg69LWsjEFytskarwPS1FOrdaBaLMBxL3dXYJ4zgeUGq4wexztzKJfL
hfhUCMMc07vKxB15Sxhsk/U4emsu5Ia5GeXHFvrUU+nXKH6XlUM4DAcjw9N3WMWx
WZGwCzmDR0owOi7D6TKqQ9COvXO3J2qTDwayLbbUPJdkrM48k/tnDcYmwOHnwpee
R9uuJS5MUa4ku/T6jIDDcd0YYNW0AQeUckrl9uoimv+od95rWTPZ+i6tuO6GYQs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org