Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3AefZAKVYb-rSEPheM_YmY0-iBE.roa
File:                     3AefZAKVYb-rSEPheM_YmY0-iBE.roa (raw, json)
Hash identifier:          miP5z4+q9nBQS0H2bqwMrfPZROYRwyn5N7xgGqAh7DQ=
Subject key identifier:   DC:07:9F:64:02:95:61:BF:AB:48:43:E1:78:CF:D8:99:8D:3E:88:11
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018654932058B33A639A658BEDE2E2D6E046
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3AefZAKVYb-rSEPheM_YmY0-iBE.roa
Signing time:             Wed 15 Feb 2023 10:16:13 +0000
ROA not before:           Wed 15 Feb 2023 10:16:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49981
IP address blocks:        185.115.147.0/24 maxlen: 24
                          45.130.201.0/24 maxlen: 24
                          77.75.61.0/24 maxlen: 24
                          185.244.138.0/24 maxlen: 24
                          223.27.112.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:54:93:20:58:b3:3a:63:9a:65:8b:ed:e2:e2:d6:e0:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 15 10:16:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc079f64029561bfab4843e178cfd8998d3e8811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7d:bd:c1:0f:7e:84:48:4a:41:55:fc:cd:26:
                    ba:44:a0:6f:44:05:d3:0e:40:35:85:92:92:b1:41:
                    83:d5:9f:e3:9c:74:4e:e9:da:b3:a1:cf:57:b0:17:
                    90:9c:82:55:27:0b:34:30:08:4b:13:ba:7a:3b:70:
                    38:03:86:97:75:a3:41:0a:c2:28:5c:c8:0c:e6:c2:
                    38:9b:59:ee:e8:65:4b:3a:08:71:46:70:3f:17:01:
                    a6:db:b7:a0:d2:68:e0:34:fa:28:de:c6:14:dd:be:
                    73:1d:07:67:a8:29:1d:fb:cf:20:e5:ae:9b:af:2f:
                    bb:7a:6d:1d:2c:ed:5f:e4:8e:04:17:9e:5f:99:40:
                    13:60:b6:26:a9:dc:48:fb:23:3e:74:05:52:88:54:
                    25:3b:9c:63:a2:00:f1:3e:5b:c9:cb:da:f2:b5:86:
                    9d:53:e8:e1:05:dc:5a:55:31:3e:6a:fd:b2:da:10:
                    2a:b7:ec:8c:0f:48:72:2e:2c:eb:dc:c8:a2:3d:00:
                    75:6b:81:e5:31:05:3a:4d:af:a8:ce:62:c9:fb:da:
                    4d:f6:11:a2:a5:e6:f0:cf:c2:6c:c1:b3:71:bc:b7:
                    e1:7e:6c:93:40:8b:8f:3f:f7:f2:dc:04:1f:58:62:
                    55:93:61:ef:12:ba:01:cb:7e:df:52:b7:6d:54:da:
                    53:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:07:9F:64:02:95:61:BF:AB:48:43:E1:78:CF:D8:99:8D:3E:88:11
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3AefZAKVYb-rSEPheM_YmY0-iBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.201.0/24
                  77.75.61.0/24
                  185.115.147.0/24
                  185.244.138.0/24
                  223.27.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:a4:6e:ea:33:37:0b:59:3f:43:00:86:a1:97:99:3f:b1:cd:
         65:5c:ed:69:69:1d:24:c1:86:b5:2a:1e:fd:b8:55:fa:38:56:
         98:3d:3b:df:1d:cf:a5:7b:3c:8f:a5:0a:43:d1:3a:75:57:06:
         24:18:43:07:95:c4:45:69:17:54:be:15:f2:7d:b9:e9:4d:69:
         ee:20:e7:fb:57:e5:36:64:75:a3:e6:b0:37:9b:ac:c7:b8:90:
         ec:67:71:91:e5:e5:d7:a3:a9:2a:79:58:d1:2d:e6:00:6b:10:
         12:df:73:52:ef:c7:1c:e0:e5:ab:f8:57:04:05:2e:91:b6:ea:
         5c:fd:49:f2:a9:74:3b:82:ff:db:7b:76:67:ae:0b:88:09:f2:
         81:97:51:b2:1e:df:a0:be:1d:19:a3:e1:00:9d:2d:e3:4f:f4:
         71:7b:e6:a2:df:75:77:d5:dd:d1:f6:4f:5e:fd:29:98:98:f0:
         e6:22:7e:30:c3:92:1b:86:b0:18:68:f8:2a:23:09:4b:0c:f5:
         9d:22:85:b1:28:be:42:8e:0c:da:04:41:44:cc:e4:07:eb:c7:
         fd:22:6c:b1:03:50:61:48:b7:17:da:c1:ff:e8:bb:59:9a:6c:
         ba:c7:a8:30:ef:0e:e0:04:ed:91:29:e1:85:8f:df:6a:57:0c:
         44:78:ac:bd
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYZUkyBYszpjmmWL7eLi1uBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjE1MTAxNjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzA3OWY2NDAyOTU2MWJmYWI0ODQzZTE3OGNmZDg5OThkM2U4ODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq329wQ9+hEhKQVX8zSa6RKBvRAXT
DkA1hZKSsUGD1Z/jnHRO6dqzoc9XsBeQnIJVJws0MAhLE7p6O3A4A4aXdaNBCsIo
XMgM5sI4m1nu6GVLOghxRnA/FwGm27eg0mjgNPoo3sYU3b5zHQdnqCkd+88g5a6b
ry+7em0dLO1f5I4EF55fmUATYLYmqdxI+yM+dAVSiFQlO5xjogDxPlvJy9rytYad
U+jhBdxaVTE+av2y2hAqt+yMD0hyLizr3MiiPQB1a4HlMQU6Ta+ozmLJ+9pN9hGi
pebwz8JswbNxvLfhfmyTQIuPP/fy3AQfWGJVk2HvEroBy37fUrdtVNpTRwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNwHn2QClWG/q0hD4XjP2JmNPogRMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvM0FlZlpBS1ZZYi1yU0VQaGVNX1ltWTAtaUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALYLJAwQA
TUs9AwQAuXOTAwQAufSKAwQA3xtwMA0GCSqGSIb3DQEBCwUAA4IBAQAypG7qMzcL
WT9DAIahl5k/sc1lXO1paR0kwYa1Kh79uFX6OFaYPTvfHc+lezyPpQpD0Tp1VwYk
GEMHlcRFaRdUvhXyfbnpTWnuIOf7V+U2ZHWj5rA3m6zHuJDsZ3GR5eXXo6kqeVjR
LeYAaxAS33NS78cc4OWr+FcEBS6Rtupc/UnyqXQ7gv/be3ZnrguICfKBl1GyHt+g
vh0Zo+EAnS3jT/Rxe+ai33V31d3R9k9e/SmYmPDmIn4ww5IbhrAYaPgqIwlLDPWd
IoWxKL5CjgzaBEFEzOQH68f9ImyxA1BhSLcX2sH/6LtZmmy6x6gw7w7gBO2RKeGF
j99qVwxEeKy9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org