Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3Oqd4ECphsIOI-FB17WW_STgP2I.roa
File:                     3Oqd4ECphsIOI-FB17WW_STgP2I.roa (raw, json)
Hash identifier:          YWXHs/HyjDdQzUcGY1UTWy5KJzIrLCZgjENOzGX4rvc=
Subject key identifier:   DC:EA:9D:E0:40:A9:86:C2:0E:23:E1:41:D7:B5:96:FD:24:E0:3F:62
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0187512B734EFEF49CCC5944AE3C2BC6164E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3Oqd4ECphsIOI-FB17WW_STgP2I.roa
Signing time:             Wed 05 Apr 2023 11:26:54 +0000
ROA not before:           Wed 05 Apr 2023 11:26:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        78.142.242.0/24 maxlen: 24
                          188.214.27.0/24 maxlen: 24
                          78.142.243.0/24 maxlen: 24
                          185.9.55.0/24 maxlen: 24
                          194.4.157.0/24 maxlen: 24
                          103.205.27.0/24 maxlen: 24
                          185.103.75.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:51:2b:73:4e:fe:f4:9c:cc:59:44:ae:3c:2b:c6:16:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  5 11:26:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dcea9de040a986c20e23e141d7b596fd24e03f62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2b:93:28:be:17:62:a6:c9:c5:4f:2e:61:ab:
                    fb:10:e5:21:f4:6a:3d:1e:98:fe:c9:9a:57:af:a6:
                    6f:86:35:04:37:b0:ba:93:01:0b:a5:8a:40:be:bb:
                    18:96:03:a8:5c:77:e5:af:3b:43:a9:81:cf:16:2d:
                    eb:d2:96:87:d4:c7:92:93:d8:33:be:16:29:f9:00:
                    f7:c7:37:f6:34:d2:5f:a7:ca:db:97:92:a1:0e:61:
                    3f:3b:1f:14:a9:6e:a2:cf:f7:83:33:75:fe:e2:dd:
                    4c:1c:47:0f:ca:41:22:3a:61:88:7c:9e:b7:b7:b3:
                    16:0f:5d:b2:0e:ae:9d:90:d2:1b:d8:8e:32:0e:5f:
                    60:62:af:8a:68:98:0f:55:18:69:1e:4f:69:2c:ac:
                    f2:60:97:72:60:01:24:3d:66:34:04:36:91:19:bb:
                    da:a0:4d:ec:c0:5d:95:16:aa:fc:3c:bc:c4:c0:53:
                    60:5f:50:7c:aa:33:76:40:68:1f:84:82:f8:e1:da:
                    49:49:87:90:68:81:ee:cf:db:64:df:03:1f:d0:d6:
                    8d:23:49:27:3c:0d:f6:00:42:ff:6a:3e:61:d2:ca:
                    d7:4c:09:d9:d4:80:1b:46:88:8a:d5:be:24:cf:12:
                    7c:bb:2d:1f:3a:99:95:50:a1:85:12:50:db:04:a6:
                    d4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:EA:9D:E0:40:A9:86:C2:0E:23:E1:41:D7:B5:96:FD:24:E0:3F:62
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3Oqd4ECphsIOI-FB17WW_STgP2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.242.0/23
                  103.205.27.0/24
                  185.9.55.0/24
                  185.103.75.0/24
                  188.214.27.0/24
                  194.4.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:cb:b2:68:51:f8:cb:d7:4c:aa:2d:37:61:5e:0a:35:a2:38:
         9c:e9:e4:02:f6:fa:e2:46:8e:ec:10:60:67:97:dc:7b:4a:6d:
         ee:06:38:4a:e8:b1:3d:0a:dc:09:4c:9e:5d:c2:0c:4a:19:f8:
         87:31:33:d6:a9:13:e1:a7:16:62:01:7d:dc:ee:39:01:6e:7b:
         87:97:a1:c8:91:32:35:93:19:33:8a:42:58:8f:b9:c9:28:20:
         2a:10:aa:60:bc:8e:2d:b2:79:af:74:7b:5c:d2:06:83:bb:67:
         67:bf:37:4d:7e:60:3e:24:a1:85:08:f5:de:b9:64:45:6d:6d:
         4d:cd:b7:24:13:59:49:a8:40:b9:aa:a2:3e:2c:03:4f:02:ff:
         a1:f4:06:4d:41:e1:e6:40:c5:66:3f:08:43:75:c0:81:ca:49:
         0d:18:ad:9b:78:4c:c0:21:92:74:7e:10:79:d4:46:95:18:fe:
         cf:79:f5:36:ee:8a:6d:ad:95:02:93:59:0b:86:18:71:92:53:
         82:be:fb:86:74:56:d4:84:45:bd:8f:b3:d0:30:f4:c7:f5:9f:
         79:a4:97:04:35:55:9b:72:af:d6:87:d7:78:fd:32:2c:83:24:
         fa:91:05:b1:0c:8e:d4:ca:28:8e:ad:66:55:b5:5a:d5:59:ce:
         08:0f:c8:5a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYdRK3NO/vSczFlErjwrxhZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA1MTEyNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2VhOWRlMDQwYTk4NmMyMGUyM2UxNDFkN2I1OTZmZDI0ZTAzZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCuTKL4XYqbJxU8uYav7EOUh9Go9
Hpj+yZpXr6ZvhjUEN7C6kwELpYpAvrsYlgOoXHflrztDqYHPFi3r0paH1MeSk9gz
vhYp+QD3xzf2NNJfp8rbl5KhDmE/Ox8UqW6iz/eDM3X+4t1MHEcPykEiOmGIfJ63
t7MWD12yDq6dkNIb2I4yDl9gYq+KaJgPVRhpHk9pLKzyYJdyYAEkPWY0BDaRGbva
oE3swF2VFqr8PLzEwFNgX1B8qjN2QGgfhIL44dpJSYeQaIHuz9tk3wMf0NaNI0kn
PA32AEL/aj5h0srXTAnZ1IAbRoiK1b4kzxJ8uy0fOpmVUKGFElDbBKbULwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNzqneBAqYbCDiPhQde1lv0k4D9iMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvM09xZDRFQ3Boc0lPSS1GQjE3V1dfU1RnUDJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBTo7yAwQA
Z80bAwQAuQk3AwQAuWdLAwQAvNYbAwQAwgSdMA0GCSqGSIb3DQEBCwUAA4IBAQBT
y7JoUfjL10yqLTdhXgo1ojic6eQC9vriRo7sEGBnl9x7Sm3uBjhK6LE9CtwJTJ5d
wgxKGfiHMTPWqRPhpxZiAX3c7jkBbnuHl6HIkTI1kxkzikJYj7nJKCAqEKpgvI4t
snmvdHtc0gaDu2dnvzdNfmA+JKGFCPXeuWRFbW1NzbckE1lJqEC5qqI+LANPAv+h
9AZNQeHmQMVmPwhDdcCBykkNGK2beEzAIZJ0fhB51EaVGP7PefU27optrZUCk1kL
hhhxklOCvvuGdFbUhEW9j7PQMPTH9Z95pJcENVWbcq/Wh9d4/TIsgyT6kQWxDI7U
yiiOrWZVtVrVWc4ID8ha
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org