Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5_8mJAvZKSQAm3Feh_DHDTOMz5E.roa
File:                     5_8mJAvZKSQAm3Feh_DHDTOMz5E.roa (raw, json)
Hash identifier:          ocigfgzs2vKAVgEBOj0JlZJRFRb949ZHELLJo7+K+DY=
Subject key identifier:   E7:FF:26:24:0B:D9:29:24:00:9B:71:5E:87:F0:C7:0D:33:8C:CF:91
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0188B0AB1BB8C78DAB5B4532B045F907DFD4
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5_8mJAvZKSQAm3Feh_DHDTOMz5E.roa
Signing time:             Mon 12 Jun 2023 17:33:03 +0000
ROA not before:           Mon 12 Jun 2023 17:33:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        185.121.229.0/24 maxlen: 24
                          194.4.158.0/24 maxlen: 24
                          93.114.246.0/24 maxlen: 24
                          185.103.74.0/24 maxlen: 24
                          213.32.248.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b0:ab:1b:b8:c7:8d:ab:5b:45:32:b0:45:f9:07:df:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jun 12 17:33:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e7ff26240bd92924009b715e87f0c70d338ccf91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:de:87:16:4a:cd:61:5c:12:1c:86:73:f3:43:
                    f4:da:f4:9e:d2:97:54:18:fb:8a:63:63:4e:a7:a1:
                    e3:70:27:5f:36:f1:95:07:14:30:88:3a:da:c6:fe:
                    1d:2b:2b:22:6d:75:b6:bc:b5:fe:19:e3:4f:5e:00:
                    30:a5:dd:be:db:ca:f7:70:9e:07:5c:13:37:28:d7:
                    a8:34:43:2a:51:89:9b:8a:53:a5:84:d3:61:65:ba:
                    ee:f4:4e:87:1a:85:92:18:3e:a7:77:47:b6:0d:e0:
                    e9:d1:f2:75:c7:b1:4d:fa:3e:15:f9:81:13:01:d6:
                    f9:dd:a7:c2:88:46:58:e0:02:6a:c0:fc:e9:5c:05:
                    96:88:cb:91:31:cd:0c:88:fb:eb:b0:2b:17:1c:76:
                    69:47:41:6d:cd:9e:1a:f9:c1:87:0b:33:0f:38:f7:
                    65:42:5a:6c:4d:4d:00:c3:58:6d:80:fc:93:37:d6:
                    d3:a6:6b:d6:7c:fd:0c:72:29:08:cd:09:19:7f:38:
                    f5:49:ab:8a:89:1a:d3:37:26:13:ea:55:4e:46:44:
                    ca:98:12:e0:ee:5b:06:cb:62:ba:31:2e:63:55:ef:
                    d7:dc:bb:c9:b1:a6:ee:10:2e:cd:69:cb:39:7f:60:
                    79:e0:81:f0:60:43:10:86:66:9e:f2:0d:d9:a5:58:
                    fc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:FF:26:24:0B:D9:29:24:00:9B:71:5E:87:F0:C7:0D:33:8C:CF:91
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5_8mJAvZKSQAm3Feh_DHDTOMz5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.246.0/24
                  185.103.74.0/24
                  185.121.229.0/24
                  194.4.158.0/24
                  213.32.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:7e:d2:41:6b:69:00:bf:52:0c:2e:bb:db:80:73:14:65:ed:
         d9:67:a9:65:87:2b:85:45:9e:ce:c7:80:ad:f5:9c:c1:3f:d4:
         ef:aa:55:fe:72:a9:21:67:fc:a2:a7:b1:d5:58:de:ea:be:76:
         cc:e0:1b:9f:f8:fe:f5:08:2f:14:dd:f3:bc:d5:69:8f:46:34:
         77:84:26:28:11:ff:ff:f4:62:0d:8a:83:4c:21:4c:ca:19:91:
         fd:7e:65:33:5b:ad:31:50:df:f4:af:10:4e:f0:27:a0:8f:15:
         9e:6f:37:bd:b4:4b:c8:5f:b7:8d:c6:4c:95:a4:d0:db:7e:df:
         d9:3f:7c:e4:30:9c:42:40:1f:8d:e2:47:f4:d0:3d:c7:2f:35:
         83:76:f2:0e:56:91:49:f7:c2:e2:ee:43:dc:35:12:32:2b:14:
         9f:7c:cb:24:67:b5:12:91:2e:50:5d:ca:e0:fb:e4:56:cd:81:
         07:06:76:bd:9d:c0:59:b5:a2:7d:e8:11:3d:5f:e4:29:7f:0e:
         53:5d:79:da:87:34:ae:1c:fd:42:5e:fe:58:9b:8f:25:b8:b0:
         ec:34:71:47:c0:64:53:4a:da:1b:a8:f8:a3:2e:15:d6:5b:e8:
         7e:60:b6:f7:54:bc:57:c7:03:01:98:ba:06:4b:1e:96:f8:08:
         27:cd:a7:ff
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYiwqxu4x42rW0UysEX5B9/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjEyMTczMzAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ZmMjYyNDBiZDkyOTI0MDA5YjcxNWU4N2YwYzcwZDMzOGNjZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd6HFkrNYVwSHIZz80P02vSe0pdU
GPuKY2NOp6HjcCdfNvGVBxQwiDraxv4dKysibXW2vLX+GeNPXgAwpd2+28r3cJ4H
XBM3KNeoNEMqUYmbilOlhNNhZbru9E6HGoWSGD6nd0e2DeDp0fJ1x7FN+j4V+YET
Adb53afCiEZY4AJqwPzpXAWWiMuRMc0MiPvrsCsXHHZpR0FtzZ4a+cGHCzMPOPdl
QlpsTU0Aw1htgPyTN9bTpmvWfP0McikIzQkZfzj1SauKiRrTNyYT6lVORkTKmBLg
7lsGy2K6MS5jVe/X3LvJsabuEC7Nacs5f2B54IHwYEMQhmae8g3ZpVj8YwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOf/JiQL2SkkAJtxXofwxw0zjM+RMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNV84bUpBdlpLU1FBbTNGZWhfREhEVE9NejVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAXXL2AwQA
uWdKAwQAuXnlAwQAwgSeAwQA1SD4MA0GCSqGSIb3DQEBCwUAA4IBAQBdftJBa2kA
v1IMLrvbgHMUZe3ZZ6llhyuFRZ7Ox4Ct9ZzBP9TvqlX+cqkhZ/yip7HVWN7qvnbM
4Buf+P71CC8U3fO81WmPRjR3hCYoEf//9GINioNMIUzKGZH9fmUzW60xUN/0rxBO
8CegjxWebze9tEvIX7eNxkyVpNDbft/ZP3zkMJxCQB+N4kf00D3HLzWDdvIOVpFJ
98Li7kPcNRIyKxSffMskZ7USkS5QXcrg++RWzYEHBna9ncBZtaJ96BE9X+Qpfw5T
XXnahzSuHP1CXv5Ym48luLDsNHFHwGRTStobqPijLhXWW+h+YLb3VLxXxwMBmLoG
Sx6W+Agnzaf/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org