Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CpIewBVoKNlXgFqNbutydvlujwk.roa
File:                     CpIewBVoKNlXgFqNbutydvlujwk.roa (raw, json)
Hash identifier:          mFyIv9gvv4zYrTLR0Ceeqnb7jotKlboirisxkoz/79s=
Subject key identifier:   0A:92:1E:C0:15:68:28:D9:57:80:5A:8D:6E:EB:72:76:F9:6E:8F:09
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0187483D61B8E7D586E29F1A9B6C8002BC65
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CpIewBVoKNlXgFqNbutydvlujwk.roa
Signing time:             Mon 03 Apr 2023 17:49:54 +0000
ROA not before:           Mon 03 Apr 2023 17:49:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        193.19.106.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:48:3d:61:b8:e7:d5:86:e2:9f:1a:9b:6c:80:02:bc:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  3 17:49:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a921ec0156828d957805a8d6eeb7276f96e8f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a9:f8:77:2d:99:bf:40:8d:ba:39:bf:d0:8d:
                    24:f9:16:27:74:65:6d:e4:9b:04:f0:9c:87:aa:f0:
                    d0:fa:54:cf:a0:39:ea:d8:e2:a0:74:d6:38:a0:92:
                    a0:8a:bf:d1:fd:1a:cc:73:38:30:14:1b:e2:cd:6a:
                    6b:0d:7f:84:7f:c3:ae:fd:29:b4:4a:49:70:fa:7f:
                    38:b3:6b:b7:ea:18:9d:80:ff:3a:2e:db:32:b0:54:
                    73:0d:2e:dd:e7:a9:f5:39:31:0c:5c:69:8a:54:7a:
                    d7:55:5b:d0:83:05:0d:cc:ad:29:c9:11:cd:01:56:
                    4b:a9:ec:b3:c8:e8:fb:7c:06:61:81:12:df:93:fc:
                    93:16:87:ae:0e:89:4f:a4:40:fc:9d:8c:0b:42:c6:
                    00:2c:ff:2c:7f:53:74:fc:8c:5d:d0:40:79:46:f1:
                    bc:32:c3:ae:20:53:2b:7b:6e:ea:61:66:54:1a:60:
                    79:07:3a:7d:e7:22:fc:84:b3:d7:66:a8:34:08:e0:
                    af:cb:f1:ad:80:9a:38:c4:00:e6:12:46:5b:90:bf:
                    44:34:bc:30:3e:b8:89:d9:ef:d3:41:54:90:1b:3b:
                    77:ff:ce:07:a3:b0:4c:42:1a:dd:76:32:87:0e:20:
                    01:90:2f:09:fc:dc:5d:4b:a6:fa:7b:c9:78:99:bc:
                    55:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:92:1E:C0:15:68:28:D9:57:80:5A:8D:6E:EB:72:76:F9:6E:8F:09
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CpIewBVoKNlXgFqNbutydvlujwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.106.0/24
                  213.32.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:8c:67:1b:b7:f8:7b:78:32:59:73:e2:ff:9f:e0:6b:f0:13:
         21:e2:a6:47:20:f9:a2:84:88:60:b8:13:b4:d1:1d:07:19:08:
         60:8c:32:c5:bc:76:b6:5f:fa:27:19:35:7f:94:28:d9:ef:70:
         5e:37:05:37:2d:15:88:88:db:fb:a5:d0:87:ee:8a:84:28:79:
         84:2e:27:6f:f3:cb:7b:50:ec:2f:bd:00:dc:bc:f7:10:fa:dc:
         17:83:c2:30:cb:64:bd:5b:dc:9f:4a:8b:27:da:59:71:f2:5f:
         51:78:99:90:39:78:32:f3:3a:2c:23:58:67:fe:ea:ec:02:4b:
         dd:51:55:ad:ce:46:96:4e:81:44:73:1c:0e:07:dd:45:db:64:
         9e:2b:29:ca:7d:4d:86:cf:82:3e:a8:88:a7:ce:cc:a1:9e:d0:
         5a:38:37:48:c4:83:02:23:ac:79:45:fc:80:2b:82:76:ae:f8:
         da:3e:49:6a:21:9b:a2:f2:c0:9c:59:d7:d4:4d:f4:5c:3d:1d:
         a8:63:0b:33:0f:14:e4:bd:0a:25:cc:38:d1:69:e7:53:dc:8b:
         f9:28:3f:30:6a:90:f9:f9:4a:91:e4:92:68:97:8a:fe:9d:2e:
         80:81:47:d3:c1:fa:e5:6f:85:5e:b9:c2:aa:29:0d:73:d9:55:
         1c:82:11:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYdIPWG459WG4p8am2yAArxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDAzMTc0OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTkyMWVjMDE1NjgyOGQ5NTc4MDVhOGQ2ZWViNzI3NmY5NmU4ZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkan4dy2Zv0CNujm/0I0k+RYndGVt
5JsE8JyHqvDQ+lTPoDnq2OKgdNY4oJKgir/R/RrMczgwFBvizWprDX+Ef8Ou/Sm0
Sklw+n84s2u36hidgP86LtsysFRzDS7d56n1OTEMXGmKVHrXVVvQgwUNzK0pyRHN
AVZLqeyzyOj7fAZhgRLfk/yTFoeuDolPpED8nYwLQsYALP8sf1N0/Ixd0EB5RvG8
MsOuIFMre27qYWZUGmB5Bzp95yL8hLPXZqg0COCvy/GtgJo4xADmEkZbkL9ENLww
PriJ2e/TQVSQGzt3/84Ho7BMQhrddjKHDiABkC8J/NxdS6b6e8l4mbxVQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAqSHsAVaCjZV4BajW7rcnb5bo8JMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQ3BJZXdCVm9LTmxYZ0ZxTmJ1dHlkdmx1andrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRNqAwQA
1SD5MA0GCSqGSIb3DQEBCwUAA4IBAQBWjGcbt/h7eDJZc+L/n+Br8BMh4qZHIPmi
hIhguBO00R0HGQhgjDLFvHa2X/onGTV/lCjZ73BeNwU3LRWIiNv7pdCH7oqEKHmE
Lidv88t7UOwvvQDcvPcQ+twXg8Iwy2S9W9yfSosn2llx8l9ReJmQOXgy8zosI1hn
/ursAkvdUVWtzkaWToFEcxwOB91F22SeKynKfU2Gz4I+qIinzsyhntBaODdIxIMC
I6x5RfyAK4J2rvjaPklqIZui8sCcWdfUTfRcPR2oYwszDxTkvQolzDjRaedT3Iv5
KD8wapD5+UqR5JJol4r+nS6AgUfTwfrlb4VeucKqKQ1z2VUcghGc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org