Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FmnyVtJCk3tOt02x-aZVWEK11w0.roa
File:                     FmnyVtJCk3tOt02x-aZVWEK11w0.roa (raw, json)
Hash identifier:          LXwZ2PrnSc9wEpiVCFvn1l+Hgpy6wtD5YcGRfXX7w/4=
Subject key identifier:   16:69:F2:56:D2:42:93:7B:4E:B7:4D:B1:F9:A6:55:58:42:B5:D7:0D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018634D04028717D311956F957A54F53DF53
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FmnyVtJCk3tOt02x-aZVWEK11w0.roa
Signing time:             Thu 09 Feb 2023 06:15:08 +0000
ROA not before:           Thu 09 Feb 2023 06:15:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2914
IP address blocks:        192.166.212.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:34:d0:40:28:71:7d:31:19:56:f9:57:a5:4f:53:df:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb  9 06:15:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1669f256d242937b4eb74db1f9a6555842b5d70d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bb:2b:28:c5:a1:5b:b3:b3:5f:e3:17:c3:f2:
                    e5:b8:90:9d:d3:87:e9:0a:b8:92:00:d3:89:26:a2:
                    ec:7a:97:84:3d:8a:f5:36:3d:30:eb:c6:17:57:25:
                    93:8b:45:e3:ce:13:da:99:4d:ac:98:e9:7d:ee:01:
                    de:e3:8b:b4:d8:e3:0b:c1:1c:a0:49:e7:0a:ea:b4:
                    4c:40:16:68:fa:4d:5c:a5:65:71:ca:d5:c9:eb:b6:
                    9e:62:b8:9b:af:15:85:01:17:df:b0:bc:2a:fa:bc:
                    12:41:8f:b8:0e:76:c1:35:59:ae:d8:47:5a:08:af:
                    d5:87:00:27:98:8c:ae:9c:57:b7:a5:76:79:a6:a3:
                    7a:c4:a6:ff:a4:db:f3:40:9d:68:96:73:6d:c8:39:
                    d6:14:86:a8:82:c5:7c:6c:dc:09:a3:10:da:9b:cd:
                    07:01:7a:5a:92:2f:00:9b:49:e9:88:d7:a9:67:dc:
                    1d:16:fe:03:d3:74:8a:ce:ba:6a:79:98:64:39:71:
                    80:5f:79:c9:20:e0:2e:8e:b7:4e:28:1c:83:b0:a5:
                    6d:3e:7c:ec:f7:81:00:1f:ed:79:f5:e9:26:00:a7:
                    aa:51:eb:b1:08:d8:b3:72:43:2f:7b:3c:d5:f6:43:
                    c4:79:3a:88:d9:4a:44:79:14:1a:73:f6:94:18:7e:
                    f2:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:69:F2:56:D2:42:93:7B:4E:B7:4D:B1:F9:A6:55:58:42:B5:D7:0D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FmnyVtJCk3tOt02x-aZVWEK11w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:3a:d4:33:a4:2d:a6:1f:13:df:c8:af:e2:1c:b2:07:28:ab:
         dc:e3:e0:b6:b4:48:30:ab:f4:14:44:c4:ef:2d:e5:f1:cd:a1:
         94:9d:6b:b1:c5:2f:66:96:e9:9b:18:da:5d:83:05:3c:4e:18:
         1f:c4:98:d2:75:17:01:d4:97:a9:4e:29:8c:86:86:8a:9b:11:
         19:4e:f6:50:cf:a6:90:be:64:35:71:5c:ea:2d:ab:69:4b:53:
         e8:90:7d:86:21:1d:8a:ad:b0:03:83:09:5b:1d:c9:83:34:26:
         ca:41:5a:a8:a1:1f:62:89:49:66:7c:16:28:eb:c6:c9:d6:55:
         fe:81:8a:38:50:90:4b:60:43:0e:a7:88:cc:03:4f:b7:66:23:
         0c:77:db:ab:a8:83:f2:8c:82:2f:01:e7:c6:b3:d1:b7:5f:90:
         96:1c:c3:1d:b8:99:66:7f:b1:9e:cb:56:ba:a1:52:17:dc:8b:
         54:a6:d1:cd:31:e2:02:53:a9:d5:21:0e:2e:5f:75:fc:3f:82:
         4e:b4:87:fa:0e:32:ff:d4:81:e4:b5:75:4c:5c:b3:4a:ef:4c:
         ab:ce:07:d8:86:08:5e:b8:6c:dc:29:00:a3:6c:59:70:cc:02:
         f9:53:d4:14:5e:35:09:09:e3:cd:41:fe:98:fe:b0:72:df:9a:
         a4:ad:b3:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYY00EAocX0xGVb5V6VPU99TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjA5MDYxNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjY5ZjI1NmQyNDI5MzdiNGViNzRkYjFmOWE2NTU1ODQyYjVkNzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7srKMWhW7OzX+MXw/LluJCd04fp
CriSANOJJqLsepeEPYr1Nj0w68YXVyWTi0XjzhPamU2smOl97gHe44u02OMLwRyg
SecK6rRMQBZo+k1cpWVxytXJ67aeYribrxWFARffsLwq+rwSQY+4DnbBNVmu2Eda
CK/VhwAnmIyunFe3pXZ5pqN6xKb/pNvzQJ1olnNtyDnWFIaogsV8bNwJoxDam80H
AXpaki8Am0npiNepZ9wdFv4D03SKzrpqeZhkOXGAX3nJIOAujrdOKByDsKVtPnzs
94EAH+159ekmAKeqUeuxCNizckMvezzV9kPEeTqI2UpEeRQac/aUGH7yaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZp8lbSQpN7TrdNsfmmVVhCtdcNMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRm1ueVZ0SkNrM3RPdDAyeC1hWlZXRUsxMXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKbUMA0G
CSqGSIb3DQEBCwUAA4IBAQBGOtQzpC2mHxPfyK/iHLIHKKvc4+C2tEgwq/QURMTv
LeXxzaGUnWuxxS9mlumbGNpdgwU8ThgfxJjSdRcB1JepTimMhoaKmxEZTvZQz6aQ
vmQ1cVzqLatpS1PokH2GIR2KrbADgwlbHcmDNCbKQVqooR9iiUlmfBYo68bJ1lX+
gYo4UJBLYEMOp4jMA0+3ZiMMd9urqIPyjIIvAefGs9G3X5CWHMMduJlmf7Gey1a6
oVIX3ItUptHNMeICU6nVIQ4uX3X8P4JOtIf6DjL/1IHktXVMXLNK70yrzgfYhghe
uGzcKQCjbFlwzAL5U9QUXjUJCePNQf6Y/rBy35qkrbPa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org