Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G_LjBS140sk36OnmbIXgUkyaXuA.roa
File:                     G_LjBS140sk36OnmbIXgUkyaXuA.roa (raw, json)
Hash identifier:          0sZtBjApt7hAtk9G4ek1mztLk/OmscYH7beYPTL9ZrI=
Subject key identifier:   1B:F2:E3:05:2D:78:D2:C9:37:E8:E9:E6:6C:85:E0:52:4C:9A:5E:E0
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186278ABF2EFB9D71F3645739D1AD7F5305
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G_LjBS140sk36OnmbIXgUkyaXuA.roa
Signing time:             Mon 06 Feb 2023 16:24:09 +0000
ROA not before:           Mon 06 Feb 2023 16:24:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        92.114.107.0/24 maxlen: 24
                          213.32.251.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:27:8a:bf:2e:fb:9d:71:f3:64:57:39:d1:ad:7f:53:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb  6 16:24:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1bf2e3052d78d2c937e8e9e66c85e0524c9a5ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b6:b6:d2:4e:51:b6:15:91:19:0d:1b:1f:df:
                    38:00:b2:ed:48:82:5e:f5:8c:27:28:e6:5d:e1:b8:
                    74:6c:28:cd:cb:90:20:da:36:52:fc:43:ce:fe:ac:
                    55:ea:cf:f3:fa:e7:07:44:77:3b:45:e0:96:f3:87:
                    51:7c:a4:74:fd:45:6f:b0:c5:62:f9:af:00:f8:ee:
                    18:0b:07:1a:6f:58:68:63:09:20:10:60:3f:39:27:
                    50:f0:11:6e:28:e7:3d:b8:d7:12:41:93:67:18:1c:
                    dd:78:45:c2:e1:b8:03:6d:02:4d:83:0b:d4:d4:b8:
                    2a:4f:35:1f:41:96:09:02:f1:96:e4:ad:de:7b:c6:
                    f9:83:49:b5:58:39:aa:d2:9e:72:40:ac:82:05:45:
                    c1:96:a1:61:ef:0e:c9:22:7d:87:64:03:61:3e:3e:
                    e1:46:1e:9e:ed:c7:cf:62:e9:38:5b:57:1e:c8:71:
                    45:22:ef:48:e7:c7:50:0b:d9:85:2e:3a:0c:21:3e:
                    1c:16:25:12:ea:30:4a:a5:91:e2:fc:41:bc:06:eb:
                    bf:5a:09:11:41:0c:ff:6d:b1:e8:ac:31:20:00:fa:
                    f1:6e:c1:42:ae:20:cb:d8:f6:d4:54:40:df:33:06:
                    02:a2:d4:77:5e:af:c3:ba:0d:3d:f1:61:2a:45:dd:
                    06:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:F2:E3:05:2D:78:D2:C9:37:E8:E9:E6:6C:85:E0:52:4C:9A:5E:E0
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G_LjBS140sk36OnmbIXgUkyaXuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.107.0/24
                  213.32.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:7d:66:8f:44:60:d6:e9:ca:6e:0b:a3:e9:60:65:34:e1:bb:
         ec:20:e9:7d:22:09:d3:f3:e7:6b:6c:32:24:64:b2:63:6c:73:
         54:c6:5c:9d:88:d3:e3:f2:05:e8:06:62:d3:c1:7b:de:09:c2:
         98:af:21:4b:8e:f9:2c:05:ef:0a:42:6a:cf:08:23:3f:e5:37:
         2e:ad:17:4c:36:fb:24:5c:1f:3d:cc:39:aa:9e:70:c3:79:ba:
         db:14:ce:6c:cc:57:d8:e6:64:b1:52:a9:3f:82:0c:60:bd:b2:
         ee:94:01:6b:15:5b:fa:2e:64:b7:79:38:f6:21:3f:ac:77:af:
         e4:85:ce:83:c9:6e:18:e0:26:28:74:96:7c:89:23:3c:c5:66:
         25:30:ec:53:a9:8f:8b:b7:27:ab:29:cd:5a:58:9d:58:03:45:
         a1:11:dd:30:b1:ff:f5:2c:56:ee:2b:60:bf:d4:7b:8b:a7:f2:
         3f:9d:f7:44:03:f3:1f:3b:4c:d9:03:82:11:17:e4:43:05:f4:
         85:b7:3f:13:35:2f:67:73:00:d6:5f:ee:48:20:88:51:cd:09:
         d1:23:46:d0:37:35:0a:05:da:62:6f:2c:eb:91:0d:14:9f:43:
         1f:84:ab:ce:49:81:3c:a0:ba:6d:b0:c2:ed:ea:fa:89:23:f9:
         f8:c5:83:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYYnir8u+51x82RXOdGtf1MFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjA2MTYyNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmYyZTMwNTJkNzhkMmM5MzdlOGU5ZTY2Yzg1ZTA1MjRjOWE1ZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7a20k5RthWRGQ0bH984ALLtSIJe
9YwnKOZd4bh0bCjNy5Ag2jZS/EPO/qxV6s/z+ucHRHc7ReCW84dRfKR0/UVvsMVi
+a8A+O4YCwcab1hoYwkgEGA/OSdQ8BFuKOc9uNcSQZNnGBzdeEXC4bgDbQJNgwvU
1LgqTzUfQZYJAvGW5K3ee8b5g0m1WDmq0p5yQKyCBUXBlqFh7w7JIn2HZANhPj7h
Rh6e7cfPYuk4W1ceyHFFIu9I58dQC9mFLjoMIT4cFiUS6jBKpZHi/EG8Buu/WgkR
QQz/bbHorDEgAPrxbsFCriDL2PbUVEDfMwYCotR3Xq/Dug098WEqRd0GyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBvy4wUteNLJN+jp5myF4FJMml7gMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvR19MakJTMTQwc2szNk9ubWJJWGdVa3lhWHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXHJrAwQA
1SD7MA0GCSqGSIb3DQEBCwUAA4IBAQCDfWaPRGDW6cpuC6PpYGU04bvsIOl9IgnT
8+drbDIkZLJjbHNUxlydiNPj8gXoBmLTwXveCcKYryFLjvksBe8KQmrPCCM/5Tcu
rRdMNvskXB89zDmqnnDDebrbFM5szFfY5mSxUqk/ggxgvbLulAFrFVv6LmS3eTj2
IT+sd6/khc6DyW4Y4CYodJZ8iSM8xWYlMOxTqY+LtyerKc1aWJ1YA0WhEd0wsf/1
LFbuK2C/1HuLp/I/nfdEA/MfO0zZA4IRF+RDBfSFtz8TNS9ncwDWX+5IIIhRzQnR
I0bQNzUKBdpibyzrkQ0Un0MfhKvOSYE8oLptsMLt6vqJI/n4xYNA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org