Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/J10CHoyCIb2Ry3ROnTFjfTGGR7g.roa
File:                     J10CHoyCIb2Ry3ROnTFjfTGGR7g.roa (raw, json)
Hash identifier:          7TLe/KRKDwe9za81bHXgGfg/OcipyZa0y+zHql9cpOE=
Subject key identifier:   27:5D:02:1E:8C:82:21:BD:91:CB:74:4E:9D:31:63:7D:31:86:47:B8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186C29C19E858E359B31F9BE6B4F4BD9DA7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/J10CHoyCIb2Ry3ROnTFjfTGGR7g.roa
Signing time:             Wed 08 Mar 2023 19:04:15 +0000
ROA not before:           Wed 08 Mar 2023 19:04:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209043
IP address blocks:        103.205.24.0/24 maxlen: 24
                          185.236.61.0/24 maxlen: 24
                          193.42.53.0/24 maxlen: 24
                          89.44.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c2:9c:19:e8:58:e3:59:b3:1f:9b:e6:b4:f4:bd:9d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  8 19:04:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=275d021e8c8221bd91cb744e9d31637d318647b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:aa:53:57:3f:6c:64:85:de:fd:b3:2d:a9:76:
                    bd:b0:4c:e4:df:4d:f3:27:28:ec:45:07:59:39:9a:
                    06:18:91:b4:a1:52:5d:2c:44:9a:1a:ee:be:97:d5:
                    0a:e7:0e:bb:a8:26:ce:f8:f0:69:f4:ab:c3:de:86:
                    3e:85:1c:a8:ef:07:1a:ed:01:8e:67:11:55:31:de:
                    d0:00:12:5f:82:23:01:4a:09:32:97:74:f8:ec:e9:
                    fd:52:93:63:f4:72:70:36:c6:f7:c6:ce:76:79:d3:
                    f9:0c:3d:c0:0a:a5:99:ea:87:cc:09:e5:d1:a8:89:
                    c8:3a:22:e6:85:b8:15:db:1c:72:58:83:87:d0:22:
                    e6:70:62:87:69:84:30:21:9e:0b:95:f7:2b:9f:45:
                    6a:a7:71:4b:3b:6c:5e:84:17:4c:8a:15:ef:4f:7d:
                    a6:57:58:05:f9:71:3a:80:76:0f:76:ad:17:db:2e:
                    5c:ae:c6:81:93:7f:03:1b:7a:af:9e:8f:96:9f:c9:
                    75:76:5c:8b:e7:ac:1d:e0:45:15:e0:44:3d:cc:8f:
                    9a:48:5b:2b:c7:d9:db:d3:15:0b:0b:52:43:25:79:
                    55:91:55:69:ae:61:ad:d7:e4:2c:db:32:bc:56:c6:
                    bb:63:bb:3d:05:c8:a3:7f:38:44:f8:18:a0:a2:25:
                    56:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:5D:02:1E:8C:82:21:BD:91:CB:74:4E:9D:31:63:7D:31:86:47:B8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/J10CHoyCIb2Ry3ROnTFjfTGGR7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.207.0/24
                  103.205.24.0/24
                  185.236.61.0/24
                  193.42.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:95:09:c7:46:6c:79:a4:87:ed:cf:e6:86:35:99:e8:3d:80:
         fb:f9:5a:05:09:3e:b9:27:22:c7:3e:3e:a0:9a:1d:5e:a3:95:
         76:f2:a4:0d:43:d4:31:d5:7a:00:a4:9e:2b:a0:3f:b6:fa:83:
         79:7d:18:fb:ca:d8:87:91:08:3e:37:12:8a:2b:11:72:15:28:
         21:2c:50:fb:83:6c:09:a3:c1:2e:b1:59:a3:7a:c9:0e:de:95:
         82:66:40:77:6d:89:2b:f9:5e:00:e4:50:ab:d6:5a:46:00:4a:
         10:aa:af:d0:04:6f:bc:70:88:4d:d5:95:fd:d0:c2:1f:ec:6a:
         a3:b8:27:99:7e:dc:73:71:d7:5f:d4:ad:28:c0:4c:52:fe:23:
         7d:b5:55:d3:66:b4:11:37:37:7d:5c:81:8e:40:c4:6e:bd:8c:
         da:bd:86:5c:e5:ab:81:d9:26:25:bd:f9:dd:7b:bf:d2:a5:2d:
         4b:88:89:41:05:60:80:d6:d4:00:a5:01:bd:72:b2:1b:24:78:
         56:48:61:81:e3:4e:ba:66:45:1b:23:4a:0d:a4:26:dc:74:85:
         0e:61:fa:5c:5d:a4:00:b7:01:1c:23:f8:2a:d6:47:f5:6f:20:
         0d:f4:f5:50:48:98:4d:82:a4:7e:46:4e:ce:35:ec:46:1e:c9:
         d2:b9:3f:72
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYbCnBnoWONZsx+b5rT0vZ2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA4MTkwNDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzVkMDIxZThjODIyMWJkOTFjYjc0NGU5ZDMxNjM3ZDMxODY0N2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6pTVz9sZIXe/bMtqXa9sEzk303z
JyjsRQdZOZoGGJG0oVJdLESaGu6+l9UK5w67qCbO+PBp9KvD3oY+hRyo7wca7QGO
ZxFVMd7QABJfgiMBSgkyl3T47On9UpNj9HJwNsb3xs52edP5DD3ACqWZ6ofMCeXR
qInIOiLmhbgV2xxyWIOH0CLmcGKHaYQwIZ4Llfcrn0Vqp3FLO2xehBdMihXvT32m
V1gF+XE6gHYPdq0X2y5crsaBk38DG3qvno+Wn8l1dlyL56wd4EUV4EQ9zI+aSFsr
x9nb0xULC1JDJXlVkVVprmGt1+Qs2zK8Vsa7Y7s9BcijfzhE+BigoiVWSwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCddAh6MgiG9kct0Tp0xY30xhke4MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSjEwQ0hveUNJYjJSeTNST25URmpmVEdHUjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSzPAwQA
Z80YAwQAuew9AwQAwSo1MA0GCSqGSIb3DQEBCwUAA4IBAQCDlQnHRmx5pIftz+aG
NZnoPYD7+VoFCT65JyLHPj6gmh1eo5V28qQNQ9Qx1XoApJ4roD+2+oN5fRj7ytiH
kQg+NxKKKxFyFSghLFD7g2wJo8EusVmjeskO3pWCZkB3bYkr+V4A5FCr1lpGAEoQ
qq/QBG+8cIhN1ZX90MIf7GqjuCeZftxzcddf1K0owExS/iN9tVXTZrQRNzd9XIGO
QMRuvYzavYZc5auB2SYlvfnde7/SpS1LiIlBBWCA1tQApQG9crIbJHhWSGGB4066
ZkUbI0oNpCbcdIUOYfpcXaQAtwEcI/gq1kf1byAN9PVQSJhNgqR+Rk7ONexGHsnS
uT9y
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org