Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TI0Agr5i3bCykcqaW9GKxvTX9-g.roa
File:                     TI0Agr5i3bCykcqaW9GKxvTX9-g.roa (raw, json)
Hash identifier:          WL3KJSfLNUhBKGwlPQiR7+Y2jESDRRNbhRjXYhFAr00=
Subject key identifier:   4C:8D:00:82:BE:62:DD:B0:B2:91:CA:9A:5B:D1:8A:C6:F4:D7:F7:E8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018779E8F1C3B060FB26B021E6B28021FFF1
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TI0Agr5i3bCykcqaW9GKxvTX9-g.roa
Signing time:             Thu 13 Apr 2023 09:18:42 +0000
ROA not before:           Thu 13 Apr 2023 09:18:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        213.32.249.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:79:e8:f1:c3:b0:60:fb:26:b0:21:e6:b2:80:21:ff:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 13 09:18:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c8d0082be62ddb0b291ca9a5bd18ac6f4d7f7e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:87:36:23:2c:99:d2:42:cf:ce:23:30:31:
                    ea:d3:91:c3:80:3b:5d:ac:58:51:b6:33:5a:9e:b5:
                    19:b8:bc:56:75:2d:f9:03:de:cc:44:cf:1b:f8:42:
                    6a:db:70:34:14:3a:e8:f9:b7:d6:c6:02:4c:a4:fc:
                    6a:32:48:68:58:31:2e:fa:0b:aa:60:d9:ce:ca:b9:
                    86:90:55:9c:0b:26:eb:90:f6:f2:ad:b0:ff:71:1c:
                    15:74:c8:5d:f0:dd:62:c1:89:e6:1c:5a:d9:9c:01:
                    14:95:49:be:42:39:e2:01:fb:72:47:65:c3:d7:b2:
                    d5:f8:75:17:d6:8a:be:57:06:a9:68:e8:8e:1f:33:
                    01:ee:7c:00:db:dd:10:ac:97:cc:a7:6c:51:44:9e:
                    95:28:0f:29:24:72:b6:17:42:19:31:27:ad:5c:61:
                    10:aa:35:3f:8a:30:07:24:ef:69:ab:36:78:d3:ea:
                    0c:f0:8f:4d:e4:92:38:7e:56:a1:19:53:8c:43:d9:
                    4f:f2:b4:b0:ff:a7:fc:97:0d:f5:96:22:03:d6:df:
                    8b:c1:0e:13:b3:63:f8:aa:d0:cb:bb:6a:17:1e:38:
                    3a:18:67:ef:bb:1c:4b:20:9f:39:ae:3c:c1:e2:69:
                    d7:69:ec:f4:24:dc:45:f6:51:45:6d:00:df:fd:ad:
                    9c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:8D:00:82:BE:62:DD:B0:B2:91:CA:9A:5B:D1:8A:C6:F4:D7:F7:E8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TI0Agr5i3bCykcqaW9GKxvTX9-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.32.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:f0:b2:83:bf:0c:7a:69:76:0b:7a:7f:b7:02:24:42:98:f7:
         02:ef:17:e5:bc:a0:66:56:18:7d:3f:f7:6f:4e:07:b2:02:75:
         97:6f:4d:66:b3:a8:b2:87:c3:16:be:75:d2:92:5a:ee:bf:f6:
         2c:b1:e7:fb:a2:f4:f4:f9:42:55:8f:2e:b1:6e:db:b8:3d:cd:
         30:aa:80:cc:77:18:f0:1f:1c:47:69:bd:f7:67:40:04:54:11:
         f5:14:de:36:ed:d1:6e:69:30:33:d9:9a:8b:c0:c7:a1:bf:fe:
         1a:71:86:2d:57:1a:d6:2d:88:2b:5b:b9:fc:55:58:c5:8a:f8:
         53:da:3d:33:ef:6e:e5:f5:c0:03:59:8f:c6:db:c0:58:0c:e2:
         81:a9:e8:b3:c4:98:16:f3:49:de:5e:48:ca:3a:fa:34:e4:d0:
         5f:5b:c4:55:cf:96:e0:a0:07:1b:81:fd:72:0a:f0:38:72:45:
         d1:05:31:96:92:1f:46:ee:34:55:8a:3f:4a:f3:55:3a:8d:2e:
         80:0f:c5:7c:18:3b:fd:d6:88:d5:9f:ca:19:40:67:3c:ac:4a:
         83:d2:85:86:1d:8a:d2:71:f6:13:0d:5a:a8:85:c1:f6:bb:c7:
         7f:00:b8:cc:d6:bd:56:b4:59:0e:57:cd:c1:cc:47:17:4b:01:
         cc:ee:3b:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYd56PHDsGD7JrAh5rKAIf/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEzMDkxODQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzhkMDA4MmJlNjJkZGIwYjI5MWNhOWE1YmQxOGFjNmY0ZDdmN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfeHNiMsmdJCz84jMDHq05HDgDtd
rFhRtjNanrUZuLxWdS35A97MRM8b+EJq23A0FDro+bfWxgJMpPxqMkhoWDEu+guq
YNnOyrmGkFWcCybrkPbyrbD/cRwVdMhd8N1iwYnmHFrZnAEUlUm+QjniAftyR2XD
17LV+HUX1oq+VwapaOiOHzMB7nwA290QrJfMp2xRRJ6VKA8pJHK2F0IZMSetXGEQ
qjU/ijAHJO9pqzZ40+oM8I9N5JI4flahGVOMQ9lP8rSw/6f8lw31liID1t+LwQ4T
s2P4qtDLu2oXHjg6GGfvuxxLIJ85rjzB4mnXaez0JNxF9lFFbQDf/a2clwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyNAIK+Yt2wspHKmlvRisb01/foMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVEkwQWdyNWkzYkN5a2NxYVc5R0t4dlRYOS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SD5MA0G
CSqGSIb3DQEBCwUAA4IBAQCF8LKDvwx6aXYLen+3AiRCmPcC7xflvKBmVhh9P/dv
TgeyAnWXb01ms6iyh8MWvnXSklruv/Yssef7ovT0+UJVjy6xbtu4Pc0wqoDMdxjw
HxxHab33Z0AEVBH1FN427dFuaTAz2ZqLwMehv/4acYYtVxrWLYgrW7n8VVjFivhT
2j0z727l9cADWY/G28BYDOKBqeizxJgW80neXkjKOvo05NBfW8RVz5bgoAcbgf1y
CvA4ckXRBTGWkh9G7jRVij9K81U6jS6AD8V8GDv91ojVn8oZQGc8rEqD0oWGHYrS
cfYTDVqohcH2u8d/ALjM1r1WtFkOV83BzEcXSwHM7jt+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org