Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XYFkSgEUl3gdMRQVhu2AnvmJPFs.roa
File:                     XYFkSgEUl3gdMRQVhu2AnvmJPFs.roa (raw, json)
Hash identifier:          6hFDIZBgHXxzoYGJ2NJ8MP1/jKAPsX/rVY5xiZHW4+s=
Subject key identifier:   5D:81:64:4A:01:14:97:78:1D:31:14:15:86:ED:80:9E:F9:89:3C:5B
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01878001EAAD06D27DFD4E7E1E2C37D17C66
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XYFkSgEUl3gdMRQVhu2AnvmJPFs.roa
Signing time:             Fri 14 Apr 2023 13:43:41 +0000
ROA not before:           Fri 14 Apr 2023 13:43:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        178.239.202.0/24 maxlen: 24
                          178.239.201.0/24 maxlen: 24
                          93.114.195.0/24 maxlen: 24
                          185.229.107.0/24 maxlen: 24
                          89.43.209.0/24 maxlen: 24
                          89.46.92.0/24 maxlen: 24
                          193.42.54.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:80:01:ea:ad:06:d2:7d:fd:4e:7e:1e:2c:37:d1:7c:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 14 13:43:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d81644a011497781d31141586ed809ef9893c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2a:af:ea:db:e0:0e:74:7d:be:7e:13:1b:fd:
                    6c:fc:ca:83:26:96:4a:5e:30:6e:97:cd:99:95:10:
                    41:60:90:cd:90:d1:e8:e7:70:0c:7a:78:07:bc:6c:
                    57:7a:61:76:3d:cf:fe:28:8d:26:db:83:0b:89:e7:
                    9f:73:c0:5e:e8:d8:b9:95:46:fc:91:98:58:60:5c:
                    4e:fd:d6:1f:33:b8:e1:c0:2a:a8:26:be:fd:26:eb:
                    1f:97:53:0a:62:cc:4a:b4:c3:08:95:ad:3f:63:31:
                    04:cc:e7:54:18:62:0f:bf:00:d1:6a:9b:2e:5c:14:
                    35:02:c8:1d:c8:b1:08:b0:83:40:58:cf:e0:c1:17:
                    f6:02:62:9e:cb:b0:d6:4d:00:bd:55:b2:0e:c8:e7:
                    ed:09:5e:a3:d3:bb:d4:e2:7e:4f:7f:23:fe:81:5d:
                    98:7b:2e:ea:00:07:21:bf:14:1f:27:2c:84:6b:35:
                    f4:ac:f9:c4:75:c9:aa:b6:33:09:df:6a:ed:14:59:
                    9f:69:a5:cb:7a:07:a8:a8:1b:49:58:0d:90:e8:cc:
                    bd:fd:90:6b:d8:1a:48:7b:b0:7c:dd:cd:f0:af:35:
                    c3:1e:26:26:8c:3e:dd:3a:1b:35:39:c4:0e:1d:53:
                    24:c0:d9:b6:48:26:30:a3:a4:5b:fb:5d:06:4a:ff:
                    db:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:81:64:4A:01:14:97:78:1D:31:14:15:86:ED:80:9E:F9:89:3C:5B
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XYFkSgEUl3gdMRQVhu2AnvmJPFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.209.0/24
                  89.46.92.0/24
                  93.114.195.0/24
                  178.239.201.0-178.239.202.255
                  185.229.107.0/24
                  193.42.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:7f:2f:ff:ef:31:5e:86:2d:15:c7:26:6c:78:13:10:72:34:
         90:78:c9:02:ab:99:10:5b:8c:d9:21:3a:29:01:1f:24:e2:07:
         b5:68:c9:2d:39:49:ce:8b:7f:c7:cb:4f:5a:76:7c:69:39:57:
         57:bd:d5:ce:4a:f5:57:2b:56:e7:c9:f0:ec:5b:01:e1:ca:b1:
         d0:6b:79:54:65:41:fa:80:c5:f7:2d:6f:fe:82:64:81:5a:1b:
         31:89:b4:a1:8a:69:5c:82:36:e4:98:14:e0:19:73:4e:4d:40:
         55:95:88:68:63:b8:ca:89:1a:88:c5:aa:3e:c6:1f:a2:71:0e:
         d0:98:b6:0e:b5:c5:97:28:81:ba:c6:1e:6d:cb:08:73:ef:34:
         09:77:46:b8:9c:d7:ea:a3:1a:69:5e:03:07:2f:02:66:83:5c:
         54:c9:59:f9:6c:34:2a:a4:eb:28:2f:fd:88:9d:94:9a:72:31:
         6a:06:d3:4b:ca:27:f9:79:75:36:81:c8:29:22:73:f7:c2:25:
         ce:a4:c7:ca:1b:0e:72:17:92:ac:56:12:53:35:dc:c2:51:4a:
         fb:13:8c:99:97:7a:64:73:59:33:7a:d9:e8:af:38:7b:31:57:
         5b:59:25:67:66:d8:70:8a:7b:18:92:06:3e:9f:3f:84:1b:c8:
         cb:14:e8:0c
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYeAAeqtBtJ9/U5+Hiw30XxmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDE0MTM0MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDgxNjQ0YTAxMTQ5Nzc4MWQzMTE0MTU4NmVkODA5ZWY5ODkzYzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniqv6tvgDnR9vn4TG/1s/MqDJpZK
XjBul82ZlRBBYJDNkNHo53AMengHvGxXemF2Pc/+KI0m24MLieefc8Be6Ni5lUb8
kZhYYFxO/dYfM7jhwCqoJr79Jusfl1MKYsxKtMMIla0/YzEEzOdUGGIPvwDRapsu
XBQ1AsgdyLEIsINAWM/gwRf2AmKey7DWTQC9VbIOyOftCV6j07vU4n5PfyP+gV2Y
ey7qAAchvxQfJyyEazX0rPnEdcmqtjMJ32rtFFmfaaXLegeoqBtJWA2Q6My9/ZBr
2BpIe7B83c3wrzXDHiYmjD7dOhs1OcQOHVMkwNm2SCYwo6Rb+10GSv/bWwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFF2BZEoBFJd4HTEUFYbtgJ75iTxbMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWFlGa1NnRVVsM2dkTVJRVmh1MkFudm1KUEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAWSvRAwQA
WS5cAwQAXXLDMAwDBACy78kDBACy78oDBAC55WsDBAHBKjYwDQYJKoZIhvcNAQEL
BQADggEBAGB/L//vMV6GLRXHJmx4ExByNJB4yQKrmRBbjNkhOikBHyTiB7VoyS05
Sc6Lf8fLT1p2fGk5V1e91c5K9VcrVufJ8OxbAeHKsdBreVRlQfqAxfctb/6CZIFa
GzGJtKGKaVyCNuSYFOAZc05NQFWViGhjuMqJGojFqj7GH6JxDtCYtg61xZcogbrG
Hm3LCHPvNAl3Rric1+qjGmleAwcvAmaDXFTJWflsNCqk6ygv/YidlJpyMWoG00vK
J/l5dTaByCkic/fCJc6kx8obDnIXkqxWElM13MJRSvsTjJmXemRzWTN62eivOHsx
V1tZJWdm2HCKexiSBj6fP4QbyMsU6Aw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org