Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_QJ_EYk5Jrqc1OJW_AfZ88sz7JY.roa
File:                     _QJ_EYk5Jrqc1OJW_AfZ88sz7JY.roa (raw, json)
Hash identifier:          LCexviqLGZo9nQQ9xkdTpcaExVnJhAQ3CEu+3EYazT0=
Subject key identifier:   FD:02:7F:11:89:39:26:BA:9C:D4:E2:56:FC:07:D9:F3:CB:33:EC:96
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186A2418940514B6EB105ACF1497A2B511A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_QJ_EYk5Jrqc1OJW_AfZ88sz7JY.roa
Signing time:             Thu 02 Mar 2023 12:17:29 +0000
ROA not before:           Thu 02 Mar 2023 12:17:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43431
IP address blocks:        185.236.60.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a2:41:89:40:51:4b:6e:b1:05:ac:f1:49:7a:2b:51:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  2 12:17:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fd027f11893926ba9cd4e256fc07d9f3cb33ec96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:50:72:01:e3:0e:d5:32:c4:21:cb:f8:85:f6:
                    49:5a:8d:f8:d1:2e:7e:52:44:f9:6d:ee:af:82:e8:
                    30:c6:ca:e8:18:4b:0d:4f:15:08:64:cd:2d:f1:28:
                    05:78:44:6e:43:6e:3c:ac:d9:ed:3d:33:0d:e8:aa:
                    a7:dd:cc:a3:16:70:3b:f1:4d:88:b9:61:f8:73:a2:
                    bf:62:c0:8e:b7:b7:1c:61:36:67:14:68:9b:19:75:
                    c9:da:b0:45:80:cc:2d:4d:95:3e:18:13:e0:23:dd:
                    13:06:ab:ce:bf:23:91:71:a3:0e:4c:3f:91:93:14:
                    51:c9:4f:16:7b:a5:21:ca:80:79:11:6e:3b:9f:4d:
                    de:29:59:37:5f:e1:e1:72:51:ce:6b:46:2b:09:a3:
                    c8:a8:69:73:8e:2e:6f:23:eb:af:fb:cd:f6:e9:c8:
                    62:e1:fe:ca:d9:81:0e:8b:22:35:ae:10:20:6d:eb:
                    fc:2a:4e:b5:06:9e:64:12:5e:01:26:01:26:1e:01:
                    f1:25:ad:68:df:cc:bb:4c:ee:bf:3b:b5:01:55:02:
                    04:c0:19:e7:76:65:6e:0d:5d:0d:ec:28:ad:78:12:
                    a1:3a:9b:91:ec:89:16:a4:74:63:f5:f3:38:16:7e:
                    d0:ee:b0:4b:9e:f0:cb:27:15:a7:5e:91:26:45:5c:
                    77:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:02:7F:11:89:39:26:BA:9C:D4:E2:56:FC:07:D9:F3:CB:33:EC:96
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_QJ_EYk5Jrqc1OJW_AfZ88sz7JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:fb:fe:71:77:ac:75:c6:2f:a7:42:02:51:7f:2b:2d:9f:f6:
         a2:b5:e8:c0:21:ef:05:f8:ed:c8:52:4d:3f:be:8e:02:03:4b:
         e4:8a:79:85:29:9b:2c:b4:23:6f:eb:a8:8e:28:c0:b6:01:84:
         0b:2e:8b:0a:34:4f:95:11:3a:39:e6:44:72:ec:12:b2:ba:0a:
         6d:9d:4d:49:47:63:50:6d:69:28:80:5c:ae:83:fb:fd:7a:2e:
         f2:b5:59:bd:8b:02:a0:85:d7:67:4f:09:36:f9:1b:1a:9f:65:
         03:0e:b1:d5:5c:8d:25:43:78:23:a5:2b:90:98:2e:c7:62:68:
         fc:46:8e:ce:d3:75:2e:c2:a1:0d:9e:c1:2b:07:29:66:87:89:
         90:00:3a:62:ae:4d:14:37:1c:c5:61:0f:7a:16:d2:8f:b2:49:
         50:44:88:d2:e7:6e:f9:54:9d:b6:54:df:cd:84:58:34:13:06:
         a7:dc:43:e4:eb:5c:03:89:04:e5:f5:18:45:68:0a:53:4c:91:
         a4:c8:37:a8:a0:19:d9:1b:72:ad:dd:8d:21:7c:63:33:e9:ca:
         76:e4:80:8d:c7:9c:9a:39:f1:f9:47:91:ba:16:60:24:a9:70:
         70:4c:36:7e:e3:94:3f:c2:0b:a4:3b:76:d4:7c:5c:77:0e:d4:
         6f:e2:30:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYaiQYlAUUtusQWs8Ul6K1EaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzAyMTIxNzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDAyN2YxMTg5MzkyNmJhOWNkNGUyNTZmYzA3ZDlmM2NiMzNlYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFByAeMO1TLEIcv4hfZJWo340S5+
UkT5be6vgugwxsroGEsNTxUIZM0t8SgFeERuQ248rNntPTMN6Kqn3cyjFnA78U2I
uWH4c6K/YsCOt7ccYTZnFGibGXXJ2rBFgMwtTZU+GBPgI90TBqvOvyORcaMOTD+R
kxRRyU8We6UhyoB5EW47n03eKVk3X+HhclHOa0YrCaPIqGlzji5vI+uv+8326chi
4f7K2YEOiyI1rhAgbev8Kk61Bp5kEl4BJgEmHgHxJa1o38y7TO6/O7UBVQIEwBnn
dmVuDV0N7CiteBKhOpuR7IkWpHRj9fM4Fn7Q7rBLnvDLJxWnXpEmRVx3IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0CfxGJOSa6nNTiVvwH2fPLM+yWMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvX1FKX0VZazVKcnFjMU9KV19BZlo4OHN6N0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuew8MA0G
CSqGSIb3DQEBCwUAA4IBAQB7+/5xd6x1xi+nQgJRfystn/aitejAIe8F+O3IUk0/
vo4CA0vkinmFKZsstCNv66iOKMC2AYQLLosKNE+VETo55kRy7BKyugptnU1JR2NQ
bWkogFyug/v9ei7ytVm9iwKghddnTwk2+Rsan2UDDrHVXI0lQ3gjpSuQmC7HYmj8
Ro7O03UuwqENnsErBylmh4mQADpirk0UNxzFYQ96FtKPsklQRIjS5275VJ22VN/N
hFg0Ewan3EPk61wDiQTl9RhFaApTTJGkyDeooBnZG3Kt3Y0hfGMz6cp25ICNx5ya
OfH5R5G6FmAkqXBwTDZ+45Q/wgukO3bUfFx3DtRv4jDa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org