Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aGfnDqnXWxpJTqFzMyG_zB_hpqw.roa
File:                     aGfnDqnXWxpJTqFzMyG_zB_hpqw.roa (raw, json)
Hash identifier:          9C29V0vTG+M4zTuDz0kZLk5A/5GREOOpKguwDMvZ3/c=
Subject key identifier:   68:67:E7:0E:A9:D7:5B:1A:49:4E:A1:73:33:21:BF:CC:1F:E1:A6:AC
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018703223985A03E5B281DB9A820D8EC9259
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aGfnDqnXWxpJTqFzMyG_zB_hpqw.roa
Signing time:             Tue 21 Mar 2023 07:46:27 +0000
ROA not before:           Tue 21 Mar 2023 07:46:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          185.241.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          94.176.110.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:03:22:39:85:a0:3e:5b:28:1d:b9:a8:20:d8:ec:92:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 21 07:46:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6867e70ea9d75b1a494ea1733321bfcc1fe1a6ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:55:d8:7b:f5:4e:22:e4:61:f1:25:ab:3b:d2:
                    19:b2:ce:20:53:26:f1:7b:d8:06:ef:7d:d0:ca:d4:
                    64:67:5b:5e:47:3c:2f:e2:ae:93:3d:cf:28:30:3e:
                    d2:67:d7:29:d7:c3:97:9a:b8:01:c1:a3:c7:7f:c0:
                    f8:20:eb:e1:9f:60:f8:02:05:c1:76:9a:20:cd:38:
                    20:07:90:3a:a4:64:09:9a:fb:e7:70:a1:44:6d:10:
                    d4:55:c1:5a:95:d1:95:a3:b3:45:4e:d6:06:c8:e1:
                    fd:82:41:5f:75:6a:9f:86:f2:79:7b:6f:7c:0a:20:
                    79:91:39:f1:a3:84:04:7f:9f:15:c1:ae:d4:07:31:
                    44:18:93:3d:58:1e:2e:6f:27:e3:ed:6d:88:ec:13:
                    6a:f3:37:4e:45:aa:14:31:b2:5b:f8:f1:76:d9:11:
                    b3:d3:a8:c5:16:be:a2:ef:62:81:e3:dc:f0:01:b2:
                    88:dd:dc:28:52:b0:b9:45:aa:9a:dc:25:f8:38:f6:
                    2b:f7:5e:02:17:f5:19:b4:b4:33:72:30:81:52:5a:
                    23:4f:53:a4:a9:d3:9e:04:6a:06:4a:aa:ec:e9:06:
                    5a:fa:67:c4:29:ea:18:72:b0:60:05:39:c4:fe:6b:
                    38:25:6d:4a:5f:23:71:49:f2:f1:73:47:28:a4:31:
                    96:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:67:E7:0E:A9:D7:5B:1A:49:4E:A1:73:33:21:BF:CC:1F:E1:A6:AC
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aGfnDqnXWxpJTqFzMyG_zB_hpqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.148.0/24
                  89.37.63.0/24
                  91.188.204.0/24
                  93.115.254.0/23
                  94.176.110.0/24
                  185.103.72.0/24
                  185.238.10.0/24
                  185.241.209.0-185.241.211.255
                  185.255.169.0-185.255.170.255
                  188.212.132.0/23
                  188.240.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:5d:f4:6b:bb:94:43:90:ce:20:1e:c8:35:5a:3f:57:d8:8c:
         52:75:f9:ef:a4:13:d8:db:cb:02:cd:ed:0c:07:b9:71:42:7b:
         00:ce:6a:d0:61:ec:02:c9:6d:19:3e:a5:04:f1:5a:68:94:c7:
         41:ba:91:11:c6:25:12:57:3b:76:f0:2e:24:cf:2f:cf:5d:40:
         d5:54:e2:d3:62:11:db:18:30:fc:77:9a:b6:b1:4a:f7:1f:e3:
         04:3f:ad:03:ae:82:4e:c6:fa:88:31:3f:44:75:1c:4e:2c:eb:
         86:01:4c:95:84:52:40:de:b0:c4:1b:78:74:16:a0:16:7f:df:
         2a:44:84:4d:d3:2b:0d:87:20:9f:72:31:bf:64:15:73:d7:d4:
         77:89:73:0b:3b:1b:bb:a2:16:87:ce:c0:e2:6a:d9:d0:15:ad:
         dd:c3:ee:43:14:df:79:71:ef:74:35:2e:04:4e:fe:d3:f4:2d:
         ec:19:0a:5c:1a:d1:5f:53:ef:6d:1f:c7:f9:bd:cc:61:c7:82:
         0b:62:b9:71:8c:df:07:44:1d:4c:3e:5d:d8:f6:ce:1f:af:85:
         0d:ba:f6:be:62:7c:c0:fa:d6:f3:15:d6:c7:58:28:6f:a0:c5:
         0e:f9:9b:6a:ba:e5:5e:b0:78:48:0e:4c:8b:4a:98:9f:3b:aa:
         86:07:76:26
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYcDIjmFoD5bKB25qCDY7JJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzIxMDc0NjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODY3ZTcwZWE5ZDc1YjFhNDk0ZWExNzMzMzIxYmZjYzFmZTFhNmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFXYe/VOIuRh8SWrO9IZss4gUybx
e9gG733QytRkZ1teRzwv4q6TPc8oMD7SZ9cp18OXmrgBwaPHf8D4IOvhn2D4AgXB
dpogzTggB5A6pGQJmvvncKFEbRDUVcFaldGVo7NFTtYGyOH9gkFfdWqfhvJ5e298
CiB5kTnxo4QEf58Vwa7UBzFEGJM9WB4ubyfj7W2I7BNq8zdORaoUMbJb+PF22RGz
06jFFr6i72KB49zwAbKI3dwoUrC5Raqa3CX4OPYr914CF/UZtLQzcjCBUlojT1Ok
qdOeBGoGSqrs6QZa+mfEKeoYcrBgBTnE/ms4JW1KXyNxSfLxc0copDGWvQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFGhn5w6p11saSU6hczMhv8wf4aasMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYUdmbkRxblhXeHBKVHFGek15R196Ql9ocHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAV/eUAwQA
WSU/AwQAW7zMAwQBXXP+AwQAXrBuAwQAuWdIAwQAue4KMAwDBAC58dEDBAK58dAw
DAMEALn/qQMEALn/qgMEAbzUhAMEALzw6DANBgkqhkiG9w0BAQsFAAOCAQEAKl30
a7uUQ5DOIB7INVo/V9iMUnX576QT2NvLAs3tDAe5cUJ7AM5q0GHsAsltGT6lBPFa
aJTHQbqREcYlElc7dvAuJM8vz11A1VTi02IR2xgw/HeatrFK9x/jBD+tA66CTsb6
iDE/RHUcTizrhgFMlYRSQN6wxBt4dBagFn/fKkSETdMrDYcgn3Ixv2QVc9fUd4lz
Czsbu6IWh87A4mrZ0BWt3cPuQxTfeXHvdDUuBE7+0/Qt7BkKXBrRX1PvbR/H+b3M
YceCC2K5cYzfB0QdTD5d2PbOH6+FDbr2vmJ8wPrW8xXWx1gob6DFDvmbarrlXrB4
SA5Mi0qYnzuqhgd2Jg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org