Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dX7NVeE7YtCVX3GD4Y_IkzGL7-c.roa
File:                     dX7NVeE7YtCVX3GD4Y_IkzGL7-c.roa (raw, json)
Hash identifier:          m7usVVb+jqahf91bNSVMA3+YhhqW+qyyFQiT/yCoO3Y=
Subject key identifier:   75:7E:CD:55:E1:3B:62:D0:95:5F:71:83:E1:8F:C8:93:31:8B:EF:E7
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186BFDE94EA2C7D6081106BABE2028928FC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dX7NVeE7YtCVX3GD4Y_IkzGL7-c.roa
Signing time:             Wed 08 Mar 2023 06:18:00 +0000
ROA not before:           Wed 08 Mar 2023 06:18:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        185.230.251.0/24 maxlen: 24
                          185.236.63.0/24 maxlen: 24
                          62.197.134.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bf:de:94:ea:2c:7d:60:81:10:6b:ab:e2:02:89:28:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  8 06:18:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=757ecd55e13b62d0955f7183e18fc893318befe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:22:fd:c4:cb:bb:74:45:2b:35:df:1e:ea:be:
                    cc:95:d1:30:b7:8f:26:62:94:81:5b:0e:97:c4:fe:
                    e7:b7:f0:96:59:30:d9:d4:09:ac:ad:5c:f0:40:b3:
                    1d:ea:a8:59:6a:35:a1:ed:26:b6:f9:2b:b3:86:76:
                    e0:5d:54:e7:cd:45:4a:ec:f4:a7:a3:44:d9:2c:a5:
                    83:7b:3a:ff:fa:f4:83:4d:b3:c8:c2:73:6d:8f:34:
                    55:19:82:e4:21:ca:a0:79:c0:24:89:3d:75:42:ec:
                    36:15:bd:9e:61:72:a1:dd:6b:22:11:d2:4b:e4:0c:
                    d5:bf:ac:78:91:c5:0b:b6:20:fb:ad:2d:ba:5e:81:
                    00:c3:ef:42:e5:5e:49:83:68:d6:f2:f8:d1:97:8d:
                    20:33:29:aa:34:e4:52:1b:00:4e:72:33:5c:9c:a0:
                    49:c3:b6:01:d2:5f:23:88:fe:f1:48:95:78:78:4c:
                    29:1f:29:03:5c:58:a6:27:c8:36:01:34:5b:b9:e5:
                    06:bb:86:e9:7b:45:31:79:92:de:16:07:6d:71:a0:
                    8c:8f:a6:95:7a:89:7e:b2:a8:2c:ca:f1:29:b9:ab:
                    3b:e7:7a:60:ff:f0:c4:59:ce:f7:7a:2d:72:ff:28:
                    aa:1c:6c:f0:22:a4:85:6b:a4:ef:38:07:9c:a7:cf:
                    c5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7E:CD:55:E1:3B:62:D0:95:5F:71:83:E1:8F:C8:93:31:8B:EF:E7
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dX7NVeE7YtCVX3GD4Y_IkzGL7-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.197.134.0/24
                  185.230.251.0/24
                  185.236.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:25:2b:10:94:bd:c6:f4:a6:87:d2:5e:2f:b6:f5:d8:36:d8:
         56:f5:5f:d0:41:12:ee:2f:80:33:ea:a2:a8:5e:fc:ac:c1:e0:
         a9:e3:41:57:f1:69:b5:d5:89:86:e1:d0:de:dc:af:29:5c:55:
         9f:f1:df:1f:4a:5e:d4:41:23:93:ae:64:1c:e3:fe:83:f7:9a:
         35:e0:8b:9b:7d:a0:f9:55:07:50:70:00:af:fd:83:d5:df:53:
         d8:d9:7f:91:00:30:21:f3:ed:2d:45:4a:65:ef:72:8a:30:4c:
         f0:f5:dd:83:a4:17:88:e2:2d:80:a5:25:1c:15:5d:45:71:c7:
         af:fd:f1:06:16:cc:90:5f:bb:6d:9e:80:70:32:83:2f:bc:29:
         83:c0:20:54:32:da:1a:cf:68:31:c6:2b:66:bf:8d:7a:69:7f:
         50:48:75:db:83:87:95:1b:f4:46:4d:7d:5d:dc:ac:03:78:68:
         7b:a3:45:f7:62:eb:48:a5:e9:07:17:ce:e0:18:1a:ac:44:4d:
         b9:a8:50:b3:e5:0a:35:3f:59:60:30:ec:de:fa:96:a0:46:28:
         ec:f4:30:d3:ba:d2:55:9c:b5:38:71:4e:34:e7:5e:7b:d7:66:
         cc:ea:64:b4:1c:77:58:4d:eb:2d:b2:66:cc:6f:f0:86:8f:e7:
         eb:cf:26:fe
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYa/3pTqLH1ggRBrq+ICiSj8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA4MDYxODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdlY2Q1NWUxM2I2MmQwOTU1ZjcxODNlMThmYzg5MzMxOGJlZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyL9xMu7dEUrNd8e6r7MldEwt48m
YpSBWw6XxP7nt/CWWTDZ1AmsrVzwQLMd6qhZajWh7Sa2+SuzhnbgXVTnzUVK7PSn
o0TZLKWDezr/+vSDTbPIwnNtjzRVGYLkIcqgecAkiT11Quw2Fb2eYXKh3WsiEdJL
5AzVv6x4kcULtiD7rS26XoEAw+9C5V5Jg2jW8vjRl40gMymqNORSGwBOcjNcnKBJ
w7YB0l8jiP7xSJV4eEwpHykDXFimJ8g2ATRbueUGu4bpe0UxeZLeFgdtcaCMj6aV
eol+sqgsyvEpuas753pg//DEWc73ei1y/yiqHGzwIqSFa6TvOAecp8/FvQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHV+zVXhO2LQlV9xg+GPyJMxi+/nMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZFg3TlZlRTdZdENWWDNHRDRZX0lrekdMNy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPsWGAwQA
ueb7AwQAuew/MA0GCSqGSIb3DQEBCwUAA4IBAQBbJSsQlL3G9KaH0l4vtvXYNthW
9V/QQRLuL4Az6qKoXvysweCp40FX8Wm11YmG4dDe3K8pXFWf8d8fSl7UQSOTrmQc
4/6D95o14IubfaD5VQdQcACv/YPV31PY2X+RADAh8+0tRUpl73KKMEzw9d2DpBeI
4i2ApSUcFV1Fccev/fEGFsyQX7ttnoBwMoMvvCmDwCBUMtoaz2gxxitmv416aX9Q
SHXbg4eVG/RGTX1d3KwDeGh7o0X3YutIpekHF87gGBqsRE25qFCz5Qo1P1lgMOze
+pagRijs9DDTutJVnLU4cU40515712bM6mS0HHdYTestsmbMb/CGj+frzyb+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:47 2024 by rpki-client on console-fra.rpki-client.org