Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dnA5MjQ80WUbspKQ9ms-PIg5_rw.roa
File:                     dnA5MjQ80WUbspKQ9ms-PIg5_rw.roa (raw, json)
Hash identifier:          jQ+3YpNkPJedLrkSVN7bXXF3mDo5VCZyXgQNiSpBgmE=
Subject key identifier:   76:70:39:32:34:3C:D1:65:1B:B2:92:90:F6:6B:3E:3C:88:39:FE:BC
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018755944CC297ACE46A837B3F1B9C79893E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dnA5MjQ80WUbspKQ9ms-PIg5_rw.roa
Signing time:             Thu 06 Apr 2023 07:59:54 +0000
ROA not before:           Thu 06 Apr 2023 07:59:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        185.121.230.0/24 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          185.230.248.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:55:94:4c:c2:97:ac:e4:6a:83:7b:3f:1b:9c:79:89:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  6 07:59:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=76703932343cd1651bb29290f66b3e3c8839febc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d4:1b:71:86:72:45:04:a9:0c:75:97:d3:db:
                    a0:61:f0:1e:72:45:f7:b6:79:20:32:a7:d0:c2:1a:
                    f8:9d:e4:4c:7c:06:e0:1a:9b:dc:60:a0:f4:bb:31:
                    31:40:a0:52:85:e1:b9:29:82:dd:58:de:52:c3:a1:
                    d4:9e:dc:50:39:02:e6:fc:b2:0a:83:cd:ee:e1:c1:
                    09:21:ae:5a:7e:ed:3b:b0:ad:10:50:ea:d2:f0:f5:
                    8e:07:56:df:7c:03:27:22:3f:d4:69:91:29:e5:0f:
                    bc:e4:a7:e9:f6:74:96:c5:fe:80:59:af:70:8f:db:
                    bd:52:af:4a:18:f4:09:ec:b0:f8:e7:c4:10:5d:df:
                    21:2b:0d:4a:ec:d1:78:e6:97:cd:7f:f8:bf:07:b1:
                    3c:cb:69:25:0b:ba:9f:6e:f2:2b:72:8e:91:d1:96:
                    88:0b:7a:01:9a:db:b3:ce:f7:b7:72:e7:62:57:c9:
                    0e:8f:6b:c3:75:14:35:3c:c9:35:2b:47:6a:8d:82:
                    aa:8d:03:bc:c7:69:b9:a1:d6:6f:89:3c:8d:ed:48:
                    4c:35:9a:9a:09:94:10:cb:f2:8b:97:6e:39:5d:41:
                    c3:29:71:c2:38:48:23:f5:6c:ed:87:d9:42:9b:ea:
                    02:12:12:73:83:b3:90:5e:8b:ab:cb:65:c5:8b:f7:
                    cd:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:70:39:32:34:3C:D1:65:1B:B2:92:90:F6:6B:3E:3C:88:39:FE:BC
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dnA5MjQ80WUbspKQ9ms-PIg5_rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.208.0/24
                  185.121.230.0/23
                  185.229.104.0/24
                  185.230.248.0/24
                  194.4.159.0/24
                  213.32.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:34:e5:65:6c:c7:bd:cf:4a:ac:bd:5e:bb:c9:c5:9b:b4:b5:
         71:4b:e0:81:9f:d1:c1:cb:3b:64:e9:c4:80:03:a6:64:12:0f:
         b1:cd:79:c8:77:61:2d:1a:46:a1:97:66:b1:05:86:d8:6e:54:
         73:19:9a:a5:29:86:61:41:bb:17:35:f9:df:d7:8b:4e:1f:56:
         f8:d3:1a:9b:2a:11:fc:d6:3c:96:b9:c4:4c:64:92:66:f3:57:
         9a:7c:7d:13:5d:c5:ee:b2:0d:03:c6:84:f3:22:cc:5b:2f:30:
         32:5c:20:fc:ea:ff:14:e2:b1:57:cb:0f:4e:51:3a:0d:35:ad:
         00:4b:b6:5c:d5:ab:42:0b:01:50:38:b3:b6:17:12:64:eb:c5:
         13:bd:f1:73:2a:92:62:a7:e1:cd:8e:01:80:3d:15:1b:3a:37:
         1c:fc:05:ec:06:89:72:3e:22:13:84:eb:ec:2b:c4:01:22:b4:
         54:c3:4c:06:2e:02:01:31:dc:d1:0d:4b:28:f1:1d:4b:39:04:
         1d:5c:d5:1b:10:9f:d7:5f:cf:c6:1a:0e:c6:43:56:0f:b9:4d:
         df:27:90:e8:85:c7:68:ec:03:ba:c3:13:8a:42:31:5c:db:a4:
         dc:0c:b2:87:2d:7a:94:56:7c:bc:0e:29:4e:72:3d:08:1a:74:
         4b:3e:39:f0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYdVlEzCl6zkaoN7PxuceYk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA2MDc1OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjcwMzkzMjM0M2NkMTY1MWJiMjkyOTBmNjZiM2UzYzg4MzlmZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9QbcYZyRQSpDHWX09ugYfAeckX3
tnkgMqfQwhr4neRMfAbgGpvcYKD0uzExQKBSheG5KYLdWN5Sw6HUntxQOQLm/LIK
g83u4cEJIa5afu07sK0QUOrS8PWOB1bffAMnIj/UaZEp5Q+85Kfp9nSWxf6AWa9w
j9u9Uq9KGPQJ7LD458QQXd8hKw1K7NF45pfNf/i/B7E8y2klC7qfbvIrco6R0ZaI
C3oBmtuzzve3cudiV8kOj2vDdRQ1PMk1K0dqjYKqjQO8x2m5odZviTyN7UhMNZqa
CZQQy/KLl245XUHDKXHCOEgj9Wzth9lCm+oCEhJzg7OQXoury2XFi/fNswIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHZwOTI0PNFlG7KSkPZrPjyIOf68MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZG5BNU1qUTgwV1Vic3BLUTltcy1QSWc1X3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAWSvQAwQB
uXnmAwQAueVoAwQAueb4AwQAwgSfAwQA1SD5MA0GCSqGSIb3DQEBCwUAA4IBAQAh
NOVlbMe9z0qsvV67ycWbtLVxS+CBn9HByztk6cSAA6ZkEg+xzXnId2EtGkahl2ax
BYbYblRzGZqlKYZhQbsXNfnf14tOH1b40xqbKhH81jyWucRMZJJm81eafH0TXcXu
sg0DxoTzIsxbLzAyXCD86v8U4rFXyw9OUToNNa0AS7Zc1atCCwFQOLO2FxJk68UT
vfFzKpJip+HNjgGAPRUbOjcc/AXsBolyPiIThOvsK8QBIrRUw0wGLgIBMdzRDUso
8R1LOQQdXNUbEJ/XX8/GGg7GQ1YPuU3fJ5Dohcdo7AO6wxOKQjFc26TcDLKHLXqU
Vny8DilOcj0IGnRLPjnw
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:47 2024 by rpki-client on console-fra.rpki-client.org