Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fkIQk1MRTp-BKhzXHrCO1RaugRU.roa
File:                     fkIQk1MRTp-BKhzXHrCO1RaugRU.roa (raw, json)
Hash identifier:          GMVZewZ0q+JZnzNn87J08mZLYcUiN0HUbutZymvSFd0=
Subject key identifier:   7E:42:10:93:53:11:4E:9F:81:2A:1C:D7:1E:B0:8E:D5:16:AE:81:15
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018721ED3B89A681215FD4F0DADAD6BF71C8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fkIQk1MRTp-BKhzXHrCO1RaugRU.roa
Signing time:             Mon 27 Mar 2023 07:16:47 +0000
ROA not before:           Mon 27 Mar 2023 07:16:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61138
IP address blocks:        93.115.255.0/24 maxlen: 24
                          188.213.202.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.95.0/24 maxlen: 24
                          188.212.159.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          188.214.208.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:21:ed:3b:89:a6:81:21:5f:d4:f0:da:da:d6:bf:71:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 27 07:16:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7e42109353114e9f812a1cd71eb08ed516ae8115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:18:8c:60:71:a1:d9:42:0c:a3:d0:23:f1:c7:
                    75:19:fe:e4:34:0f:cd:ea:b1:a9:73:81:6f:bd:25:
                    26:a6:4b:3f:91:59:b7:be:09:dc:49:b3:5e:d1:d9:
                    ec:c3:d9:6a:ea:fe:5e:ae:48:6e:2b:2d:4e:c1:ca:
                    04:ea:da:c5:e3:88:09:f3:7e:ee:97:22:a7:9a:ae:
                    aa:2e:f9:01:75:cf:2b:e8:e1:7c:d4:19:b2:da:98:
                    0a:95:43:68:3a:98:bb:55:b6:c9:b6:02:a9:2d:2e:
                    09:6f:09:8d:1f:62:21:5a:ab:7e:72:06:c0:20:9b:
                    49:ad:47:40:e6:93:39:6f:a0:7e:f8:8b:ac:8f:79:
                    86:c2:ab:7c:e8:69:18:86:39:2f:e8:61:fd:03:de:
                    da:f8:3c:0a:50:ef:f1:22:3a:35:f7:9b:d9:db:bf:
                    33:6a:f0:5a:98:af:64:da:f9:44:64:eb:8c:98:a4:
                    05:fc:cc:41:b0:07:8d:fb:d0:f5:62:14:79:2e:9f:
                    2b:41:fc:ea:9b:57:b0:8d:c6:e9:57:2b:5f:72:97:
                    a2:de:75:c3:cd:6e:ae:a0:ec:d5:90:88:05:01:70:
                    5e:ac:0d:03:7a:dc:49:df:ac:6b:2b:ff:b0:9f:e4:
                    8c:82:e1:e0:88:14:97:84:d8:59:e4:57:ce:a0:01:
                    37:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:42:10:93:53:11:4E:9F:81:2A:1C:D7:1E:B0:8E:D5:16:AE:81:15
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fkIQk1MRTp-BKhzXHrCO1RaugRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.197.135.0/24
                  93.115.255.0/24
                  188.212.159.0/24
                  188.213.202.0/24
                  188.214.208.0/23
                  213.232.93.0/24
                  213.232.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:9b:47:ea:ca:72:3f:2f:e8:e4:14:7f:64:6b:7b:1e:36:c7:
         8a:88:0c:6d:8d:1b:ef:2e:d8:b4:b1:44:f6:14:fa:0b:b3:67:
         b1:65:b9:fe:9d:11:c6:9a:e1:77:65:29:71:cf:57:0a:b8:13:
         f1:50:b0:de:28:d6:c5:ce:76:12:34:84:e8:9f:06:89:d5:19:
         dc:de:9a:75:35:ea:11:d2:bf:b5:4f:22:e7:8b:d5:23:f3:b1:
         ae:7f:d9:15:ec:a9:8c:22:ef:a7:a6:11:c5:72:08:b4:91:e0:
         f5:12:fa:9c:90:7b:a5:ec:59:22:35:67:f8:38:c8:24:4e:e6:
         eb:c2:43:5a:a0:f3:1b:7d:ef:3f:35:6c:26:17:dc:5f:a3:40:
         e6:49:f7:2f:7d:ac:97:64:fe:4e:cf:d6:da:14:10:b7:1e:20:
         6a:52:1c:f8:a0:da:12:bf:b5:44:c0:7e:06:90:7e:aa:28:86:
         06:11:91:1e:6a:ed:e0:8f:9b:b1:a4:44:98:37:08:ae:ef:39:
         93:1d:de:13:97:8d:ba:06:ab:c9:42:79:7f:6d:61:ad:c2:99:
         d9:e0:06:58:6a:db:5d:5b:d0:13:73:b6:a4:44:49:ed:b2:52:
         66:9d:21:bc:40:9a:7d:01:33:f3:fc:af:8d:06:11:a8:66:fa:
         4a:14:aa:6f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYch7TuJpoEhX9Tw2trWv3HIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MDcxNjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQyMTA5MzUzMTE0ZTlmODEyYTFjZDcxZWIwOGVkNTE2YWU4MTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthiMYHGh2UIMo9Aj8cd1Gf7kNA/N
6rGpc4FvvSUmpks/kVm3vgncSbNe0dnsw9lq6v5erkhuKy1OwcoE6trF44gJ837u
lyKnmq6qLvkBdc8r6OF81Bmy2pgKlUNoOpi7VbbJtgKpLS4JbwmNH2IhWqt+cgbA
IJtJrUdA5pM5b6B++Iusj3mGwqt86GkYhjkv6GH9A97a+DwKUO/xIjo195vZ278z
avBamK9k2vlEZOuMmKQF/MxBsAeN+9D1YhR5Lp8rQfzqm1ewjcbpVytfcpei3nXD
zW6uoOzVkIgFAXBerA0DetxJ36xrK/+wn+SMguHgiBSXhNhZ5FfOoAE3TwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFH5CEJNTEU6fgSoc1x6wjtUWroEVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZmtJUWsxTVJUcC1CS2h6WEhyQ08xUmF1Z1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAPsWHAwQA
XXP/AwQAvNSfAwQAvNXKAwQBvNbQAwQA1ehdAwQA1ehfMA0GCSqGSIb3DQEBCwUA
A4IBAQA3m0fqynI/L+jkFH9ka3seNseKiAxtjRvvLti0sUT2FPoLs2exZbn+nRHG
muF3ZSlxz1cKuBPxULDeKNbFznYSNITonwaJ1Rnc3pp1NeoR0r+1TyLni9Uj87Gu
f9kV7KmMIu+nphHFcgi0keD1EvqckHul7FkiNWf4OMgkTubrwkNaoPMbfe8/NWwm
F9xfo0DmSfcvfayXZP5Oz9baFBC3HiBqUhz4oNoSv7VEwH4GkH6qKIYGEZEeau3g
j5uxpESYNwiu7zmTHd4Tl426BqvJQnl/bWGtwpnZ4AZYattdW9ATc7akREntslJm
nSG8QJp9ATPz/K+NBhGoZvpKFKpv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org