Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iNRUSL77P3bH3LI_sIFWcyO3wqc.roa
File:                     iNRUSL77P3bH3LI_sIFWcyO3wqc.roa (raw, json)
Hash identifier:          uZgQipntzcbnCHw8RLiMsHsgQJy+4O3oswGhw8MoNNo=
Subject key identifier:   88:D4:54:48:BE:FB:3F:76:C7:DC:B2:3F:B0:81:56:73:23:B7:C2:A7
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0187367ADDFFE4E3C1EC7A257FCAE2D9E97B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iNRUSL77P3bH3LI_sIFWcyO3wqc.roa
Signing time:             Fri 31 Mar 2023 07:03:54 +0000
ROA not before:           Fri 31 Mar 2023 07:03:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7979
IP address blocks:        178.239.195.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:36:7a:dd:ff:e4:e3:c1:ec:7a:25:7f:ca:e2:d9:e9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 31 07:03:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=88d45448befb3f76c7dcb23fb081567323b7c2a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:dd:12:87:53:7f:e7:62:c6:6a:a8:69:29:80:
                    38:57:11:a2:f8:05:e8:b5:57:1f:37:e1:fe:02:d7:
                    89:f7:de:64:1d:80:07:9d:1c:06:4b:c0:d1:35:f1:
                    b6:1c:c3:5d:7f:3e:10:d8:d8:00:92:d1:67:8c:b4:
                    50:c7:03:e9:cb:6a:a4:91:5a:e1:4c:f7:e1:3d:68:
                    78:37:e4:02:3e:23:5f:15:c4:a0:bc:34:f0:b4:21:
                    fc:68:63:ff:0c:48:b4:9a:98:10:4e:f2:17:7f:ce:
                    ae:f5:c4:3c:19:be:95:71:40:d2:3d:84:6d:40:5f:
                    53:1c:50:38:05:39:dd:c1:55:09:19:23:0c:ef:86:
                    24:7c:3f:ec:79:b8:b0:dc:e5:2c:9e:5f:3f:97:fe:
                    c0:e0:52:e9:d0:21:47:d9:0d:04:9a:44:6e:3a:26:
                    60:93:af:79:79:83:12:44:02:45:e8:7e:42:69:e9:
                    62:56:ea:4d:99:f7:ce:ee:b4:e7:21:75:1d:e3:31:
                    5b:30:52:e2:ad:9c:de:ab:e7:78:f4:80:e9:4b:be:
                    19:8c:62:a0:5b:f8:8a:22:b4:0b:d9:07:81:a8:bc:
                    02:06:27:c0:20:46:60:f2:49:55:b9:ee:28:34:c3:
                    cc:9f:5e:b2:8f:b4:5a:a5:5f:cf:94:9f:20:13:f5:
                    ec:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D4:54:48:BE:FB:3F:76:C7:DC:B2:3F:B0:81:56:73:23:B7:C2:A7
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iNRUSL77P3bH3LI_sIFWcyO3wqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:40:bc:e1:9b:42:22:e0:b2:4d:e9:1a:e4:03:fe:09:cd:76:
         93:17:d5:98:3f:6e:51:77:6b:b8:d5:18:db:94:7f:cf:b1:a4:
         99:8e:5a:92:5d:aa:19:fd:07:27:02:09:b7:7c:af:ec:6c:3a:
         85:ac:e2:2f:e7:fa:6d:e9:0a:a2:b1:9a:e6:61:09:00:52:94:
         ea:14:c6:5d:b2:dc:94:9a:b8:02:e4:19:c1:4f:fc:92:08:5a:
         01:68:0d:37:2e:51:89:f8:18:30:70:f7:f9:a4:07:3a:0e:cc:
         3c:64:46:4a:95:e7:31:68:6a:c5:2f:9d:82:b3:a5:49:4f:8e:
         db:55:62:a1:96:cf:02:8d:d3:79:55:82:f1:96:71:0f:f8:b8:
         ec:93:cf:81:32:2a:7e:ff:71:4a:3a:a0:16:11:96:26:dc:db:
         81:fd:4b:80:9d:80:2f:02:56:72:18:17:d2:b1:98:f4:af:cd:
         0d:9d:63:8d:b1:15:8b:3b:25:da:82:f5:82:80:87:74:3b:fe:
         ce:41:79:b4:80:0b:98:df:53:35:b3:18:ea:04:1f:e0:17:a3:
         b8:09:42:83:da:2f:c4:5e:ca:72:9a:26:56:6f:b0:71:e9:22:
         03:42:12:79:4d:7d:cf:3a:0e:4b:38:5d:b4:7d:69:27:76:c9:
         2f:31:e2:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYc2et3/5OPB7Holf8ri2el7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzMxMDcwMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQ0NTQ0OGJlZmIzZjc2YzdkY2IyM2ZiMDgxNTY3MzIzYjdjMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA490Sh1N/52LGaqhpKYA4VxGi+AXo
tVcfN+H+AteJ995kHYAHnRwGS8DRNfG2HMNdfz4Q2NgAktFnjLRQxwPpy2qkkVrh
TPfhPWh4N+QCPiNfFcSgvDTwtCH8aGP/DEi0mpgQTvIXf86u9cQ8Gb6VcUDSPYRt
QF9THFA4BTndwVUJGSMM74YkfD/sebiw3OUsnl8/l/7A4FLp0CFH2Q0EmkRuOiZg
k695eYMSRAJF6H5CaeliVupNmffO7rTnIXUd4zFbMFLirZzeq+d49IDpS74ZjGKg
W/iKIrQL2QeBqLwCBifAIEZg8klVue4oNMPMn16yj7RapV/PlJ8gE/XsqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjUVEi++z92x9yyP7CBVnMjt8KnMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaU5SVVNMNzdQM2JIM0xJX3NJRldjeU8zd3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu/DMA0G
CSqGSIb3DQEBCwUAA4IBAQBvQLzhm0Ii4LJN6RrkA/4JzXaTF9WYP25Rd2u41Rjb
lH/PsaSZjlqSXaoZ/QcnAgm3fK/sbDqFrOIv5/pt6QqisZrmYQkAUpTqFMZdstyU
mrgC5BnBT/ySCFoBaA03LlGJ+BgwcPf5pAc6Dsw8ZEZKlecxaGrFL52Cs6VJT47b
VWKhls8CjdN5VYLxlnEP+Ljsk8+BMip+/3FKOqAWEZYm3NuB/UuAnYAvAlZyGBfS
sZj0r80NnWONsRWLOyXagvWCgId0O/7OQXm0gAuY31M1sxjqBB/gF6O4CUKD2i/E
XspymiZWb7Bx6SIDQhJ5TX3POg5LOF20fWkndskvMeIq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org