Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/m1gkh6OwPZ7lGz2BdIsMVAfVrag.roa
File:                     m1gkh6OwPZ7lGz2BdIsMVAfVrag.roa (raw, json)
Hash identifier:          5rCv+OQyI9z+zQPPSCKKyLoBNOmK49Tw/vzdEcq+kHo=
Subject key identifier:   9B:58:24:87:A3:B0:3D:9E:E5:1B:3D:81:74:8B:0C:54:07:D5:AD:A8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186ABE29E4F351077A7FD47D7D7A9A7C17D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/m1gkh6OwPZ7lGz2BdIsMVAfVrag.roa
Signing time:             Sat 04 Mar 2023 09:10:00 +0000
ROA not before:           Sat 04 Mar 2023 09:10:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204843
IP address blocks:        185.229.106.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ab:e2:9e:4f:35:10:77:a7:fd:47:d7:d7:a9:a7:c1:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  4 09:10:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9b582487a3b03d9ee51b3d81748b0c5407d5ada8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:38:7f:ce:46:ab:aa:27:4c:8f:09:26:90:23:
                    f3:82:4e:4b:90:bc:55:79:9a:85:46:ac:d1:29:d4:
                    fd:11:4d:47:09:aa:a5:68:0c:3f:99:5b:2e:76:20:
                    24:22:ed:cf:a5:e3:48:db:82:b1:d7:af:30:fe:3d:
                    6c:09:65:e3:69:ac:2f:48:1d:2e:de:c7:85:88:23:
                    48:8c:e1:17:93:ba:a0:cb:73:e4:b5:32:cd:33:38:
                    65:3c:51:8d:36:5c:15:5a:5f:58:73:0d:c2:25:d2:
                    a4:a0:87:96:44:dd:c3:3b:e8:2f:75:0f:37:fd:bc:
                    56:87:93:0d:27:f4:79:c2:66:a6:e3:3e:54:10:f7:
                    c0:5b:a5:cf:61:51:61:14:10:9e:2d:0a:6b:f4:a8:
                    d7:3b:72:a2:c2:df:f6:d1:b2:20:43:3d:ad:42:48:
                    75:6d:02:3a:a3:bb:a8:26:7f:62:75:21:fe:ec:65:
                    1c:64:0d:84:ab:85:7f:f8:7f:2c:6f:20:f3:a3:39:
                    5d:0e:23:fb:0f:69:99:a8:94:49:54:1d:f8:2e:08:
                    e4:ac:e9:16:82:83:3d:d4:26:38:6c:1e:bd:90:d9:
                    a9:43:60:d3:a3:43:81:a7:15:78:cf:91:44:42:fa:
                    39:09:a5:a7:7c:80:d5:b1:c0:a8:23:a2:c2:9b:56:
                    16:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:58:24:87:A3:B0:3D:9E:E5:1B:3D:81:74:8B:0C:54:07:D5:AD:A8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/m1gkh6OwPZ7lGz2BdIsMVAfVrag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.154.0/24
                  185.229.106.0/24
                  185.245.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:0d:c1:38:41:2a:46:a3:f7:a4:d9:40:71:90:d6:d4:af:d4:
         3a:76:69:75:d1:97:53:6e:34:c8:b6:48:12:40:1b:dd:a8:8e:
         c9:8d:8d:46:48:04:ff:9d:5b:86:d4:b9:de:45:69:e7:a0:e2:
         b1:9c:93:1a:b0:f6:0f:97:6b:d5:df:5b:f1:49:38:01:e3:31:
         95:86:d9:38:6c:fc:97:c4:c9:7b:19:6e:7f:ad:bb:a7:39:72:
         3b:68:56:07:59:5c:b2:83:45:f6:28:2f:f8:83:b7:e1:0e:3d:
         ad:51:0e:92:fd:25:f9:9b:77:84:a7:af:e2:49:51:9e:f2:24:
         1c:bd:7f:dc:87:15:39:46:53:6c:da:92:84:dd:bc:cb:23:42:
         b7:f8:b6:3e:c1:ed:9c:53:93:2f:97:5a:fa:bd:22:56:7d:7d:
         52:38:e8:05:7d:42:75:44:89:12:1e:dc:72:ae:7b:c2:84:fa:
         2a:99:24:e8:9a:92:db:ce:f1:7e:c7:a9:b3:5f:27:99:7f:eb:
         14:33:8b:e3:da:34:d6:a4:e8:9d:4a:67:89:d3:67:4b:43:13:
         43:1e:18:c3:3a:75:6f:46:b2:10:7b:94:d3:18:b9:ee:60:2b:
         e4:24:cb:7a:45:c1:c7:f3:85:e9:a7:66:d3:b7:cc:66:83:80:
         28:8c:da:46
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYar4p5PNRB3p/1H19epp8F9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA0MDkxMDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjU4MjQ4N2EzYjAzZDllZTUxYjNkODE3NDhiMGM1NDA3ZDVhZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTh/zkarqidMjwkmkCPzgk5LkLxV
eZqFRqzRKdT9EU1HCaqlaAw/mVsudiAkIu3PpeNI24Kx168w/j1sCWXjaawvSB0u
3seFiCNIjOEXk7qgy3PktTLNMzhlPFGNNlwVWl9Ycw3CJdKkoIeWRN3DO+gvdQ83
/bxWh5MNJ/R5wmam4z5UEPfAW6XPYVFhFBCeLQpr9KjXO3Kiwt/20bIgQz2tQkh1
bQI6o7uoJn9idSH+7GUcZA2Eq4V/+H8sbyDzozldDiP7D2mZqJRJVB34LgjkrOkW
goM91CY4bB69kNmpQ2DTo0OBpxV4z5FEQvo5CaWnfIDVscCoI6LCm1YW3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJtYJIejsD2e5Rs9gXSLDFQH1a2oMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbTFna2g2T3dQWjdsR3oyQmRJc01WQWZWcmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZ+aAwQA
ueVqAwQAufXtMA0GCSqGSIb3DQEBCwUAA4IBAQArDcE4QSpGo/ek2UBxkNbUr9Q6
dml10ZdTbjTItkgSQBvdqI7JjY1GSAT/nVuG1LneRWnnoOKxnJMasPYPl2vV31vx
STgB4zGVhtk4bPyXxMl7GW5/rbunOXI7aFYHWVyyg0X2KC/4g7fhDj2tUQ6S/SX5
m3eEp6/iSVGe8iQcvX/chxU5RlNs2pKE3bzLI0K3+LY+we2cU5Mvl1r6vSJWfX1S
OOgFfUJ1RIkSHtxyrnvChPoqmSTompLbzvF+x6mzXyeZf+sUM4vj2jTWpOidSmeJ
02dLQxNDHhjDOnVvRrIQe5TTGLnuYCvkJMt6RcHH84Xpp2bTt8xmg4AojNpG
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org