Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/o8D1UOT97kAWx_LxNZ7uus8K7eo.roa
File:                     o8D1UOT97kAWx_LxNZ7uus8K7eo.roa (raw, json)
Hash identifier:          D3Sy6bwPvFdk3KYonCy1qiFIDg/GN+dO1N5o0usUdO0=
Subject key identifier:   A3:C0:F5:50:E4:FD:EE:40:16:C7:F2:F1:35:9E:EE:BA:CF:0A:ED:EA
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018682A41822C1EC8CB37EEF8BC04F9DAD06
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/o8D1UOT97kAWx_LxNZ7uus8K7eo.roa
Signing time:             Fri 24 Feb 2023 08:57:17 +0000
ROA not before:           Fri 24 Feb 2023 08:57:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        178.239.202.0/24 maxlen: 24
                          77.75.60.0/24 maxlen: 24
                          194.4.157.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24
                          62.197.133.0/24 maxlen: 24
                          89.38.101.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:82:a4:18:22:c1:ec:8c:b3:7e:ef:8b:c0:4f:9d:ad:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 24 08:57:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3c0f550e4fdee4016c7f2f1359eeebacf0aedea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:52:ba:03:5c:8b:e2:bd:a5:3e:e4:53:99:4d:
                    f4:0a:6e:42:4e:a6:f9:bc:f7:2d:a6:8d:cf:bf:d7:
                    d0:6b:89:59:67:1b:ca:ad:5e:61:87:2d:ad:ef:00:
                    61:92:7d:a4:a0:da:9e:5c:ad:9a:a3:8d:87:7f:98:
                    18:74:a3:80:a9:ce:43:57:e6:6e:31:a2:7f:f3:d2:
                    f4:05:d6:2c:7f:85:ce:86:e1:3f:ba:10:f0:9f:4b:
                    a7:6c:3d:bb:ba:a7:16:63:b8:90:aa:25:1c:92:83:
                    35:18:96:c9:27:3b:f2:a4:0a:db:a5:69:ee:15:4c:
                    2d:ac:17:37:a7:f6:71:a0:44:75:31:20:6c:96:e5:
                    65:6c:1a:78:4d:30:15:6b:3d:bf:af:94:fc:0c:58:
                    46:6b:4f:9e:fc:80:21:6c:ed:8d:3d:d9:2e:6c:20:
                    47:b6:e7:24:4a:ab:d6:8d:fb:70:95:85:18:7c:04:
                    2c:55:1a:1a:93:36:3e:7c:1c:da:a6:66:ec:20:aa:
                    ce:aa:4f:18:3e:11:79:cd:0b:67:27:56:75:2b:30:
                    26:59:60:01:4e:7f:9c:2d:b8:dd:c4:3a:46:d8:2c:
                    c8:84:dc:66:3e:e2:61:2c:a3:f7:69:07:8e:63:85:
                    6f:7e:38:d1:06:45:08:54:ba:7c:1e:e4:b2:d4:bc:
                    8a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C0:F5:50:E4:FD:EE:40:16:C7:F2:F1:35:9E:EE:BA:CF:0A:ED:EA
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/o8D1UOT97kAWx_LxNZ7uus8K7eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.197.133.0/24
                  77.75.60.0/24
                  89.38.101.0/24
                  89.43.208.0/24
                  178.239.202.0/24
                  194.4.157.0/24
                  203.0.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:c4:76:ec:69:1b:a4:60:d7:66:fe:ac:62:2f:6c:b2:b1:b6:
         d5:93:9b:fc:fb:b9:f6:93:1b:43:86:59:4e:96:e9:85:fb:63:
         99:4e:07:c4:a2:6b:23:28:c4:d2:2f:80:5b:f6:1a:5d:02:41:
         39:c7:0c:36:5d:f0:64:85:64:42:3e:53:9a:a0:b0:48:a2:af:
         75:5e:41:c9:f7:71:c7:39:ee:e4:4e:37:9f:b0:7d:e7:77:7a:
         9b:03:2c:b1:ee:2f:42:43:75:18:b4:89:ee:00:08:c4:8c:a3:
         ce:dd:d8:e7:00:73:b1:4f:ec:e2:be:f7:07:9f:cc:ed:f7:25:
         4f:98:73:7b:a2:83:a8:38:fa:83:bb:76:dd:85:2e:87:8b:a0:
         7d:ee:33:41:76:a6:1f:fd:a6:30:41:e1:91:fc:2e:ad:59:8c:
         66:99:86:f3:8f:5e:16:53:8a:a7:c1:de:aa:e3:d1:84:8a:46:
         1c:31:04:95:98:48:8f:89:fb:05:5c:35:66:d2:0a:6a:f5:02:
         a0:18:98:e0:50:4d:6c:2c:21:78:9b:aa:6b:0b:63:a7:6e:e2:
         a0:45:13:1c:4c:84:be:28:ff:d8:29:fb:04:e7:50:ab:4d:66:
         e9:a0:db:ea:f3:d7:4f:3d:6a:13:02:ce:3b:4f:62:a0:ee:02:
         5a:57:44:d6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYaCpBgiweyMs37vi8BPna0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjI0MDg1NzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2MwZjU1MGU0ZmRlZTQwMTZjN2YyZjEzNTllZWViYWNmMGFlZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFK6A1yL4r2lPuRTmU30Cm5CTqb5
vPctpo3Pv9fQa4lZZxvKrV5hhy2t7wBhkn2koNqeXK2ao42Hf5gYdKOAqc5DV+Zu
MaJ/89L0BdYsf4XOhuE/uhDwn0unbD27uqcWY7iQqiUckoM1GJbJJzvypArbpWnu
FUwtrBc3p/ZxoER1MSBsluVlbBp4TTAVaz2/r5T8DFhGa0+e/IAhbO2NPdkubCBH
tuckSqvWjftwlYUYfAQsVRoakzY+fBzapmbsIKrOqk8YPhF5zQtnJ1Z1KzAmWWAB
Tn+cLbjdxDpG2CzIhNxmPuJhLKP3aQeOY4VvfjjRBkUIVLp8HuSy1LyKvQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKPA9VDk/e5AFsfy8TWe7rrPCu3qMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbzhEMVVPVDk3a0FXeF9MeE5aN3V1czhLN2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAPsWFAwQA
TUs8AwQAWSZlAwQAWSvQAwQAsu/KAwQAwgSdAwQAywAIMA0GCSqGSIb3DQEBCwUA
A4IBAQAXxHbsaRukYNdm/qxiL2yysbbVk5v8+7n2kxtDhllOlumF+2OZTgfEomsj
KMTSL4Bb9hpdAkE5xww2XfBkhWRCPlOaoLBIoq91XkHJ93HHOe7kTjefsH3nd3qb
Ayyx7i9CQ3UYtInuAAjEjKPO3djnAHOxT+zivvcHn8zt9yVPmHN7ooOoOPqDu3bd
hS6Hi6B97jNBdqYf/aYwQeGR/C6tWYxmmYbzj14WU4qnwd6q49GEikYcMQSVmEiP
ifsFXDVm0gpq9QKgGJjgUE1sLCF4m6prC2OnbuKgRRMcTIS+KP/YKfsE51CrTWbp
oNvq89dPPWoTAs47T2Kg7gJaV0TW
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org