Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pvcP2_JHHNNIevuR9j_pBbeQtU8.roa
File:                     pvcP2_JHHNNIevuR9j_pBbeQtU8.roa (raw, json)
Hash identifier:          9LBozgU3YvZTuYqpdiuCX6GffPxDGz6MBhItKWoUBiQ=
Subject key identifier:   A6:F7:0F:DB:F2:47:1C:D3:48:7A:FB:91:F6:3F:E9:05:B7:90:B5:4F
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0185F492536FF84D3C8F4855D8818CAD148B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pvcP2_JHHNNIevuR9j_pBbeQtU8.roa
Signing time:             Fri 27 Jan 2023 18:51:48 +0000
ROA not before:           Fri 27 Jan 2023 18:51:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     272148
IP address blocks:        185.115.146.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:f4:92:53:6f:f8:4d:3c:8f:48:55:d8:81:8c:ad:14:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan 27 18:51:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6f70fdbf2471cd3487afb91f63fe905b790b54f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ec:01:6b:3b:8a:0e:49:f1:94:99:11:41:14:
                    84:8e:a6:82:16:18:71:a8:03:8e:8f:ea:02:fe:7e:
                    fe:5d:39:21:06:e7:97:bc:72:da:48:0f:e4:6c:2c:
                    60:9e:4d:ba:9d:4f:40:58:17:47:c5:7b:32:cf:3d:
                    81:f7:91:3d:7a:56:0b:ee:53:ef:bc:af:c9:7e:48:
                    ad:ee:23:41:e4:0f:99:41:8f:e6:09:ce:5c:86:19:
                    ad:dc:f3:a4:40:5e:58:e6:2f:78:82:05:1b:2d:4a:
                    62:f3:4b:02:9b:3e:4d:5d:33:64:02:d0:75:73:10:
                    f8:6f:da:30:e9:19:81:5d:6e:f0:56:46:0a:da:6b:
                    51:70:63:2b:e8:23:3a:51:2a:78:6f:1e:bc:16:63:
                    68:1e:df:86:01:2b:c6:01:a9:c3:a6:19:80:45:16:
                    9c:24:2d:07:87:e4:3b:bf:b9:de:68:b8:f6:b1:82:
                    8b:f1:32:5d:76:e9:dc:31:4e:f5:8e:3b:1c:c9:a6:
                    ac:ad:a8:2d:5b:0a:80:16:e4:79:3a:2a:45:8e:2e:
                    60:63:13:18:b2:7b:aa:a5:7b:11:b4:f4:85:d5:5d:
                    d1:23:ce:97:77:9c:49:45:7d:6e:da:ea:f1:18:f8:
                    6b:d4:4c:69:ea:78:49:a3:c9:77:81:9c:83:dd:f4:
                    42:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F7:0F:DB:F2:47:1C:D3:48:7A:FB:91:F6:3F:E9:05:B7:90:B5:4F
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pvcP2_JHHNNIevuR9j_pBbeQtU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:b8:39:00:72:2f:8b:a3:e0:53:c1:9c:3a:fd:13:f3:06:49:
         8b:43:d9:6a:2a:d4:56:fa:04:cd:5d:dd:88:37:dd:ca:4e:56:
         78:02:8b:93:91:37:26:47:5a:8f:3c:61:19:0e:30:4b:ea:f1:
         b4:16:99:30:42:e4:87:e7:cb:af:8e:77:45:83:ff:21:4b:23:
         0a:80:bf:03:a8:b7:d3:f3:ce:88:6d:1b:85:7d:8e:ab:8f:9f:
         25:2c:1b:cd:49:9d:be:ef:f8:04:01:82:ed:80:ae:bd:41:20:
         08:20:d1:a0:4b:32:b7:58:24:15:0c:05:47:b9:dd:01:eb:81:
         10:82:cd:1f:2e:2a:db:34:37:d7:ec:2b:6c:d5:56:e1:5a:81:
         e8:61:61:06:e8:5d:eb:7d:18:6f:cb:73:b9:93:69:93:79:43:
         bc:26:7f:88:d5:2e:ab:f9:2e:0a:1b:ec:66:d4:7c:9a:93:b7:
         b7:0a:b1:09:b1:43:15:be:0a:02:14:3b:ac:55:9a:a1:d7:0e:
         80:c4:14:36:2d:80:53:6e:a1:59:d8:f4:d9:3a:9b:e6:d0:67:
         fd:3b:8b:b8:23:b7:ce:30:7e:69:1b:b1:67:60:d3:fc:fe:05:
         78:49:9f:ca:20:96:75:f5:d2:71:1a:30:be:8f:e8:96:6c:43:
         1c:37:0b:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYX0klNv+E08j0hV2IGMrRSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTI3MTg1MTQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmY3MGZkYmYyNDcxY2QzNDg3YWZiOTFmNjNmZTkwNWI3OTBiNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+wBazuKDknxlJkRQRSEjqaCFhhx
qAOOj+oC/n7+XTkhBueXvHLaSA/kbCxgnk26nU9AWBdHxXsyzz2B95E9elYL7lPv
vK/Jfkit7iNB5A+ZQY/mCc5chhmt3POkQF5Y5i94ggUbLUpi80sCmz5NXTNkAtB1
cxD4b9ow6RmBXW7wVkYK2mtRcGMr6CM6USp4bx68FmNoHt+GASvGAanDphmARRac
JC0Hh+Q7v7neaLj2sYKL8TJdduncMU71jjscyaasragtWwqAFuR5OipFji5gYxMY
snuqpXsRtPSF1V3RI86Xd5xJRX1u2urxGPhr1Exp6nhJo8l3gZyD3fRC5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKb3D9vyRxzTSHr7kfY/6QW3kLVPMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcHZjUDJfSkhITk5JZXZ1UjlqX3BCYmVRdFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOSMA0G
CSqGSIb3DQEBCwUAA4IBAQBmuDkAci+Lo+BTwZw6/RPzBkmLQ9lqKtRW+gTNXd2I
N93KTlZ4AouTkTcmR1qPPGEZDjBL6vG0FpkwQuSH58uvjndFg/8hSyMKgL8DqLfT
886IbRuFfY6rj58lLBvNSZ2+7/gEAYLtgK69QSAIINGgSzK3WCQVDAVHud0B64EQ
gs0fLirbNDfX7Cts1VbhWoHoYWEG6F3rfRhvy3O5k2mTeUO8Jn+I1S6r+S4KG+xm
1Hyak7e3CrEJsUMVvgoCFDusVZqh1w6AxBQ2LYBTbqFZ2PTZOpvm0Gf9O4u4I7fO
MH5pG7FnYNP8/gV4SZ/KIJZ19dJxGjC+j+iWbEMcNwvz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org