Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qOA1c03kXYDifmbuFcmKWj72EWo.roa
File:                     qOA1c03kXYDifmbuFcmKWj72EWo.roa (raw, json)
Hash identifier:          pCYRke0qrod9SgHW9phYOZgmj7/H/2dCrr4osEB80PQ=
Subject key identifier:   A8:E0:35:73:4D:E4:5D:80:E2:7E:66:EE:15:C9:8A:5A:3E:F6:11:6A
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01882EF8731F926D0ABCA912A4C05B2E1B60
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qOA1c03kXYDifmbuFcmKWj72EWo.roa
Signing time:             Thu 18 May 2023 13:06:54 +0000
ROA not before:           Thu 18 May 2023 13:06:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          188.240.230.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          185.241.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          188.213.203.0/24 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2e:f8:73:1f:92:6d:0a:bc:a9:12:a4:c0:5b:2e:1b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May 18 13:06:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8e035734de45d80e27e66ee15c98a5a3ef6116a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:73:0d:96:d2:f9:bf:6d:a0:b0:32:63:cf:2b:
                    bb:55:04:e5:37:6b:a9:1b:f7:1a:43:b6:b0:85:ac:
                    5e:1f:86:8d:1a:80:02:4b:7e:2d:7c:33:d6:9b:e9:
                    ba:ec:f1:39:44:70:33:35:ad:d8:eb:31:44:f1:85:
                    61:d7:c0:e1:c8:6e:d6:b8:01:44:ed:53:c4:9e:b8:
                    47:81:f6:e5:5f:38:12:6d:d2:91:af:3f:7f:0b:b5:
                    68:18:a2:bf:07:8e:c9:6b:e1:3b:72:d5:0d:ac:e7:
                    a7:27:7d:68:e9:e6:d1:08:e4:d5:fc:3f:35:bc:f6:
                    49:07:9f:9c:7b:53:2f:41:6a:d6:1a:90:54:11:e5:
                    b4:17:85:53:9d:ab:8e:60:a1:50:82:0c:a2:9b:2b:
                    7c:bb:e9:26:0a:38:24:e7:7c:59:69:1f:f4:ab:d4:
                    71:d5:bc:f3:c9:56:47:b3:b4:45:74:35:52:2d:1d:
                    78:32:e9:71:9f:1e:ef:a7:af:34:cd:f9:ed:37:44:
                    80:80:37:17:0b:25:19:cd:bb:32:1b:43:0d:0e:44:
                    5d:d8:39:05:c0:59:6a:c4:0e:01:56:11:8d:5f:f7:
                    58:31:bb:94:ec:6e:56:c3:11:19:1d:72:02:ca:f6:
                    e4:34:5e:46:62:7a:af:4d:b3:0d:bb:06:4e:68:ef:
                    e0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E0:35:73:4D:E4:5D:80:E2:7E:66:EE:15:C9:8A:5A:3E:F6:11:6A
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qOA1c03kXYDifmbuFcmKWj72EWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.157.0/24
                  87.247.148.0/24
                  89.37.63.0/24
                  91.188.204.0/24
                  93.115.254.0/23
                  185.103.72.0/24
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.209.0-185.241.211.255
                  185.255.169.0-185.255.170.255
                  188.212.132.0/23
                  188.212.158.0/24
                  188.213.203.0/24
                  188.240.230.0/24
                  188.240.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:d8:d7:e3:30:bd:04:61:2d:e8:40:1e:69:40:c8:01:2f:a9:
         1f:b9:f2:f7:df:5e:53:c6:2b:84:79:d9:20:e1:98:6b:cb:1c:
         a6:8d:cc:11:1e:01:cf:c6:47:55:46:de:4b:a1:d0:b6:e5:14:
         14:21:ff:01:d7:31:96:7c:17:0d:a3:99:07:cd:38:c3:25:89:
         da:e0:0c:d2:46:34:f8:76:1f:1e:bf:cd:b0:90:c6:05:83:c4:
         82:74:e6:22:ea:2b:db:71:68:bb:09:61:4d:06:51:79:f1:4f:
         7c:64:d0:91:cd:c7:f6:ff:53:b0:4f:fb:fe:8c:ed:b8:96:06:
         e7:6b:25:e8:f0:d2:32:00:88:54:cc:55:a5:ae:e3:ff:15:a7:
         cb:94:2e:ce:dc:20:0d:be:8f:bb:f6:91:87:7c:f8:3e:a1:4c:
         68:48:5f:c3:12:19:64:9a:4d:cb:6f:7f:9f:39:c4:9f:34:8a:
         6b:de:b1:20:df:5c:f2:37:cd:8f:56:d7:a0:4a:d2:ed:6e:06:
         52:38:d9:d3:8e:f9:bb:55:94:b3:bb:3c:bf:dd:a4:85:4d:36:
         d5:b5:d1:be:30:e2:1c:93:96:6e:b3:57:68:58:79:09:1b:0f:
         a4:85:91:dd:80:2c:06:31:4e:b5:b1:11:db:83:7b:8d:5e:e4:
         06:84:90:70
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYgu+HMfkm0KvKkSpMBbLhtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE4MTMwNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGUwMzU3MzRkZTQ1ZDgwZTI3ZTY2ZWUxNWM5OGE1YTNlZjYxMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnMNltL5v22gsDJjzyu7VQTlN2up
G/caQ7awhaxeH4aNGoACS34tfDPWm+m67PE5RHAzNa3Y6zFE8YVh18DhyG7WuAFE
7VPEnrhHgfblXzgSbdKRrz9/C7VoGKK/B47Ja+E7ctUNrOenJ31o6ebRCOTV/D81
vPZJB5+ce1MvQWrWGpBUEeW0F4VTnauOYKFQggyimyt8u+kmCjgk53xZaR/0q9Rx
1bzzyVZHs7RFdDVSLR14Mulxnx7vp680zfntN0SAgDcXCyUZzbsyG0MNDkRd2DkF
wFlqxA4BVhGNX/dYMbuU7G5WwxEZHXICyvbkNF5GYnqvTbMNuwZOaO/gXwIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFKjgNXNN5F2A4n5m7hXJilo+9hFqMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcU9BMWMwM2tYWURpZm1idUZjbUtXajcyRVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAC2cnQME
AFf3lAMEAFklPwMEAFu8zAMEAV1z/gMEALlnSAMEALmHjwMEALnuCjAMAwQAufHR
AwQCufHQMAwDBAC5/6kDBAC5/6oDBAG81IQDBAC81J4DBAC81csDBAC88OYDBAC8
8OgwDQYJKoZIhvcNAQELBQADggEBAA3Y1+MwvQRhLehAHmlAyAEvqR+58vffXlPG
K4R52SDhmGvLHKaNzBEeAc/GR1VG3kuh0LblFBQh/wHXMZZ8Fw2jmQfNOMMlidrg
DNJGNPh2Hx6/zbCQxgWDxIJ05iLqK9txaLsJYU0GUXnxT3xk0JHNx/b/U7BP+/6M
7biWBudrJejw0jIAiFTMVaWu4/8Vp8uULs7cIA2+j7v2kYd8+D6hTGhIX8MSGWSa
Tctvf585xJ80imvesSDfXPI3zY9W16BK0u1uBlI42dOO+btVlLO7PL/dpIVNNtW1
0b4w4hyTlm6zV2hYeQkbD6SFkd2ALAYxTrWxEduDe41e5AaEkHA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org