Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qc6vlhuUU6zV8ZA4BURotH4G2TQ.roa
File:                     qc6vlhuUU6zV8ZA4BURotH4G2TQ.roa (raw, json)
Hash identifier:          sHBZCfLIX/SrFfnAWfZ8PrZEkSJyYSKHEyR92ucM388=
Subject key identifier:   A9:CE:AF:96:1B:94:53:AC:D5:F1:90:38:05:44:68:B4:7E:06:D9:34
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01882D351A41FD2ED4A0D231FC519B9F3CCA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qc6vlhuUU6zV8ZA4BURotH4G2TQ.roa
Signing time:             Thu 18 May 2023 04:53:54 +0000
ROA not before:           Thu 18 May 2023 04:53:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208068
IP address blocks:        62.197.134.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2d:35:1a:41:fd:2e:d4:a0:d2:31:fc:51:9b:9f:3c:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May 18 04:53:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a9ceaf961b9453acd5f19038054468b47e06d934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:30:6a:8d:5f:2b:3a:a4:0f:d2:91:b5:71:9f:
                    12:58:dd:bc:35:fa:9a:e9:22:61:c8:dc:6c:41:ae:
                    95:a1:0c:a5:09:6a:f7:39:30:63:e1:39:e5:fd:d2:
                    af:bc:73:bf:a9:e0:3d:a0:dc:f8:30:09:2b:6a:99:
                    63:d6:f6:c8:00:52:43:34:35:da:4d:54:69:06:65:
                    1f:68:48:a6:2c:7e:dc:87:0c:6a:61:67:6e:4e:41:
                    9e:30:65:5c:8a:43:d2:b6:57:26:82:f1:26:8f:06:
                    bf:84:63:36:76:30:35:8d:7d:ac:1a:f5:9e:c2:65:
                    c9:b6:47:be:a3:a8:7b:c5:20:d6:56:6a:6b:94:13:
                    f0:4b:c8:32:ce:7a:ca:a9:df:24:29:7b:4f:bc:7a:
                    e8:f0:d9:7b:d1:f9:ed:77:3e:ea:a5:83:1c:85:dd:
                    54:4f:e6:70:8e:85:75:8a:cd:04:fb:36:d9:29:52:
                    05:a1:fd:cb:70:45:a0:0d:06:07:ef:4e:a9:c7:13:
                    d4:49:b5:fe:b9:3d:61:6f:a3:c7:82:b4:9f:d9:05:
                    d7:04:03:3a:b0:3e:66:9a:0f:aa:4c:8c:08:37:cf:
                    af:18:1d:e8:7f:d9:8a:5c:22:ba:f8:cd:de:fd:fb:
                    a1:c5:4c:ca:4e:9b:9a:0b:04:4c:49:61:f8:62:2b:
                    aa:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:CE:AF:96:1B:94:53:AC:D5:F1:90:38:05:44:68:B4:7E:06:D9:34
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qc6vlhuUU6zV8ZA4BURotH4G2TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.197.134.0/24
                  185.103.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:06:20:e9:ab:0f:c1:d6:a4:e4:8a:a0:8c:67:8a:e8:54:fd:
         75:9d:c2:9d:2e:0d:e4:9c:fc:e4:f0:94:30:51:17:0d:5a:5a:
         6d:2d:35:6e:29:56:e1:30:51:69:b5:b6:f7:9d:ac:9c:1a:3c:
         29:41:11:1d:1a:a7:09:8a:e0:26:2c:8b:c4:c3:78:a3:2a:7b:
         f3:b9:2a:6e:7e:b2:ee:e9:d9:1f:7a:53:fb:25:ef:96:2c:2f:
         71:b3:6f:36:53:30:b8:ac:08:84:56:2c:60:7e:89:bc:17:f9:
         22:a7:09:5b:42:96:46:71:9e:23:d4:d9:92:c9:5f:5b:18:7f:
         c4:e5:d7:65:65:92:df:ae:a6:de:91:eb:05:7d:81:f9:da:18:
         27:ee:72:c6:0b:43:ad:e1:ee:7b:1c:eb:f1:3e:98:18:66:33:
         02:3c:f0:77:84:11:be:6f:04:b1:ca:5f:ab:b5:32:02:2a:a2:
         49:96:a1:09:03:4f:83:4c:43:19:c6:90:ff:bb:09:19:96:62:
         0c:37:dc:ee:75:6c:c3:a1:cf:e7:9e:23:07:26:f0:5f:34:cd:
         29:9e:d2:77:fc:c6:a9:c5:e6:dc:4d:d5:69:cb:fc:f8:9d:da:
         bf:4b:c6:7a:9c:7a:78:d3:d4:a9:42:2a:da:6c:f1:59:7a:72:
         c0:38:d6:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYgtNRpB/S7UoNIx/FGbnzzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE4MDQ1MzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWNlYWY5NjFiOTQ1M2FjZDVmMTkwMzgwNTQ0NjhiNDdlMDZkOTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTBqjV8rOqQP0pG1cZ8SWN28Nfqa
6SJhyNxsQa6VoQylCWr3OTBj4Tnl/dKvvHO/qeA9oNz4MAkraplj1vbIAFJDNDXa
TVRpBmUfaEimLH7chwxqYWduTkGeMGVcikPStlcmgvEmjwa/hGM2djA1jX2sGvWe
wmXJtke+o6h7xSDWVmprlBPwS8gyznrKqd8kKXtPvHro8Nl70fntdz7qpYMchd1U
T+ZwjoV1is0E+zbZKVIFof3LcEWgDQYH706pxxPUSbX+uT1hb6PHgrSf2QXXBAM6
sD5mmg+qTIwIN8+vGB3of9mKXCK6+M3e/fuhxUzKTpuaCwRMSWH4YiuqdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKnOr5YblFOs1fGQOAVEaLR+Btk0MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcWM2dmxodVVVNnpWOFpBNEJVUm90SDRHMlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPsWGAwQA
uWdIMA0GCSqGSIb3DQEBCwUAA4IBAQBfBiDpqw/B1qTkiqCMZ4roVP11ncKdLg3k
nPzk8JQwURcNWlptLTVuKVbhMFFptbb3naycGjwpQREdGqcJiuAmLIvEw3ijKnvz
uSpufrLu6dkfelP7Je+WLC9xs282UzC4rAiEVixgfom8F/kipwlbQpZGcZ4j1NmS
yV9bGH/E5ddlZZLfrqbekesFfYH52hgn7nLGC0Ot4e57HOvxPpgYZjMCPPB3hBG+
bwSxyl+rtTICKqJJlqEJA0+DTEMZxpD/uwkZlmIMN9zudWzDoc/nniMHJvBfNM0p
ntJ3/MapxebcTdVpy/z4ndq/S8Z6nHp409SpQirabPFZenLAONYv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org