Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/twMOzDX6VVJ-K3_pRPrKvaaoklc.roa
File:                     twMOzDX6VVJ-K3_pRPrKvaaoklc.roa (raw, json)
Hash identifier:          8ddE+wBAxmgucgjcqZhFPF8j6a9VxgIB0733AeWnxAM=
Subject key identifier:   B7:03:0E:CC:35:FA:55:52:7E:2B:7F:E9:44:FA:CA:BD:A6:A8:92:57
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0187572C6FD1A33A851887CFFD00B3E0A966
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/twMOzDX6VVJ-K3_pRPrKvaaoklc.roa
Signing time:             Thu 06 Apr 2023 15:25:42 +0000
ROA not before:           Thu 06 Apr 2023 15:25:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        213.32.249.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:57:2c:6f:d1:a3:3a:85:18:87:cf:fd:00:b3:e0:a9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  6 15:25:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b7030ecc35fa55527e2b7fe944facabda6a89257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d2:8b:4a:27:2a:a4:f3:a3:79:a6:42:bf:9c:
                    ca:3a:e0:32:aa:d2:67:15:b2:d0:d0:ec:ed:01:21:
                    f6:f8:e5:8a:ff:bc:5c:dd:5e:61:2e:60:f6:66:e5:
                    bd:2b:b9:43:99:d9:88:38:90:86:6a:7c:3b:4d:c1:
                    78:ac:84:a1:be:e1:b3:6d:62:b3:a5:8d:fc:99:bd:
                    d6:f8:42:97:06:c5:b4:3d:92:c1:ac:d9:da:e5:31:
                    62:37:58:3c:cd:8b:88:d0:a9:9d:b4:f9:ed:b9:47:
                    a1:82:25:47:46:96:f6:86:d1:22:6c:d1:77:68:93:
                    72:ef:ee:fc:4c:99:05:b7:4b:91:9a:f6:0d:6e:2a:
                    c6:76:80:12:4e:b5:b4:da:83:50:21:63:f8:9c:40:
                    b5:db:6a:f0:95:29:a6:be:71:2b:38:13:d6:20:e5:
                    c2:ad:d6:66:e3:ae:70:be:83:c9:5f:8d:ad:ac:01:
                    09:e5:99:97:6b:5e:40:58:2f:f4:39:88:fb:5a:08:
                    34:6d:7f:dd:47:b2:8b:4f:56:c3:3d:20:ba:cb:ba:
                    1e:e0:8e:bb:8c:d9:df:46:17:38:4a:07:32:0b:ff:
                    fb:cf:16:32:1d:cf:64:d9:21:d6:3f:de:86:d6:7b:
                    b9:38:03:40:98:0f:56:62:cb:45:a6:f8:67:26:b7:
                    89:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:03:0E:CC:35:FA:55:52:7E:2B:7F:E9:44:FA:CA:BD:A6:A8:92:57
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/twMOzDX6VVJ-K3_pRPrKvaaoklc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.32.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:45:19:48:e5:64:8f:14:9a:67:f9:b0:67:33:f5:6a:78:fe:
         1e:9a:27:cd:62:3e:88:88:c0:2c:58:64:94:d3:a3:2c:56:0d:
         e0:80:77:1c:58:1d:55:b0:bb:d4:e9:12:84:67:5a:1e:a6:bd:
         f0:17:9e:ef:bb:bf:46:d7:2f:53:37:9d:13:63:c5:39:08:62:
         18:c2:a6:f3:c6:95:47:a2:81:0a:a2:3e:d6:17:36:15:79:4d:
         bb:9b:a0:54:ef:56:a1:27:eb:68:e7:1b:26:39:fb:3d:7f:3b:
         1c:9e:26:d6:8e:15:10:2b:ae:45:c3:17:1c:e2:f5:9a:20:f8:
         f3:d5:f9:ca:e4:d2:76:c3:88:bf:db:1b:6e:72:08:7d:e1:16:
         e7:61:ac:64:b0:c7:d0:95:49:18:33:d4:87:f6:9a:9d:40:62:
         f0:d6:b8:1c:db:75:9a:3a:42:fc:1e:e4:ea:49:d2:d9:16:9f:
         34:99:c6:d8:c4:e3:35:38:cc:4c:3a:3c:1d:d5:63:4b:95:84:
         c6:71:68:94:30:53:3a:ab:72:12:f8:08:74:5e:5b:82:6c:a8:
         93:71:ed:5a:49:89:24:66:9d:02:0e:c1:01:6a:02:07:5b:d5:
         8c:6e:cb:c3:60:78:8b:b1:2e:b7:a7:bf:81:02:08:a9:30:4c:
         36:36:40:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdXLG/RozqFGIfP/QCz4KlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA2MTUyNTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzAzMGVjYzM1ZmE1NTUyN2UyYjdmZTk0NGZhY2FiZGE2YTg5MjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9KLSicqpPOjeaZCv5zKOuAyqtJn
FbLQ0OztASH2+OWK/7xc3V5hLmD2ZuW9K7lDmdmIOJCGanw7TcF4rIShvuGzbWKz
pY38mb3W+EKXBsW0PZLBrNna5TFiN1g8zYuI0KmdtPntuUehgiVHRpb2htEibNF3
aJNy7+78TJkFt0uRmvYNbirGdoASTrW02oNQIWP4nEC122rwlSmmvnErOBPWIOXC
rdZm465wvoPJX42trAEJ5ZmXa15AWC/0OYj7Wgg0bX/dR7KLT1bDPSC6y7oe4I67
jNnfRhc4SgcyC//7zxYyHc9k2SHWP96G1nu5OANAmA9WYstFpvhnJreJvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcDDsw1+lVSfit/6UT6yr2mqJJXMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdHdNT3pEWDZWVkotSzNfcFJQckt2YWFva2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SD5MA0G
CSqGSIb3DQEBCwUAA4IBAQBXRRlI5WSPFJpn+bBnM/VqeP4emifNYj6IiMAsWGSU
06MsVg3ggHccWB1VsLvU6RKEZ1oepr3wF57vu79G1y9TN50TY8U5CGIYwqbzxpVH
ooEKoj7WFzYVeU27m6BU71ahJ+to5xsmOfs9fzscnibWjhUQK65Fwxcc4vWaIPjz
1fnK5NJ2w4i/2xtucgh94RbnYaxksMfQlUkYM9SH9pqdQGLw1rgc23WaOkL8HuTq
SdLZFp80mcbYxOM1OMxMOjwd1WNLlYTGcWiUMFM6q3IS+Ah0XluCbKiTce1aSYkk
Zp0CDsEBagIHW9WMbsvDYHiLsS63p7+BAgipMEw2NkDD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org