Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/NpRajPCttA-04erAOit-VGAqxMM.roa
File:                     NpRajPCttA-04erAOit-VGAqxMM.roa (raw, json)
Hash identifier:          3qje9Mop0jh5eZcKkZOa+CdPACcVvB2+TZe2PNKb70Q=
Subject key identifier:   36:94:5A:8C:F0:AD:B4:0F:B4:E1:EA:C0:3A:2B:7E:54:60:2A:C4:C3
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       018CC79591DEE54166FAF5E50334660EA5AF
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/NpRajPCttA-04erAOit-VGAqxMM.roa
Signing time:             Tue 02 Jan 2024 00:31:57 +0000
ROA not before:           Tue 02 Jan 2024 00:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212219
IP address blocks:        91.151.95.0/24 maxlen: 24
                          213.142.148.0/24 maxlen: 32
                          213.142.151.0/24 maxlen: 24
                          213.142.159.0/24 maxlen: 24
                          80.253.246.0/24 maxlen: 24
                          91.151.88.0/24 maxlen: 24
                          91.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:91:de:e5:41:66:fa:f5:e5:03:34:66:0e:a5:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Jan  2 00:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36945a8cf0adb40fb4e1eac03a2b7e54602ac4c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:97:ba:ba:07:07:2a:5e:85:a6:8e:05:b2:43:
                    e7:b1:f6:28:78:ba:3e:f2:a4:7b:89:41:bf:90:2d:
                    3f:b2:b2:be:bc:60:08:71:b1:7c:00:3a:f5:62:8c:
                    55:72:65:8b:d1:a3:d6:bf:4d:cb:bc:9a:1e:b8:14:
                    04:7b:92:87:14:0d:53:56:1c:a5:da:c5:37:26:a1:
                    8e:9d:d0:82:40:96:87:b9:93:de:4e:9a:67:30:98:
                    25:4a:97:41:84:02:8d:ba:1d:c7:91:f8:07:b0:c4:
                    b8:cb:56:15:0e:77:58:97:63:e3:cd:8e:52:9a:e2:
                    ac:50:b2:e4:2e:71:53:7c:dc:1b:9b:19:b7:05:ec:
                    be:03:95:3e:fb:fb:86:b5:00:29:ac:29:9b:6b:ed:
                    94:4a:77:16:86:26:9f:8a:59:b1:06:e3:3c:6b:a6:
                    4e:d2:78:23:a4:03:4a:a1:3f:3b:24:7d:66:21:ea:
                    d1:ff:a8:9b:c1:37:34:5e:18:87:9f:0f:59:3f:3e:
                    31:05:7d:38:25:26:5b:e8:c5:3d:5c:2e:2d:7f:35:
                    30:82:3c:75:db:b0:09:0c:7d:64:dd:ca:75:9a:42:
                    5e:49:4a:7d:bd:a3:5b:af:3f:3c:01:45:14:0d:a0:
                    06:bb:52:e7:0a:25:53:20:fd:70:a0:15:c7:5d:79:
                    bc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:94:5A:8C:F0:AD:B4:0F:B4:E1:EA:C0:3A:2B:7E:54:60:2A:C4:C3
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/NpRajPCttA-04erAOit-VGAqxMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.246.0/24
                  91.151.88.0/23
                  91.151.95.0/24
                  213.142.148.0/24
                  213.142.151.0/24
                  213.142.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:65:12:30:96:9f:9f:66:36:b2:6f:81:3f:ee:48:2c:1c:f3:
         ae:8a:ce:4c:5a:eb:1b:d6:58:af:db:6a:62:5f:bb:61:8e:49:
         ae:09:59:f0:b0:65:cf:6d:c3:70:70:eb:3c:f7:8f:11:0a:17:
         b2:6d:5e:92:28:32:40:d5:85:ba:c9:5e:48:a8:ef:30:7a:0a:
         53:d3:45:8c:50:2d:88:0f:42:f8:06:00:0f:54:78:2b:c9:92:
         ac:2a:c4:7a:8e:6c:55:23:3a:6d:8e:ee:39:d9:15:b1:80:b9:
         8b:d6:83:96:ff:6f:a4:be:49:84:3c:12:00:cc:01:f9:1e:c8:
         51:a5:85:87:81:73:bf:db:7b:a9:bf:52:8e:16:31:96:66:6a:
         fe:2c:52:96:51:3e:8a:66:53:af:5b:62:d0:c3:14:b9:c5:58:
         b2:88:01:2b:f7:f6:51:d9:8a:29:56:a7:5a:9b:23:47:dd:23:
         cb:cb:0d:be:87:e7:b7:57:1d:05:50:85:5d:24:bc:93:db:88:
         6e:12:4e:c5:41:84:19:97:ad:f0:0d:dc:0d:22:41:e0:11:1b:
         4b:b8:24:eb:0f:f6:f6:5b:76:61:6f:c5:3e:00:eb:86:8a:2c:
         27:d7:59:35:9d:8d:98:69:0f:5c:24:2f:85:d8:6a:73:03:ef:
         1d:6c:36:cd
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzHlZHe5UFm+vXlAzRmDqWvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwMTAyMDAzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjk0NWE4Y2YwYWRiNDBmYjRlMWVhYzAzYTJiN2U1NDYwMmFjNGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJe6ugcHKl6Fpo4FskPnsfYoeLo+
8qR7iUG/kC0/srK+vGAIcbF8ADr1YoxVcmWL0aPWv03LvJoeuBQEe5KHFA1TVhyl
2sU3JqGOndCCQJaHuZPeTppnMJglSpdBhAKNuh3HkfgHsMS4y1YVDndYl2PjzY5S
muKsULLkLnFTfNwbmxm3Bey+A5U++/uGtQAprCmba+2USncWhiafilmxBuM8a6ZO
0ngjpANKoT87JH1mIerR/6ibwTc0XhiHnw9ZPz4xBX04JSZb6MU9XC4tfzUwgjx1
27AJDH1k3cp1mkJeSUp9vaNbrz88AUUUDaAGu1LnCiVTIP1woBXHXXm8owIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDaUWozwrbQPtOHqwDorflRgKsTDMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvTnBSYWpQQ3R0QS0wNGVyQU9pdC1WR0FxeE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUP32AwQB
W5dYAwQAW5dfAwQA1Y6UAwQA1Y6XAwQA1Y6fMA0GCSqGSIb3DQEBCwUAA4IBAQBj
ZRIwlp+fZjayb4E/7kgsHPOuis5MWusb1liv22piX7thjkmuCVnwsGXPbcNwcOs8
948RCheybV6SKDJA1YW6yV5IqO8wegpT00WMUC2ID0L4BgAPVHgryZKsKsR6jmxV
Izptju452RWxgLmL1oOW/2+kvkmEPBIAzAH5HshRpYWHgXO/23upv1KOFjGWZmr+
LFKWUT6KZlOvW2LQwxS5xViyiAEr9/ZR2YopVqdamyNH3SPLyw2+h+e3Vx0FUIVd
JLyT24huEk7FQYQZl63wDdwNIkHgERtLuCTrD/b2W3Zhb8U+AOuGiiwn11k1nY2Y
aQ9cJC+F2GpzA+8dbDbN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:38 2024 by rpki-client on console-ams.rpki-client.org