Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/68cfc5-2ec6-4b59-b12e-6e36b2f1706b/1/21ke7tk47sA7E_cljFtOnSILTQM.roa
File:                     21ke7tk47sA7E_cljFtOnSILTQM.roa (raw, json)
Hash identifier:          5rTbJcincSQn1cV09QXeKxLTYVccX5hw0Li7IHhO1EE=
Subject key identifier:   DB:59:1E:EE:D9:38:EE:C0:3B:13:F7:25:8C:5B:4E:9D:22:0B:4D:03
Certificate issuer:       /CN=cbe3da3582a22830ec4e67547e75fa3b9da20b23
Certificate serial:       018CC7272D3B201DF3D4D2D1D64D3246D260
Authority key identifier: CB:E3:DA:35:82:A2:28:30:EC:4E:67:54:7E:75:FA:3B:9D:A2:0B:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y-PaNYKiKDDsTmdUfnX6O52iCyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/68cfc5-2ec6-4b59-b12e-6e36b2f1706b/1/21ke7tk47sA7E_cljFtOnSILTQM.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61423
IP address blocks:        185.161.120.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2d:3b:20:1d:f3:d4:d2:d1:d6:4d:32:46:d2:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbe3da3582a22830ec4e67547e75fa3b9da20b23
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db591eeed938eec03b13f7258c5b4e9d220b4d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:95:7b:4e:8c:cf:37:1e:da:ec:19:75:eb:3a:
                    73:7b:bc:a2:e5:72:a1:4e:50:c3:39:20:71:39:74:
                    56:2c:ac:71:15:ac:dc:8f:6b:06:53:5c:93:9c:4d:
                    d4:ca:a2:92:4a:8b:fd:eb:a7:11:a1:ed:49:c2:8e:
                    c2:02:a2:e2:47:49:6d:bb:03:c2:c3:43:4b:ed:d8:
                    bb:88:09:3a:c0:30:d0:65:dc:35:1e:e6:94:12:b4:
                    67:00:a7:b4:bb:7e:70:f9:f0:5e:25:f3:f0:2e:03:
                    6a:da:b7:cd:bc:a2:6f:0c:6d:e3:37:48:b3:18:83:
                    7b:b3:38:21:dd:98:88:b0:b9:95:95:76:24:20:ee:
                    ba:24:ec:93:3b:f7:90:eb:66:69:93:d2:71:10:5c:
                    72:0f:91:05:3d:21:08:38:99:d6:b6:81:e8:d3:d1:
                    da:5a:7c:5d:54:2f:13:ca:23:50:98:0f:63:18:89:
                    d3:f2:bd:01:ab:b2:42:64:1f:ab:21:cb:18:23:51:
                    50:49:70:bb:b4:5e:28:65:2a:11:08:6c:44:ba:e0:
                    68:81:f3:bf:0d:34:e6:4d:71:25:5e:74:62:a5:3c:
                    50:a0:a6:19:52:b6:f0:5f:8f:3f:28:d6:8b:2d:d3:
                    4f:54:36:dd:d0:cc:f1:88:06:7d:4a:6f:9f:06:0c:
                    0a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:59:1E:EE:D9:38:EE:C0:3B:13:F7:25:8C:5B:4E:9D:22:0B:4D:03
            X509v3 Authority Key Identifier:
                keyid:CB:E3:DA:35:82:A2:28:30:EC:4E:67:54:7E:75:FA:3B:9D:A2:0B:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y-PaNYKiKDDsTmdUfnX6O52iCyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/68cfc5-2ec6-4b59-b12e-6e36b2f1706b/1/21ke7tk47sA7E_cljFtOnSILTQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/68cfc5-2ec6-4b59-b12e-6e36b2f1706b/1/y-PaNYKiKDDsTmdUfnX6O52iCyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:58:2f:20:4e:71:03:81:59:5f:18:99:e6:e4:34:5d:ea:b0:
         a7:42:72:c3:af:24:f6:b3:b7:66:1d:50:b8:c0:50:c0:bd:69:
         4f:c3:da:1a:e1:98:29:12:28:d6:fd:bb:80:71:60:20:d0:4e:
         8a:4e:b7:57:14:dd:40:f8:b7:fe:2e:72:69:ad:f7:60:25:2f:
         c7:25:ab:76:fb:d6:04:6a:38:1a:1a:bb:51:87:11:de:5f:33:
         e4:37:7e:d6:9f:09:61:da:6d:f9:a5:df:2a:58:2e:91:26:a2:
         dd:c8:fa:48:af:9a:69:21:e2:2f:57:c6:08:43:bd:41:82:a2:
         d1:62:84:97:32:01:77:0d:c4:0a:d2:f2:32:fe:af:11:88:b8:
         b3:91:a3:46:72:4f:4f:b1:0e:ef:7b:87:58:0b:04:29:eb:b9:
         18:30:a0:52:a2:32:63:96:e0:a3:42:1a:08:e7:14:0a:ad:3e:
         3a:19:f8:51:ad:41:e9:d5:59:2d:8a:32:21:57:09:18:af:4b:
         57:7e:47:98:cc:31:50:08:dd:f4:f2:09:ca:f4:22:7d:18:a3:
         d7:be:8c:3b:bc:d8:44:36:09:5d:28:a9:81:d0:e0:4c:66:8b:
         4f:ff:ff:59:d6:47:41:1b:4f:80:4c:a3:4e:50:57:f9:74:45:
         03:18:ba:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy07IB3z1NLR1k0yRtJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZTNkYTM1ODJhMjI4MzBlYzRlNjc1NDdlNzVmYTNiOWRh
MjBiMjMwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjU5MWVlZWQ5MzhlZWMwM2IxM2Y3MjU4YzViNGU5ZDIyMGI0ZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpV7TozPNx7a7Bl16zpze7yi5XKh
TlDDOSBxOXRWLKxxFazcj2sGU1yTnE3UyqKSSov966cRoe1Jwo7CAqLiR0ltuwPC
w0NL7di7iAk6wDDQZdw1HuaUErRnAKe0u35w+fBeJfPwLgNq2rfNvKJvDG3jN0iz
GIN7szgh3ZiIsLmVlXYkIO66JOyTO/eQ62Zpk9JxEFxyD5EFPSEIOJnWtoHo09Ha
WnxdVC8TyiNQmA9jGInT8r0Bq7JCZB+rIcsYI1FQSXC7tF4oZSoRCGxEuuBogfO/
DTTmTXElXnRipTxQoKYZUrbwX48/KNaLLdNPVDbd0MzxiAZ9Sm+fBgwK5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtZHu7ZOO7AOxP3JYxbTp0iC00DMB8GA1UdIwQY
MBaAFMvj2jWCoigw7E5nVH51+judogsjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveS1QYU5ZS2lLRERzVG1kVWZuWDZPNTJpQ3lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82OGNmYzUtMmVjNi00YjU5LWIxMmUt
NmUzNmIyZjE3MDZiLzEvMjFrZTd0azQ3c0E3RV9jbGpGdE9uU0lMVFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82OGNmYzUtMmVjNi00YjU5LWIxMmUtNmUzNmIyZjE3MDZi
LzEveS1QYU5ZS2lLRERzVG1kVWZuWDZPNTJpQ3lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaF4MA0G
CSqGSIb3DQEBCwUAA4IBAQCMWC8gTnEDgVlfGJnm5DRd6rCnQnLDryT2s7dmHVC4
wFDAvWlPw9oa4ZgpEijW/buAcWAg0E6KTrdXFN1A+Lf+LnJprfdgJS/HJat2+9YE
ajgaGrtRhxHeXzPkN37Wnwlh2m35pd8qWC6RJqLdyPpIr5ppIeIvV8YIQ71BgqLR
YoSXMgF3DcQK0vIy/q8RiLizkaNGck9PsQ7ve4dYCwQp67kYMKBSojJjluCjQhoI
5xQKrT46GfhRrUHp1VktijIhVwkYr0tXfkeYzDFQCN308gnK9CJ9GKPXvow7vNhE
NgldKKmB0OBMZotP//9Z1kdBG0+ATKNOUFf5dEUDGLrZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:45 2024 by rpki-client on console-ams.rpki-client.org