Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/JjinXRCdOS6QNaTfGB7Nc2yrmSc.roa
File:                     JjinXRCdOS6QNaTfGB7Nc2yrmSc.roa (raw, json)
Hash identifier:          X+x8K54dWaiyxw+SdeunIsnqW6DCfswHcBDRcvCCquc=
Subject key identifier:   26:38:A7:5D:10:9D:39:2E:90:35:A4:DF:18:1E:CD:73:6C:AB:99:27
Certificate issuer:       /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial:       088FF306
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/JjinXRCdOS6QNaTfGB7Nc2yrmSc.roa
Signing time:             Sat 01 Jan 2022 05:05:51 +0000
ROA not before:           Sat 01 Jan 2022 05:05:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207996
IP address blocks:        147.78.192.0/22 maxlen: 24
                          185.203.112.0/22 maxlen: 24
                          2a0a:e5c0::/29 maxlen: 48
                          2a09:2940::/29 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 143651590 (0x88ff306)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
        Validity
            Not Before: Jan  1 05:05:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2638a75d109d392e9035a4df181ecd736cab9927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:8d:c4:48:87:1c:76:ff:d0:96:5b:0a:5a:7e:
                    03:b0:0a:59:0c:95:a1:e4:6c:9c:93:5a:3d:96:f1:
                    4a:48:35:e1:87:f5:a8:52:51:6a:60:ed:22:85:97:
                    c7:6b:4c:ad:2a:83:21:f8:70:4c:9a:e6:41:a6:2a:
                    25:43:25:f4:d4:3c:34:a3:a0:72:88:3f:d0:0e:fa:
                    ca:34:cb:bd:80:7b:58:a9:cf:68:e2:6d:6d:03:dd:
                    ad:9a:d4:7d:10:e2:2b:5e:ec:2a:02:be:87:4a:c0:
                    78:c9:f4:71:0b:84:33:ee:38:16:6c:1b:e9:28:8f:
                    70:bb:d8:54:9e:87:0f:e3:44:f6:42:c2:94:fb:18:
                    d7:ef:b3:4c:01:45:fd:75:54:2c:83:04:e2:e7:39:
                    21:5b:be:33:f0:a4:b5:e6:c6:54:cf:b2:15:b2:f5:
                    5e:d0:d5:9e:bb:5a:55:f8:2a:eb:88:02:ac:ce:0c:
                    5e:6b:5f:51:d8:54:6e:11:50:7a:9c:7b:40:da:a8:
                    c4:10:cf:76:a1:3d:fb:62:8a:df:21:8c:0f:61:5f:
                    1f:b5:14:3d:28:92:d3:05:fe:23:f9:93:40:83:c4:
                    27:dc:47:0f:0f:0c:1d:05:67:21:bf:fa:c7:b7:fb:
                    f9:0a:25:36:ea:f0:80:cf:b9:a2:fb:c0:a8:34:90:
                    0c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:38:A7:5D:10:9D:39:2E:90:35:A4:DF:18:1E:CD:73:6C:AB:99:27
            X509v3 Authority Key Identifier:
                keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/JjinXRCdOS6QNaTfGB7Nc2yrmSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.192.0/22
                  185.203.112.0/22
                IPv6:
                  2a09:2940::/29
                  2a0a:e5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:28:50:fc:09:26:86:4a:89:db:6c:f0:06:86:00:0a:07:8f:
         50:0b:4a:d3:a5:cb:f5:16:d3:b7:e6:52:9a:21:67:dd:5a:ec:
         cc:17:c4:9a:d1:2f:06:dd:22:4d:d0:70:a3:81:7a:85:ba:e9:
         b2:df:51:50:6e:db:ec:54:bf:d2:3f:fb:a5:6b:06:34:a4:ca:
         26:30:ec:ff:db:b7:68:bc:ad:90:bd:a0:aa:2f:5d:41:bc:1f:
         ad:b1:59:a2:a4:6d:99:00:32:cf:c1:74:a3:a3:a3:d1:7a:3c:
         54:c0:cc:42:2e:e3:01:9d:1c:28:df:fb:76:8a:e9:3a:bd:03:
         47:76:ce:da:38:35:ab:8e:7f:df:a3:0e:a9:c3:69:5e:d3:8c:
         3a:ee:07:24:ca:7a:77:c7:4f:76:58:61:63:27:21:83:d6:b3:
         de:d1:2a:40:a0:71:41:d2:3a:8b:b5:28:13:d6:ff:21:30:77:
         3f:88:84:6d:5f:f0:c8:d1:da:32:56:b5:16:85:0f:da:a9:d8:
         3c:d9:07:93:3a:e7:de:bf:d1:e5:ea:e6:8d:a2:ab:3e:bb:fb:
         2b:44:87:41:58:4d:2b:29:7d:a5:41:85:50:33:40:9f:c4:a4:
         53:f9:47:a0:69:dc:4b:a0:25:cf:f1:9c:f9:f9:3d:7a:b3:7d:
         d5:00:eb:50
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIECI/zBjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NmJmYzVhMTcyNjU0ZGQ2MDA5ZGIxZDgyZDkyZmZhZjcxMjM0MTIwMB4XDTIyMDEw
MTA1MDU1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjYzOGE3NWQxMDlk
MzkyZTkwMzVhNGRmMTgxZWNkNzM2Y2FiOTkyNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANqNxEiHHHb/0JZbClp+A7AKWQyVoeRsnJNaPZbxSkg14Yf1
qFJRamDtIoWXx2tMrSqDIfhwTJrmQaYqJUMl9NQ8NKOgcog/0A76yjTLvYB7WKnP
aOJtbQPdrZrUfRDiK17sKgK+h0rAeMn0cQuEM+44Fmwb6SiPcLvYVJ6HD+NE9kLC
lPsY1++zTAFF/XVULIME4uc5IVu+M/CktebGVM+yFbL1XtDVnrtaVfgq64gCrM4M
XmtfUdhUbhFQepx7QNqoxBDPdqE9+2KK3yGMD2FfH7UUPSiS0wX+I/mTQIPEJ9xH
Dw8MHQVnIb/6x7f7+QolNurwgM+5ovvAqDSQDEMCAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBQmOKddEJ05LpA1pN8YHs1zbKuZJzAfBgNVHSMEGDAWgBSWv8WhcmVN1gCd
sdgtkv+vcSNBIDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xyX0ZvWEpsVGRZQW5iSFlMWkxfcjNFalFTQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2MvMzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8x
L0pqaW5YUkNkT1M2UU5hVGZHQjdOYzJ5cm1TYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Mv
MzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8xL2xyX0ZvWEpsVGRZ
QW5iSFlMWkxfcjNFalFTQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEApNOwAMEArnLcDAUBAIAAjAOAwUD
KgkpQAMFAyoK5cAwDQYJKoZIhvcNAQELBQADggEBAC0oUPwJJoZKidts8AaGAAoH
j1ALStOly/UW07fmUpohZ91a7MwXxJrRLwbdIk3QcKOBeoW66bLfUVBu2+xUv9I/
+6VrBjSkyiYw7P/bt2i8rZC9oKovXUG8H62xWaKkbZkAMs/BdKOjo9F6PFTAzEIu
4wGdHCjf+3aK6Tq9A0d2zto4NauOf9+jDqnDaV7TjDruByTKenfHT3ZYYWMnIYPW
s97RKkCgcUHSOou1KBPW/yEwdz+IhG1f8MjR2jJWtRaFD9qp2DzZB5M6596/0eXq
5o2iqz67+ytEh0FYTSspfaVBhVAzQJ/EpFP5R6Bp3EugJc/xnPn5PXqzfdUA61A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:34 2024 by rpki-client on console-ams.rpki-client.org