Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/08e183-64eb-4999-9f78-7ce7322671eb/1/CdV6ALD-WMhpli48mmkZuLb9-Kk.roa
File:                     CdV6ALD-WMhpli48mmkZuLb9-Kk.roa (raw, json)
Hash identifier:          QZX9hvfsdcGOzWvh4UHNttZW8FuMkCh2lLKEIW3UEu8=
Subject key identifier:   09:D5:7A:00:B0:FE:58:C8:69:96:2E:3C:9A:69:19:B8:B6:FD:F8:A9
Certificate issuer:       /CN=2f367c7949fa0f6cf05a21027e75b84612dc13b0
Certificate serial:       018CC50102AD4803FA18ED7FCC65606B3F34
Authority key identifier: 2F:36:7C:79:49:FA:0F:6C:F0:5A:21:02:7E:75:B8:46:12:DC:13:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LzZ8eUn6D2zwWiECfnW4RhLcE7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/08e183-64eb-4999-9f78-7ce7322671eb/1/CdV6ALD-WMhpli48mmkZuLb9-Kk.roa
Signing time:             Mon 01 Jan 2024 12:30:26 +0000
ROA not before:           Mon 01 Jan 2024 12:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201565
IP address blocks:        185.62.249.0/24 maxlen: 24
                          185.62.248.0/24 maxlen: 24
                          185.62.251.0/24 maxlen: 24
                          185.62.250.0/24 maxlen: 24
                          2a03:820:4000::/36 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:02:ad:48:03:fa:18:ed:7f:cc:65:60:6b:3f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f367c7949fa0f6cf05a21027e75b84612dc13b0
        Validity
            Not Before: Jan  1 12:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09d57a00b0fe58c869962e3c9a6919b8b6fdf8a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:19:b0:51:54:19:32:9d:ae:66:be:38:1c:3e:
                    79:f8:3a:88:5c:bd:50:47:c5:67:bc:16:bb:0b:18:
                    0e:ac:bd:93:3d:18:79:bc:21:a9:0f:7e:f3:2f:ac:
                    15:6f:9f:49:de:c9:6d:54:21:ad:66:1c:49:42:d5:
                    90:54:7f:3a:a1:c2:f2:b4:d1:f7:26:fc:0f:55:2a:
                    6b:b7:4d:f9:f3:0b:f4:b2:8d:4a:6a:80:2b:60:57:
                    c8:bc:d3:c3:f5:28:0f:bb:03:93:9c:a8:93:63:46:
                    80:3a:73:06:f6:fc:24:dc:ab:9a:a5:b7:05:28:13:
                    ed:f7:cd:82:6c:c9:92:ab:f0:df:41:71:c8:3a:2d:
                    d0:9a:13:00:55:c3:9e:4e:90:b0:53:cd:fd:f6:98:
                    df:23:9e:a0:19:1e:cb:74:f9:6b:08:77:bd:50:be:
                    7c:94:0a:28:98:d9:21:d4:15:20:80:2a:fb:73:cf:
                    0b:1a:6d:7f:d8:d8:a9:ca:86:65:d3:89:42:96:60:
                    1b:f3:86:0b:e6:7c:be:86:03:dc:a6:3c:cc:9c:7f:
                    36:36:47:8b:c3:53:81:a3:09:fe:84:cd:d6:33:cf:
                    3b:5c:24:df:af:7a:5b:0a:cc:fe:bb:03:99:2b:2d:
                    e9:8a:87:f7:88:f4:77:73:90:ee:2b:69:6a:2a:62:
                    6d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D5:7A:00:B0:FE:58:C8:69:96:2E:3C:9A:69:19:B8:B6:FD:F8:A9
            X509v3 Authority Key Identifier:
                keyid:2F:36:7C:79:49:FA:0F:6C:F0:5A:21:02:7E:75:B8:46:12:DC:13:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LzZ8eUn6D2zwWiECfnW4RhLcE7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/08e183-64eb-4999-9f78-7ce7322671eb/1/CdV6ALD-WMhpli48mmkZuLb9-Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/08e183-64eb-4999-9f78-7ce7322671eb/1/LzZ8eUn6D2zwWiECfnW4RhLcE7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.248.0/22
                IPv6:
                  2a03:820:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         26:61:6b:03:74:47:99:45:3d:7e:44:16:72:f9:e9:bb:bd:ef:
         3f:e1:c6:52:73:08:5c:88:22:80:23:9d:31:f0:7c:ee:7e:f4:
         ef:09:f7:40:14:13:cc:c1:14:de:f6:cf:9f:52:0d:15:53:ae:
         59:a2:b8:0d:d2:42:44:ae:ca:ad:a1:51:28:e3:d1:a3:a2:47:
         26:98:8a:e2:92:4a:db:42:32:44:fc:5a:f9:c7:99:ab:d0:d2:
         d1:ac:f7:01:60:0e:7d:80:30:65:7f:0a:78:94:ca:f5:07:4c:
         fa:32:f8:25:3a:14:67:df:95:41:c8:60:19:ca:b7:a9:24:e0:
         15:fc:65:f2:2b:ab:88:aa:9f:51:0c:c5:ad:26:85:a9:69:43:
         08:5c:df:2e:03:ec:69:51:0e:0f:77:af:dc:a1:da:3d:2b:65:
         07:d0:ce:30:c7:e1:87:3c:f7:28:cd:84:3a:0b:34:53:c3:91:
         08:9a:79:2a:ef:cb:18:f0:c0:c7:49:3b:da:36:44:81:9f:54:
         f5:40:8c:fb:65:c0:f8:8d:98:47:51:17:e4:db:e2:0e:6a:e7:
         bb:7c:5b:35:d6:c8:e6:e0:43:f8:6b:0c:a3:eb:16:ee:e1:c8:
         1d:fd:ad:d3:e8:7f:a4:73:81:2c:25:d0:8b:33:bb:1f:b3:1a:
         bb:15:51:79
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzFAQKtSAP6GO1/zGVgaz80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMzY3Yzc5NDlmYTBmNmNmMDVhMjEwMjdlNzViODQ2MTJk
YzEzYjAwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQ1N2EwMGIwZmU1OGM4Njk5NjJlM2M5YTY5MTliOGI2ZmRmOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhmwUVQZMp2uZr44HD55+DqIXL1Q
R8VnvBa7CxgOrL2TPRh5vCGpD37zL6wVb59J3sltVCGtZhxJQtWQVH86ocLytNH3
JvwPVSprt0358wv0so1KaoArYFfIvNPD9SgPuwOTnKiTY0aAOnMG9vwk3KuapbcF
KBPt982CbMmSq/DfQXHIOi3QmhMAVcOeTpCwU8399pjfI56gGR7LdPlrCHe9UL58
lAoomNkh1BUggCr7c88LGm1/2NipyoZl04lClmAb84YL5ny+hgPcpjzMnH82NkeL
w1OBown+hM3WM887XCTfr3pbCsz+uwOZKy3piof3iPR3c5DuK2lqKmJt+QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFAnVegCw/ljIaZYuPJppGbi2/fipMB8GA1UdIwQY
MBaAFC82fHlJ+g9s8FohAn51uEYS3BOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHpaOGVVbjZEMnp3V2lFQ2ZuVzRSaExjRTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wOGUxODMtNjRlYi00OTk5LTlmNzgt
N2NlNzMyMjY3MWViLzEvQ2RWNkFMRC1XTWhwbGk0OG1ta1p1TGI5LUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wOGUxODMtNjRlYi00OTk5LTlmNzgtN2NlNzMyMjY3MWVi
LzEvTHpaOGVVbjZEMnp3V2lFQ2ZuVzRSaExjRTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCuT74MA4E
AgACMAgDBgQqAwggQDANBgkqhkiG9w0BAQsFAAOCAQEAJmFrA3RHmUU9fkQWcvnp
u73vP+HGUnMIXIgigCOdMfB87n707wn3QBQTzMEU3vbPn1INFVOuWaK4DdJCRK7K
raFRKOPRo6JHJpiK4pJK20IyRPxa+ceZq9DS0az3AWAOfYAwZX8KeJTK9QdM+jL4
JToUZ9+VQchgGcq3qSTgFfxl8iuriKqfUQzFrSaFqWlDCFzfLgPsaVEOD3ev3KHa
PStlB9DOMMfhhzz3KM2EOgs0U8ORCJp5Ku/LGPDAx0k72jZEgZ9U9UCM+2XA+I2Y
R1EX5NviDmrnu3xbNdbI5uBD+GsMo+sW7uHIHf2t0+h/pHOBLCXQizO7H7MauxVR
eQ==
-----END CERTIFICATE-----
Generated at Fri Jul 12 13:01:34 2024 by rpki-client on console-fra.rpki-client.org