Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/CzyCJWDEQtqnk1e3GNR4fjK7iO8.roa
File:                     CzyCJWDEQtqnk1e3GNR4fjK7iO8.roa (raw, json)
Hash identifier:          OVKM0IJX6sViR5wV5llGAhiQoj5h90j9vura51bnMCA=
Subject key identifier:   0B:3C:82:25:60:C4:42:DA:A7:93:57:B7:18:D4:78:7E:32:BB:88:EF
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018D13D7EBDF35352413C5D57DE091B2E32F
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/CzyCJWDEQtqnk1e3GNR4fjK7iO8.roa
Signing time:             Tue 16 Jan 2024 19:55:34 +0000
ROA not before:           Tue 16 Jan 2024 19:55:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        212.18.98.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:d7:eb:df:35:35:24:13:c5:d5:7d:e0:91:b2:e3:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Jan 16 19:55:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b3c822560c442daa79357b718d4787e32bb88ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f0:a4:92:a6:7f:c3:cd:52:5c:eb:0f:ee:a5:
                    ea:a7:37:8e:5e:21:ef:34:66:49:c8:b8:f2:b6:50:
                    fd:22:c6:d1:54:f7:70:20:eb:82:4a:c9:2b:c8:86:
                    fe:da:dd:2b:73:27:22:f0:0b:e0:b6:39:e6:6b:aa:
                    ce:bd:2f:f7:79:f4:bd:b3:ab:b0:3c:88:96:86:4e:
                    05:fc:ba:2e:c7:0a:33:76:c6:5d:ae:09:bb:62:40:
                    d1:11:e6:cb:ab:f6:8a:7a:45:32:bd:e9:1e:f0:38:
                    82:96:6b:79:dd:7c:d5:df:c7:61:e6:6f:3f:be:f1:
                    80:58:b4:dd:8b:35:42:bb:40:c2:9d:20:73:4d:eb:
                    26:66:47:d4:aa:c0:a4:0c:85:7f:79:fb:7f:bd:1c:
                    b2:10:84:84:92:82:19:b5:b9:97:25:8c:e1:e0:fe:
                    fa:62:f8:df:0e:42:e4:cf:c3:51:fc:f4:62:a7:f9:
                    1b:7e:b9:b2:0f:42:2f:bf:68:27:3c:b1:09:4d:78:
                    e4:2e:d6:02:af:50:5c:1e:e1:a7:5e:39:be:4b:ba:
                    54:b3:46:ff:74:ee:3a:c5:07:3b:dc:9c:e8:88:c6:
                    ff:f2:e2:94:76:cb:05:51:36:4a:fb:73:d2:3c:7d:
                    5e:7a:3f:1c:97:f4:9f:64:03:d4:3e:ce:ca:98:e3:
                    e2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:3C:82:25:60:C4:42:DA:A7:93:57:B7:18:D4:78:7E:32:BB:88:EF
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/CzyCJWDEQtqnk1e3GNR4fjK7iO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:79:8a:b5:59:e1:5e:34:25:94:59:eb:85:c1:db:1c:d4:b3:
         d7:a8:b3:d4:a8:9e:13:77:df:3b:1c:ae:b1:d8:b3:f1:61:9c:
         bf:39:46:20:76:b3:5f:33:bc:2e:ea:d5:89:b6:29:84:d8:c5:
         66:e0:2a:3a:7f:89:b7:cb:48:a6:0a:38:d1:d2:37:20:b1:5b:
         4d:54:6e:ed:f9:0b:e7:87:6c:ef:95:ca:7c:11:7a:cc:c2:3b:
         0a:c1:65:a1:93:cd:ce:65:59:41:ff:c8:d0:2e:b4:be:a8:6a:
         65:a1:bf:f1:f0:8e:13:f7:f1:f7:9a:4d:dc:d7:22:23:de:2b:
         e9:f9:d5:5d:86:ba:8e:51:a0:a3:39:82:60:c9:42:14:e0:7b:
         ff:a0:e2:18:b1:d0:b5:06:92:41:ed:a1:06:1b:4d:e5:8d:3c:
         00:98:17:be:88:d7:68:b0:d7:b3:2e:90:c0:f9:97:7e:cd:3c:
         32:71:c7:b9:fb:5f:1a:0b:56:53:3a:a0:d0:cb:c4:55:e8:d2:
         ce:bd:95:b4:0b:43:29:57:c9:96:e9:c8:92:d6:5f:41:f0:4a:
         6c:3c:db:e7:64:40:be:6b:d2:58:72:b5:b2:cb:7a:b6:bc:95:
         dd:04:d1:ce:ed:08:09:21:83:38:87:47:1f:74:a6:ee:a3:1c:
         29:91:a3:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0T1+vfNTUkE8XVfeCRsuMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjNjODIyNTYwYzQ0MmRhYTc5MzU3YjcxOGQ0Nzg3ZTMyYmI4OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovCkkqZ/w81SXOsP7qXqpzeOXiHv
NGZJyLjytlD9IsbRVPdwIOuCSskryIb+2t0rcyci8Avgtjnma6rOvS/3efS9s6uw
PIiWhk4F/LouxwozdsZdrgm7YkDREebLq/aKekUyveke8DiClmt53XzV38dh5m8/
vvGAWLTdizVCu0DCnSBzTesmZkfUqsCkDIV/eft/vRyyEISEkoIZtbmXJYzh4P76
YvjfDkLkz8NR/PRip/kbfrmyD0Ivv2gnPLEJTXjkLtYCr1BcHuGnXjm+S7pUs0b/
dO46xQc73JzoiMb/8uKUdssFUTZK+3PSPH1eej8cl/SfZAPUPs7KmOPiLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAs8giVgxELap5NXtxjUeH4yu4jvMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvQ3p5Q0pXREVRdHFuazFlM0dOUjRmaks3aU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BJiMA0G
CSqGSIb3DQEBCwUAA4IBAQDDeYq1WeFeNCWUWeuFwdsc1LPXqLPUqJ4Td987HK6x
2LPxYZy/OUYgdrNfM7wu6tWJtimE2MVm4Co6f4m3y0imCjjR0jcgsVtNVG7t+Qvn
h2zvlcp8EXrMwjsKwWWhk83OZVlB/8jQLrS+qGplob/x8I4T9/H3mk3c1yIj3ivp
+dVdhrqOUaCjOYJgyUIU4Hv/oOIYsdC1BpJB7aEGG03ljTwAmBe+iNdosNezLpDA
+Zd+zTwycce5+18aC1ZTOqDQy8RV6NLOvZW0C0MpV8mW6ciS1l9B8EpsPNvnZEC+
a9JYcrWyy3q2vJXdBNHO7QgJIYM4h0cfdKbuoxwpkaOj
-----END CERTIFICATE-----
Generated at Mon Aug 12 14:38:24 2024 by rpki-client on console-ams.rpki-client.org