Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/MP88CyS_An-JEE7RDC8RHaKWsPE.roa
File:                     MP88CyS_An-JEE7RDC8RHaKWsPE.roa (raw, json)
Hash identifier:          EiavdPyHU4+W6YRS7qmeX1z6uO6PunvVcBSa4tYv0B8=
Subject key identifier:   30:FF:3C:0B:24:BF:02:7F:89:10:4E:D1:0C:2F:11:1D:A2:96:B0:F1
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       0187BA63E40D5E54C5568D4BCC823EAA07F8
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/MP88CyS_An-JEE7RDC8RHaKWsPE.roa
Signing time:             Tue 25 Apr 2023 21:48:41 +0000
ROA not before:           Tue 25 Apr 2023 21:48:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3507
IP address blocks:        86.106.108.0/24 maxlen: 24
                          85.204.26.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ba:63:e4:0d:5e:54:c5:56:8d:4b:cc:82:3e:aa:07:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Apr 25 21:48:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30ff3c0b24bf027f89104ed10c2f111da296b0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6b:74:7b:47:f0:ce:4c:1f:75:33:06:83:f3:
                    6d:a1:19:8d:4f:64:2b:7c:1f:4a:b7:fe:ba:11:f5:
                    d4:c5:60:98:90:0e:46:2e:4b:82:ed:5d:d9:8a:e2:
                    7f:fc:1a:fd:18:da:2f:3c:f7:5d:27:b5:00:59:1e:
                    64:2e:06:5b:d3:ef:e5:f2:36:33:d6:66:ea:07:64:
                    22:db:60:b9:92:06:1f:1e:8d:56:d7:24:7b:56:46:
                    97:63:85:71:58:e8:26:23:42:bc:8e:47:5a:00:f4:
                    f0:94:0b:06:48:4a:e5:f5:7a:63:5f:ea:1c:7b:87:
                    81:12:d6:7f:ec:83:cb:9e:a4:df:bd:c7:f5:df:d1:
                    4f:dd:de:18:39:af:87:7e:41:1f:01:ae:5c:85:1a:
                    d6:92:ac:5d:44:40:0a:9e:b2:4a:af:1e:9b:fb:94:
                    4a:d5:04:13:d7:0a:e9:85:90:b1:b8:ba:ac:00:87:
                    24:13:4f:b7:82:7a:5f:9c:e8:60:f8:3e:d4:a9:44:
                    82:10:23:40:4f:ea:79:5c:95:82:ab:9e:91:22:a6:
                    bc:1d:af:a1:63:66:a5:27:2c:1e:a9:9a:ee:b7:ba:
                    68:5e:d8:f1:f2:46:b5:d1:73:18:8e:c1:69:fa:30:
                    21:a4:f0:66:10:03:2e:17:2f:96:4d:25:ba:23:93:
                    39:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:FF:3C:0B:24:BF:02:7F:89:10:4E:D1:0C:2F:11:1D:A2:96:B0:F1
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/MP88CyS_An-JEE7RDC8RHaKWsPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.26.0/24
                  86.106.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:6d:d6:09:16:98:c3:bb:24:68:4e:8c:42:22:dd:5e:3c:e4:
         7a:54:a0:78:7c:18:61:17:c5:0f:76:71:89:5d:90:21:41:f0:
         7c:c3:89:9a:e6:d5:4b:cd:b8:96:50:51:20:ce:e4:85:43:2d:
         a7:e3:c9:1f:57:91:33:a5:18:df:67:51:6d:34:f8:cd:08:57:
         e7:7e:27:a0:52:aa:b4:4b:72:c2:d3:06:17:29:a6:38:2a:90:
         d5:43:47:0f:98:a6:c4:f5:43:37:3b:57:36:bf:42:2c:b7:26:
         1d:18:17:8f:b5:59:de:d0:92:e5:45:82:df:d5:2f:1f:35:da:
         1d:8d:8a:ce:65:44:a8:39:c5:4a:f7:cc:a3:62:03:35:5c:3d:
         e1:08:92:09:c0:87:21:f5:38:31:46:95:7b:e4:19:12:44:01:
         1d:2b:0f:db:ae:59:a8:f0:87:11:c6:f6:f2:5e:cd:4e:05:43:
         96:83:93:96:49:e7:6f:2e:b2:66:0f:12:87:8e:ae:be:45:f2:
         8f:06:f3:50:e5:83:0b:a0:04:e4:5b:bb:fd:74:1c:06:bf:b6:
         74:98:53:b9:98:fb:6b:03:2d:3d:a4:9f:9f:5a:cd:5b:17:09:
         c1:a0:72:25:9a:d9:7b:64:03:0e:57:24:9c:4c:26:c3:15:f6:
         8a:4c:f7:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYe6Y+QNXlTFVo1LzII+qgf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwNDI1MjE0ODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGZmM2MwYjI0YmYwMjdmODkxMDRlZDEwYzJmMTExZGEyOTZiMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWt0e0fwzkwfdTMGg/NtoRmNT2Qr
fB9Kt/66EfXUxWCYkA5GLkuC7V3ZiuJ//Br9GNovPPddJ7UAWR5kLgZb0+/l8jYz
1mbqB2Qi22C5kgYfHo1W1yR7VkaXY4VxWOgmI0K8jkdaAPTwlAsGSErl9XpjX+oc
e4eBEtZ/7IPLnqTfvcf139FP3d4YOa+HfkEfAa5chRrWkqxdREAKnrJKrx6b+5RK
1QQT1wrphZCxuLqsAIckE0+3gnpfnOhg+D7UqUSCECNAT+p5XJWCq56RIqa8Ha+h
Y2alJyweqZrut7poXtjx8ka10XMYjsFp+jAhpPBmEAMuFy+WTSW6I5M5kwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDD/PAskvwJ/iRBO0QwvER2ilrDxMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvTVA4OEN5U19Bbi1KRUU3UkRDOFJIYUtXc1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcwaAwQA
VmpsMA0GCSqGSIb3DQEBCwUAA4IBAQCnbdYJFpjDuyRoToxCIt1ePOR6VKB4fBhh
F8UPdnGJXZAhQfB8w4ma5tVLzbiWUFEgzuSFQy2n48kfV5EzpRjfZ1FtNPjNCFfn
fiegUqq0S3LC0wYXKaY4KpDVQ0cPmKbE9UM3O1c2v0IstyYdGBePtVne0JLlRYLf
1S8fNdodjYrOZUSoOcVK98yjYgM1XD3hCJIJwIch9TgxRpV75BkSRAEdKw/brlmo
8IcRxvbyXs1OBUOWg5OWSedvLrJmDxKHjq6+RfKPBvNQ5YMLoATkW7v9dBwGv7Z0
mFO5mPtrAy09pJ+fWs1bFwnBoHIlmtl7ZAMOVyScTCbDFfaKTPeh
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org