Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/V9ATJLlppiYkDBYT0TXclzvFgjo.roa
File:                     V9ATJLlppiYkDBYT0TXclzvFgjo.roa (raw, json)
Hash identifier:          PL4wlvO7O0Qa6XzeAZjBNIHqVoMN++gzaHrIyS3FkmU=
Subject key identifier:   57:D0:13:24:B9:69:A6:26:24:0C:16:13:D1:35:DC:97:3B:C5:82:3A
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       018D2D73AB140CF18EC1E75AD0AD479DD7FD
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/V9ATJLlppiYkDBYT0TXclzvFgjo.roa
Signing time:             Sun 21 Jan 2024 19:16:11 +0000
ROA not before:           Sun 21 Jan 2024 19:16:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12722
IP address blocks:        31.222.243.0/24 maxlen: 24
                          176.56.36.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2d:73:ab:14:0c:f1:8e:c1:e7:5a:d0:ad:47:9d:d7:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jan 21 19:16:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57d01324b969a626240c1613d135dc973bc5823a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:16:18:2a:27:ec:c2:44:15:cd:22:ce:74:bd:
                    0a:2f:14:2f:c9:2c:8c:30:11:b2:9d:fc:fb:37:01:
                    bb:c6:f3:95:93:a4:94:14:74:3f:08:9c:ad:cb:f3:
                    54:3b:d3:a4:e4:67:e6:7f:86:c3:fb:41:e1:c2:0c:
                    8a:5e:23:11:44:6f:13:85:34:39:1b:93:60:c6:ad:
                    3e:b2:b1:75:0a:45:97:a3:28:17:34:5b:e4:c7:d0:
                    27:2c:b9:7b:9a:b4:85:1c:d6:8e:92:b0:73:63:c4:
                    45:0e:6b:f3:80:b2:da:14:f0:09:14:89:8f:f5:37:
                    3d:f0:6e:9a:35:08:20:ff:2a:ba:17:c3:92:d6:3e:
                    22:e3:62:f0:7e:b3:9d:05:4a:c7:a5:3b:5b:75:6f:
                    69:35:08:57:a8:38:4b:ec:ea:79:82:cf:22:ab:55:
                    4c:49:c3:2d:01:3a:e2:d7:7d:d1:65:d1:55:48:54:
                    f8:5c:8e:64:38:c4:df:50:3a:bf:8f:6e:2d:cf:13:
                    11:41:33:ef:96:dc:81:18:cc:ce:96:a9:6f:a4:c2:
                    2b:4f:3a:28:83:0b:33:a7:47:68:23:a0:19:80:b7:
                    69:7b:ae:c6:0b:70:3d:33:f5:e2:0e:86:af:25:3b:
                    98:90:e8:76:0a:3d:2b:e0:3e:4d:21:08:46:48:17:
                    d1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D0:13:24:B9:69:A6:26:24:0C:16:13:D1:35:DC:97:3B:C5:82:3A
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/V9ATJLlppiYkDBYT0TXclzvFgjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.243.0/24
                  176.56.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:18:54:3b:0a:51:ea:18:67:4b:21:d7:94:b1:82:c6:e8:56:
         40:0c:0e:42:46:0b:a1:aa:ba:dc:6e:94:47:e5:fc:70:2c:e9:
         2b:e3:a9:14:af:1e:c1:f6:54:f8:99:f1:b4:f9:c9:9b:89:bf:
         a4:65:0c:91:c3:b3:26:4f:b2:93:01:ab:9d:80:34:b9:a2:8a:
         fe:ce:f7:88:87:9f:14:f6:6c:00:ff:01:36:bc:f7:49:27:35:
         f5:14:46:ab:2b:52:46:81:99:fa:08:08:64:ca:0d:b9:ed:9f:
         d5:83:94:c4:11:29:5d:dc:f7:dc:97:1c:90:37:7c:6a:11:df:
         e5:c1:75:e4:b8:09:6d:65:b9:19:d7:d7:bf:f3:5c:d5:f0:26:
         e9:29:5a:8d:a4:20:27:ba:41:3e:8e:ac:ab:ec:7b:f2:ec:47:
         b0:09:45:d0:ff:c4:97:e1:9a:02:37:59:d2:f5:16:2d:89:df:
         ef:82:34:ac:e1:5e:b3:f8:f3:88:64:10:14:1b:49:fe:8c:9c:
         6c:16:65:16:e5:66:e2:45:1a:b5:ef:ae:60:3c:b1:91:92:e9:
         6c:51:50:cc:7a:d1:be:c3:d3:2b:5f:50:75:da:57:a1:0f:f3:
         04:98:6b:8d:21:7a:f2:c0:4f:be:fb:65:8c:76:57:36:1d:46:
         45:e2:93:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0tc6sUDPGOweda0K1Hndf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjQwMTIxMTkxNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2QwMTMyNGI5NjlhNjI2MjQwYzE2MTNkMTM1ZGM5NzNiYzU4MjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhYYKifswkQVzSLOdL0KLxQvySyM
MBGynfz7NwG7xvOVk6SUFHQ/CJyty/NUO9Ok5Gfmf4bD+0HhwgyKXiMRRG8ThTQ5
G5Ngxq0+srF1CkWXoygXNFvkx9AnLLl7mrSFHNaOkrBzY8RFDmvzgLLaFPAJFImP
9Tc98G6aNQgg/yq6F8OS1j4i42LwfrOdBUrHpTtbdW9pNQhXqDhL7Op5gs8iq1VM
ScMtATri133RZdFVSFT4XI5kOMTfUDq/j24tzxMRQTPvltyBGMzOlqlvpMIrTzoo
gwszp0doI6AZgLdpe67GC3A9M/XiDoavJTuYkOh2Cj0r4D5NIQhGSBfRxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFfQEyS5aaYmJAwWE9E13Jc7xYI6MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvVjlBVEpMbHBwaVlrREJZVDBUWGNsenZGZ2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH97zAwQA
sDgkMA0GCSqGSIb3DQEBCwUAA4IBAQAWGFQ7ClHqGGdLIdeUsYLG6FZADA5CRguh
qrrcbpRH5fxwLOkr46kUrx7B9lT4mfG0+cmbib+kZQyRw7MmT7KTAaudgDS5oor+
zveIh58U9mwA/wE2vPdJJzX1FEarK1JGgZn6CAhkyg257Z/Vg5TEESld3PfclxyQ
N3xqEd/lwXXkuAltZbkZ19e/81zV8CbpKVqNpCAnukE+jqyr7Hvy7EewCUXQ/8SX
4ZoCN1nS9RYtid/vgjSs4V6z+POIZBAUG0n+jJxsFmUW5WbiRRq1765gPLGRkuls
UVDMetG+w9MrX1B12lehD/MEmGuNIXrywE+++2WMdlc2HUZF4pPt
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:30 2024 by rpki-client on console-ams.rpki-client.org