Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/ibx7Vbhkg7cpVPq0mM4N_wYyWYs.roa
File:                     ibx7Vbhkg7cpVPq0mM4N_wYyWYs.roa (raw, json)
Hash identifier:          PNW300kBVbD/p0B0rocPDC7SvRJnPKazZeA7jkia1Hk=
Subject key identifier:   89:BC:7B:55:B8:64:83:B7:29:54:FA:B4:98:CE:0D:FF:06:32:59:8B
Certificate issuer:       /CN=bb8321c05d501edb499190c0c4a3089d246c5b76
Certificate serial:       0185720C66CE2A07668C5AB92685CDB7A651
Authority key identifier: BB:83:21:C0:5D:50:1E:DB:49:91:90:C0:C4:A3:08:9D:24:6C:5B:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MhwF1QHttJkZDAxKMInSRsW3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/ibx7Vbhkg7cpVPq0mM4N_wYyWYs.roa
Signing time:             Mon 02 Jan 2023 10:34:53 +0000
ROA not before:           Mon 02 Jan 2023 10:34:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        37.44.215.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:0c:66:ce:2a:07:66:8c:5a:b9:26:85:cd:b7:a6:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8321c05d501edb499190c0c4a3089d246c5b76
        Validity
            Not Before: Jan  2 10:34:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89bc7b55b86483b72954fab498ce0dff0632598b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ed:d7:c7:4e:58:0d:8a:5f:87:8d:cb:cd:3a:
                    39:f4:55:4b:fb:29:2d:c7:93:16:65:ee:b6:3c:28:
                    c4:23:83:2a:9d:3d:05:87:a9:1b:a2:52:33:12:0f:
                    5d:02:9a:ef:ac:c9:02:63:aa:09:63:28:3c:76:5d:
                    c6:c4:27:05:99:18:9c:69:8b:d7:a9:c5:de:10:d2:
                    4a:99:79:12:31:e9:50:54:73:be:40:53:95:31:6f:
                    81:c0:a4:d8:0a:73:0a:cc:cd:d7:97:e8:0b:47:35:
                    3f:fc:f5:92:0a:e5:0c:80:a3:36:e3:9e:84:b3:94:
                    d6:71:59:80:63:0c:60:76:70:be:8d:3d:45:72:af:
                    98:1b:aa:8f:cd:79:03:38:7f:90:b3:08:6f:0e:07:
                    29:35:ba:18:e8:3f:81:c7:54:2a:ba:81:9d:be:cd:
                    d7:f9:6e:3f:0d:d8:6a:6a:aa:06:0c:9b:b2:3b:fb:
                    bf:97:0c:52:3d:af:e1:26:bf:63:37:95:17:6b:60:
                    07:30:08:ff:17:64:d9:0a:1c:e1:56:f9:40:87:ff:
                    1d:fa:1d:61:4d:0f:e4:e1:43:24:21:d9:96:74:ee:
                    a1:6f:5d:c5:2a:d7:ad:26:77:21:4d:fa:d9:b8:a9:
                    c2:52:c8:c2:08:b2:1e:15:57:7c:13:a9:14:fd:14:
                    90:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:BC:7B:55:B8:64:83:B7:29:54:FA:B4:98:CE:0D:FF:06:32:59:8B
            X509v3 Authority Key Identifier:
                keyid:BB:83:21:C0:5D:50:1E:DB:49:91:90:C0:C4:A3:08:9D:24:6C:5B:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MhwF1QHttJkZDAxKMInSRsW3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/ibx7Vbhkg7cpVPq0mM4N_wYyWYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/cd2983-218c-457d-811b-5d42e1fa45b9/1/u4MhwF1QHttJkZDAxKMInSRsW3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:ef:78:4b:4b:84:a9:47:c5:e6:6e:78:46:1a:1d:3a:28:51:
         24:9f:f1:3d:26:ee:f7:27:89:0f:81:fb:35:6c:ca:16:a0:02:
         ca:b9:31:f5:8d:31:fc:80:f2:38:6a:37:db:9d:69:96:cc:70:
         3d:b8:02:38:d3:cc:3f:f4:6f:24:ff:c2:ed:37:a5:62:76:e1:
         79:7b:42:50:91:49:66:af:a3:bc:fc:40:22:22:84:62:83:82:
         77:d6:65:43:db:3d:ec:3a:e5:1d:a0:d8:a0:47:56:71:cb:ce:
         fc:59:00:c0:e9:9d:94:a6:5c:c8:df:48:48:4d:6c:e1:30:cf:
         d2:d1:67:63:2a:ee:8e:9d:42:da:78:c2:59:a2:ba:52:40:a6:
         33:77:7b:5c:69:f4:9c:b7:53:db:16:79:bd:32:1d:c3:d4:45:
         2c:7d:19:b6:16:37:97:5f:30:62:1b:f3:80:26:03:0b:b1:cb:
         d8:38:73:1e:9a:92:22:61:f6:02:8f:cc:c1:01:67:84:ad:a8:
         28:5f:09:14:e5:5a:82:3f:77:56:d5:12:ee:5a:5b:8c:0a:bb:
         1e:bc:d4:bf:17:4c:62:2d:4f:38:e4:f3:91:1a:90:23:29:df:
         57:9d:b6:68:c8:64:dc:8d:61:c6:ac:ed:aa:6e:3e:62:4d:90:
         4a:4d:f0:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVyDGbOKgdmjFq5JoXNt6ZRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMyMWMwNWQ1MDFlZGI0OTkxOTBjMGM0YTMwODlkMjQ2
YzViNzYwHhcNMjMwMTAyMTAzNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWJjN2I1NWI4NjQ4M2I3Mjk1NGZhYjQ5OGNlMGRmZjA2MzI1OThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte3Xx05YDYpfh43LzTo59FVL+ykt
x5MWZe62PCjEI4MqnT0Fh6kbolIzEg9dAprvrMkCY6oJYyg8dl3GxCcFmRicaYvX
qcXeENJKmXkSMelQVHO+QFOVMW+BwKTYCnMKzM3Xl+gLRzU//PWSCuUMgKM2456E
s5TWcVmAYwxgdnC+jT1Fcq+YG6qPzXkDOH+QswhvDgcpNboY6D+Bx1QquoGdvs3X
+W4/DdhqaqoGDJuyO/u/lwxSPa/hJr9jN5UXa2AHMAj/F2TZChzhVvlAh/8d+h1h
TQ/k4UMkIdmWdO6hb13FKtetJnchTfrZuKnCUsjCCLIeFVd8E6kU/RSQWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIm8e1W4ZIO3KVT6tJjODf8GMlmLMB8GA1UdIwQY
MBaAFLuDIcBdUB7bSZGQwMSjCJ0kbFt2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNaHdGMVFIdHRKa1pEQXhLTUluU1JzVzNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9jZDI5ODMtMjE4Yy00NTdkLTgxMWIt
NWQ0MmUxZmE0NWI5LzEvaWJ4N1ZiaGtnN2NwVlBxMG1NNE5fd1l5V1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9jZDI5ODMtMjE4Yy00NTdkLTgxMWItNWQ0MmUxZmE0NWI5
LzEvdTRNaHdGMVFIdHRKa1pEQXhLTUluU1JzVzNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSzXMA0G
CSqGSIb3DQEBCwUAA4IBAQAw73hLS4SpR8XmbnhGGh06KFEkn/E9Ju73J4kPgfs1
bMoWoALKuTH1jTH8gPI4ajfbnWmWzHA9uAI408w/9G8k/8LtN6ViduF5e0JQkUlm
r6O8/EAiIoRig4J31mVD2z3sOuUdoNigR1Zxy878WQDA6Z2UplzI30hITWzhMM/S
0WdjKu6OnULaeMJZorpSQKYzd3tcafSct1PbFnm9Mh3D1EUsfRm2FjeXXzBiG/OA
JgMLscvYOHMempIiYfYCj8zBAWeEragoXwkU5VqCP3dW1RLuWluMCrsevNS/F0xi
LU845PORGpAjKd9XnbZoyGTcjWHGrO2qbj5iTZBKTfDx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:02 2024 by rpki-client on console-fra.rpki-client.org