Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/f84b27-f01c-48ce-a99a-3aa663f828fc/1/bsOC9NCjr9Wjuo_fdeX9vpE1wOs.roa
File:                     bsOC9NCjr9Wjuo_fdeX9vpE1wOs.roa (raw, json)
Hash identifier:          VP285oO58y2aL1iWrCG1PZPsRqitErJ+vcqGL+UQzjo=
Subject key identifier:   6E:C3:82:F4:D0:A3:AF:D5:A3:BA:8F:DF:75:E5:FD:BE:91:35:C0:EB
Certificate issuer:       /CN=d880c00d25e5a77e7d334cedf9e0f26a2c5aa328
Certificate serial:       012FE9
Authority key identifier: D8:80:C0:0D:25:E5:A7:7E:7D:33:4C:ED:F9:E0:F2:6A:2C:5A:A3:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2IDADSXlp359M0zt-eDyaixaoyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/f84b27-f01c-48ce-a99a-3aa663f828fc/1/bsOC9NCjr9Wjuo_fdeX9vpE1wOs.roa
Signing time:             Tue 22 Feb 2022 13:44:44 +0000
ROA not before:           Tue 22 Feb 2022 13:44:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35456
IP address blocks:        87.124.0.0/17 maxlen: 17

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 77801 (0x12fe9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d880c00d25e5a77e7d334cedf9e0f26a2c5aa328
        Validity
            Not Before: Feb 22 13:44:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6ec382f4d0a3afd5a3ba8fdf75e5fdbe9135c0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0b:da:4b:1c:23:af:b6:ac:dd:9f:05:d7:92:
                    c6:98:d6:3d:41:ab:cd:19:6d:0e:7a:c9:70:b8:72:
                    44:f0:b5:8d:1a:c1:ff:7c:50:3f:67:b4:9c:ba:61:
                    4a:5b:95:50:0d:dd:cf:6c:73:fb:93:af:fe:eb:96:
                    16:57:4e:c5:ec:d9:6b:b8:25:88:8e:ad:2d:b9:61:
                    8e:85:ec:5a:b7:d5:9d:e1:0f:0f:d5:e1:f1:be:77:
                    00:a7:e5:97:73:ad:fb:4c:5b:60:2a:94:65:29:ca:
                    5b:c6:3c:58:2d:1b:e9:f9:23:76:41:fd:c2:96:6e:
                    58:37:b9:44:4d:ae:dd:88:99:8d:c0:02:22:76:6c:
                    03:ac:37:53:0e:1f:35:ce:1e:bd:fd:87:08:19:87:
                    64:e6:bb:fc:50:f7:18:3f:b9:26:08:f4:53:18:cb:
                    59:5d:5d:66:12:97:59:0e:d8:cb:e9:f1:7f:de:d9:
                    c0:1e:6a:dd:8b:06:29:09:70:d2:30:22:58:8c:36:
                    2d:ac:3a:a9:31:43:dc:4d:e0:05:10:eb:af:ca:07:
                    cf:c9:61:1c:12:eb:94:74:44:54:d2:0d:7e:8d:fc:
                    12:c4:9a:0f:9e:7b:aa:f5:13:fb:ff:da:a8:7b:88:
                    78:e5:4b:c0:ad:4e:46:c8:d0:df:69:9b:aa:b4:9a:
                    4d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C3:82:F4:D0:A3:AF:D5:A3:BA:8F:DF:75:E5:FD:BE:91:35:C0:EB
            X509v3 Authority Key Identifier:
                keyid:D8:80:C0:0D:25:E5:A7:7E:7D:33:4C:ED:F9:E0:F2:6A:2C:5A:A3:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2IDADSXlp359M0zt-eDyaixaoyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/f84b27-f01c-48ce-a99a-3aa663f828fc/1/bsOC9NCjr9Wjuo_fdeX9vpE1wOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/f84b27-f01c-48ce-a99a-3aa663f828fc/1/2IDADSXlp359M0zt-eDyaixaoyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.124.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         4c:9f:02:c8:0c:ae:fc:6c:41:40:d0:f4:d1:fe:32:7f:72:7e:
         c9:65:ba:d0:4c:7e:fe:7b:be:46:4a:fb:96:55:5c:76:d1:4d:
         03:27:0e:f1:cb:0e:44:37:61:13:2f:cf:bc:7f:df:f6:49:ff:
         2c:a5:44:23:a8:9a:eb:61:bf:5e:93:c0:f8:31:af:f8:38:91:
         af:9e:75:38:e4:26:65:f6:03:d0:87:74:5b:82:a1:12:5c:f7:
         2a:ce:9f:1e:ef:c4:17:94:ba:34:c1:09:8c:3c:93:c7:2b:95:
         c7:34:75:f1:39:ad:0a:0c:41:74:ba:04:0b:6d:b0:80:0e:cf:
         44:eb:4f:a7:30:58:20:67:8b:a8:4a:ba:63:9e:97:57:7f:43:
         44:ca:d4:71:c6:c5:1b:5b:49:94:1a:45:93:c2:32:8d:b5:e5:
         93:b6:22:50:fe:e8:72:21:94:28:03:49:3d:94:f5:7a:1b:1e:
         ab:76:b7:ac:5b:35:e5:73:68:df:c7:07:8e:07:64:63:a9:e0:
         ce:e2:b5:c6:50:5b:31:21:3a:9f:bd:c8:19:0f:e7:2e:ac:f3:
         8f:49:00:fa:04:ba:70:18:5d:48:34:7c:1f:e3:4d:68:62:ce:
         72:0f:b7:a3:36:83:ea:ca:3f:fe:31:8a:f4:13:bf:45:22:45:
         31:f6:2b:08
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDAS/pMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGQ4
ODBjMDBkMjVlNWE3N2U3ZDMzNGNlZGY5ZTBmMjZhMmM1YWEzMjgwHhcNMjIwMjIy
MTM0NDQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg2ZWMzODJmNGQwYTNh
ZmQ1YTNiYThmZGY3NWU1ZmRiZTkxMzVjMGViMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAlwvaSxwjr7as3Z8F15LGmNY9QavNGW0OeslwuHJE8LWNGsH/
fFA/Z7ScumFKW5VQDd3PbHP7k6/+65YWV07F7NlruCWIjq0tuWGOhexat9Wd4Q8P
1eHxvncAp+WXc637TFtgKpRlKcpbxjxYLRvp+SN2Qf3Clm5YN7lETa7diJmNwAIi
dmwDrDdTDh81zh69/YcIGYdk5rv8UPcYP7kmCPRTGMtZXV1mEpdZDtjL6fF/3tnA
HmrdiwYpCXDSMCJYjDYtrDqpMUPcTeAFEOuvygfPyWEcEuuUdERU0g1+jfwSxJoP
nnuq9RP7/9qoe4h45UvArU5GyNDfaZuqtJpNjQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFG7DgvTQo6/Vo7qP33Xl/b6RNcDrMB8GA1UdIwQYMBaAFNiAwA0l5ad+fTNM
7fng8mosWqMoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
MklEQURTWGxwMzU5TTB6dC1lRHlhaXhhb3lnLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9mZi9mODRiMjctZjAxYy00OGNlLWE5OWEtM2FhNjYzZjgyOGZjLzEv
YnNPQzlOQ2pyOVdqdW9fZmRlWDl2cEUxd09zLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9m
ODRiMjctZjAxYy00OGNlLWE5OWEtM2FhNjYzZjgyOGZjLzEvMklEQURTWGxwMzU5
TTB6dC1lRHlhaXhhb3lnLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHV3wAMA0GCSqGSIb3DQEBCwUAA4IB
AQBMnwLIDK78bEFA0PTR/jJ/cn7JZbrQTH7+e75GSvuWVVx20U0DJw7xyw5EN2ET
L8+8f9/2Sf8spUQjqJrrYb9ek8D4Ma/4OJGvnnU45CZl9gPQh3RbgqESXPcqzp8e
78QXlLo0wQmMPJPHK5XHNHXxOa0KDEF0ugQLbbCADs9E60+nMFggZ4uoSrpjnpdX
f0NEytRxxsUbW0mUGkWTwjKNteWTtiJQ/uhyIZQoA0k9lPV6Gx6rdresWzXlc2jf
xweOB2RjqeDO4rXGUFsxITqfvcgZD+curPOPSQD6BLpwGF1INHwf401oYs5yD7ej
NoPqyj/+MYr0E79FIkUx9isI
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:18 2024 by rpki-client on console-fra.rpki-client.org