Route Origin Authorization 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa
File:                     32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa (raw, json)
Hash identifier:          DZplqqmqKCVr74zxujQJWlg4aQ6tAEGc4lwoFScHrSE=
Subject key identifier:   C9:58:C9:DD:6B:84:32:01:7A:4F:87:8D:D1:04:4E:BE:AE:D1:78:4F
Certificate issuer:       /CN=d90d8aba2a75232dac0a4973b29677a14573561ef341199600
Certificate serial:       45E61F44F7C4DA1636258148912DD2F7F9241586
Authority key identifier: 44:17:C6:2B:C8:BB:64:8A:4A:97:DD:F6:50:5C:2E:44:3E:4B:35:FF
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a75232dac0a4973b29677a14573561ef341199600.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa
Signing time:             Thu 22 Aug 2024 20:34:42 +0000
ROA not before:           Thu 22 Aug 2024 20:29:42 +0000
ROA not after:            Thu 21 Aug 2025 20:34:42 +0000
asID:                     215051
IP address blocks:        23.164.153.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:e6:1f:44:f7:c4:da:16:36:25:81:48:91:2d:d2:f7:f9:24:15:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90d8aba2a75232dac0a4973b29677a14573561ef341199600
        Validity
            Not Before: Aug 22 20:29:42 2024 GMT
            Not After : Aug 21 20:34:42 2025 GMT
        Subject: CN=C958C9DD6B8432017A4F878DD1044EBEAED1784F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:0e:ec:e0:3e:50:b6:8d:96:ee:ed:96:36:c9:
                    61:80:34:0a:61:fd:22:91:3e:08:53:81:d3:48:cc:
                    ed:38:dd:9f:b0:eb:39:6d:c0:a7:6f:23:47:71:61:
                    c5:b6:8c:22:25:2d:8f:e2:5f:68:ee:19:1b:0c:73:
                    4f:40:9a:1e:a9:64:a6:fa:63:30:28:06:37:f5:66:
                    89:b7:7f:c4:5b:30:95:0b:b6:db:2d:1f:30:90:3b:
                    0c:e3:35:54:11:49:5d:bf:56:58:fa:d9:e0:99:8d:
                    0f:41:ed:4c:38:1b:d6:47:12:2c:a9:3e:4a:31:f3:
                    af:7c:ea:c9:cd:f1:86:3f:c6:d0:58:45:91:ba:44:
                    4c:7a:3f:3c:ed:d8:96:78:d4:5d:45:f0:96:8f:93:
                    b3:58:4a:ac:23:03:1a:91:d0:df:11:e6:35:0f:45:
                    ce:15:a2:bf:d7:25:a5:09:ad:6d:95:3a:3a:5e:c4:
                    3c:a5:90:48:5c:1f:ad:d8:e0:e5:69:ee:8d:b7:2f:
                    f9:b3:7f:d7:f3:6b:76:5b:a6:b9:05:5a:e0:2d:eb:
                    98:26:87:c0:89:99:51:39:5b:07:86:c9:42:7c:28:
                    6b:f2:f0:0e:20:0f:6c:ca:f3:9f:f5:fc:ee:71:a0:
                    a5:ad:2a:09:57:ee:4c:87:f2:79:c1:0b:04:d8:81:
                    7e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:58:C9:DD:6B:84:32:01:7A:4F:87:8D:D1:04:4E:BE:AE:D1:78:4F
            X509v3 Authority Key Identifier:
                keyid:44:17:C6:2B:C8:BB:64:8A:4A:97:DD:F6:50:5C:2E:44:3E:4B:35:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/4417C62BC8BB648A4A97DDF6505C2E443E4B35FF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a75232dac0a4973b29677a14573561ef341199600.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/32332e3136342e3135332e302f32342d3234203d3e20323135303531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.164.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:0c:29:7f:3f:ce:f2:2d:b5:03:38:e1:a9:a7:5b:58:5e:de:
         01:a2:77:54:4e:b1:f8:52:0c:5d:de:70:88:c1:f8:f7:40:85:
         f3:6f:9d:fe:20:30:b0:ab:fd:01:39:d2:f9:b0:72:a2:34:e8:
         13:9e:a5:cf:c6:e7:13:aa:21:7d:a8:17:da:f2:97:da:90:a5:
         1d:0a:71:21:57:f8:97:00:8e:90:f3:e9:7d:02:02:67:97:70:
         58:32:90:ac:48:50:b8:4c:c8:b4:cc:0b:1a:90:37:69:2a:20:
         7a:0b:d3:5c:36:d6:67:9a:e9:2a:d3:e6:ad:62:1e:86:c3:57:
         92:41:b5:5c:bf:68:fb:3e:bb:49:74:b2:5f:74:43:51:a7:e6:
         20:11:20:fc:7b:ce:76:f3:97:7e:74:94:bb:71:8e:29:27:b3:
         cb:17:3e:67:13:3a:88:0e:96:db:db:8e:f5:84:63:18:35:e2:
         20:66:30:a8:cd:5e:de:d8:98:f8:1c:d7:0d:b1:c2:4e:3d:51:
         c9:4f:87:9f:93:8d:e7:69:35:c5:47:00:3f:08:b9:4f:ee:58:
         ad:14:c8:17:0c:6c:56:f5:32:41:91:81:bd:f5:08:24:a4:d4:
         05:ce:ee:eb:49:41:5a:84:ec:4e:26:72:f8:ba:ca:2d:00:96:
         c2:33:ee:a0
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIUReYfRPfE2hY2JYFIkS3S9/kkFYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDkwZDhhYmEyYTc1MjMyZGFjMGE0OTczYjI5Njc3YTE0
NTczNTYxZWYzNDExOTk2MDAwHhcNMjQwODIyMjAyOTQyWhcNMjUwODIxMjAzNDQy
WjAzMTEwLwYDVQQDEyhDOTU4QzlERDZCODQzMjAxN0E0Rjg3OEREMTA0NEVCRUFF
RDE3ODRGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Q7s4D5Qto2W
7u2WNslhgDQKYf0ikT4IU4HTSMztON2fsOs5bcCnbyNHcWHFtowiJS2P4l9o7hkb
DHNPQJoeqWSm+mMwKAY39WaJt3/EWzCVC7bbLR8wkDsM4zVUEUldv1ZY+tngmY0P
Qe1MOBvWRxIsqT5KMfOvfOrJzfGGP8bQWEWRukRMej887diWeNRdRfCWj5OzWEqs
IwMakdDfEeY1D0XOFaK/1yWlCa1tlTo6XsQ8pZBIXB+t2ODlae6Nty/5s3/X82t2
W6a5BVrgLeuYJofAiZlROVsHhslCfChr8vAOIA9syvOf9fzucaClrSoJV+5Mh/J5
wQsE2IF++wIDAQABo4ICzzCCAsswHQYDVR0OBBYEFMlYyd1rhDIBek+HjdEETr6u
0XhPMB8GA1UdIwQYMBaAFEQXxivIu2SKSpfd9lBcLkQ+SzX/MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzJkZTJmNjRkLWY2ZTUtNDdlMy1hNmZi
LTY4NmQ4OGU3MWFlOS8yLzQ0MTdDNjJCQzhCQjY0OEE0QTk3RERGNjUwNUMyRTQ0
M0U0QjM1RkYuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzg3MWRhNDBmLTc5M2Et
NGE0NS1hMGE5LTk3ODE0ODMyMWEwNy8wZWMxNzE1Ny02NmRlLTRhYWItODVlNy0y
OGFmNGRlNDMwZTIvZDkwZDhhYmEyYTc1MjMyZGFjMGE0OTczYjI5Njc3YTE0NTcz
NTYxZWYzNDExOTk2MDAuY2VyMIGvBggrBgEFBQcBCwSBojCBnzCBnAYIKwYBBQUH
MAuGgY9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzJkZTJmNjRkLWY2ZTUtNDdlMy1hNmZiLTY4NmQ4OGU3MWFlOS8yLzMyMzMyZTMx
MzYzNDJlMzEzNTMzMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM1MzAzNTMx
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAF6SZMA0GCSqGSIb3DQEBCwUAA4IBAQBIDCl/P87yLbUDOOGp
p1tYXt4BondUTrH4Ugxd3nCIwfj3QIXzb53+IDCwq/0BOdL5sHKiNOgTnqXPxucT
qiF9qBfa8pfakKUdCnEhV/iXAI6Q8+l9AgJnl3BYMpCsSFC4TMi0zAsakDdpKiB6
C9NcNtZnmukq0+atYh6Gw1eSQbVcv2j7PrtJdLJfdENRp+YgESD8e85285d+dJS7
cY4pJ7PLFz5nEzqIDpbb2471hGMYNeIgZjCozV7e2Jj4HNcNscJOPVHJT4efk43n
aTXFRwA/CLlP7litFMgXDGxW9TJBkYG99QgkpNQFzu7rSUFahOxOJnL4usotAJbC
M+6g
-----END CERTIFICATE-----
Generated at Fri Sep 6 14:56:09 2024 by rpki-client on console-fra.rpki-client.org