Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa
File:                     3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa (raw, json)
Hash identifier:          EXAKDafdRoOUlrwSHE1aEQrmtWqyERGjMIJ49CRiMWs=
Subject key identifier:   D6:C8:82:98:03:2C:24:1F:9D:AD:21:20:D8:C1:EA:44:8B:0A:02:C2
Certificate issuer:       /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial:       2DD7583329390CABD039660F0752AA4C08D1F3B2
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa
Signing time:             Sun 07 Apr 2024 16:03:28 +0000
ROA not before:           Sun 07 Apr 2024 15:58:28 +0000
ROA not after:            Sun 06 Apr 2025 16:03:28 +0000
asID:                     42366
IP address blocks:        185.223.254.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:d7:58:33:29:39:0c:ab:d0:39:66:0f:07:52:aa:4c:08:d1:f3:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
        Validity
            Not Before: Apr  7 15:58:28 2024 GMT
            Not After : Apr  6 16:03:28 2025 GMT
        Subject: CN=D6C88298032C241F9DAD2120D8C1EA448B0A02C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b3:47:c1:60:0f:25:20:69:8e:97:27:8a:5a:
                    fb:ff:f4:41:b9:9c:72:64:7e:63:45:e7:72:45:4f:
                    c9:08:d8:1a:25:59:9c:e2:6b:fe:ab:25:08:d3:3d:
                    8d:fc:38:3c:54:40:90:a1:0a:2d:9b:eb:08:a1:21:
                    99:48:eb:69:50:de:82:64:69:e5:ba:fa:2d:61:12:
                    54:bf:16:43:2c:be:ef:05:0c:d8:ae:87:2f:aa:f7:
                    16:e7:6a:6d:5d:15:9f:bf:80:16:52:73:07:e2:1a:
                    ba:5b:2a:a0:6d:cc:5e:42:40:fc:40:31:0e:c5:f6:
                    01:2a:2c:2c:ee:cc:f2:d2:c7:d0:b9:73:3a:0c:63:
                    07:af:b4:f5:c8:38:1a:6c:a8:30:7a:7c:c9:14:97:
                    ae:a4:dd:c3:95:ea:5c:6a:32:2e:c6:9a:8c:55:69:
                    2d:e2:10:6c:2f:95:35:16:54:be:c7:4d:27:c8:af:
                    b5:53:61:db:0f:c7:c0:f3:55:ac:3a:76:a3:86:ce:
                    d2:b4:a7:4e:45:80:cb:c2:86:00:4d:1e:fd:40:f5:
                    d2:7f:b8:ad:82:6e:f5:a6:6c:74:41:d2:5b:77:ed:
                    04:2a:69:02:ca:58:05:e4:e0:77:c9:69:5b:4d:9a:
                    9a:70:ce:53:71:57:81:83:cd:4b:f0:48:d2:b4:ca:
                    75:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C8:82:98:03:2C:24:1F:9D:AD:21:20:D8:C1:EA:44:8B:0A:02:C2
            X509v3 Authority Key Identifier:
                keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:4f:00:0d:55:03:a8:94:fc:16:64:3e:ed:a1:58:a8:d1:89:
         ef:12:69:80:8c:66:df:9e:b7:89:60:c8:65:b4:5a:b0:15:d4:
         af:ab:af:95:54:cb:a5:7e:23:98:2c:73:af:c9:89:e0:fb:0e:
         63:ab:42:b1:c5:96:c0:2b:6e:5a:fe:a0:c6:d4:64:31:e3:d7:
         ca:26:e9:a1:c4:d1:53:49:8a:96:e3:14:47:21:8f:e5:2e:84:
         4f:16:d6:63:db:fe:11:ee:0d:2e:94:1e:30:cf:fc:e8:09:98:
         e9:30:62:d1:8c:58:ef:ef:af:e8:79:35:ce:3a:54:bb:f2:ef:
         f0:74:ed:f0:be:41:0e:2b:79:c5:67:51:eb:2a:ea:d1:13:f3:
         5d:05:73:e1:75:33:2e:4e:c6:8f:3d:04:be:e2:93:7f:7b:5f:
         b0:5f:b3:c2:d1:f8:43:2e:f5:46:1c:e6:32:7a:e7:2b:5a:96:
         d8:6d:24:38:c3:3f:b9:c4:51:9f:8c:f6:1e:fb:33:ab:ec:24:
         ee:7d:20:11:0a:f3:59:66:62:d2:0d:22:b8:fc:c9:45:64:02:
         32:38:49:ae:fb:10:e7:c7:7c:09:3a:47:93:91:4e:01:09:1b:
         d9:1c:29:0d:44:29:eb:12:11:6e:f5:7f:f0:9c:0e:72:c1:fa:
         84:1d:bb:b8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIULddYMyk5DKvQOWYPB1KqTAjR87IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDA0MDcxNTU4MjhaFw0yNTA0MDYxNjAzMjhaMDMxMTAvBgNV
BAMTKEQ2Qzg4Mjk4MDMyQzI0MUY5REFEMjEyMEQ4QzFFQTQ0OEIwQTAyQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOs0fBYA8lIGmOlyeKWvv/9EG5
nHJkfmNF53JFT8kI2BolWZzia/6rJQjTPY38ODxUQJChCi2b6wihIZlI62lQ3oJk
aeW6+i1hElS/FkMsvu8FDNiuhy+q9xbnam1dFZ+/gBZScwfiGrpbKqBtzF5CQPxA
MQ7F9gEqLCzuzPLSx9C5czoMYwevtPXIOBpsqDB6fMkUl66k3cOV6lxqMi7GmoxV
aS3iEGwvlTUWVL7HTSfIr7VTYdsPx8DzVaw6dqOGztK0p05FgMvChgBNHv1A9dJ/
uK2CbvWmbHRB0lt37QQqaQLKWAXk4HfJaVtNmppwzlNxV4GDzUvwSNK0ynVjAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU1siCmAMsJB+drSEg2MHqRIsKAsIwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjMyMzMyZTMy
MzUzNDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzIzMzM2MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAG53/4wDQYJKoZIhvcNAQELBQADggEBAG5PAA1VA6iU/BZkPu2hWKjRie8SaYCM
Zt+et4lgyGW0WrAV1K+rr5VUy6V+I5gsc6/JieD7DmOrQrHFlsArblr+oMbUZDHj
18om6aHE0VNJipbjFEchj+UuhE8W1mPb/hHuDS6UHjDP/OgJmOkwYtGMWO/vr+h5
Nc46VLvy7/B07fC+QQ4recVnUesq6tET810Fc+F1My5Oxo89BL7ik397X7Bfs8LR
+EMu9UYc5jJ65ytalthtJDjDP7nEUZ+M9h77M6vsJO59IBEK81lmYtINIrj8yUVk
AjI4Sa77EOfHfAk6R5ORTgEJG9kcKQ1EKesSEW71f/CcDnLB+oQdu7g=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:23 2024 by rpki-client on console-fra.rpki-client.org