Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33322e302f32312d3231203d3e2030.roa
File:                     33312e3232302e33322e302f32312d3231203d3e2030.roa (raw, json)
Hash identifier:          evWFY2sjnDEnCFsEgp5tcpZdnGslT2++HdmG6ptqyIk=
Subject key identifier:   11:B4:66:BA:9A:F8:10:44:E0:9E:BF:F1:B1:55:F1:FB:7C:77:D4:F3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4535B36E18EC976093F1514A3839FD9935B08C9A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33322e302f32312d3231203d3e2030.roa
Signing time:             Mon 27 Mar 2023 08:28:45 +0000
ROA not before:           Mon 27 Mar 2023 08:23:45 +0000
ROA not after:            Mon 25 Mar 2024 08:28:45 +0000
asID:                     0
IP address blocks:        31.220.32.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:35:b3:6e:18:ec:97:60:93:f1:51:4a:38:39:fd:99:35:b0:8c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 27 08:23:45 2023 GMT
            Not After : Mar 25 08:28:45 2024 GMT
        Subject: CN=11B466BA9AF81044E09EBFF1B155F1FB7C77D4F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1e:25:b1:5d:ea:72:c0:f1:45:23:98:b5:2b:
                    6d:10:41:6a:af:00:b5:bf:57:82:db:b8:19:52:f8:
                    1d:25:58:33:db:46:26:a4:52:c1:b7:b4:ce:e6:a8:
                    71:6b:1e:4a:23:2c:18:7c:b2:f1:0b:63:93:f2:3f:
                    03:ed:7b:3b:b6:12:09:ae:2d:65:a4:bf:b9:ec:28:
                    bf:0c:06:8c:49:ef:1f:3c:29:6d:84:cb:e1:e7:03:
                    be:dd:14:9d:3a:eb:0f:fc:2e:2f:b0:0d:05:fb:10:
                    44:b2:02:da:f7:c7:ab:d9:2f:f5:f9:b0:80:a9:d3:
                    0f:35:7f:17:92:36:4f:a5:ea:d9:7c:9b:e2:22:e4:
                    c0:db:57:1a:35:32:ad:80:99:db:c8:0d:02:07:c3:
                    d3:12:b7:7d:21:ec:a9:f3:94:33:fb:62:99:fb:36:
                    42:de:1e:fb:61:0d:1d:40:19:40:b7:99:42:f6:e3:
                    61:d9:e3:94:ba:9f:90:d8:91:5d:82:ed:03:ce:48:
                    ad:f7:0d:8d:21:ad:ac:0b:6f:38:8c:b1:6b:77:6a:
                    56:95:c8:c7:3f:cd:26:49:c4:b6:dc:15:53:5d:26:
                    42:c0:61:6f:12:2f:9a:0a:64:da:78:14:54:47:66:
                    15:26:16:76:b7:2b:7c:df:4f:fd:91:7b:9b:7d:48:
                    8b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B4:66:BA:9A:F8:10:44:E0:9E:BF:F1:B1:55:F1:FB:7C:77:D4:F3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33322e302f32312d3231203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:f6:bc:6a:cd:c4:95:22:4a:e3:46:ac:1c:c5:ce:35:64:57:
         cc:8c:b0:a4:29:93:bb:82:8d:ea:e8:e1:58:92:be:63:9a:1d:
         ae:34:6c:31:cf:4a:89:9b:68:f8:73:fc:01:aa:2b:4d:82:5b:
         0c:65:54:ac:35:af:49:b0:c0:c8:d7:22:ab:b4:26:f0:73:4e:
         dd:90:0d:50:41:94:d6:6f:ae:94:71:e0:f2:e2:0b:b0:59:91:
         8a:8e:ac:b1:63:94:25:f2:0f:2b:c6:3d:bd:57:fd:86:c9:c0:
         e8:bb:45:2b:c4:e4:24:d8:d1:e1:7e:c3:e1:b7:f6:2c:5c:88:
         37:ea:f0:6a:6b:d5:22:37:92:cf:37:93:99:7d:2f:33:f3:2f:
         5e:04:6f:f0:bb:e6:a6:b0:3e:e6:5c:34:de:9e:2c:03:c2:b3:
         53:0a:c4:40:0d:62:f9:2a:c8:24:8d:d6:eb:66:c4:6b:89:ae:
         ab:2f:2e:91:89:58:83:e5:e7:e9:b1:d8:19:47:7a:f1:49:39:
         48:e6:6e:49:27:8b:29:ae:ec:0f:3a:24:c4:1d:bb:5f:dd:3f:
         5f:0c:47:fc:09:f6:46:ab:ad:03:c3:8f:a9:d3:93:c5:37:c7:
         06:4b:81:63:c3:09:52:b8:b6:59:8e:16:9c:9f:81:3a:80:5d:
         16:a5:b5:da
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIURTWzbhjsl2CT8VFKODn9mTWwjJowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzAzMjcwODIzNDVaFw0yNDAzMjUwODI4NDVaMDMxMTAvBgNV
BAMTKDExQjQ2NkJBOUFGODEwNDRFMDlFQkZGMUIxNTVGMUZCN0M3N0Q0RjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtHiWxXepywPFFI5i1K20QQWqv
ALW/V4LbuBlS+B0lWDPbRiakUsG3tM7mqHFrHkojLBh8svELY5PyPwPtezu2Egmu
LWWkv7nsKL8MBoxJ7x88KW2Ey+HnA77dFJ066w/8Li+wDQX7EESyAtr3x6vZL/X5
sICp0w81fxeSNk+l6tl8m+Ii5MDbVxo1Mq2AmdvIDQIHw9MSt30h7KnzlDP7Ypn7
NkLeHvthDR1AGUC3mUL242HZ45S6n5DYkV2C7QPOSK33DY0hrawLbziMsWt3alaV
yMc/zSZJxLbcFVNdJkLAYW8SL5oKZNp4FFRHZhUmFna3K3zfT/2Re5t9SIvDAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUEbRmupr4EETgnr/xsVXx+3x31PMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMy
MmUzMDJmMzIzMTJkMzIzMTIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAMf3CAwDQYJKoZI
hvcNAQELBQADggEBAFn2vGrNxJUiSuNGrBzFzjVkV8yMsKQpk7uCjero4ViSvmOa
Ha40bDHPSombaPhz/AGqK02CWwxlVKw1r0mwwMjXIqu0JvBzTt2QDVBBlNZvrpRx
4PLiC7BZkYqOrLFjlCXyDyvGPb1X/YbJwOi7RSvE5CTY0eF+w+G39ixciDfq8Gpr
1SI3ks83k5l9LzPzL14Eb/C75qawPuZcNN6eLAPCs1MKxEANYvkqyCSN1utmxGuJ
rqsvLpGJWIPl5+mx2BlHevFJOUjmbkkniymu7A86JMQdu1/dP18MR/wJ9karrQPD
j6nTk8U3xwZLgWPDCVK4tlmOFpyfgTqAXRaltdo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:23 2024 by rpki-client on console-fra.rpki-client.org