Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33322e302f32312d3234203d3e203432333636.roa
File:                     33312e3232302e33322e302f32312d3234203d3e203432333636.roa (raw, json)
Hash identifier:          Q3jyg1Cg1Zi1X3wi/x/56wAXo+R3BzkTAOks/6iURs8=
Subject key identifier:   E2:AD:43:A0:81:7C:D6:79:C5:DE:2B:E8:37:0A:69:A4:63:A6:27:17
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70C3C64E5D1EF10A22DDE10529BDCAE19B3588CD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33322e302f32312d3234203d3e203432333636.roa
Signing time:             Tue 25 Apr 2023 17:56:10 +0000
ROA not before:           Tue 25 Apr 2023 17:51:10 +0000
ROA not after:            Tue 23 Apr 2024 17:56:10 +0000
asID:                     42366
IP address blocks:        31.220.32.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:c3:c6:4e:5d:1e:f1:0a:22:dd:e1:05:29:bd:ca:e1:9b:35:88:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 25 17:51:10 2023 GMT
            Not After : Apr 23 17:56:10 2024 GMT
        Subject: CN=E2AD43A0817CD679C5DE2BE8370A69A463A62717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d3:7c:3f:8a:29:c9:7e:42:6f:ad:d5:1a:3c:
                    a7:d2:c1:7f:c1:f2:a3:81:9f:1a:7f:3b:2f:1f:2b:
                    96:a6:c9:8e:c0:6a:8e:6a:48:97:38:6a:87:a1:24:
                    88:10:85:c2:87:32:db:8b:30:3d:ca:ad:8e:3b:94:
                    38:36:9a:cc:3b:c5:48:29:63:9f:ce:db:a6:10:53:
                    c9:94:fb:c4:1c:c7:65:f7:4d:ed:c2:ba:9d:86:d9:
                    2a:a5:20:5c:60:c2:58:55:dd:19:1f:85:c7:a0:f2:
                    4a:40:71:11:3d:bf:12:e3:cd:06:0b:bb:a2:9e:d2:
                    96:13:89:c0:69:38:fe:3b:2d:e7:72:e7:fd:14:03:
                    1e:0d:34:30:3f:bc:65:b3:47:10:2a:5d:26:fb:15:
                    42:32:2b:90:ba:f0:0a:7b:71:41:27:35:5a:22:7d:
                    24:c3:56:9c:69:fc:26:62:ae:b8:d0:4d:d1:38:a4:
                    02:7d:37:82:46:70:4e:be:cd:b6:a8:5b:29:91:b6:
                    b7:9d:bc:04:65:0a:d4:ab:51:ca:d9:ee:0b:40:78:
                    c8:91:e3:ac:b7:36:b9:1f:95:2e:91:11:c1:33:c2:
                    13:75:6a:be:8f:fe:02:32:dd:c5:fd:bf:10:44:4e:
                    33:7b:89:5e:63:c1:17:58:76:78:c6:0b:b6:a3:f8:
                    fe:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:AD:43:A0:81:7C:D6:79:C5:DE:2B:E8:37:0A:69:A4:63:A6:27:17
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/33312e3232302e33322e302f32312d3234203d3e203432333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         78:e9:72:58:86:eb:90:24:4c:3d:d9:71:86:44:da:4c:04:df:
         65:33:e5:b6:d9:58:0c:aa:53:da:00:5c:a8:8b:9f:56:10:6c:
         9d:78:df:b5:32:22:6f:fb:2a:23:54:c4:ac:e3:1c:c3:98:da:
         69:be:b4:a2:3d:c9:a4:ed:6f:3d:70:32:89:f6:8a:ca:b6:f7:
         76:cb:06:d7:7b:13:ed:27:15:26:76:e5:8f:bf:be:05:db:76:
         0d:79:d8:a0:35:4e:39:32:21:19:f4:0a:c0:e2:41:6c:7e:38:
         79:53:81:97:f3:1b:72:27:93:94:c4:9a:76:2b:f6:0d:f1:30:
         4c:0b:17:77:ae:03:f6:39:91:94:98:a1:9b:0f:f4:2d:1f:3d:
         ee:de:04:7d:7e:d1:e6:b9:51:82:e0:d5:32:d1:fd:e3:71:ce:
         41:c7:0a:00:3b:ed:43:c4:ad:af:99:94:78:25:89:92:9e:8e:
         21:08:82:05:42:df:9e:74:51:30:11:f0:fd:d1:71:ce:ae:d5:
         1a:87:69:22:36:6b:b6:c8:14:d0:72:a8:a2:ff:a8:f3:32:ff:
         1d:65:5e:bd:2c:8a:98:2b:e6:65:e9:2d:6b:16:61:04:51:fc:
         e8:0a:b4:c3:d2:65:c0:00:5f:92:e5:1e:0d:35:b7:ec:8e:a0:
         1d:ac:97:45
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcMPGTl0e8Qoi3eEFKb3K4Zs1iM0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA0MjUxNzUxMTBaFw0yNDA0MjMxNzU2MTBaMDMxMTAvBgNV
BAMTKEUyQUQ0M0EwODE3Q0Q2NzlDNURFMkJFODM3MEE2OUE0NjNBNjI3MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/03w/iinJfkJvrdUaPKfSwX/B
8qOBnxp/Oy8fK5amyY7Aao5qSJc4aoehJIgQhcKHMtuLMD3KrY47lDg2msw7xUgp
Y5/O26YQU8mU+8Qcx2X3Te3Cup2G2SqlIFxgwlhV3Rkfhceg8kpAcRE9vxLjzQYL
u6Ke0pYTicBpOP47Ledy5/0UAx4NNDA/vGWzRxAqXSb7FUIyK5C68Ap7cUEnNVoi
fSTDVpxp/CZirrjQTdE4pAJ9N4JGcE6+zbaoWymRtredvARlCtSrUcrZ7gtAeMiR
46y3NrkflS6REcEzwhN1ar6P/gIy3cX9vxBETjN7iV5jwRdYdnjGC7aj+P6JAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4q1DoIF81nnF3ivoNwpppGOmJxcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzMzMTJlMzIzMjMwMmUzMzMy
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzQzMjMzMzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAx/c
IDANBgkqhkiG9w0BAQsFAAOCAQEAeOlyWIbrkCRMPdlxhkTaTATfZTPlttlYDKpT
2gBcqIufVhBsnXjftTIib/sqI1TErOMcw5jaab60oj3JpO1vPXAyifaKyrb3dssG
13sT7ScVJnblj7++Bdt2DXnYoDVOOTIhGfQKwOJBbH44eVOBl/MbcieTlMSadiv2
DfEwTAsXd64D9jmRlJihmw/0LR897t4EfX7R5rlRguDVMtH943HOQccKADvtQ8St
r5mUeCWJkp6OIQiCBULfnnRRMBHw/dFxzq7VGodpIjZrtsgU0HKoov+o8zL/HWVe
vSyKmCvmZektaxZhBFH86Aq0w9JlwABfkuUeDTW37I6gHayXRQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:23 2024 by rpki-client on console-fra.rpki-client.org