Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/4ooaANdjZ_Ul8ODGkGyySXKEqcQ.roa
File:                     4ooaANdjZ_Ul8ODGkGyySXKEqcQ.roa (raw, json)
Hash identifier:          0i437kLyntknRd/uBZdsmgmyjpdPfK/gCnFfkMwlc74=
Subject key identifier:   E2:8A:1A:00:D7:63:67:F5:25:F0:E0:C6:90:6C:B2:49:72:84:A9:C4
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       1323EEA8
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/4ooaANdjZ_Ul8ODGkGyySXKEqcQ.roa
Signing time:             Sat 01 Jan 2022 04:02:53 +0000
ROA not before:           Sat 01 Jan 2022 04:02:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9516
IP address blocks:        185.215.247.0/24 maxlen: 24
                          185.212.60.0/22 maxlen: 24
                          31.25.88.0/23 maxlen: 24
                          185.129.110.0/24 maxlen: 24
                          185.129.111.0/24 maxlen: 24
                          185.217.108.0/22 maxlen: 24
                          212.107.28.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 321121960 (0x1323eea8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 04:02:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e28a1a00d76367f525f0e0c6906cb2497284a9c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:02:58:7d:3a:1d:d5:de:25:26:3e:b7:81:60:
                    e1:05:98:ed:a4:8e:3a:a9:e9:b7:ea:30:a2:cd:c6:
                    e8:64:e3:fa:39:bd:d2:b4:f4:0d:57:39:0c:7f:8f:
                    57:d1:77:e8:f3:33:2f:ee:a0:b4:fa:35:03:35:a8:
                    ad:70:a8:00:af:57:d2:90:ff:59:17:4a:77:79:11:
                    33:90:87:7b:1f:95:f0:a7:ef:90:77:b2:cb:66:a2:
                    61:6b:d2:61:24:b7:bb:e0:fd:fc:9a:b4:3f:cf:21:
                    97:b0:a3:19:ee:6b:d3:c4:eb:09:38:ec:53:68:cb:
                    9e:28:00:0f:a6:34:ba:39:bf:9f:c1:83:02:f2:17:
                    ea:81:9b:20:5d:4d:5d:a5:00:67:57:05:86:db:0a:
                    40:01:8a:e0:b1:d8:87:e9:6a:49:09:40:9f:45:0c:
                    3d:dd:b8:74:6c:03:a5:ab:44:25:3c:7d:07:98:e8:
                    74:e1:6b:b3:09:4a:8a:9c:84:2f:41:24:2d:af:5d:
                    7f:0b:8c:50:50:14:97:61:5f:6b:19:86:4e:e3:d1:
                    a2:27:4f:19:af:28:ba:1c:ba:9b:2b:0e:91:5e:d4:
                    2c:ee:11:a8:e5:89:0e:15:fb:41:39:ed:82:5e:54:
                    bc:9f:99:7a:64:91:02:78:d7:84:ed:5a:1e:9e:3d:
                    06:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:8A:1A:00:D7:63:67:F5:25:F0:E0:C6:90:6C:B2:49:72:84:A9:C4
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/4ooaANdjZ_Ul8ODGkGyySXKEqcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.88.0/23
                  185.129.110.0/23
                  185.212.60.0/22
                  185.215.247.0/24
                  185.217.108.0/22
                  212.107.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:43:f6:7b:99:b1:6f:e3:13:ae:75:17:81:71:9b:12:34:9b:
         57:70:2a:c1:a0:08:0e:5c:bf:63:2e:90:08:8b:6f:23:01:24:
         4f:b8:55:e5:21:cb:f7:e4:1c:76:88:18:2c:7c:25:48:65:df:
         4f:37:bb:ea:81:99:40:8f:4f:c1:95:fa:ef:bb:5a:fe:c8:38:
         d6:ec:cd:c2:ca:ab:40:0a:f3:05:27:19:75:57:eb:01:92:7e:
         fd:5c:ae:d3:09:fe:de:4c:9e:74:f5:2d:7b:3b:a9:d4:d8:d5:
         34:a5:e2:c9:df:d0:ce:16:bf:1b:54:62:6c:05:f4:7f:52:76:
         10:7b:dd:52:ef:b2:62:32:ff:d4:92:17:77:f8:af:c5:8c:98:
         a9:57:be:6b:80:bf:8d:0f:14:51:71:ec:67:fd:26:58:cd:33:
         78:0f:84:43:1a:a6:67:a8:12:ca:38:c8:d9:85:2e:bb:1b:f9:
         f6:14:21:4e:8d:85:35:7f:72:24:1a:5a:f4:bc:9d:2d:1c:b8:
         e6:31:b1:fe:5d:cc:13:c0:f7:9c:10:4f:95:9c:cd:5d:07:aa:
         9a:ed:7f:55:30:65:2e:d1:0f:a9:ac:a2:a0:ff:2a:6b:03:b6:
         b9:ed:c8:29:3e:3d:ad:f3:b5:9e:99:30:36:8f:93:41:1c:68:
         7c:e4:7e:18
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEEyPuqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDEw
MTA0MDI1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTI4YTFhMDBkNzYz
NjdmNTI1ZjBlMGM2OTA2Y2IyNDk3Mjg0YTljNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALMCWH06HdXeJSY+t4Fg4QWY7aSOOqnpt+owos3G6GTj+jm9
0rT0DVc5DH+PV9F36PMzL+6gtPo1AzWorXCoAK9X0pD/WRdKd3kRM5CHex+V8Kfv
kHeyy2aiYWvSYSS3u+D9/Jq0P88hl7CjGe5r08TrCTjsU2jLnigAD6Y0ujm/n8GD
AvIX6oGbIF1NXaUAZ1cFhtsKQAGK4LHYh+lqSQlAn0UMPd24dGwDpatEJTx9B5jo
dOFrswlKipyEL0EkLa9dfwuMUFAUl2FfaxmGTuPRoidPGa8ouhy6mysOkV7ULO4R
qOWJDhX7QTntgl5UvJ+ZemSRAnjXhO1aHp49BkkCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBTiihoA12Nn9SXw4MaQbLJJcoSpxDAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
LzRvb2FBTmRqWl9VbDhPREdrR3l5U1hLRXFjUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAR8ZWAMEAbmBbgMEArnUPAMEALnX
9wMEArnZbAMEAtRrHDANBgkqhkiG9w0BAQsFAAOCAQEAhkP2e5mxb+MTrnUXgXGb
EjSbV3AqwaAIDly/Yy6QCItvIwEkT7hV5SHL9+QcdogYLHwlSGXfTze76oGZQI9P
wZX677ta/sg41uzNwsqrQArzBScZdVfrAZJ+/Vyu0wn+3kyedPUtezup1NjVNKXi
yd/Qzha/G1RibAX0f1J2EHvdUu+yYjL/1JIXd/ivxYyYqVe+a4C/jQ8UUXHsZ/0m
WM0zeA+EQxqmZ6gSyjjI2YUuuxv59hQhTo2FNX9yJBpa9LydLRy45jGx/l3ME8D3
nBBPlZzNXQeqmu1/VTBlLtEPqayioP8qawO2ue3IKT49rfO1npkwNo+TQRxofOR+
GA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org