Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/u3fY9aTZ05iJ9aw6GBxoIsNooCE.roa
File:                     u3fY9aTZ05iJ9aw6GBxoIsNooCE.roa (raw, json)
Hash identifier:          DZBcpDWrCuPtsF2aMzsJ68Fnd+aklgbqct2Zny5+Evc=
Subject key identifier:   BB:77:D8:F5:A4:D9:D3:98:89:F5:AC:3A:18:1C:68:22:C3:68:A0:21
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       1447D066
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/u3fY9aTZ05iJ9aw6GBxoIsNooCE.roa
Signing time:             Tue 22 Mar 2022 14:25:34 +0000
ROA not before:           Tue 22 Mar 2022 14:25:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31732
IP address blocks:        212.90.100.0/22 maxlen: 24
                          185.220.236.0/22 maxlen: 24
                          188.209.155.0/24 maxlen: 24
                          46.249.97.0/24 maxlen: 24
                          46.249.98.0/23 maxlen: 23
                          46.249.104.0/21 maxlen: 21
                          46.249.100.0/22 maxlen: 22
                          185.129.108.0/22 maxlen: 24
                          46.249.112.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 340250726 (0x1447d066)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Mar 22 14:25:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bb77d8f5a4d9d39889f5ac3a181c6822c368a021
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:96:0a:45:ea:b6:b1:30:0f:c9:6c:5d:a5:a2:
                    2a:20:50:bd:34:f7:fd:80:07:96:45:16:0e:42:0a:
                    81:3a:b6:40:e9:46:0e:97:e7:27:31:1d:ca:e2:b7:
                    39:d5:26:b7:72:b3:52:cd:7c:ba:25:95:21:55:4c:
                    a8:eb:85:3f:9a:3f:2e:7f:38:f0:34:85:ce:18:aa:
                    11:f7:79:92:dd:2b:3d:66:0e:4e:1e:f2:d0:54:c2:
                    26:b1:84:9c:78:66:8d:15:b0:84:44:9b:c0:f3:8e:
                    e1:44:97:9a:7c:84:3d:70:6f:d4:82:47:e3:d9:d2:
                    dc:a8:94:15:93:c7:3c:22:d5:aa:69:5a:19:95:c3:
                    93:1b:3f:24:c9:2b:cd:cc:65:76:b7:c3:0f:51:f1:
                    77:1b:82:28:36:47:09:eb:e7:3e:fd:43:84:e1:21:
                    2d:13:aa:0b:79:81:0d:72:dc:4a:81:8d:20:11:99:
                    27:36:f5:4f:83:d1:34:48:57:e2:4b:bb:39:0a:15:
                    3e:45:c2:5d:5f:d3:8a:8f:35:34:e0:33:f7:85:df:
                    51:03:73:2a:bf:50:fc:b2:8c:35:7b:cf:ad:57:93:
                    ca:46:f8:00:7c:ec:68:75:a4:2a:43:d7:e5:88:7f:
                    33:d6:42:59:f5:79:fe:79:23:85:34:db:e6:da:45:
                    05:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:77:D8:F5:A4:D9:D3:98:89:F5:AC:3A:18:1C:68:22:C3:68:A0:21
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/u3fY9aTZ05iJ9aw6GBxoIsNooCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.97.0-46.249.119.255
                  185.129.108.0/22
                  185.220.236.0/22
                  188.209.155.0/24
                  212.90.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:d7:21:1f:3d:d4:1e:1e:52:7d:28:92:d3:32:79:28:10:a5:
         a8:a4:b7:0d:e1:5e:8a:80:31:0b:ca:18:ec:e9:00:31:3c:bf:
         c4:53:1c:88:94:19:96:ca:be:ec:96:b9:a4:3d:e8:07:06:9e:
         9b:09:36:1b:95:56:8a:a2:40:a4:87:e8:48:8c:98:dc:63:e0:
         b9:1d:b1:93:7b:ca:bf:5b:f3:f4:21:82:6d:41:a3:26:88:bf:
         27:92:3b:78:b4:94:d6:b2:3e:30:43:82:31:75:b0:b3:29:ed:
         b1:43:75:be:54:64:ad:0d:17:19:d2:c9:51:88:5d:18:3d:66:
         4f:e4:48:d8:28:7d:32:c3:69:5d:e5:2e:ac:0f:07:24:bc:55:
         3f:7a:f5:94:82:71:9c:64:62:45:56:1f:a8:01:54:64:2d:c6:
         e1:27:ef:e6:ca:a2:9b:30:39:e1:33:1c:f1:f4:ae:40:a4:98:
         ac:17:30:87:89:3c:c6:fa:ca:6a:f5:80:bb:61:02:ca:93:70:
         04:a3:74:93:f3:8e:33:a0:3d:9d:10:aa:c3:bf:2c:3d:4e:0f:
         6e:37:cd:d8:94:d8:c2:1e:80:4a:5f:de:2d:67:9f:75:6d:c7:
         11:5f:ff:f0:84:93:db:02:1d:27:d6:a0:20:cc:bc:83:c5:aa:
         5b:72:e9:b9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEFEfQZjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDMy
MjE0MjUzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmI3N2Q4ZjVhNGQ5
ZDM5ODg5ZjVhYzNhMTgxYzY4MjJjMzY4YTAyMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMiWCkXqtrEwD8lsXaWiKiBQvTT3/YAHlkUWDkIKgTq2QOlG
DpfnJzEdyuK3OdUmt3KzUs18uiWVIVVMqOuFP5o/Ln848DSFzhiqEfd5kt0rPWYO
Th7y0FTCJrGEnHhmjRWwhESbwPOO4USXmnyEPXBv1IJH49nS3KiUFZPHPCLVqmla
GZXDkxs/JMkrzcxldrfDD1HxdxuCKDZHCevnPv1DhOEhLROqC3mBDXLcSoGNIBGZ
Jzb1T4PRNEhX4ku7OQoVPkXCXV/Tio81NOAz94XfUQNzKr9Q/LKMNXvPrVeTykb4
AHzsaHWkKkPX5Yh/M9ZCWfV5/nkjhTTb5tpFBcUCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBS7d9j1pNnTmIn1rDoYHGgiw2igITAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L3UzZlk5YVRaMDVpSjlhdzZHQnhvSXNOb29DRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJjAMAwQALvlhAwQDLvlwAwQCuYFsAwQC
udzsAwQAvNGbAwQC1FpkMA0GCSqGSIb3DQEBCwUAA4IBAQBY1yEfPdQeHlJ9KJLT
MnkoEKWopLcN4V6KgDELyhjs6QAxPL/EUxyIlBmWyr7slrmkPegHBp6bCTYblVaK
okCkh+hIjJjcY+C5HbGTe8q/W/P0IYJtQaMmiL8nkjt4tJTWsj4wQ4IxdbCzKe2x
Q3W+VGStDRcZ0slRiF0YPWZP5EjYKH0yw2ld5S6sDwckvFU/evWUgnGcZGJFVh+o
AVRkLcbhJ+/myqKbMDnhMxzx9K5ApJisFzCHiTzG+spq9YC7YQLKk3AEo3ST844z
oD2dEKrDvyw9Tg9uN83YlNjCHoBKX94tZ591bccRX//whJPbAh0n1qAgzLyDxapb
cum5
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org