Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VAOL1BdWFhW18G9E6gfwKglWvr4.roa
File:                     VAOL1BdWFhW18G9E6gfwKglWvr4.roa (raw, json)
Hash identifier:          bjnhQ8U4yBiOlgckgofScRrcsgJFcp9Gw9HM8L4b/yk=
Subject key identifier:   54:03:8B:D4:17:56:16:15:B5:F0:6F:44:EA:07:F0:2A:09:56:BE:BE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E2BC6F6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VAOL1BdWFhW18G9E6gfwKglWvr4.roa
Signing time:             Tue 26 Apr 2022 11:30:28 +0000
ROA not before:           Tue 26 Apr 2022 11:30:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211252
IP address blocks:        185.254.37.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          185.252.178.0/24 maxlen: 24
                          185.252.179.0/24 maxlen: 24
                          193.47.61.0/24 maxlen: 24
                          37.139.128.0/24 maxlen: 24
                          37.139.129.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 506185462 (0x1e2bc6f6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 26 11:30:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=54038bd417561615b5f06f44ea07f02a0956bebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:94:9d:ee:c8:ad:03:c9:a9:52:b9:74:84:4a:
                    4c:0a:17:6f:bf:18:fe:8e:a2:e7:cc:fe:f6:f2:6e:
                    bf:75:b6:0c:c9:be:ae:ca:a1:16:1b:26:21:1f:6d:
                    bb:68:8e:c5:df:3f:3c:fc:5a:f6:38:46:5d:a7:35:
                    c5:07:7d:b3:a1:9f:59:d5:18:f9:ee:29:53:b1:bc:
                    37:10:71:5e:9a:1e:09:0c:4d:27:af:31:e8:db:87:
                    7e:ee:40:98:e2:55:5f:e1:1b:e0:f6:dd:12:55:ec:
                    1e:5f:b7:42:37:9c:45:8b:16:71:8d:e0:17:53:40:
                    7c:df:a3:ce:19:06:60:5d:97:7e:7d:82:52:94:0b:
                    ab:2e:e8:da:89:df:fb:69:8e:64:0e:a3:cf:5d:35:
                    7f:e9:e9:92:f0:e4:63:db:93:09:0c:68:da:a4:71:
                    77:91:9d:a3:d7:ba:ae:dd:30:d4:6d:ef:b4:74:56:
                    a7:f6:e8:3b:97:3e:89:7c:fe:82:42:90:ef:e1:58:
                    b4:8f:0a:f6:e7:d4:ee:cc:9b:f6:f2:62:ca:01:75:
                    79:5f:6d:3b:88:c0:22:26:ce:b7:b6:4d:48:69:a5:
                    f1:46:a3:71:1b:09:3c:09:f8:22:54:62:8f:e6:4f:
                    0d:f8:39:ed:f2:dc:ba:e1:c3:66:84:80:41:d2:b0:
                    eb:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:03:8B:D4:17:56:16:15:B5:F0:6F:44:EA:07:F0:2A:09:56:BE:BE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VAOL1BdWFhW18G9E6gfwKglWvr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.128.0/23
                  85.217.145.0/24
                  185.252.178.0/23
                  185.254.37.0/24
                  193.47.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:95:96:aa:0f:2c:da:65:86:b9:a6:f9:22:77:74:5c:db:51:
         1c:10:75:92:69:21:b8:31:5d:82:1f:3b:ec:91:21:c5:40:e0:
         69:f8:46:e3:f3:fe:54:aa:a2:c1:b1:20:f0:a4:6e:ed:c9:96:
         25:6b:01:56:b4:51:b0:b6:a3:1b:b6:61:7c:ef:e5:d3:c2:89:
         7b:8e:6d:82:22:1f:69:76:5d:54:53:ab:5c:89:c3:f3:0e:8e:
         e4:95:74:4c:70:42:a9:c5:af:2e:a6:f0:09:98:a5:22:a3:28:
         c1:3e:f7:0f:1d:20:5c:9f:ea:ca:4a:c1:df:4b:7b:01:9c:0a:
         4b:88:92:72:67:0c:15:a2:1b:36:34:df:1f:f9:c6:aa:f2:03:
         b2:87:7c:07:5a:a1:95:fd:19:3a:c4:54:2a:ad:a7:37:f6:46:
         e5:1d:9b:45:2d:80:75:19:4a:54:01:5e:be:9a:03:39:e8:1c:
         0c:27:37:86:d7:97:b2:06:5c:4e:6a:ca:a2:e6:4f:85:f3:01:
         6b:0a:de:94:20:6c:2e:a9:aa:38:71:ef:f3:16:ef:57:1a:aa:
         20:e0:eb:f8:f4:28:ab:98:87:df:5e:fc:ab:27:ea:25:00:82:
         90:2c:59:f2:25:1a:b5:15:84:fa:9d:ee:de:81:70:1c:f4:1a:
         91:ec:0f:2f
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEHivG9jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQy
NjExMzAyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTQwMzhiZDQxNzU2
MTYxNWI1ZjA2ZjQ0ZWEwN2YwMmEwOTU2YmViZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMaUne7IrQPJqVK5dIRKTAoXb78Y/o6i58z+9vJuv3W2DMm+
rsqhFhsmIR9tu2iOxd8/PPxa9jhGXac1xQd9s6GfWdUY+e4pU7G8NxBxXpoeCQxN
J68x6NuHfu5AmOJVX+Eb4PbdElXsHl+3QjecRYsWcY3gF1NAfN+jzhkGYF2Xfn2C
UpQLqy7o2onf+2mOZA6jz101f+npkvDkY9uTCQxo2qRxd5Gdo9e6rt0w1G3vtHRW
p/boO5c+iXz+gkKQ7+FYtI8K9ufU7syb9vJiygF1eV9tO4jAIibOt7ZNSGml8Uaj
cRsJPAn4IlRij+ZPDfg57fLcuuHDZoSAQdKw6z0CAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRUA4vUF1YWFbXwb0TqB/AqCVa+vjAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L1ZBT0wxQmRXRmhXMThHOUU2Z2Z3S2dsV3ZyNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEASWLgAMEAFXZkQMEAbn8sgMEALn+
JQMEAMEvPTANBgkqhkiG9w0BAQsFAAOCAQEAEZWWqg8s2mWGuab5Ind0XNtRHBB1
kmkhuDFdgh877JEhxUDgafhG4/P+VKqiwbEg8KRu7cmWJWsBVrRRsLajG7ZhfO/l
08KJe45tgiIfaXZdVFOrXInD8w6O5JV0THBCqcWvLqbwCZilIqMowT73Dx0gXJ/q
ykrB30t7AZwKS4iScmcMFaIbNjTfH/nGqvIDsod8B1qhlf0ZOsRUKq2nN/ZG5R2b
RS2AdRlKVAFevpoDOegcDCc3hteXsgZcTmrKouZPhfMBawrelCBsLqmqOHHv8xbv
VxqqIODr+PQoq5iH3178qyfqJQCCkCxZ8iUatRWE+p3u3oFwHPQakewPLw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:08 2024 by rpki-client on console-fra.rpki-client.org