Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cyFgRP6imJz_WiduSp2-C36DZkw.roa
File:                     cyFgRP6imJz_WiduSp2-C36DZkw.roa (raw, json)
Hash identifier:          02QSWlQPZOyCmCV0Pt1Wiudg4YCsjsM1YkKMyxKh+Lk=
Subject key identifier:   73:21:60:44:FE:A2:98:9C:FF:5A:27:6E:4A:9D:BE:0B:7E:83:66:4C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E9CEFF0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cyFgRP6imJz_WiduSp2-C36DZkw.roa
Signing time:             Mon 23 May 2022 07:26:31 +0000
ROA not before:           Mon 23 May 2022 07:26:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208911
IP address blocks:        185.221.66.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 513601520 (0x1e9ceff0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 23 07:26:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=73216044fea2989cff5a276e4a9dbe0b7e83664c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d7:5c:40:2e:1c:96:04:76:13:cb:03:fe:5f:
                    e4:aa:63:7e:79:6a:28:83:82:25:e7:a6:d9:f7:54:
                    3d:c2:85:59:e0:ab:3c:6a:f2:ae:3f:63:8e:83:aa:
                    03:a9:c6:85:cd:0f:a7:c1:9f:90:8b:38:57:f6:ea:
                    a2:b4:e2:d1:bf:ed:e5:da:51:b8:70:01:ef:16:f4:
                    71:d2:9a:04:1b:eb:1e:9c:98:54:78:8c:3c:d5:4e:
                    d5:10:27:ad:f7:19:40:89:a0:df:5b:40:3b:33:0e:
                    95:df:7a:e7:ea:bf:3b:8b:56:61:b6:d0:c7:cd:c3:
                    7e:c7:2f:20:0a:1b:dc:6a:e4:0f:16:6e:74:ba:22:
                    30:3e:b8:95:ce:b3:6d:15:fd:30:91:a0:f7:33:ab:
                    47:e1:72:4e:45:b7:9b:19:68:5d:5e:92:00:c6:5c:
                    9a:5b:69:ac:3c:92:bb:b1:ea:b9:7f:d3:43:bd:e9:
                    1c:f2:75:2a:af:bf:25:22:16:3b:3e:4a:89:c7:df:
                    a0:9e:fa:de:65:27:90:aa:e3:05:e7:2f:0a:7d:21:
                    fa:13:f3:b3:e9:20:5b:38:21:c8:1e:a0:16:52:e4:
                    bf:7e:21:ed:17:9a:a1:c5:bc:fb:84:49:8d:3b:e1:
                    5e:35:6c:71:de:81:70:44:54:22:13:59:8c:25:ed:
                    84:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:21:60:44:FE:A2:98:9C:FF:5A:27:6E:4A:9D:BE:0B:7E:83:66:4C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cyFgRP6imJz_WiduSp2-C36DZkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:03:7b:7e:ea:b9:83:b6:1b:37:3c:a1:44:13:b2:3c:57:e5:
         04:81:53:25:7f:18:c8:82:f6:91:a4:10:2a:0b:1f:9b:59:cd:
         6a:f9:f9:60:22:04:73:2e:8c:2a:f5:25:cc:f3:cc:bd:b4:46:
         02:99:b7:25:8a:99:4c:06:0a:1a:8e:5a:8d:95:a5:f2:f0:18:
         96:22:e5:2e:98:45:10:cb:d8:c7:38:2e:ca:10:94:93:a1:a0:
         30:1f:34:00:c1:33:00:6a:cd:a8:c9:39:30:7e:85:6e:9e:19:
         82:c4:ff:cd:18:9d:7b:a1:5f:ca:cc:dd:4e:63:96:cc:40:35:
         e0:81:5c:a6:2a:01:cc:ab:a8:b8:1a:a2:7a:e4:3f:bd:c5:88:
         47:e8:b9:b3:26:a0:77:4c:4d:0d:f8:f1:2d:e2:d2:fd:ee:9f:
         a1:29:6c:56:0f:cb:c0:10:69:25:14:42:86:39:55:4b:57:d5:
         04:29:12:40:81:b9:9c:cb:54:49:e6:5e:55:4d:07:ae:7b:7f:
         2a:b2:ea:a5:b4:df:d4:11:3e:df:55:6f:a2:28:ed:3d:4d:80:
         2a:3e:76:34:b9:2a:55:32:f1:b4:d0:f4:fa:39:02:92:ba:0e:
         e6:b5:6f:31:e5:33:b5:aa:91:4c:c9:64:fc:c3:46:f3:09:e8:
         ab:8c:10:33
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEHpzv8DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUy
MzA3MjYzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzMyMTYwNDRmZWEy
OTg5Y2ZmNWEyNzZlNGE5ZGJlMGI3ZTgzNjY0YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJjXXEAuHJYEdhPLA/5f5KpjfnlqKIOCJeem2fdUPcKFWeCr
PGryrj9jjoOqA6nGhc0Pp8GfkIs4V/bqorTi0b/t5dpRuHAB7xb0cdKaBBvrHpyY
VHiMPNVO1RAnrfcZQImg31tAOzMOld965+q/O4tWYbbQx83DfscvIAob3GrkDxZu
dLoiMD64lc6zbRX9MJGg9zOrR+FyTkW3mxloXV6SAMZcmltprDySu7HquX/TQ73p
HPJ1Kq+/JSIWOz5KicffoJ763mUnkKrjBecvCn0h+hPzs+kgWzghyB6gFlLkv34h
7ReaocW8+4RJjTvhXjVscd6BcERUIhNZjCXthA0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRzIWBE/qKYnP9aJ25Knb4LfoNmTDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2N5RmdSUDZpbUp6X1dpZHVTcDItQzM2RFprdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALndQjANBgkqhkiG9w0BAQsFAAOC
AQEACgN7fuq5g7YbNzyhRBOyPFflBIFTJX8YyIL2kaQQKgsfm1nNavn5YCIEcy6M
KvUlzPPMvbRGApm3JYqZTAYKGo5ajZWl8vAYliLlLphFEMvYxzguyhCUk6GgMB80
AMEzAGrNqMk5MH6Fbp4ZgsT/zRide6FfyszdTmOWzEA14IFcpioBzKuouBqieuQ/
vcWIR+i5syagd0xNDfjxLeLS/e6foSlsVg/LwBBpJRRChjlVS1fVBCkSQIG5nMtU
SeZeVU0Hrnt/KrLqpbTf1BE+31VvoijtPU2AKj52NLkqVTLxtND0+jkCkroO5rVv
MeUztaqRTMlk/MNG8wnoq4wQMw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:15 2024 by rpki-client on console-fra.rpki-client.org