Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mBHQC83R8WrdRCeZBbHvKDFA3Ew.roa
File:                     mBHQC83R8WrdRCeZBbHvKDFA3Ew.roa (raw, json)
Hash identifier:          UMkYVb600phdcH74awdCp1LTRDg8LNpnL+jXTaE+iYI=
Subject key identifier:   98:11:D0:0B:CD:D1:F1:6A:DD:44:27:99:05:B1:EF:28:31:40:DC:4C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1C4DB548
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mBHQC83R8WrdRCeZBbHvKDFA3Ew.roa
Signing time:             Sat 01 Jan 2022 01:02:18 +0000
ROA not before:           Sat 01 Jan 2022 01:02:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3214
IP address blocks:        37.139.128.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 474854728 (0x1c4db548)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 01:02:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9811d00bcdd1f16add44279905b1ef283140dc4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ac:f4:21:f9:3f:02:70:e9:44:ab:00:65:d3:
                    c3:77:8d:1b:e6:0d:e8:d2:5a:75:c2:cf:93:38:fd:
                    70:28:67:f5:df:26:d5:ca:52:99:6d:4b:cd:f1:d5:
                    bc:55:8f:3f:96:1b:e9:95:e8:f0:91:ec:24:a0:4d:
                    9a:e2:c2:52:09:89:ef:c7:9f:6e:a0:e4:16:18:e6:
                    0b:b4:24:a8:52:75:13:5a:5f:e7:ea:ee:d0:ac:07:
                    b2:e4:ed:86:e8:6f:97:2e:74:df:9d:43:e4:73:27:
                    ee:7b:4b:2a:5e:fd:39:a4:96:31:2d:13:f3:01:e1:
                    d6:c3:ad:9e:5d:07:41:eb:51:54:af:28:9d:61:1e:
                    7f:ad:8b:04:59:c2:2e:bf:45:e6:7b:cd:99:66:95:
                    c7:5b:13:3e:43:e9:9f:90:c3:e4:bd:bb:5a:63:ea:
                    49:a0:19:04:3e:46:fc:ad:81:47:da:26:1e:a3:85:
                    51:df:fe:98:51:8c:2e:a8:7c:a1:e2:2c:51:8a:3c:
                    b8:a6:1c:a9:61:0c:8e:b1:35:4b:59:01:f3:3f:9b:
                    d2:28:08:04:74:07:14:7e:fa:96:77:a1:ff:3b:8c:
                    3e:bd:f5:07:e0:93:1a:94:f1:28:2f:36:f4:43:e6:
                    e8:3a:e7:d2:e8:3f:8f:b2:bc:fb:ee:cd:d0:ee:8c:
                    69:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:11:D0:0B:CD:D1:F1:6A:DD:44:27:99:05:B1:EF:28:31:40:DC:4C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mBHQC83R8WrdRCeZBbHvKDFA3Ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:d1:87:b3:f6:7b:3f:b2:65:28:d4:84:3c:69:78:f1:b3:a9:
         0e:0e:6a:0f:28:9b:ff:d7:22:27:29:73:f2:32:0e:c6:2d:ef:
         13:d7:ac:70:ad:88:82:5a:e1:e0:db:ca:7c:59:d0:5e:09:e5:
         2d:46:4a:07:77:3f:b2:dd:b7:50:69:6e:09:c0:62:99:b4:04:
         bf:39:86:f0:0d:d6:04:fc:c9:17:4a:0a:8d:9c:2d:7f:47:3c:
         42:e1:e4:79:f6:00:13:14:cf:98:c5:4d:97:bc:02:f3:7b:8d:
         3a:ad:80:d3:7f:d2:f7:dc:9e:5f:6a:3f:49:02:c0:94:89:b4:
         f0:38:f0:e7:59:90:a6:54:08:60:31:79:bd:20:64:ba:ff:d4:
         1f:f3:63:f6:37:e6:a9:d7:2c:ed:8e:fc:11:7a:e7:96:c2:fe:
         87:62:1a:d8:ed:0e:48:e2:8d:a4:01:f9:3f:8c:21:b6:b1:1f:
         25:19:c5:ba:08:fb:5a:28:6d:cb:18:3d:60:01:1c:c6:6e:7b:
         8c:a6:69:ab:39:c0:25:cc:1d:a2:0b:9a:83:c8:a8:03:8c:aa:
         85:33:93:66:1b:0d:a5:dd:74:95:d4:72:fd:69:70:f8:31:ca:
         b1:a6:b0:bb:73:cc:38:2a:31:19:aa:39:6a:b8:26:b8:78:d6:
         13:65:4a:04
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEHE21SDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDIxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTgxMWQwMGJjZGQx
ZjE2YWRkNDQyNzk5MDViMWVmMjgzMTQwZGM0YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALes9CH5PwJw6USrAGXTw3eNG+YN6NJadcLPkzj9cChn9d8m
1cpSmW1LzfHVvFWPP5Yb6ZXo8JHsJKBNmuLCUgmJ78efbqDkFhjmC7QkqFJ1E1pf
5+ru0KwHsuTthuhvly50351D5HMn7ntLKl79OaSWMS0T8wHh1sOtnl0HQetRVK8o
nWEef62LBFnCLr9F5nvNmWaVx1sTPkPpn5DD5L27WmPqSaAZBD5G/K2BR9omHqOF
Ud/+mFGMLqh8oeIsUYo8uKYcqWEMjrE1S1kB8z+b0igIBHQHFH76lneh/zuMPr31
B+CTGpTxKC829EPm6Drn0ug/j7K8++7N0O6MaecCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSYEdALzdHxat1EJ5kFse8oMUDcTDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L21CSFFDODNSOFdyZFJDZVpCYkh2S0RGQTNFdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAiWLgDANBgkqhkiG9w0BAQsFAAOC
AQEAY9GHs/Z7P7JlKNSEPGl48bOpDg5qDyib/9ciJylz8jIOxi3vE9escK2Iglrh
4NvKfFnQXgnlLUZKB3c/st23UGluCcBimbQEvzmG8A3WBPzJF0oKjZwtf0c8QuHk
efYAExTPmMVNl7wC83uNOq2A03/S99yeX2o/SQLAlIm08Djw51mQplQIYDF5vSBk
uv/UH/Nj9jfmqdcs7Y78EXrnlsL+h2Ia2O0OSOKNpAH5P4whtrEfJRnFugj7Wiht
yxg9YAEcxm57jKZpqznAJcwdoguag8ioA4yqhTOTZhsNpd10ldRy/Wlw+DHKsaaw
u3PMOCoxGao5argmuHjWE2VKBA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:18 2024 by rpki-client on console-fra.rpki-client.org