Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wkjMeufSRqTI_GWk_dF0CZKYtKw.roa
File:                     wkjMeufSRqTI_GWk_dF0CZKYtKw.roa (raw, json)
Hash identifier:          Krf+OO4N4Xx9/qcgsbbW4srO+vF6as0tHYJVs6oQJCs=
Subject key identifier:   C2:48:CC:7A:E7:D2:46:A4:C8:FC:65:A4:FD:D1:74:09:92:98:B4:AC
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1EC9A2FF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wkjMeufSRqTI_GWk_dF0CZKYtKw.roa
Signing time:             Tue 31 May 2022 07:11:13 +0000
ROA not before:           Tue 31 May 2022 07:11:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397423
IP address blocks:        176.125.252.0/22 maxlen: 24
                          193.25.216.0/22 maxlen: 24
                          87.121.220.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 516530943 (0x1ec9a2ff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 31 07:11:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c248cc7ae7d246a4c8fc65a4fdd174099298b4ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:79:e9:ee:b7:5c:9c:a5:d9:92:d7:78:1a:5d:
                    cb:b7:2d:8d:bb:31:68:31:21:8d:f8:6d:70:09:08:
                    1b:9a:6e:0e:cc:30:3a:fb:38:50:25:15:56:f9:0e:
                    b4:da:65:fb:37:ed:e0:05:a2:42:83:19:c2:fa:60:
                    6f:d7:f8:d6:85:a3:a5:9d:3b:e3:91:6e:4e:86:f7:
                    32:be:26:3d:d7:d5:70:ad:c8:41:9e:4f:82:2d:69:
                    8d:d1:ca:f9:ed:a4:8b:99:cd:f6:d2:1f:49:24:9a:
                    bd:47:a5:98:51:15:95:51:04:64:ac:20:92:62:ed:
                    48:77:54:5e:7a:32:37:60:87:a5:37:40:e3:09:3f:
                    e2:17:85:d1:c6:9a:74:74:64:34:5f:b9:3d:0a:5c:
                    32:cd:5d:8b:3d:d8:0a:2d:86:4c:74:17:c9:13:27:
                    22:7c:01:f3:08:90:26:80:80:50:eb:ad:4b:cf:df:
                    dc:95:fa:f9:4b:48:4f:fb:2e:7b:73:65:a7:26:c1:
                    1d:1e:f3:66:63:01:2f:1f:43:90:1e:f8:94:f1:25:
                    80:ee:ac:3f:c6:59:3a:03:5f:42:75:b2:ff:bd:7c:
                    70:28:4a:c3:ad:49:88:f1:69:d9:30:08:1a:cd:d1:
                    22:cd:06:a1:3a:f1:b7:e1:a4:78:70:98:6a:16:ac:
                    2f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:48:CC:7A:E7:D2:46:A4:C8:FC:65:A4:FD:D1:74:09:92:98:B4:AC
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wkjMeufSRqTI_GWk_dF0CZKYtKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.220.0/23
                  176.125.252.0/22
                  193.25.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:7c:18:50:bd:87:6f:35:82:e2:af:ef:2f:46:12:e4:73:85:
         e6:15:f5:02:be:00:d7:75:2a:42:84:69:f7:70:45:50:12:3d:
         b7:08:d7:c1:cf:50:df:2e:cd:c7:be:54:a0:20:57:92:b0:46:
         4d:f5:08:a6:e6:0b:e7:2a:c0:ac:83:3d:89:ba:7d:85:20:42:
         6f:11:0c:43:f4:4b:b6:77:f7:27:d2:0e:77:81:bb:ea:17:70:
         3b:36:23:d7:cf:92:ea:89:a3:47:c2:65:06:48:42:de:c9:c9:
         f9:15:24:bf:cc:61:cd:5b:3a:4c:db:a0:e2:cc:4d:48:33:66:
         2f:68:de:bf:2e:b5:6d:c0:52:3b:af:1a:5e:92:10:8d:f0:47:
         e1:99:2e:c2:18:e5:1d:4f:46:94:73:33:80:81:90:73:3a:7d:
         9a:e2:6a:e2:fc:79:64:d5:2e:4d:71:c4:ae:88:c3:19:bc:a5:
         28:62:c2:b3:78:0f:cb:5d:4f:65:73:26:b7:b1:2d:68:dd:20:
         41:a3:67:f9:3c:87:ff:55:dc:ca:3d:50:b2:b4:86:d1:37:d1:
         91:d7:8b:c7:39:a1:24:5c:79:39:8d:86:08:da:40:5e:61:6e:
         ad:f3:9e:bf:1f:84:a1:33:dd:fc:dc:63:34:5f:9e:13:98:dc:
         da:65:02:16
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEHsmi/zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUz
MTA3MTExM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzI0OGNjN2FlN2Qy
NDZhNGM4ZmM2NWE0ZmRkMTc0MDk5Mjk4YjRhYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL156e63XJyl2ZLXeBpdy7ctjbsxaDEhjfhtcAkIG5puDsww
Ovs4UCUVVvkOtNpl+zft4AWiQoMZwvpgb9f41oWjpZ0745FuTob3Mr4mPdfVcK3I
QZ5Pgi1pjdHK+e2ki5nN9tIfSSSavUelmFEVlVEEZKwgkmLtSHdUXnoyN2CHpTdA
4wk/4heF0caadHRkNF+5PQpcMs1diz3YCi2GTHQXyRMnInwB8wiQJoCAUOutS8/f
3JX6+UtIT/sue3NlpybBHR7zZmMBLx9DkB74lPElgO6sP8ZZOgNfQnWy/718cChK
w61JiPFp2TAIGs3RIs0GoTrxt+GkeHCYahasL9MCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTCSMx659JGpMj8ZaT90XQJkpi0rDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L3drak1ldWZTUnFUSV9HV2tfZEYwQ1pLWXRLdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAVd53AMEArB9/AMEAsEZ2DANBgkq
hkiG9w0BAQsFAAOCAQEAGHwYUL2HbzWC4q/vL0YS5HOF5hX1Ar4A13UqQoRp93BF
UBI9twjXwc9Q3y7Nx75UoCBXkrBGTfUIpuYL5yrArIM9ibp9hSBCbxEMQ/RLtnf3
J9IOd4G76hdwOzYj18+S6omjR8JlBkhC3snJ+RUkv8xhzVs6TNug4sxNSDNmL2je
vy61bcBSO68aXpIQjfBH4ZkuwhjlHU9GlHMzgIGQczp9muJq4vx5ZNUuTXHErojD
GbylKGLCs3gPy11PZXMmt7EtaN0gQaNn+TyH/1Xcyj1QsrSG0TfRkdeLxzmhJFx5
OY2GCNpAXmFurfOevx+EoTPd/NxjNF+eE5jc2mUCFg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:46 2024 by rpki-client on console-ams.rpki-client.org