Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/XFO2Ix3W-Tf9NB7wG9JHuDqvQqc.roa
File:                     XFO2Ix3W-Tf9NB7wG9JHuDqvQqc.roa (raw, json)
Hash identifier:          GyV3kt34t/llQo00f9zLC1wGOXZ6Fzg/sTb4gdgauno=
Subject key identifier:   5C:53:B6:23:1D:D6:F9:37:FD:34:1E:F0:1B:D2:47:B8:3A:AF:42:A7
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       0182624F0AA482B3E456EA888B4B8C03C890
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/XFO2Ix3W-Tf9NB7wG9JHuDqvQqc.roa
Signing time:             Wed 03 Aug 2022 06:05:23 +0000
ROA not before:           Wed 03 Aug 2022 06:05:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8849
IP address blocks:        95.174.71.0/24 maxlen: 24
                          95.174.68.0/24 maxlen: 24
                          95.174.69.0/24 maxlen: 24
                          95.174.70.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:62:4f:0a:a4:82:b3:e4:56:ea:88:8b:4b:8c:03:c8:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Aug  3 06:05:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c53b6231dd6f937fd341ef01bd247b83aaf42a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:06:ce:65:28:9c:cd:2e:74:39:4a:f8:d1:a0:
                    92:06:2b:71:e8:d2:33:53:86:cd:a4:0f:c6:4a:9f:
                    02:21:ed:9e:c1:31:a1:9b:76:e0:50:e4:ec:b1:b4:
                    e5:da:84:9d:ea:83:2f:0b:d4:aa:3b:e5:77:09:95:
                    58:16:1d:85:ff:86:b6:33:1f:5a:db:bf:da:3e:6f:
                    af:f8:40:81:4b:f8:71:c0:7c:17:98:07:b6:23:2f:
                    9b:65:c3:b3:a0:35:56:89:54:36:90:83:a0:c3:aa:
                    b8:0e:e8:4d:58:72:f3:b8:0b:0e:2f:dd:8b:b3:7f:
                    ba:96:5a:a3:2f:72:59:e0:a9:39:90:14:30:2a:26:
                    8c:80:7e:60:a8:93:64:85:6c:6a:ce:2a:7c:c5:00:
                    d1:47:9e:ac:b5:7e:95:fd:17:44:c1:dd:ae:24:ab:
                    d7:15:33:e9:00:a7:8c:20:ca:8d:43:ca:ad:53:db:
                    ab:af:92:00:e7:1d:25:57:bf:47:92:f1:d0:29:39:
                    b7:54:57:6a:a2:b9:18:32:03:cf:2a:a4:eb:a4:86:
                    db:6a:d6:47:24:ee:ba:e8:a6:a9:ac:8a:3c:33:b0:
                    d6:6d:f1:2e:f8:1b:92:92:d2:22:75:c3:87:c6:29:
                    a1:70:b2:b1:94:29:14:68:28:39:c4:bf:3d:8a:bf:
                    e2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:53:B6:23:1D:D6:F9:37:FD:34:1E:F0:1B:D2:47:B8:3A:AF:42:A7
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/XFO2Ix3W-Tf9NB7wG9JHuDqvQqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.174.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:36:99:5d:30:56:18:d2:47:dc:2a:4e:5d:f7:a8:fe:7c:f0:
         b1:da:ac:16:9d:00:0a:9d:ab:b7:85:b6:4b:67:5d:f7:8a:ff:
         a9:44:51:fd:06:fd:5a:2b:f0:12:32:aa:f6:64:22:bc:58:b4:
         df:77:a7:4a:b4:86:96:0d:29:75:31:89:1e:20:4b:16:05:c1:
         88:25:aa:97:83:a7:d9:5b:12:de:cb:80:70:94:1d:29:32:b1:
         a5:3e:6e:66:e2:31:f5:02:7f:c1:f5:79:2f:e2:3a:e4:e9:8a:
         76:b7:ca:81:d4:95:53:d1:45:1e:05:fc:bd:d0:27:2f:39:a5:
         3d:9a:7b:9a:63:59:f1:e0:32:e8:b4:1f:08:27:1d:2c:14:56:
         68:09:72:ed:c5:29:2d:71:6b:da:c7:6e:af:4b:f2:1c:f0:65:
         c1:d9:58:e1:c1:cd:92:09:cd:ca:c4:33:16:91:09:1d:44:ee:
         98:55:89:de:d0:9e:c0:be:f4:02:bb:62:db:75:e5:aa:3c:75:
         f0:42:76:0d:8f:77:8e:2d:52:10:b8:ab:db:6a:88:f8:f7:e8:
         27:40:3b:9b:e0:9b:2a:83:63:38:f9:ff:fc:ae:04:91:72:3e:
         c1:8d:e9:cd:7e:9d:b7:6f:4d:cf:c3:c5:30:55:fe:a5:0b:95:
         b9:4f:35:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYJiTwqkgrPkVuqIi0uMA8iQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjIwODAzMDYwNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUzYjYyMzFkZDZmOTM3ZmQzNDFlZjAxYmQyNDdiODNhYWY0MmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgbOZSiczS50OUr40aCSBitx6NIz
U4bNpA/GSp8CIe2ewTGhm3bgUOTssbTl2oSd6oMvC9SqO+V3CZVYFh2F/4a2Mx9a
27/aPm+v+ECBS/hxwHwXmAe2Iy+bZcOzoDVWiVQ2kIOgw6q4DuhNWHLzuAsOL92L
s3+6llqjL3JZ4Kk5kBQwKiaMgH5gqJNkhWxqzip8xQDRR56stX6V/RdEwd2uJKvX
FTPpAKeMIMqNQ8qtU9urr5IA5x0lV79HkvHQKTm3VFdqorkYMgPPKqTrpIbbatZH
JO666KaprIo8M7DWbfEu+BuSktIidcOHximhcLKxlCkUaCg5xL89ir/iGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxTtiMd1vk3/TQe8BvSR7g6r0KnMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvWEZPMkl4M1ctVGY5TkI3d0c5Skh1RHF2UXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX65EMA0G
CSqGSIb3DQEBCwUAA4IBAQBENpldMFYY0kfcKk5d96j+fPCx2qwWnQAKnau3hbZL
Z133iv+pRFH9Bv1aK/ASMqr2ZCK8WLTfd6dKtIaWDSl1MYkeIEsWBcGIJaqXg6fZ
WxLey4BwlB0pMrGlPm5m4jH1An/B9Xkv4jrk6Yp2t8qB1JVT0UUeBfy90CcvOaU9
mnuaY1nx4DLotB8IJx0sFFZoCXLtxSktcWvax26vS/Ic8GXB2Vjhwc2SCc3KxDMW
kQkdRO6YVYne0J7AvvQCu2LbdeWqPHXwQnYNj3eOLVIQuKvbaoj49+gnQDub4Jsq
g2M4+f/8rgSRcj7BjenNfp23b03Pw8UwVf6lC5W5TzVZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:28 2024 by rpki-client on console-fra.rpki-client.org