Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa
File:                     pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa (raw, json)
Hash identifier:          NAn8IdMYRCe3BqpECe0s8Xy/+62ZhoTqA5BuDrtVYRY=
Subject key identifier:   A4:A8:85:94:5D:69:01:A0:EA:43:C4:8F:EF:EE:84:C7:FA:0E:FF:D0
Certificate issuer:       /CN=f05c6af3d022620f72c53b770e82e5c73ae5506d
Certificate serial:       01856B9C860B7A3D6158790C531DDC56DAD9
Authority key identifier: F0:5C:6A:F3:D0:22:62:0F:72:C5:3B:77:0E:82:E5:C7:3A:E5:50:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Fxq89AiYg9yxTt3DoLlxzrlUG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa
Signing time:             Sun 01 Jan 2023 04:34:58 +0000
ROA not before:           Sun 01 Jan 2023 04:34:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207355
IP address blocks:        193.187.160.0/22 maxlen: 22
                          83.143.120.0/21 maxlen: 21
                          85.202.16.0/20 maxlen: 20
                          91.196.172.0/22 maxlen: 22
                          193.239.48.0/22 maxlen: 22
                          66.97.192.0/19 maxlen: 19
                          193.239.168.0/23 maxlen: 23
                          2a06:f240::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:9c:86:0b:7a:3d:61:58:79:0c:53:1d:dc:56:da:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f05c6af3d022620f72c53b770e82e5c73ae5506d
        Validity
            Not Before: Jan  1 04:34:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4a885945d6901a0ea43c48fefee84c7fa0effd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f0:dc:4a:3a:65:a5:f6:f8:fb:e1:34:a5:ba:
                    e7:cc:90:eb:2c:87:5b:32:f6:85:94:f7:76:91:fb:
                    1c:97:c9:b5:d9:e7:6b:49:e7:c2:c6:c8:2e:7c:fd:
                    7f:96:72:57:02:08:be:c4:03:d2:07:a0:3b:27:64:
                    21:02:b3:0c:8d:9a:0d:c3:04:5e:58:7d:a2:c9:3c:
                    53:0f:e7:a9:a4:cb:fb:d3:5c:ed:6e:06:52:db:2f:
                    14:8f:ad:c6:7d:79:32:29:f4:aa:e6:23:a5:b3:8f:
                    73:ad:9e:05:3c:2c:35:ca:23:f7:24:6e:34:a9:b7:
                    46:5e:0a:d6:68:72:3e:5a:c4:fb:0b:3f:0f:8e:7d:
                    b3:7d:05:70:00:f0:d1:ae:3d:b2:d7:60:8d:a6:48:
                    08:c0:e3:99:fd:52:ca:2b:85:68:c9:89:f3:ad:ee:
                    ea:13:b0:58:39:d7:c2:0e:f9:50:88:a5:6d:6e:d0:
                    ed:75:4a:15:71:35:e5:df:90:dc:d8:70:44:ba:8a:
                    52:9b:9d:59:65:49:39:01:0a:bb:75:84:24:4e:fa:
                    b2:07:5c:b1:42:c9:43:63:9b:9d:93:12:87:28:55:
                    f0:a7:0a:fa:36:1c:94:1c:8e:8b:16:a6:a0:91:54:
                    83:6f:44:5b:62:2c:c2:c8:67:2a:44:39:1d:dc:d2:
                    bd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A8:85:94:5D:69:01:A0:EA:43:C4:8F:EF:EE:84:C7:FA:0E:FF:D0
            X509v3 Authority Key Identifier:
                keyid:F0:5C:6A:F3:D0:22:62:0F:72:C5:3B:77:0E:82:E5:C7:3A:E5:50:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Fxq89AiYg9yxTt3DoLlxzrlUG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/pKiFlF1pAaDqQ8SP7-6Ex_oO_9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/8Fxq89AiYg9yxTt3DoLlxzrlUG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.97.192.0/19
                  83.143.120.0/21
                  85.202.16.0/20
                  91.196.172.0/22
                  193.187.160.0/22
                  193.239.48.0/22
                  193.239.168.0/23
                IPv6:
                  2a06:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:dd:79:11:1b:11:03:ae:4a:f7:e2:27:a0:7a:d2:93:14:9b:
         b9:e1:f8:8f:19:42:81:4d:5e:d8:a9:3f:39:44:9c:40:8a:74:
         5b:d6:ef:be:fc:86:7a:72:56:27:a0:44:4a:d1:8e:6c:17:ec:
         e8:17:0a:62:6c:8c:3c:c8:da:5c:75:31:82:a9:d4:43:33:b1:
         f5:3e:dd:7a:ae:aa:e7:aa:77:41:03:c8:13:17:2f:7c:29:80:
         fc:06:09:cb:c4:ad:7e:41:85:89:fc:04:d8:4b:a6:0b:a5:07:
         37:7b:3e:94:50:71:9d:74:e0:f2:c1:8e:7f:f6:d7:98:07:53:
         13:a9:b4:7d:84:99:e6:2a:83:d0:64:7c:ac:b3:ac:0b:3d:24:
         e6:a4:a2:23:27:cc:dd:2e:9f:6e:d9:77:28:86:55:b5:7b:15:
         17:25:83:9e:e8:8c:e0:e4:ac:f4:32:16:15:ca:a0:1e:ba:84:
         6b:fa:cc:12:88:83:1b:5e:4a:c0:e3:e2:e4:c0:66:21:76:02:
         57:ae:65:6e:2d:90:a8:71:e7:55:31:7b:9a:9f:4e:73:d9:1a:
         29:cc:2e:08:f9:4a:31:e5:f9:05:d9:6c:37:ba:94:f4:8b:b8:
         06:00:b8:c3:88:be:1f:85:81:23:0a:ac:7e:3d:c4:d5:aa:12:
         5d:60:72:d9
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVrnIYLej1hWHkMUx3cVtrZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNWM2YWYzZDAyMjYyMGY3MmM1M2I3NzBlODJlNWM3M2Fl
NTUwNmQwHhcNMjMwMTAxMDQzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGE4ODU5NDVkNjkwMWEwZWE0M2M0OGZlZmVlODRjN2ZhMGVmZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PDcSjplpfb4++E0pbrnzJDrLIdb
MvaFlPd2kfscl8m12edrSefCxsgufP1/lnJXAgi+xAPSB6A7J2QhArMMjZoNwwRe
WH2iyTxTD+eppMv701ztbgZS2y8Uj63GfXkyKfSq5iOls49zrZ4FPCw1yiP3JG40
qbdGXgrWaHI+WsT7Cz8Pjn2zfQVwAPDRrj2y12CNpkgIwOOZ/VLKK4VoyYnzre7q
E7BYOdfCDvlQiKVtbtDtdUoVcTXl35Dc2HBEuopSm51ZZUk5AQq7dYQkTvqyB1yx
QslDY5udkxKHKFXwpwr6NhyUHI6LFqagkVSDb0RbYizCyGcqRDkd3NK9owIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKSohZRdaQGg6kPEj+/uhMf6Dv/QMB8GA1UdIwQY
MBaAFPBcavPQImIPcsU7dw6C5cc65VBtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZ4cTg5QWlZZzl5eFR0M0RvTGx4enJsVUcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9mN2I3YzItNWQ4ZC00ZTg4LTg0NTQt
MGE1MzIxNTZiMmE2LzEvcEtpRmxGMXBBYURxUThTUDctNkV4X29PXzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9mN2I3YzItNWQ4ZC00ZTg4LTg0NTQtMGE1MzIxNTZiMmE2
LzEvOEZ4cTg5QWlZZzl5eFR0M0RvTGx4enJsVUcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQFQmHAAwQD
U494AwQEVcoQAwQCW8SsAwQCwbugAwQCwe8wAwQBwe+oMA0EAgACMAcDBQMqBvJA
MA0GCSqGSIb3DQEBCwUAA4IBAQAl3XkRGxEDrkr34iegetKTFJu54fiPGUKBTV7Y
qT85RJxAinRb1u++/IZ6clYnoERK0Y5sF+zoFwpibIw8yNpcdTGCqdRDM7H1Pt16
rqrnqndBA8gTFy98KYD8BgnLxK1+QYWJ/ATYS6YLpQc3ez6UUHGddODywY5/9teY
B1MTqbR9hJnmKoPQZHyss6wLPSTmpKIjJ8zdLp9u2XcohlW1exUXJYOe6Izg5Kz0
MhYVyqAeuoRr+swSiIMbXkrA4+LkwGYhdgJXrmVuLZCocedVMXuan05z2RopzC4I
+Uox5fkF2Ww3upT0i7gGALjDiL4fhYEjCqx+PcTVqhJdYHLZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:33 2024 by rpki-client on console-fra.rpki-client.org