Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/nGsLBStpeWvnsusxNgsb9_y97lA.roa
File:                     nGsLBStpeWvnsusxNgsb9_y97lA.roa (raw, json)
Hash identifier:          9Z1R8j0sUUaewpTLiJu75Smws1qxP1l0qom2VWe9P5w=
Subject key identifier:   9C:6B:0B:05:2B:69:79:6B:E7:B2:EB:31:36:0B:1B:F7:FC:BD:EE:50
Certificate issuer:       /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial:       0196B47B2245257A09DB0E190BFCF0B71851
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/nGsLBStpeWvnsusxNgsb9_y97lA.roa
Signing time:             Fri 09 May 2025 09:58:10 +0000
ROA not before:           Fri 09 May 2025 09:58:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35575
IP address blocks:        185.190.44.0/24 maxlen: 24
                          185.190.46.0/24 maxlen: 24
                          185.190.47.0/24 maxlen: 24
                          193.238.68.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b4:7b:22:45:25:7a:09:db:0e:19:0b:fc:f0:b7:18:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
        Validity
            Not Before: May  9 09:58:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c6b0b052b69796be7b2eb31360b1bf7fcbdee50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f9:5a:71:bb:41:d1:aa:0b:77:c9:c3:1c:4c:
                    d2:ec:0e:e2:b7:97:a1:f8:6e:44:c9:7e:b6:77:31:
                    79:d2:b7:db:51:d0:2e:28:81:67:b9:e8:60:75:5d:
                    bf:c5:7a:db:40:eb:5f:98:e1:60:f5:e1:0d:ff:71:
                    80:89:f4:a3:be:88:b9:f8:12:33:45:d8:04:0c:b3:
                    51:32:50:60:eb:95:96:55:b3:93:88:d9:b0:a5:b7:
                    5b:5a:d1:7c:b7:a1:54:40:c0:65:0a:07:bc:d0:86:
                    6a:c7:8d:c4:d0:ca:62:4e:ed:96:fb:fd:54:fe:fc:
                    7e:9f:3c:08:43:64:1a:fe:bc:76:12:93:dc:06:04:
                    9a:e3:c6:53:26:5f:03:fa:f2:01:b2:ff:cb:d8:15:
                    56:35:8b:31:35:c8:e3:73:93:d4:09:6a:57:d6:ac:
                    34:d5:8f:d9:a3:5c:72:aa:99:a6:2c:b0:34:82:b0:
                    da:a0:9d:ff:cf:e9:79:54:a9:b0:1d:18:a8:2f:e6:
                    7d:29:92:af:31:e3:94:3a:e9:f0:4c:39:0c:a3:eb:
                    f9:52:da:40:10:c5:2a:b1:41:b6:c4:8c:0f:14:6d:
                    58:19:2d:54:81:01:aa:62:8e:c6:eb:37:85:40:e3:
                    a9:a5:67:20:92:58:27:a0:07:99:5e:3d:d0:7b:f2:
                    fa:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:6B:0B:05:2B:69:79:6B:E7:B2:EB:31:36:0B:1B:F7:FC:BD:EE:50
            X509v3 Authority Key Identifier:
                keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/nGsLBStpeWvnsusxNgsb9_y97lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.44.0/24
                  185.190.46.0/23
                  193.238.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:47:c5:f0:db:85:09:a5:44:d0:72:a8:ba:6e:a0:db:03:ee:
         30:48:00:ab:60:7e:2f:98:76:c6:5b:30:8d:f9:92:91:78:ae:
         07:40:f2:7f:df:bd:26:c6:41:27:bc:ae:a4:cb:35:59:7d:07:
         ef:01:43:44:dd:7c:77:c1:ba:0c:a9:8c:3b:9f:99:74:29:d4:
         11:3a:d0:c0:e2:a7:32:9f:9f:7e:c4:2a:e8:39:bd:c0:0e:eb:
         9e:48:ee:66:fd:a5:1b:6d:c5:f6:88:fa:de:d7:20:e8:e0:e3:
         e0:de:3b:04:4c:68:85:f9:a8:74:5f:b8:46:2b:b3:4d:b9:e7:
         9d:5b:5f:36:0e:b7:71:b3:ab:bf:7f:8c:10:7e:5e:dc:96:03:
         38:30:ba:7a:ae:30:50:fd:75:31:61:59:1f:6d:a8:a6:52:14:
         05:12:8d:13:db:f1:df:d0:66:61:a9:bc:12:0a:bc:78:c0:39:
         9b:ec:a0:18:98:7d:ac:d5:e5:4c:a0:58:cc:b0:72:43:06:f4:
         39:ea:63:42:cd:e6:9c:bf:44:33:99:9c:44:64:4b:95:ec:9d:
         bf:d8:5c:28:bd:53:fc:94:b6:87:53:28:5a:eb:5b:7e:65:2f:
         20:84:7f:fd:f0:6f:a5:af:fb:5a:01:7c:fb:b8:c7:f4:6a:ab:
         28:75:ef:d2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZa0eyJFJXoJ2w4ZC/zwtxhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjUwNTA5MDk1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzZiMGIwNTJiNjk3OTZiZTdiMmViMzEzNjBiMWJmN2ZjYmRlZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/lacbtB0aoLd8nDHEzS7A7it5eh
+G5EyX62dzF50rfbUdAuKIFnuehgdV2/xXrbQOtfmOFg9eEN/3GAifSjvoi5+BIz
RdgEDLNRMlBg65WWVbOTiNmwpbdbWtF8t6FUQMBlCge80IZqx43E0MpiTu2W+/1U
/vx+nzwIQ2Qa/rx2EpPcBgSa48ZTJl8D+vIBsv/L2BVWNYsxNcjjc5PUCWpX1qw0
1Y/Zo1xyqpmmLLA0grDaoJ3/z+l5VKmwHRioL+Z9KZKvMeOUOunwTDkMo+v5UtpA
EMUqsUG2xIwPFG1YGS1UgQGqYo7G6zeFQOOppWcgklgnoAeZXj3Qe/L6RwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJxrCwUraXlr57LrMTYLG/f8ve5QMB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvbkdzTEJTdHBlV3Zuc3VzeE5nc2I5X3k5N2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAub4sAwQB
ub4uAwQCwe5EMA0GCSqGSIb3DQEBCwUAA4IBAQB4R8Xw24UJpUTQcqi6bqDbA+4w
SACrYH4vmHbGWzCN+ZKReK4HQPJ/370mxkEnvK6kyzVZfQfvAUNE3Xx3wboMqYw7
n5l0KdQROtDA4qcyn59+xCroOb3ADuueSO5m/aUbbcX2iPre1yDo4OPg3jsETGiF
+ah0X7hGK7NNueedW182Drdxs6u/f4wQfl7clgM4MLp6rjBQ/XUxYVkfbaimUhQF
Eo0T2/Hf0GZhqbwSCrx4wDmb7KAYmH2s1eVMoFjMsHJDBvQ56mNCzeacv0QzmZxE
ZEuV7J2/2FwovVP8lLaHUyha61t+ZS8ghH/98G+lr/taAXz7uMf0aqsode/S
-----END CERTIFICATE-----
Generated at Mon Jun 9 19:27:17 2025 by rpki-client