Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/I_pXAO4MElo75fOa-qeH2lAStco.roa
File:                     I_pXAO4MElo75fOa-qeH2lAStco.roa (raw, json)
Hash identifier:          eBIC1HEFuwbNrPf3ZnLFUgo4+nAIqL0W9mrtm1hav0I=
Subject key identifier:   23:FA:57:00:EE:0C:12:5A:3B:E5:F3:9A:FA:A7:87:DA:50:12:B5:CA
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       145CB3C1
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/I_pXAO4MElo75fOa-qeH2lAStco.roa
Signing time:             Sat 19 Mar 2022 06:49:28 +0000
ROA not before:           Sat 19 Mar 2022 06:49:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209961
IP address blocks:        171.22.52.0/22 maxlen: 22
                          2.57.212.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 341619649 (0x145cb3c1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Mar 19 06:49:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=23fa5700ee0c125a3be5f39afaa787da5012b5ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ad:5a:87:22:1f:be:d6:09:31:dc:1a:38:bb:
                    2d:e2:06:56:4a:d0:31:67:af:a9:b2:6e:66:c9:de:
                    48:78:14:92:2b:38:dc:e0:60:91:e3:9f:01:19:8e:
                    db:85:dd:9a:6e:25:81:ba:2a:ad:ce:b3:3c:48:e7:
                    f0:83:5e:9c:7e:07:3e:22:f2:2a:4c:88:67:cb:0e:
                    05:99:12:17:87:14:fb:03:bb:05:8f:38:4a:3f:30:
                    ba:49:20:ae:90:cd:e9:ef:5a:21:5e:3e:29:e5:40:
                    a6:ed:c0:fb:d6:ff:27:3e:25:54:9c:96:01:3d:b4:
                    8f:37:41:f9:00:ae:57:94:ab:3c:3b:33:2b:05:7d:
                    83:dc:12:cc:0d:96:e9:24:05:de:69:f1:a6:8c:ea:
                    d0:b1:68:aa:44:a3:3c:9a:8e:0f:e3:a3:3a:8a:16:
                    bf:6e:35:87:e9:44:15:51:34:aa:23:7c:99:1a:d3:
                    d0:d8:d8:8a:eb:f9:8f:f8:a3:2e:36:be:b8:74:1e:
                    7b:ed:63:a7:70:88:54:38:3a:3d:9d:15:81:94:99:
                    ea:f6:a2:98:a8:d7:af:6b:02:70:4b:9d:d3:6f:da:
                    16:fc:7b:ac:21:ff:9d:1c:1d:b9:f7:de:f8:3f:71:
                    d3:c6:1c:c5:b1:12:2c:8d:d6:b4:0e:b5:be:fa:9e:
                    8f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:FA:57:00:EE:0C:12:5A:3B:E5:F3:9A:FA:A7:87:DA:50:12:B5:CA
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/I_pXAO4MElo75fOa-qeH2lAStco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.212.0/22
                  171.22.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:bd:ef:3e:80:c7:47:e7:e4:5c:9f:93:80:07:64:d3:42:df:
         02:b7:61:c8:73:89:f4:1b:4b:57:2d:f9:a8:92:fc:98:02:b4:
         f6:35:94:70:ea:f1:5f:d8:ff:bd:a9:1b:15:e5:77:5b:9e:9f:
         bf:70:72:ae:68:b7:ce:1a:69:c0:9a:2c:80:aa:51:1f:66:50:
         75:0a:8b:7d:37:16:90:78:81:67:c1:62:fe:e3:ba:51:2b:82:
         9f:d6:32:8d:fb:9c:2f:82:07:d7:cb:18:54:8d:22:7d:46:28:
         4c:a0:8e:f7:91:be:76:26:ed:d9:80:01:88:08:41:e6:a4:7b:
         3e:87:22:12:cb:51:09:21:60:0d:0c:20:1d:c3:f3:dd:e0:e2:
         e0:8a:3c:98:86:13:45:a3:3f:01:86:af:e6:95:62:3c:42:99:
         85:1e:e2:c1:3f:52:0a:0e:ff:70:18:f6:fa:56:f1:86:f1:86:
         e4:26:d7:c0:cc:72:b3:57:7e:6a:76:86:9f:58:2f:5e:85:78:
         bb:56:89:e9:3e:0b:b0:6a:74:19:29:ef:42:42:4f:fe:ff:b8:
         ca:ff:06:d0:4e:64:4e:c8:82:7d:da:61:f1:48:ce:16:0c:c6:
         da:2a:af:8e:8a:98:52:a6:63:aa:26:02:8e:8b:de:5c:3d:b2:
         86:62:4d:a7
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEFFyzwTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YmFiMzA2ODM4NTllYzdlMDIwNmZlOTI2NTM2M2U4ZTM5NzFhOWE4MB4XDTIyMDMx
OTA2NDkyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjNmYTU3MDBlZTBj
MTI1YTNiZTVmMzlhZmFhNzg3ZGE1MDEyYjVjYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMStWociH77WCTHcGji7LeIGVkrQMWevqbJuZsneSHgUkis4
3OBgkeOfARmO24Xdmm4lgboqrc6zPEjn8INenH4HPiLyKkyIZ8sOBZkSF4cU+wO7
BY84Sj8wukkgrpDN6e9aIV4+KeVApu3A+9b/Jz4lVJyWAT20jzdB+QCuV5SrPDsz
KwV9g9wSzA2W6SQF3mnxpozq0LFoqkSjPJqOD+OjOooWv241h+lEFVE0qiN8mRrT
0NjYiuv5j/ijLja+uHQee+1jp3CIVDg6PZ0VgZSZ6vaimKjXr2sCcEud02/aFvx7
rCH/nRwduffe+D9x08YcxbESLI3WtA61vvqej2cCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQj+lcA7gwSWjvl85r6p4faUBK1yjAfBgNVHSMEGDAWgBSLqzBoOFnsfgIG
/pJlNj6OOXGpqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8x
L0lfcFhBTzRNRWxvNzVmT2EtcWVIMmxBU3Rjby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
ODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8xL2k2c3dhRGhaN0g0
Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAgI51AMEAqsWNDANBgkqhkiG9w0B
AQsFAAOCAQEACb3vPoDHR+fkXJ+TgAdk00LfArdhyHOJ9BtLVy35qJL8mAK09jWU
cOrxX9j/vakbFeV3W56fv3Byrmi3zhppwJosgKpRH2ZQdQqLfTcWkHiBZ8Fi/uO6
USuCn9YyjfucL4IH18sYVI0ifUYoTKCO95G+dibt2YABiAhB5qR7PociEstRCSFg
DQwgHcPz3eDi4Io8mIYTRaM/AYav5pViPEKZhR7iwT9SCg7/cBj2+lbxhvGG5CbX
wMxys1d+anaGn1gvXoV4u1aJ6T4LsGp0GSnvQkJP/v+4yv8G0E5kTsiCfdph8UjO
FgzG2iqvjoqYUqZjqiYCjoveXD2yhmJNpw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org