Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/kpRXZ_vUxe7ytxFTf80AHIx2G_8.roa
File:                     kpRXZ_vUxe7ytxFTf80AHIx2G_8.roa (raw, json)
Hash identifier:          loWrlfgvb7/ayKtLSeOxBB621RaBVL1Vma/U7pb5kAw=
Subject key identifier:   92:94:57:67:FB:D4:C5:EE:F2:B7:11:53:7F:CD:00:1C:8C:76:1B:FF
Certificate issuer:       /CN=342b03896c76698286f881a6ba472a08b7963ca2
Certificate serial:       01841EA43F896A160E774DC3F4150D709791
Authority key identifier: 34:2B:03:89:6C:76:69:82:86:F8:81:A6:BA:47:2A:08:B7:96:3C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NCsDiWx2aYKG-IGmukcqCLeWPKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/kpRXZ_vUxe7ytxFTf80AHIx2G_8.roa
Signing time:             Fri 28 Oct 2022 12:49:51 +0000
ROA not before:           Fri 28 Oct 2022 12:49:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34695
IP address blocks:        185.167.28.0/22 maxlen: 22
                          2a0b:3a00::/29 maxlen: 29
                          2a0a:280::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:1e:a4:3f:89:6a:16:0e:77:4d:c3:f4:15:0d:70:97:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=342b03896c76698286f881a6ba472a08b7963ca2
        Validity
            Not Before: Oct 28 12:49:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=92945767fbd4c5eef2b711537fcd001c8c761bff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:59:9b:78:68:73:f1:af:54:5d:e6:d1:34:7a:
                    27:5d:f1:b4:08:19:c1:74:3d:29:49:65:6d:35:7e:
                    d6:9a:fd:a2:46:20:7d:33:fd:8c:d5:94:17:ac:32:
                    ce:8a:33:7e:de:fb:f3:2b:b1:a8:90:29:ef:1e:f1:
                    b0:fd:df:8e:74:d3:ca:7f:f6:36:c8:06:ac:d8:47:
                    ad:f7:27:e2:cf:27:7a:6a:35:c3:8c:1c:19:06:d3:
                    2a:53:d6:e2:6a:29:35:2e:42:0a:8a:63:a2:fe:4f:
                    7d:0f:42:cf:63:04:d3:e6:16:b5:2d:53:d0:b4:3b:
                    7c:8e:d5:58:8e:e4:7c:e3:47:e2:83:d8:ae:5d:b1:
                    42:ce:bc:fd:71:1d:b3:6b:36:d7:5d:4c:db:28:e8:
                    83:dd:46:94:09:8c:0c:37:1d:68:21:6f:be:91:e3:
                    72:0f:c9:f2:6b:62:89:c2:ce:fb:e4:cf:7b:a4:26:
                    37:6a:c7:16:09:97:c4:02:54:a3:ba:f6:87:f1:9b:
                    89:3e:c3:7a:6e:77:cd:44:16:a8:89:bd:b3:f9:54:
                    02:35:2b:af:8f:d4:2f:ba:dd:ed:6c:b7:98:63:8b:
                    5d:48:a0:0b:0e:e9:5b:db:9f:91:85:fc:fe:8a:3a:
                    fc:1f:68:71:f9:ad:72:bd:8a:17:e4:a4:03:04:6b:
                    c3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:94:57:67:FB:D4:C5:EE:F2:B7:11:53:7F:CD:00:1C:8C:76:1B:FF
            X509v3 Authority Key Identifier:
                keyid:34:2B:03:89:6C:76:69:82:86:F8:81:A6:BA:47:2A:08:B7:96:3C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NCsDiWx2aYKG-IGmukcqCLeWPKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/kpRXZ_vUxe7ytxFTf80AHIx2G_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d1a261-8f83-4f6a-87ab-cf41f76d7f03/1/NCsDiWx2aYKG-IGmukcqCLeWPKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.28.0/22
                IPv6:
                  2a0a:280::/29
                  2a0b:3a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:c9:ff:46:10:6e:1d:05:13:4f:c0:4d:04:d9:da:34:20:8b:
         3b:7b:fb:e5:4d:87:bb:2f:a3:66:08:91:85:18:b6:7c:de:f8:
         0d:48:0a:4f:9b:bb:35:27:33:85:1d:9f:c5:e6:9c:39:cb:df:
         85:fe:82:02:00:e8:11:d1:0e:2a:4f:c7:3a:09:7a:53:eb:1e:
         d1:ed:2e:6b:f1:d7:2e:41:51:99:8e:d2:cc:97:c1:eb:ec:ca:
         56:c9:c2:59:da:98:da:e2:04:d7:52:ae:58:81:3b:44:e2:7e:
         11:d1:0e:3d:7b:ea:27:55:67:38:8a:23:6a:4e:15:76:69:f8:
         db:02:a8:34:7f:87:fa:00:64:11:50:06:88:df:18:38:e2:f8:
         ae:e6:ae:1b:05:6e:bd:70:8c:30:8d:65:91:b5:21:54:4c:9a:
         f9:d3:47:1d:50:82:5a:ce:4d:e6:9f:e7:a1:62:eb:cc:24:d1:
         a3:d3:9d:cd:bf:2c:38:b3:38:c7:d7:f3:84:dd:72:40:69:ef:
         6f:20:92:73:a8:4f:30:d4:fb:2b:42:81:40:21:e3:4c:2b:35:
         e6:07:a5:31:0b:2e:0e:f7:c3:aa:38:28:d7:ce:e4:84:9d:19:
         c0:56:1b:ec:aa:75:85:76:b7:c2:37:74:0a:d4:26:98:21:21:
         ee:ed:90:30
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYQepD+JahYOd03D9BUNcJeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MmIwMzg5NmM3NjY5ODI4NmY4ODFhNmJhNDcyYTA4Yjc5
NjNjYTIwHhcNMjIxMDI4MTI0OTUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjk0NTc2N2ZiZDRjNWVlZjJiNzExNTM3ZmNkMDAxYzhjNzYxYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFmbeGhz8a9UXebRNHonXfG0CBnB
dD0pSWVtNX7Wmv2iRiB9M/2M1ZQXrDLOijN+3vvzK7GokCnvHvGw/d+OdNPKf/Y2
yAas2Eet9yfizyd6ajXDjBwZBtMqU9biaik1LkIKimOi/k99D0LPYwTT5ha1LVPQ
tDt8jtVYjuR840fig9iuXbFCzrz9cR2zazbXXUzbKOiD3UaUCYwMNx1oIW++keNy
D8nya2KJws775M97pCY3ascWCZfEAlSjuvaH8ZuJPsN6bnfNRBaoib2z+VQCNSuv
j9Qvut3tbLeYY4tdSKALDulb25+Rhfz+ijr8H2hx+a1yvYoX5KQDBGvDoQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJKUV2f71MXu8rcRU3/NAByMdhv/MB8GA1UdIwQY
MBaAFDQrA4lsdmmChviBprpHKgi3ljyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkNzRGlXeDJhWUtHLUlHbXVrY3FDTGVXUEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9kMWEyNjEtOGY4My00ZjZhLTg3YWIt
Y2Y0MWY3NmQ3ZjAzLzEva3BSWFpfdlV4ZTd5dHhGVGY4MEFISXgyR184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9kMWEyNjEtOGY4My00ZjZhLTg3YWItY2Y0MWY3NmQ3ZjAz
LzEvTkNzRGlXeDJhWUtHLUlHbXVrY3FDTGVXUEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuaccMBQE
AgACMA4DBQMqCgKAAwUDKgs6ADANBgkqhkiG9w0BAQsFAAOCAQEAlMn/RhBuHQUT
T8BNBNnaNCCLO3v75U2Huy+jZgiRhRi2fN74DUgKT5u7NSczhR2fxeacOcvfhf6C
AgDoEdEOKk/HOgl6U+se0e0ua/HXLkFRmY7SzJfB6+zKVsnCWdqY2uIE11KuWIE7
ROJ+EdEOPXvqJ1VnOIojak4Vdmn42wKoNH+H+gBkEVAGiN8YOOL4ruauGwVuvXCM
MI1lkbUhVEya+dNHHVCCWs5N5p/noWLrzCTRo9Odzb8sOLM4x9fzhN1yQGnvbyCS
c6hPMNT7K0KBQCHjTCs15gelMQsuDvfDqjgo187khJ0ZwFYb7Kp1hXa3wjd0CtQm
mCEh7u2QMA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:53 2024 by rpki-client on console-fra.rpki-client.org