Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Gp81mfmKS6r-MUcj8VSRG8Lm4Sg.roa
File:                     Gp81mfmKS6r-MUcj8VSRG8Lm4Sg.roa (raw, json)
Hash identifier:          6PmRH6A0d4a1an7omzrjwbeKB+WPuqOqwOnZnrDNlPM=
Subject key identifier:   1A:9F:35:99:F9:8A:4B:AA:FE:31:47:23:F1:54:91:1B:C2:E6:E1:28
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01831D8DA0860C588E69C7B346E889AF1008
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Gp81mfmKS6r-MUcj8VSRG8Lm4Sg.roa
Signing time:             Thu 08 Sep 2022 14:42:44 +0000
ROA not before:           Thu 08 Sep 2022 14:42:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        185.228.75.0/24 maxlen: 24
                          185.228.72.0/24 maxlen: 24
                          185.214.111.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:1d:8d:a0:86:0c:58:8e:69:c7:b3:46:e8:89:af:10:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Sep  8 14:42:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1a9f3599f98a4baafe314723f154911bc2e6e128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c8:46:4c:3f:2d:d7:08:00:68:8b:2c:c9:37:
                    2f:00:2f:01:52:35:b8:9f:6f:26:00:7a:ca:49:86:
                    57:3f:09:13:ba:81:db:23:bf:90:3b:22:e4:df:0d:
                    08:ec:4d:b1:13:d5:a7:f0:14:98:b0:52:82:97:7c:
                    63:0f:ef:2b:83:62:25:09:5e:a9:c6:08:f1:88:fa:
                    bc:22:d3:48:94:94:ba:77:03:2e:71:d2:9a:78:a8:
                    95:c1:ba:34:2d:f2:e1:bc:51:60:fd:2b:12:4b:91:
                    08:df:d0:4f:6f:87:eb:b1:13:41:fb:13:a4:4d:9e:
                    0c:9c:8f:1b:98:a5:26:31:7a:f0:3b:8a:17:63:ef:
                    c6:d1:8c:d3:92:47:28:1b:b9:7f:6d:9c:f5:91:6c:
                    9c:a5:e9:a2:4b:ec:5b:68:8f:2c:e1:42:09:4a:c0:
                    95:00:0f:ff:25:44:3b:74:b7:4c:1f:cb:ac:b9:75:
                    24:b7:84:14:3c:62:3e:99:59:94:c5:ec:f6:b2:31:
                    72:b1:37:70:2b:39:be:3c:63:14:50:0e:49:b0:30:
                    b6:ca:5b:1d:0a:f5:66:8a:77:63:a3:56:32:33:bb:
                    c6:d8:fc:4b:e4:cd:f7:c2:de:0d:de:3f:90:48:fc:
                    a5:cc:55:13:a5:0c:3e:6d:70:77:cb:f0:5f:52:75:
                    81:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:9F:35:99:F9:8A:4B:AA:FE:31:47:23:F1:54:91:1B:C2:E6:E1:28
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Gp81mfmKS6r-MUcj8VSRG8Lm4Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.111.0/24
                  185.228.72.0/24
                  185.228.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:ef:f4:3a:dd:7a:02:b2:ac:bc:2f:58:e4:7a:68:33:de:32:
         57:c3:2e:da:fa:f7:38:de:41:25:f0:e5:2f:1a:58:f3:60:f0:
         fc:f4:75:cb:00:de:e7:51:ec:c2:9b:d3:49:6f:61:1c:ec:2a:
         0d:2e:3a:20:b1:b9:88:28:69:d1:a5:63:9f:78:aa:14:97:61:
         9f:bc:ca:3c:73:bf:ac:39:f4:02:b4:c8:5d:65:5e:3e:b3:e2:
         af:34:95:3f:7b:f0:86:07:66:6f:e1:f6:48:ab:8f:a5:04:ca:
         67:fe:79:c3:64:f3:51:b0:d2:bb:3c:48:2e:aa:c4:4b:38:b4:
         f7:dc:70:52:32:65:c9:2e:99:99:a5:80:34:0c:e9:58:40:69:
         12:99:64:cd:7a:d7:98:df:37:17:66:cd:6d:c3:ea:39:52:a8:
         f2:50:44:67:a5:61:0b:75:c0:ac:44:c1:10:70:b6:ea:50:ec:
         87:c1:03:26:ed:33:1f:72:e3:91:dd:ca:9b:11:d0:a5:0c:2b:
         c6:44:5a:70:f8:82:9f:68:fa:4d:7c:45:d3:01:03:fa:5c:1e:
         2a:e8:27:91:e0:1a:6e:3e:9b:4e:f0:5d:df:52:8e:3d:2a:d5:
         12:dc:df:d6:26:a7:41:c7:ca:37:d2:bd:68:0a:6e:b1:8f:c2:
         e7:26:35:60
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYMdjaCGDFiOacezRuiJrxAIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjIwOTA4MTQ0MjQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTlmMzU5OWY5OGE0YmFhZmUzMTQ3MjNmMTU0OTExYmMyZTZlMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8hGTD8t1wgAaIssyTcvAC8BUjW4
n28mAHrKSYZXPwkTuoHbI7+QOyLk3w0I7E2xE9Wn8BSYsFKCl3xjD+8rg2IlCV6p
xgjxiPq8ItNIlJS6dwMucdKaeKiVwbo0LfLhvFFg/SsSS5EI39BPb4frsRNB+xOk
TZ4MnI8bmKUmMXrwO4oXY+/G0YzTkkcoG7l/bZz1kWycpemiS+xbaI8s4UIJSsCV
AA//JUQ7dLdMH8usuXUkt4QUPGI+mVmUxez2sjFysTdwKzm+PGMUUA5JsDC2ylsd
CvVmindjo1YyM7vG2PxL5M33wt4N3j+QSPylzFUTpQw+bXB3y/BfUnWBHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBqfNZn5ikuq/jFHI/FUkRvC5uEoMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvR3A4MW1mbUtTNnItTVVjajhWU1JHOExtNFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAudZvAwQA
ueRIAwQAueRLMA0GCSqGSIb3DQEBCwUAA4IBAQAz7/Q63XoCsqy8L1jkemgz3jJX
wy7a+vc43kEl8OUvGljzYPD89HXLAN7nUezCm9NJb2Ec7CoNLjogsbmIKGnRpWOf
eKoUl2GfvMo8c7+sOfQCtMhdZV4+s+KvNJU/e/CGB2Zv4fZIq4+lBMpn/nnDZPNR
sNK7PEguqsRLOLT33HBSMmXJLpmZpYA0DOlYQGkSmWTNeteY3zcXZs1tw+o5Uqjy
UERnpWELdcCsRMEQcLbqUOyHwQMm7TMfcuOR3cqbEdClDCvGRFpw+IKfaPpNfEXT
AQP6XB4q6CeR4BpuPptO8F3fUo49KtUS3N/WJqdBx8o30r1oCm6xj8LnJjVg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:35 2024 by rpki-client on console-ams.rpki-client.org