Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MFok2Nw55mGND0J61nvhkuEIBEA.roa
File:                     MFok2Nw55mGND0J61nvhkuEIBEA.roa (raw, json)
Hash identifier:          wAo4Gtg+Yuz/4yNBXX6p1cHkivr3VZ5PhPaJVBGAXeA=
Subject key identifier:   30:5A:24:D8:DC:39:E6:61:8D:0F:42:7A:D6:7B:E1:92:E1:08:04:40
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       04AF28DF
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MFok2Nw55mGND0J61nvhkuEIBEA.roa
Signing time:             Tue 28 Jun 2022 10:25:02 +0000
ROA not before:           Tue 28 Jun 2022 10:25:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212096
IP address blocks:        185.225.20.0/22 maxlen: 22
                          185.218.20.0/22 maxlen: 22
                          185.126.80.0/22 maxlen: 22
                          193.58.144.0/22 maxlen: 22
                          185.228.72.0/22 maxlen: 22
                          185.36.204.0/22 maxlen: 22
                          185.108.204.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 78588127 (0x4af28df)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jun 28 10:25:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=305a24d8dc39e6618d0f427ad67be192e1080440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:28:38:74:55:ac:b9:2a:b2:1a:25:ce:af:d2:
                    19:1f:79:ec:6e:1b:0b:51:d0:28:9b:26:03:d2:86:
                    53:4c:1c:eb:bf:6d:7f:c5:d7:7a:10:a3:cd:1e:45:
                    01:04:b4:09:00:78:d5:93:7a:2d:15:c4:80:a6:26:
                    ed:4a:f2:af:6a:a8:5e:18:9d:3c:39:7b:4b:d0:ee:
                    85:94:f6:17:59:94:53:3c:4d:f9:ec:be:9e:88:df:
                    ab:ea:5e:38:f3:eb:d8:a5:f1:ac:2b:41:45:3c:8f:
                    1b:0c:57:07:75:74:5c:bb:2d:cf:9f:6d:29:e7:d7:
                    1c:e0:dd:bb:78:ed:98:01:82:dc:a0:f7:4c:5a:82:
                    a4:3c:55:51:1d:c9:8a:e6:66:af:68:ac:39:3f:06:
                    b9:e2:80:26:18:71:8f:4c:f5:f2:a9:6c:50:2c:07:
                    aa:46:35:31:9d:c7:5d:69:b3:15:b3:a3:17:f9:94:
                    52:2e:25:01:c5:b9:64:ab:6b:79:1e:e1:1d:8c:f5:
                    23:f0:d8:6f:6b:58:7c:07:44:0b:90:a4:a5:66:f9:
                    f3:38:db:21:30:e9:7a:b9:94:2b:d0:5c:1f:0c:e8:
                    67:43:53:93:8b:67:f4:3c:68:d8:bf:d2:96:ce:72:
                    cf:ec:77:25:c8:e3:7a:49:d8:fa:e2:c8:cd:06:f0:
                    38:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:5A:24:D8:DC:39:E6:61:8D:0F:42:7A:D6:7B:E1:92:E1:08:04:40
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MFok2Nw55mGND0J61nvhkuEIBEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.204.0/22
                  185.108.204.0/22
                  185.126.80.0/22
                  185.218.20.0/22
                  185.225.20.0/22
                  185.228.72.0/22
                  193.58.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:05:c7:b3:6e:ec:8a:da:32:69:af:3d:6d:4b:c0:76:09:46:
         6b:71:3e:a1:dc:89:13:cb:27:a6:93:8f:2f:4e:da:2b:21:ec:
         6c:dc:d3:60:5c:7c:ed:83:0c:d8:79:28:5d:24:e3:74:ea:f6:
         43:4b:2e:6b:21:a9:01:bd:e6:24:ec:78:b5:49:1f:fc:19:ac:
         95:94:06:6b:12:37:bb:36:da:fa:c3:99:54:81:0d:d3:33:aa:
         40:9e:f1:78:d9:bb:1d:2e:5b:c4:c9:03:77:24:a8:7d:6a:19:
         bd:22:98:47:47:e1:f2:74:87:c2:a7:8c:48:2e:30:31:1e:5c:
         d7:5f:af:8d:6c:ce:3d:29:35:6e:d2:4f:27:87:13:80:cd:d0:
         a0:6f:5d:d1:ec:82:78:cd:ff:74:f7:46:83:2e:45:45:be:99:
         15:89:ce:d9:87:ed:20:01:34:c1:ab:b0:53:21:62:11:ba:c4:
         f5:eb:bc:86:bc:95:66:3c:9e:89:c3:2d:34:51:3e:35:ec:64:
         58:88:4c:f2:dc:23:d9:8c:14:d8:73:6d:ea:92:17:16:e9:a4:
         49:b8:ba:c9:d7:dd:d5:38:77:10:79:e9:60:2d:95:b0:63:43:
         8b:ac:34:98:94:35:10:e7:b6:b6:50:4c:98:c4:1b:a6:6b:d6:
         29:70:48:21
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEBK8o3zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NjhiZmI4YTVlZWU0OTA4MmVhNjI4ZGYyNWE0YTVkNTBmM2FhOWIzMB4XDTIyMDYy
ODEwMjUwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzA1YTI0ZDhkYzM5
ZTY2MThkMGY0MjdhZDY3YmUxOTJlMTA4MDQ0MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKEoOHRVrLkqsholzq/SGR957G4bC1HQKJsmA9KGU0wc679t
f8XXehCjzR5FAQS0CQB41ZN6LRXEgKYm7Uryr2qoXhidPDl7S9DuhZT2F1mUUzxN
+ey+nojfq+peOPPr2KXxrCtBRTyPGwxXB3V0XLstz59tKefXHODdu3jtmAGC3KD3
TFqCpDxVUR3JiuZmr2isOT8GueKAJhhxj0z18qlsUCwHqkY1MZ3HXWmzFbOjF/mU
Ui4lAcW5ZKtreR7hHYz1I/DYb2tYfAdEC5CkpWb58zjbITDpermUK9BcHwzoZ0NT
k4tn9Dxo2L/Sls5yz+x3JcjjeknY+uLIzQbwOLsCAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBQwWiTY3DnmYY0PQnrWe+GS4QgEQDAfBgNVHSMEGDAWgBQ2i/uKXu5JCC6m
KN8lpKXVDzqpszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8x
L01Gb2syTnc1NW1HTkQwSjYxbnZoa3VFSUJFQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8xL05vdjdpbDd1U1Fn
dXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEArkkzAMEArlszAMEArl+UAMEArna
FAMEArnhFAMEArnkSAMEAsE6kDANBgkqhkiG9w0BAQsFAAOCAQEAuwXHs27sitoy
aa89bUvAdglGa3E+odyJE8snppOPL07aKyHsbNzTYFx87YMM2HkoXSTjdOr2Q0su
ayGpAb3mJOx4tUkf/BmslZQGaxI3uzba+sOZVIEN0zOqQJ7xeNm7HS5bxMkDdySo
fWoZvSKYR0fh8nSHwqeMSC4wMR5c11+vjWzOPSk1btJPJ4cTgM3QoG9d0eyCeM3/
dPdGgy5FRb6ZFYnO2YftIAE0wauwUyFiEbrE9eu8hryVZjyeicMtNFE+NexkWIhM
8twj2YwU2HNt6pIXFumkSbi6ydfd1Th3EHnpYC2VsGNDi6w0mJQ1EOe2tlBMmMQb
pmvWKXBIIQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:35 2024 by rpki-client on console-ams.rpki-client.org