Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/oog5Jbi3hKDHwfUiS5bca_9nsHk.roa
File:                     oog5Jbi3hKDHwfUiS5bca_9nsHk.roa (raw, json)
Hash identifier:          lWpfAuehzjNCT3yy1rnm33+kthXTTnFEOZY8IqfKUhc=
Subject key identifier:   A2:88:39:25:B8:B7:84:A0:C7:C1:F5:22:4B:96:DC:6B:FF:67:B0:79
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       1BCF56CC
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/oog5Jbi3hKDHwfUiS5bca_9nsHk.roa
Signing time:             Wed 08 Jun 2022 09:39:25 +0000
ROA not before:           Wed 08 Jun 2022 09:39:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        109.246.240.0/20 maxlen: 24
                          109.246.144.0/20 maxlen: 24
                          185.27.178.0/23 maxlen: 24
                          109.246.160.0/20 maxlen: 24
                          109.246.176.0/20 maxlen: 24
                          185.18.122.0/24 maxlen: 24
                          109.246.192.0/20 maxlen: 24
                          109.246.208.0/20 maxlen: 24
                          109.246.224.0/20 maxlen: 24
                          109.246.128.0/20 maxlen: 24
                          109.246.128.0/17 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 466573004 (0x1bcf56cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jun  8 09:39:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a2883925b8b784a0c7c1f5224b96dc6bff67b079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:b3:b7:0a:02:f3:71:69:c2:e3:8e:fc:a8:37:
                    71:0b:c0:d9:47:dd:3f:40:88:6e:8a:22:c9:22:4a:
                    c0:78:6d:9d:76:0f:80:c8:06:68:3a:ff:64:17:95:
                    7b:72:1b:a2:f1:1b:6f:86:ae:b1:71:dc:ea:b5:e1:
                    f0:25:96:98:b0:d6:43:a2:5b:24:69:e2:ab:6c:8b:
                    04:26:e5:f9:03:5a:70:49:11:ac:df:57:30:9f:6f:
                    68:fd:63:b1:ac:f9:25:ec:85:33:8a:53:70:74:d1:
                    64:85:bc:5b:6b:55:a6:e8:e6:01:fc:4d:ff:04:3a:
                    c3:3f:36:20:37:a0:b6:26:f3:a0:9c:21:0c:87:a5:
                    58:35:2e:3b:8e:be:17:78:13:de:a5:22:f1:cc:72:
                    a9:53:1b:e4:66:20:3c:48:70:dd:f1:41:8d:8f:a7:
                    74:4d:ab:8c:08:fa:65:f4:86:9c:bf:c5:95:92:dc:
                    ee:98:f5:77:b7:a8:84:de:3f:7f:31:92:62:39:19:
                    a9:3a:6d:9d:4d:64:47:80:73:24:f9:80:c2:f6:88:
                    08:66:3f:e4:1d:40:5e:e8:45:52:44:dc:b2:1d:7b:
                    fb:34:69:62:c8:e3:5d:bd:c3:61:06:6a:57:44:32:
                    51:aa:52:02:2c:f1:15:bd:f8:4b:cd:75:3a:6e:25:
                    66:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:88:39:25:B8:B7:84:A0:C7:C1:F5:22:4B:96:DC:6B:FF:67:B0:79
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/oog5Jbi3hKDHwfUiS5bca_9nsHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.246.128.0/17
                  185.18.122.0/24
                  185.27.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:db:26:79:8d:6d:57:a3:ac:13:a6:46:83:6f:a2:33:6e:fb:
         f5:f1:c8:4b:0e:35:29:b4:73:f4:b8:6b:fe:6b:3b:69:25:3a:
         a9:85:de:93:8b:a3:7c:2b:c5:72:46:1d:86:73:8e:70:2c:6c:
         15:62:67:54:3b:8d:f8:c0:0a:aa:aa:b9:cf:14:83:67:31:cc:
         44:b5:68:91:38:43:46:c8:87:15:ee:7f:ef:04:84:c9:26:03:
         25:a7:5e:88:b5:d9:d6:38:64:d8:4d:d8:6f:08:08:d4:e8:cf:
         11:c3:55:53:ed:ea:6b:63:87:85:f8:e3:9e:66:3f:be:d8:f5:
         bf:03:ee:0a:ae:84:8e:7c:1c:df:18:de:98:45:c8:f7:51:9e:
         37:7f:8f:b3:cc:85:46:a0:00:52:07:9e:33:b8:9c:2a:81:06:
         6c:68:41:5c:55:e9:a1:73:83:34:08:f7:6d:f4:7c:ce:90:cc:
         ab:88:5c:42:1e:ec:4f:0f:23:b1:83:25:5d:53:bc:27:d5:a7:
         be:df:0a:f4:8c:55:0f:3a:de:bc:d4:96:d0:64:38:d5:17:76:
         dc:2b:03:2d:65:37:5b:83:aa:00:d9:2c:e1:b7:d7:fc:3d:9f:
         6b:89:f5:f2:f5:d5:d8:ab:03:3a:93:51:40:a0:3f:b0:10:d8:
         90:62:9c:bc
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEG89WzDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YzNjMzlkMTg5OWU2OTliZjUxNzc0MThlZTM4MTQ4OWVkZmY0MzgwMB4XDTIyMDYw
ODA5MzkyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTI4ODM5MjViOGI3
ODRhMGM3YzFmNTIyNGI5NmRjNmJmZjY3YjA3OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOmztwoC83FpwuOO/Kg3cQvA2UfdP0CIbooiySJKwHhtnXYP
gMgGaDr/ZBeVe3IbovEbb4ausXHc6rXh8CWWmLDWQ6JbJGniq2yLBCbl+QNacEkR
rN9XMJ9vaP1jsaz5JeyFM4pTcHTRZIW8W2tVpujmAfxN/wQ6wz82IDegtibzoJwh
DIelWDUuO46+F3gT3qUi8cxyqVMb5GYgPEhw3fFBjY+ndE2rjAj6ZfSGnL/FlZLc
7pj1d7eohN4/fzGSYjkZqTptnU1kR4BzJPmAwvaICGY/5B1AXuhFUkTcsh17+zRp
YsjjXb3DYQZqV0QyUapSAizxFb34S811Om4lZmECAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBSiiDkluLeEoMfB9SJLltxr/2eweTAfBgNVHSMEGDAWgBR8PDnRiZ5pm/UX
dBjuOBSJ7f9DgDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZEdzUwWW1lYVp2MUYzUVk3amdVaWUzX1E0QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvYzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8x
L29vZzVKYmkzaEtESHdmVWlTNWJjYV85bnNIay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
YzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8xL2ZEdzUwWW1lYVp2
MUYzUVk3amdVaWUzX1E0QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEB232gAMEALkSegMEAbkbsjANBgkq
hkiG9w0BAQsFAAOCAQEADdsmeY1tV6OsE6ZGg2+iM2779fHISw41KbRz9Lhr/ms7
aSU6qYXek4ujfCvFckYdhnOOcCxsFWJnVDuN+MAKqqq5zxSDZzHMRLVokThDRsiH
Fe5/7wSEySYDJadeiLXZ1jhk2E3YbwgI1OjPEcNVU+3qa2OHhfjjnmY/vtj1vwPu
Cq6Ejnwc3xjemEXI91GeN3+Ps8yFRqAAUgeeM7icKoEGbGhBXFXpoXODNAj3bfR8
zpDMq4hcQh7sTw8jsYMlXVO8J9Wnvt8K9IxVDzrevNSW0GQ41Rd23CsDLWU3W4Oq
ANks4bfX/D2fa4n18vXV2KsDOpNRQKA/sBDYkGKcvA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:02 2024 by rpki-client on console-ams.rpki-client.org