Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/pG5AS1LaYG_19GURUyD9NlVnx4s.roa
File:                     pG5AS1LaYG_19GURUyD9NlVnx4s.roa (raw, json)
Hash identifier:          V7jzm4jJqu9GZKHoJlXC5wBT3eIDmIdo51Z1j0rJeHs=
Subject key identifier:   A4:6E:40:4B:52:DA:60:6F:F5:F4:65:11:53:20:FD:36:55:67:C7:8B
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       1AEC3109
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/pG5AS1LaYG_19GURUyD9NlVnx4s.roa
Signing time:             Fri 04 Mar 2022 12:05:25 +0000
ROA not before:           Fri 04 Mar 2022 12:05:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        109.246.240.0/20 maxlen: 24
                          109.246.144.0/20 maxlen: 24
                          185.27.178.0/23 maxlen: 24
                          109.246.160.0/20 maxlen: 24
                          109.246.176.0/20 maxlen: 24
                          109.246.192.0/20 maxlen: 24
                          109.246.208.0/20 maxlen: 24
                          109.246.0.0/17 maxlen: 24
                          109.246.224.0/20 maxlen: 24
                          109.246.128.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 451686665 (0x1aec3109)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Mar  4 12:05:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a46e404b52da606ff5f465115320fd365567c78b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:43:16:bf:86:11:76:4a:0e:a7:d9:cb:12:1c:
                    b2:13:46:d2:9a:c1:a2:ae:02:5e:12:76:91:12:1a:
                    68:f6:77:09:53:e3:de:03:00:f5:5a:1a:d9:b8:1c:
                    49:59:42:a8:4c:55:ff:51:e3:ec:51:66:0e:d3:62:
                    38:8a:11:37:df:f0:f0:a5:4c:a4:e6:4b:8b:f2:50:
                    71:70:95:ca:6d:19:74:85:ef:78:20:99:b9:2b:f7:
                    b1:d5:fb:46:23:9b:e3:76:84:79:dd:ac:f3:f5:0a:
                    9c:9d:f9:43:c4:2b:43:4f:6a:66:52:93:1f:03:de:
                    c5:e4:72:42:50:87:2a:f1:d6:a0:71:ae:b6:6c:c5:
                    b7:3e:00:68:24:8f:5d:b7:e7:e4:84:ee:50:34:e3:
                    a0:b4:6d:be:d3:05:a0:3e:21:e1:e6:03:47:43:a4:
                    29:5f:67:f2:1a:86:be:f8:7d:c6:08:ea:6b:1b:e2:
                    c0:7d:0b:c0:22:2e:8c:8b:14:8a:04:43:8c:6c:24:
                    84:85:49:a3:d8:84:28:08:a2:50:c4:ea:42:95:3a:
                    31:d6:52:05:69:f7:95:f6:de:10:6e:b9:92:56:8f:
                    04:4a:4c:5c:c7:1c:01:4f:12:2c:47:8b:8e:3c:a2:
                    15:b5:0f:96:e3:51:a3:c4:86:53:b1:c6:bb:93:a1:
                    ee:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:6E:40:4B:52:DA:60:6F:F5:F4:65:11:53:20:FD:36:55:67:C7:8B
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/pG5AS1LaYG_19GURUyD9NlVnx4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.246.0.0/16
                  185.27.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:89:f3:6b:c4:55:e6:7d:d7:62:18:08:6c:79:6d:7e:09:20:
         89:a1:46:a1:82:2f:db:9e:03:ea:08:e8:13:e6:20:b5:ab:bc:
         d3:5e:24:95:86:eb:fe:a6:72:b9:40:fb:70:af:85:32:b4:88:
         3b:b3:53:b9:a4:01:55:1b:0a:4e:5c:59:5f:19:4d:4c:07:2e:
         36:5a:0e:a3:8a:fd:72:27:93:68:74:f6:4d:0c:34:6f:74:b6:
         64:0b:dc:a0:4f:68:b5:5c:68:96:14:1b:d2:f9:5a:26:e5:33:
         50:96:12:4c:b9:7a:ec:c9:01:12:90:ca:77:9e:ed:20:1b:50:
         ba:47:29:44:de:82:e6:da:f8:73:1e:a1:ef:3f:73:ef:bf:fd:
         2d:fc:fb:3b:d0:9f:57:73:79:f0:14:fb:d7:bd:b1:1c:63:8c:
         59:09:36:af:1d:dd:3e:e6:26:97:4e:4d:15:e2:59:08:3d:f9:
         ea:a1:9b:69:01:3d:76:aa:65:43:23:80:46:5a:87:dc:75:63:
         54:68:f8:23:4d:9c:9e:99:a0:14:c2:57:0d:37:01:12:69:eb:
         4e:16:ba:6f:9b:ac:44:4c:86:c4:7d:33:69:1a:49:30:64:1b:
         ab:91:42:47:4a:4a:4e:f8:f7:ec:c0:9d:9d:8a:97:00:52:b6:
         37:8c:62:ad
-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgIEGuwxCTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YzNjMzlkMTg5OWU2OTliZjUxNzc0MThlZTM4MTQ4OWVkZmY0MzgwMB4XDTIyMDMw
NDEyMDUyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTQ2ZTQwNGI1MmRh
NjA2ZmY1ZjQ2NTExNTMyMGZkMzY1NTY3Yzc4YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKJDFr+GEXZKDqfZyxIcshNG0prBoq4CXhJ2kRIaaPZ3CVPj
3gMA9Voa2bgcSVlCqExV/1Hj7FFmDtNiOIoRN9/w8KVMpOZLi/JQcXCVym0ZdIXv
eCCZuSv3sdX7RiOb43aEed2s8/UKnJ35Q8QrQ09qZlKTHwPexeRyQlCHKvHWoHGu
tmzFtz4AaCSPXbfn5ITuUDTjoLRtvtMFoD4h4eYDR0OkKV9n8hqGvvh9xgjqaxvi
wH0LwCIujIsUigRDjGwkhIVJo9iEKAiiUMTqQpU6MdZSBWn3lfbeEG65klaPBEpM
XMccAU8SLEeLjjyiFbUPluNRo8SGU7HGu5Oh7gcCAwEAAaOCAg4wggIKMB0GA1Ud
DgQWBBSkbkBLUtpgb/X0ZRFTIP02VWfHizAfBgNVHSMEGDAWgBR8PDnRiZ5pm/UX
dBjuOBSJ7f9DgDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZEdzUwWW1lYVp2MUYzUVk3amdVaWUzX1E0QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvYzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8x
L3BHNUFTMUxhWUdfMTlHVVJVeUQ5TmxWbng0cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
YzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8xL2ZEdzUwWW1lYVp2
MUYzUVk3amdVaWUzX1E0QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAk
BggrBgEFBQcBBwEB/wQVMBMwEQQCAAEwCwMDAG32AwQBuRuyMA0GCSqGSIb3DQEB
CwUAA4IBAQAVifNrxFXmfddiGAhseW1+CSCJoUahgi/bngPqCOgT5iC1q7zTXiSV
huv+pnK5QPtwr4UytIg7s1O5pAFVGwpOXFlfGU1MBy42Wg6jiv1yJ5NodPZNDDRv
dLZkC9ygT2i1XGiWFBvS+Vom5TNQlhJMuXrsyQESkMp3nu0gG1C6RylE3oLm2vhz
HqHvP3Pvv/0t/Ps70J9Xc3nwFPvXvbEcY4xZCTavHd0+5iaXTk0V4lkIPfnqoZtp
AT12qmVDI4BGWofcdWNUaPgjTZyemaAUwlcNNwESaetOFrpvm6xETIbEfTNpGkkw
ZBurkUJHSkpO+PfswJ2dipcAUrY3jGKt
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:24 2024 by rpki-client on console-fra.rpki-client.org