Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QswhqaoAzePq01p-kJpDatvW6nc.roa
File:                     QswhqaoAzePq01p-kJpDatvW6nc.roa (raw, json)
Hash identifier:          7twIW7hwdQL8V2FybgpZNusiylM/CbTshB6iMLJU8PQ=
Subject key identifier:   42:CC:21:A9:AA:00:CD:E3:EA:D3:5A:7E:90:9A:43:6A:DB:D6:EA:77
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       0183604A7E2505AE2F6C26A199AC0BB8B58C
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QswhqaoAzePq01p-kJpDatvW6nc.roa
Signing time:             Wed 21 Sep 2022 13:43:58 +0000
ROA not before:           Wed 21 Sep 2022 13:43:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20616
IP address blocks:        195.246.242.0/23 maxlen: 23
                          86.105.192.0/24 maxlen: 24
                          89.44.188.0/24 maxlen: 24
                          91.208.142.0/24 maxlen: 24
                          188.214.16.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:60:4a:7e:25:05:ae:2f:6c:26:a1:99:ac:0b:b8:b5:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Sep 21 13:43:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=42cc21a9aa00cde3ead35a7e909a436adbd6ea77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:08:40:1c:c6:c5:f0:56:4f:1c:d2:a3:4b:14:
                    62:32:b0:37:36:59:02:74:83:a8:7f:08:17:28:e5:
                    87:c8:15:6a:ec:bc:7d:5b:09:b5:11:18:8b:8d:74:
                    0f:c1:2a:4c:61:d9:6d:bf:8a:14:6a:f6:ed:ce:89:
                    cb:2f:3b:09:8b:8d:6f:00:8f:2c:5f:11:64:e0:c3:
                    d7:30:7a:7b:52:05:fa:a7:17:ac:c0:83:3f:2f:e1:
                    14:3a:c1:72:8d:07:ad:45:37:39:39:5f:3d:f9:6d:
                    d0:b8:fd:f9:e8:14:72:fb:1a:f8:52:9b:ce:c5:5b:
                    f1:38:0d:b3:05:1b:1b:91:f0:b5:97:81:f3:2c:62:
                    3a:da:ba:7c:4a:13:77:ca:ad:3c:b0:58:f6:42:cd:
                    7c:c7:08:bd:71:77:42:df:40:a4:f0:74:c7:85:bc:
                    54:f9:b6:fc:2e:b7:69:43:cc:1e:cd:b5:42:83:2c:
                    31:f2:0a:f5:e8:cc:ab:73:2e:59:78:1d:fb:ae:74:
                    2f:6e:5a:b2:c1:39:47:36:31:e2:de:07:a9:2b:92:
                    1a:ca:f5:89:54:64:5d:60:38:7e:c7:e4:0e:d3:ae:
                    35:c4:91:e7:35:fe:ea:d2:c7:55:89:29:7b:1f:a0:
                    b3:0a:dd:06:92:81:4e:77:42:b6:fc:3b:d5:d5:30:
                    57:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:CC:21:A9:AA:00:CD:E3:EA:D3:5A:7E:90:9A:43:6A:DB:D6:EA:77
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QswhqaoAzePq01p-kJpDatvW6nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.192.0/24
                  89.44.188.0/24
                  91.208.142.0/24
                  188.214.16.0/21
                  195.246.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:c4:71:d7:f3:83:7f:43:33:aa:c9:55:be:4f:7b:73:82:b8:
         59:c8:2c:9e:e1:b5:61:38:4b:92:f3:30:0d:7f:84:d3:81:a9:
         c1:3d:3f:3c:04:80:f4:54:68:74:4c:b4:f4:0f:b0:fe:78:c2:
         38:66:cf:4f:a2:69:09:e3:74:c7:6a:bb:2a:37:6a:18:6f:6f:
         28:e7:60:1f:86:df:27:da:da:e1:fd:46:19:0a:c7:66:99:34:
         9a:f2:7b:a2:1c:2c:51:18:61:c4:85:fa:e4:b1:60:e9:f4:dd:
         ae:72:d5:66:51:4b:cb:e3:d6:9d:0a:6f:ce:c6:4c:50:86:13:
         47:47:fa:03:84:19:c9:c2:ea:7f:cf:2d:3c:47:7a:7d:6d:7f:
         18:2b:11:4e:50:aa:f8:ef:0d:58:37:e6:63:cb:44:04:d1:1e:
         a4:f0:5e:a6:b9:b3:ef:cf:a8:1e:a3:6b:1a:80:68:c4:c2:21:
         0e:6e:30:aa:e1:3d:01:2f:fd:87:d5:17:54:7f:28:32:47:d3:
         69:63:8d:eb:e4:78:5f:0d:39:14:c1:45:f7:a6:db:3f:e5:c6:
         6a:96:8a:86:d3:26:d4:f5:88:a3:41:2d:1d:df:3f:fe:6f:78:
         b0:31:a2:24:61:25:93:c8:dd:70:7e:fa:e2:1e:7a:98:10:bf:
         87:bd:86:45
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYNgSn4lBa4vbCahmawLuLWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjIwOTIxMTM0MzU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmNjMjFhOWFhMDBjZGUzZWFkMzVhN2U5MDlhNDM2YWRiZDZlYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ghAHMbF8FZPHNKjSxRiMrA3NlkC
dIOofwgXKOWHyBVq7Lx9Wwm1ERiLjXQPwSpMYdltv4oUavbtzonLLzsJi41vAI8s
XxFk4MPXMHp7UgX6pxeswIM/L+EUOsFyjQetRTc5OV89+W3QuP356BRy+xr4UpvO
xVvxOA2zBRsbkfC1l4HzLGI62rp8ShN3yq08sFj2Qs18xwi9cXdC30Ck8HTHhbxU
+bb8LrdpQ8wezbVCgywx8gr16Myrcy5ZeB37rnQvblqywTlHNjHi3gepK5IayvWJ
VGRdYDh+x+QO0641xJHnNf7q0sdViSl7H6CzCt0GkoFOd0K2/DvV1TBXsQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFELMIamqAM3j6tNafpCaQ2rb1up3MB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvUXN3aHFhb0F6ZVBxMDFwLWtKcERhdHZXNm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVmnAAwQA
WSy8AwQAW9COAwQDvNYQAwQBw/byMA0GCSqGSIb3DQEBCwUAA4IBAQAFxHHX84N/
QzOqyVW+T3tzgrhZyCye4bVhOEuS8zANf4TTganBPT88BID0VGh0TLT0D7D+eMI4
Zs9PomkJ43THarsqN2oYb28o52Afht8n2trh/UYZCsdmmTSa8nuiHCxRGGHEhfrk
sWDp9N2uctVmUUvL49adCm/OxkxQhhNHR/oDhBnJwup/zy08R3p9bX8YKxFOUKr4
7w1YN+Zjy0QE0R6k8F6mubPvz6geo2sagGjEwiEObjCq4T0BL/2H1RdUfygyR9Np
Y43r5HhfDTkUwUX3pts/5cZqloqG0ybU9YijQS0d3z/+b3iwMaIkYSWTyN1wfvri
HnqYEL+HvYZF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:27 2024 by rpki-client on console-fra.rpki-client.org