Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa
File:                     SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa (raw, json)
Hash identifier:          4Uyv3TlYxxyUjHRY/LP0l3dR20BtDaHXW72x6XyIaGo=
Subject key identifier:   4A:66:18:0B:27:3D:2B:1E:93:BD:18:DF:38:9C:4D:33:CC:D2:B4:E3
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       0327D822
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa
Signing time:             Sat 01 Jan 2022 12:02:33 +0000
ROA not before:           Sat 01 Jan 2022 12:02:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59854
IP address blocks:        37.156.33.0/24 maxlen: 24
                          37.156.32.0/24 maxlen: 24
                          37.156.32.0/23 maxlen: 24
                          188.215.36.0/24 maxlen: 24
                          86.105.187.0/24 maxlen: 24
                          89.40.21.0/24 maxlen: 24
                          86.105.215.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 52942882 (0x327d822)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jan  1 12:02:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4a66180b273d2b1e93bd18df389c4d33ccd2b4e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:37:c7:e4:5d:4c:c4:44:bb:92:b9:24:28:8b:
                    a6:ce:95:54:b2:71:f4:c8:70:cd:11:b8:0c:62:da:
                    93:43:17:d8:a8:01:a0:56:08:d1:ff:8f:b9:f1:c9:
                    52:4b:1d:6c:b1:d3:f9:ff:73:5f:87:2f:1a:d3:93:
                    95:cc:57:75:b4:02:b3:1b:0c:59:d0:9d:22:bd:8c:
                    48:91:67:f2:10:fc:aa:99:8b:a1:17:48:2d:4a:04:
                    a4:39:2a:65:b0:d0:17:fc:cc:91:58:3a:2f:7d:63:
                    0f:16:51:ed:23:8e:4f:53:1c:be:ab:3f:99:5b:1a:
                    0f:a2:04:35:e3:df:be:7d:bc:06:ee:b0:42:f6:54:
                    d8:b9:6c:39:c5:c1:6b:4e:22:44:12:62:b0:aa:5a:
                    57:9f:c1:a5:99:7b:68:cc:cd:4f:24:c4:cb:c7:ec:
                    19:30:9c:f2:6c:3e:09:6e:1a:99:5e:57:cd:4d:13:
                    ff:1d:33:c3:c3:a9:d6:ac:91:23:63:e2:cb:ac:4e:
                    61:4c:d6:c8:f5:89:45:b3:63:9d:6e:ea:45:48:0f:
                    3e:45:d1:13:57:a8:84:49:91:df:3a:4c:4f:b6:dd:
                    3b:10:96:c8:b6:e8:b8:7d:fa:e9:72:33:36:17:89:
                    78:d8:f6:63:3e:db:00:b7:db:5e:58:2b:12:eb:9c:
                    ba:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:66:18:0B:27:3D:2B:1E:93:BD:18:DF:38:9C:4D:33:CC:D2:B4:E3
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.32.0/23
                  86.105.187.0/24
                  86.105.215.0/24
                  89.40.21.0/24
                  188.215.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:05:56:e5:ae:00:b7:37:40:da:60:70:ff:e6:b3:70:cd:0f:
         ce:bd:03:19:1f:d4:59:68:a8:df:00:1a:10:e9:52:60:51:cb:
         86:90:1a:5b:c8:a4:96:ee:45:e2:d1:a8:67:67:ca:4a:e2:f0:
         1d:d1:7f:a2:0f:85:cf:cf:df:98:f9:96:65:28:2f:c0:16:b4:
         87:96:71:c1:4a:d6:35:1c:73:6d:6a:5b:cd:88:49:06:22:b1:
         bc:89:03:12:1a:c8:75:80:1f:f9:a2:c6:c7:52:ac:94:88:f7:
         c2:79:a4:66:ca:26:f9:44:f0:44:81:69:e1:fd:c2:c1:a7:3a:
         fe:5e:80:3a:27:b4:0a:94:a6:df:57:c9:f1:a3:8a:61:27:63:
         2d:29:60:98:33:7e:62:41:15:de:73:a6:61:f7:6d:08:42:84:
         13:14:86:32:f0:a1:7c:c1:ec:89:50:c1:a0:f3:b9:55:6a:96:
         9c:6c:4b:88:bb:03:99:c3:7b:7d:59:fd:86:12:ab:63:90:b5:
         ef:fb:ed:2c:d9:e8:66:0d:0d:f9:3f:5c:05:dd:91:0d:7a:74:
         f9:e6:ce:45:97:09:a0:89:68:cd:b1:3a:0b:3a:34:19:f1:18:
         e8:8f:5e:46:35:fa:dd:78:e9:5d:15:81:33:1f:1b:39:8f:90:
         3a:7f:2e:c6
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEAyfYIjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MDhhZjQ4NWI0ZmQwZjAzNzE3Y2Q0YTcwOWVmMTFjNjFkM2VmNDZlMB4XDTIyMDEw
MTEyMDIzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGE2NjE4MGIyNzNk
MmIxZTkzYmQxOGRmMzg5YzRkMzNjY2QyYjRlMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALA3x+RdTMREu5K5JCiLps6VVLJx9MhwzRG4DGLak0MX2KgB
oFYI0f+PufHJUksdbLHT+f9zX4cvGtOTlcxXdbQCsxsMWdCdIr2MSJFn8hD8qpmL
oRdILUoEpDkqZbDQF/zMkVg6L31jDxZR7SOOT1Mcvqs/mVsaD6IENePfvn28Bu6w
QvZU2LlsOcXBa04iRBJisKpaV5/BpZl7aMzNTyTEy8fsGTCc8mw+CW4amV5XzU0T
/x0zw8Op1qyRI2Piy6xOYUzWyPWJRbNjnW7qRUgPPkXRE1eohEmR3zpMT7bdOxCW
yLbouH366XIzNheJeNj2Yz7bALfbXlgrEuucusMCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRKZhgLJz0rHpO9GN84nE0zzNK04zAfBgNVHSMEGDAWgBRAivSFtP0PA3F8
1KcJ7xHGHT70bjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FJcjBoYlQ5RHdOeGZOU25DZThSeGgwLTlHNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8x
L1NtWVlDeWM5S3g2VHZSamZPSnhOTTh6U3RPTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8xL1FJcjBoYlQ5RHdO
eGZOU25DZThSeGgwLTlHNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEASWcIAMEAFZpuwMEAFZp1wMEAFko
FQMEALzXJDANBgkqhkiG9w0BAQsFAAOCAQEAmwVW5a4AtzdA2mBw/+azcM0Pzr0D
GR/UWWio3wAaEOlSYFHLhpAaW8iklu5F4tGoZ2fKSuLwHdF/og+Fz8/fmPmWZSgv
wBa0h5ZxwUrWNRxzbWpbzYhJBiKxvIkDEhrIdYAf+aLGx1KslIj3wnmkZsom+UTw
RIFp4f3Cwac6/l6AOie0CpSm31fJ8aOKYSdjLSlgmDN+YkEV3nOmYfdtCEKEExSG
MvChfMHsiVDBoPO5VWqWnGxLiLsDmcN7fVn9hhKrY5C17/vtLNnoZg0N+T9cBd2R
DXp0+ebORZcJoIlozbE6Czo0GfEY6I9eRjX63XjpXRWBMx8bOY+QOn8uxg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:06 2024 by rpki-client on console-ams.rpki-client.org