Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa
File:                     ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa (raw, json)
Hash identifier:          2t0fTSAhVUW/KcLwPEJhnxjMuUIgFc3m5hLqim147F4=
Subject key identifier:   79:DF:1D:C5:97:71:AB:A0:F1:B1:94:12:B2:64:72:54:B7:99:F9:F0
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       0460B847
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa
Signing time:             Wed 25 May 2022 08:45:37 +0000
ROA not before:           Wed 25 May 2022 08:45:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59854
IP address blocks:        89.35.173.0/24 maxlen: 24
                          93.119.227.0/24 maxlen: 24
                          37.156.33.0/24 maxlen: 24
                          37.156.32.0/23 maxlen: 24
                          37.156.32.0/24 maxlen: 24
                          188.215.36.0/24 maxlen: 24
                          128.0.46.0/23 maxlen: 23
                          188.214.142.0/24 maxlen: 24
                          185.171.185.0/24 maxlen: 24
                          185.171.184.0/24 maxlen: 24
                          185.171.187.0/24 maxlen: 24
                          77.81.164.0/23 maxlen: 23
                          86.105.187.0/24 maxlen: 24
                          89.40.21.0/24 maxlen: 24
                          86.105.215.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 73447495 (0x460b847)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: May 25 08:45:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=79df1dc59771aba0f1b19412b2647254b799f9f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f0:e2:74:f6:91:6e:82:4a:67:e7:8d:e5:78:
                    5a:f6:ef:29:38:e5:6c:64:af:a3:66:15:44:e0:85:
                    da:32:63:52:08:21:3e:a5:7f:09:8b:63:28:50:39:
                    dc:a3:13:8e:75:e7:0e:96:c7:48:a9:77:1b:8c:83:
                    20:e2:07:79:51:bc:50:19:51:2d:17:07:9d:43:79:
                    02:2e:e0:3b:6e:f6:00:7f:30:e8:07:62:3e:40:1b:
                    14:3b:5a:00:55:7f:6f:6c:d5:88:03:05:5e:d3:89:
                    db:a3:36:d9:7d:c5:bf:a2:51:94:ce:fe:ef:4b:e8:
                    59:a9:49:a3:39:8d:76:23:44:34:60:4e:29:a0:63:
                    f6:3e:50:67:0f:77:9b:1b:9f:cd:13:37:fe:d4:95:
                    ff:d1:ed:dd:70:05:79:48:79:f5:c1:18:66:d0:36:
                    c5:3c:41:c7:ea:b4:5a:93:cc:12:2a:d4:41:ac:f2:
                    3b:6b:6c:b3:b9:33:11:d1:de:5f:96:f4:f2:21:dc:
                    07:8e:00:e4:38:d5:cb:b4:57:fd:3c:58:33:f6:c7:
                    73:40:1b:f2:f4:e2:eb:c9:e9:f8:54:27:8b:14:de:
                    25:39:22:9d:11:90:34:e4:15:7c:c4:2f:d1:9d:d7:
                    99:de:d0:c5:4c:a6:34:a5:6e:b4:63:36:3d:03:b7:
                    0e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:DF:1D:C5:97:71:AB:A0:F1:B1:94:12:B2:64:72:54:B7:99:F9:F0
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.32.0/23
                  77.81.164.0/23
                  86.105.187.0/24
                  86.105.215.0/24
                  89.35.173.0/24
                  89.40.21.0/24
                  93.119.227.0/24
                  128.0.46.0/23
                  185.171.184.0/23
                  185.171.187.0/24
                  188.214.142.0/24
                  188.215.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:76:a9:f3:45:1e:05:c7:a5:29:5c:c8:cf:5d:5c:f9:f1:0f:
         2d:05:59:70:c7:9d:9e:20:0d:79:90:ae:85:9b:38:aa:c9:66:
         ae:a4:19:e7:90:65:f2:69:53:53:6a:ad:ff:6b:36:d5:74:b9:
         81:bb:fb:ce:9a:11:3b:8b:6d:6b:2c:de:c4:e5:d9:ef:94:62:
         3c:93:fc:47:5c:fc:d5:69:a5:68:e6:ed:bf:10:a2:8d:d7:8a:
         8d:66:bf:48:a6:f2:d7:88:a6:ec:73:86:27:08:35:92:6e:43:
         a5:f2:81:a2:8e:0b:5c:93:0f:10:10:32:cb:03:ea:8d:58:f9:
         81:9a:b9:0c:39:ed:bb:84:38:c0:b8:bc:2f:25:86:92:85:8a:
         2c:1e:11:6f:a0:dc:f7:c5:fd:f5:ec:09:76:70:b2:97:c5:1b:
         f8:a7:81:01:65:a7:e6:3d:cf:e8:e6:3c:02:52:67:30:19:3c:
         01:a2:0f:06:bc:d5:f7:21:1c:ff:87:6d:ee:20:59:a3:5a:2e:
         a0:86:77:41:ba:79:b3:28:e5:40:29:f9:47:67:55:c9:96:bf:
         60:ac:7a:86:9d:44:c3:81:10:06:20:46:59:a2:77:00:c8:45:
         87:e7:4c:9b:73:7c:f6:44:af:c5:45:7d:14:36:4d:0c:84:c3:
         a8:b4:54:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIEBGC4RzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MDhhZjQ4NWI0ZmQwZjAzNzE3Y2Q0YTcwOWVmMTFjNjFkM2VmNDZlMB4XDTIyMDUy
NTA4NDUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzlkZjFkYzU5Nzcx
YWJhMGYxYjE5NDEyYjI2NDcyNTRiNzk5ZjlmMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJnw4nT2kW6CSmfnjeV4WvbvKTjlbGSvo2YVROCF2jJjUggh
PqV/CYtjKFA53KMTjnXnDpbHSKl3G4yDIOIHeVG8UBlRLRcHnUN5Ai7gO272AH8w
6AdiPkAbFDtaAFV/b2zViAMFXtOJ26M22X3Fv6JRlM7+70voWalJozmNdiNENGBO
KaBj9j5QZw93mxufzRM3/tSV/9Ht3XAFeUh59cEYZtA2xTxBx+q0WpPMEirUQazy
O2tss7kzEdHeX5b08iHcB44A5DjVy7RX/TxYM/bHc0Ab8vTi68np+FQnixTeJTki
nRGQNOQVfMQv0Z3Xmd7QxUymNKVutGM2PQO3DisCAwEAAaOCAkswggJHMB0GA1Ud
DgQWBBR53x3Fl3GroPGxlBKyZHJUt5n58DAfBgNVHSMEGDAWgBRAivSFtP0PA3F8
1KcJ7xHGHT70bjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FJcjBoYlQ5RHdOeGZOU25DZThSeGgwLTlHNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8x
L2VkOGR4WmR4cTZEeHNaUVNzbVJ5VkxlWi1mQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8xL1FJcjBoYlQ5RHdO
eGZOU25DZThSeGgwLTlHNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBh
BggrBgEFBQcBBwEB/wRSMFAwTgQCAAEwSAMEASWcIAMEAU1RpAMEAFZpuwMEAFZp
1wMEAFkjrQMEAFkoFQMEAF134wMEAYAALgMEAbmruAMEALmruwMEALzWjgMEALzX
JDANBgkqhkiG9w0BAQsFAAOCAQEAmnap80UeBcelKVzIz11c+fEPLQVZcMedniAN
eZCuhZs4qslmrqQZ55Bl8mlTU2qt/2s21XS5gbv7zpoRO4ttayzexOXZ75RiPJP8
R1z81WmlaObtvxCijdeKjWa/SKby14im7HOGJwg1km5DpfKBoo4LXJMPEBAyywPq
jVj5gZq5DDntu4Q4wLi8LyWGkoWKLB4Rb6Dc98X99ewJdnCyl8Ub+KeBAWWn5j3P
6OY8AlJnMBk8AaIPBrzV9yEc/4dt7iBZo1ouoIZ3Qbp5syjlQCn5R2dVyZa/YKx6
hp1Ew4EQBiBGWaJ3AMhFh+dMm3N89kSvxUV9FDZNDITDqLRUZA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:27 2024 by rpki-client on console-fra.rpki-client.org