Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/GYSi-bjVwAKiB5-yFi0K91DJXkU.roa
File:                     GYSi-bjVwAKiB5-yFi0K91DJXkU.roa (raw, json)
Hash identifier:          ZN/IHBPb8U/nOJ6KCk9AqHl5axqOEi4mZsblkR/tBwI=
Subject key identifier:   19:84:A2:F9:B8:D5:C0:02:A2:07:9F:B2:16:2D:0A:F7:50:C9:5E:45
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       018350942113CC936078B5AE3B97D0691940
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/GYSi-bjVwAKiB5-yFi0K91DJXkU.roa
Signing time:             Sun 18 Sep 2022 12:30:28 +0000
ROA not before:           Sun 18 Sep 2022 12:30:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209737
IP address blocks:        166.108.164.0/22 maxlen: 24
                          166.108.196.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:50:94:21:13:cc:93:60:78:b5:ae:3b:97:d0:69:19:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Sep 18 12:30:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1984a2f9b8d5c002a2079fb2162d0af750c95e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:84:b5:5d:d9:6b:ce:fd:99:59:57:e2:0b:a2:
                    31:66:36:00:fc:23:e2:ad:da:95:6e:cb:17:68:09:
                    e1:54:69:07:ee:4e:69:a8:54:ec:6b:85:cc:67:98:
                    23:53:9c:ce:82:0a:2d:97:eb:98:42:0d:10:8b:3c:
                    51:98:b1:13:37:1f:94:84:83:ea:e7:01:83:aa:c0:
                    51:31:5a:19:23:c3:91:27:fe:47:cf:3b:3a:78:45:
                    38:c6:22:7a:53:a7:54:98:8b:0f:a6:78:41:89:49:
                    9c:14:7c:f6:6b:f9:66:fd:1c:ea:30:ed:2e:53:2b:
                    f6:89:4d:fb:76:94:45:45:98:b9:fc:49:cc:95:71:
                    9e:15:0a:be:7e:3b:93:c7:6e:d5:eb:ff:90:6b:bd:
                    f3:3a:52:5a:59:5b:2e:b1:78:8d:39:26:50:96:2d:
                    01:6f:5c:50:a7:41:d3:9a:49:5c:c7:b3:f1:49:00:
                    78:43:95:5e:b8:ac:42:6e:2c:21:f2:2d:a3:8c:b7:
                    7e:a3:48:e6:1f:15:d9:6c:25:3b:7b:58:38:9d:5b:
                    54:e0:b2:3e:0e:2b:15:c0:ba:2d:62:56:96:c5:29:
                    46:17:26:15:c2:27:15:de:36:2c:c0:cc:8b:e5:83:
                    05:d4:4b:1a:cd:cd:03:bd:a0:3c:21:34:93:75:43:
                    4b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:84:A2:F9:B8:D5:C0:02:A2:07:9F:B2:16:2D:0A:F7:50:C9:5E:45
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/GYSi-bjVwAKiB5-yFi0K91DJXkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.164.0/22
                  166.108.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:df:3a:ec:5d:ad:07:65:e4:51:ee:cb:13:ee:31:4e:de:86:
         bc:8a:bc:ab:09:84:0e:9e:13:4b:e8:1f:c8:12:b7:be:fa:02:
         d8:63:88:51:be:f9:68:e9:4b:73:5a:2d:64:ea:64:0c:97:db:
         c8:11:d3:3b:c4:32:8e:e4:48:a0:04:d1:bf:8e:b8:50:e1:96:
         7a:18:75:91:aa:cc:99:14:76:8c:5f:3f:64:51:e8:32:0e:68:
         a8:e5:30:fc:c5:a1:5b:bc:c0:9e:cd:74:a7:84:58:35:38:17:
         ab:a2:16:37:97:a5:ec:2c:75:b7:4c:4e:e5:2d:74:a5:b3:1b:
         1b:01:9d:32:9c:7d:e4:5f:2f:97:d5:fd:19:e1:d6:bb:12:93:
         d4:ff:9e:8f:98:7a:47:24:f1:51:69:eb:d5:f5:70:e7:cc:30:
         dc:dc:a2:52:d3:c8:73:10:92:a5:53:27:d1:bf:1f:a9:62:98:
         92:64:f5:ca:b7:25:76:2f:24:fe:2d:0d:36:31:71:e1:ad:39:
         c4:d9:dc:58:c1:30:7c:fe:23:66:76:57:ab:08:66:0c:09:cd:
         7a:59:2a:00:b6:39:7e:d1:c2:74:f0:7e:0b:93:0c:17:44:ed:
         51:de:43:5f:9a:ba:ba:2a:eb:10:9d:99:cc:68:1c:8f:3f:00:
         65:4a:ef:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYNQlCETzJNgeLWuO5fQaRlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIwOTE4MTIzMDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg0YTJmOWI4ZDVjMDAyYTIwNzlmYjIxNjJkMGFmNzUwYzk1ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIS1Xdlrzv2ZWVfiC6IxZjYA/CPi
rdqVbssXaAnhVGkH7k5pqFTsa4XMZ5gjU5zOggotl+uYQg0QizxRmLETNx+UhIPq
5wGDqsBRMVoZI8ORJ/5Hzzs6eEU4xiJ6U6dUmIsPpnhBiUmcFHz2a/lm/RzqMO0u
Uyv2iU37dpRFRZi5/EnMlXGeFQq+fjuTx27V6/+Qa73zOlJaWVsusXiNOSZQli0B
b1xQp0HTmklcx7PxSQB4Q5VeuKxCbiwh8i2jjLd+o0jmHxXZbCU7e1g4nVtU4LI+
DisVwLotYlaWxSlGFyYVwicV3jYswMyL5YMF1Esazc0DvaA8ITSTdUNL4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBmEovm41cACogefshYtCvdQyV5FMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvR1lTaS1ialZ3QUtpQjUteUZpMEs5MURKWGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCpmykAwQC
pmzEMA0GCSqGSIb3DQEBCwUAA4IBAQBO3zrsXa0HZeRR7ssT7jFO3oa8iryrCYQO
nhNL6B/IEre++gLYY4hRvvlo6UtzWi1k6mQMl9vIEdM7xDKO5EigBNG/jrhQ4ZZ6
GHWRqsyZFHaMXz9kUegyDmio5TD8xaFbvMCezXSnhFg1OBerohY3l6XsLHW3TE7l
LXSlsxsbAZ0ynH3kXy+X1f0Z4da7EpPU/56PmHpHJPFRaevV9XDnzDDc3KJS08hz
EJKlUyfRvx+pYpiSZPXKtyV2LyT+LQ02MXHhrTnE2dxYwTB8/iNmdlerCGYMCc16
WSoAtjl+0cJ08H4LkwwXRO1R3kNfmrq6KusQnZnMaByPPwBlSu9U
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:46 2024 by rpki-client on console-fra.rpki-client.org