Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/7kS7p31b80nvVAdzPAHAEFlQ5zE.roa
File:                     7kS7p31b80nvVAdzPAHAEFlQ5zE.roa (raw, json)
Hash identifier:          PwZgFZeTyfUVj1LHnygdLUukkvUUc7Iuy3GyZJOaXrE=
Subject key identifier:   EE:44:BB:A7:7D:5B:F3:49:EF:54:07:73:3C:01:C0:10:59:50:E7:31
Certificate issuer:       /CN=13b89b80186332d441bb0515c47261c5ffa0616b
Certificate serial:       03CEF7EA
Authority key identifier: 13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/7kS7p31b80nvVAdzPAHAEFlQ5zE.roa
Signing time:             Sat 01 Jan 2022 15:55:06 +0000
ROA not before:           Sat 01 Jan 2022 15:55:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39018
IP address blocks:        193.143.224.0/24 maxlen: 24
                          193.143.227.0/24 maxlen: 24
                          193.143.231.0/24 maxlen: 24
                          193.143.248.0/24 maxlen: 24
                          2a10:8f00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63895530 (0x3cef7ea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b89b80186332d441bb0515c47261c5ffa0616b
        Validity
            Not Before: Jan  1 15:55:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ee44bba77d5bf349ef5407733c01c0105950e731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bb:d3:39:d3:42:ee:80:fd:be:27:49:36:56:
                    1a:89:74:79:4d:56:17:49:db:17:3f:be:30:c4:ca:
                    57:f8:48:b2:33:3e:57:bc:aa:01:37:83:dd:7f:bd:
                    ad:83:8f:bc:42:6b:0d:46:80:6f:b6:85:0e:ef:71:
                    d5:c4:97:bd:d7:b0:ae:67:71:fe:0b:8e:f0:0b:f2:
                    a9:e1:9c:de:99:69:82:99:8b:ac:0b:36:91:ce:7c:
                    48:81:63:b5:6e:af:3e:cb:97:a0:dc:41:4f:ac:4d:
                    ef:aa:fd:69:85:9e:82:b7:c7:20:7e:31:b9:a1:9d:
                    07:74:da:5f:11:86:7d:29:bb:3a:e9:46:6e:97:92:
                    1b:f6:c8:b1:d9:27:5a:e1:e1:ec:47:6b:e6:db:1f:
                    54:6f:8a:5f:79:39:9b:39:6a:c1:d5:35:56:6b:50:
                    f7:09:47:5b:c0:69:39:0f:3b:20:01:13:a7:52:5f:
                    5f:67:a5:76:53:bb:77:3d:42:c7:bd:01:98:84:67:
                    d3:45:58:d2:d5:83:ef:f3:17:29:54:1e:f9:60:4f:
                    3c:b9:7d:bc:80:59:12:4e:dd:e8:f8:7d:86:e8:d2:
                    04:3b:b2:dc:59:37:e3:71:01:b2:d3:0e:53:aa:a3:
                    df:be:bf:c4:04:32:39:14:77:08:df:ca:59:d3:c4:
                    50:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:44:BB:A7:7D:5B:F3:49:EF:54:07:73:3C:01:C0:10:59:50:E7:31
            X509v3 Authority Key Identifier:
                keyid:13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/7kS7p31b80nvVAdzPAHAEFlQ5zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/E7ibgBhjMtRBuwUVxHJhxf-gYWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.224.0/24
                  193.143.227.0/24
                  193.143.231.0/24
                  193.143.248.0/24
                IPv6:
                  2a10:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:25:65:90:28:e4:22:16:cc:e8:8c:17:c8:11:f5:a2:c8:3e:
         05:f8:e3:47:ff:0e:3e:01:5f:7c:7f:6b:83:8a:0f:05:01:3f:
         b9:a1:84:95:c3:c6:cf:3c:7a:11:49:01:fd:e4:3d:67:2d:98:
         bc:38:84:1f:72:ba:75:a0:f2:3a:68:ba:2e:90:b6:8e:2d:ac:
         01:bc:b1:58:d0:c5:d8:cf:1f:9b:75:e5:c0:b0:1c:c6:57:8c:
         d4:90:18:eb:59:01:5c:3f:3e:29:76:ec:b0:a5:1f:f1:0d:b6:
         b1:87:56:72:2d:c2:1c:f4:c1:e4:95:a1:ec:67:91:97:54:c6:
         3f:62:a1:0d:ad:96:e1:b6:3b:b3:cf:d7:1a:35:89:ec:fc:37:
         0c:94:b4:f9:16:56:22:6b:7a:d1:f2:61:72:9b:4f:98:ee:00:
         2a:d6:64:35:24:c3:1e:6a:9e:6e:ea:30:18:e4:5b:56:b3:77:
         77:1e:86:24:96:3d:fe:cf:5f:9e:78:ce:8a:0c:5e:92:8e:28:
         7f:46:1a:55:23:97:83:99:06:fa:11:da:e0:d4:47:38:67:9d:
         3d:ad:26:ea:70:ce:e2:a1:ab:46:0a:40:c3:0a:b1:3e:73:81:
         f2:97:27:21:aa:15:80:a9:e8:f9:d7:84:ee:e3:0b:7d:23:f4:
         78:dc:21:61
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEA8736jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
M2I4OWI4MDE4NjMzMmQ0NDFiYjA1MTVjNDcyNjFjNWZmYTA2MTZiMB4XDTIyMDEw
MTE1NTUwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWU0NGJiYTc3ZDVi
ZjM0OWVmNTQwNzczM2MwMWMwMTA1OTUwZTczMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKy70znTQu6A/b4nSTZWGol0eU1WF0nbFz++MMTKV/hIsjM+
V7yqATeD3X+9rYOPvEJrDUaAb7aFDu9x1cSXvdewrmdx/guO8AvyqeGc3plpgpmL
rAs2kc58SIFjtW6vPsuXoNxBT6xN76r9aYWegrfHIH4xuaGdB3TaXxGGfSm7OulG
bpeSG/bIsdknWuHh7Edr5tsfVG+KX3k5mzlqwdU1VmtQ9wlHW8BpOQ87IAETp1Jf
X2eldlO7dz1Cx70BmIRn00VY0tWD7/MXKVQe+WBPPLl9vIBZEk7d6Ph9hujSBDuy
3Fk343EBstMOU6qj376/xAQyORR3CN/KWdPEUOMCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBTuRLunfVvzSe9UB3M8AcAQWVDnMTAfBgNVHSMEGDAWgBQTuJuAGGMy1EG7
BRXEcmHF/6BhazAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0U3aWJnQmhqTXRSQnV3VVZ4SEpoeGYtZ1lXcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2EvNmU1ZGMzLWM3ZmEtNGQzNi05MDk1LWMxOTIzMmJkYTQzMC8x
LzdrUzdwMzFiODBudlZBZHpQQUhBRUZsUTV6RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Ev
NmU1ZGMzLWM3ZmEtNGQzNi05MDk1LWMxOTIzMmJkYTQzMC8xL0U3aWJnQmhqTXRS
QnV3VVZ4SEpoeGYtZ1lXcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAMGP4AMEAMGP4wMEAMGP5wMEAMGP
+DANBAIAAjAHAwUDKhCPADANBgkqhkiG9w0BAQsFAAOCAQEAMSVlkCjkIhbM6IwX
yBH1osg+BfjjR/8OPgFffH9rg4oPBQE/uaGElcPGzzx6EUkB/eQ9Zy2YvDiEH3K6
daDyOmi6LpC2ji2sAbyxWNDF2M8fm3XlwLAcxleM1JAY61kBXD8+KXbssKUf8Q22
sYdWci3CHPTB5JWh7GeRl1TGP2KhDa2W4bY7s8/XGjWJ7Pw3DJS0+RZWImt60fJh
cptPmO4AKtZkNSTDHmqebuowGORbVrN3dx6GJJY9/s9fnnjOigxeko4of0YaVSOX
g5kG+hHa4NRHOGedPa0m6nDO4qGrRgpAwwqxPnOB8pcnIaoVgKno+deE7uMLfSP0
eNwhYQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:54 2024 by rpki-client on console-ams.rpki-client.org