Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/QiQOMMSruyyh1-ZB0a30iwFnSp0.roa
File:                     QiQOMMSruyyh1-ZB0a30iwFnSp0.roa (raw, json)
Hash identifier:          JOWu1vkBbaQZma6v0TwJHRMxV8CFhoTCU76jc6+C2MQ=
Subject key identifier:   42:24:0E:30:C4:AB:BB:2C:A1:D7:E6:41:D1:AD:F4:8B:01:67:4A:9D
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0189F43F7A3CAEF4C024C5D9FCA3B058AED0
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/QiQOMMSruyyh1-ZB0a30iwFnSp0.roa
Signing time:             Mon 14 Aug 2023 13:32:27 +0000
ROA not before:           Mon 14 Aug 2023 13:32:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29802
IP address blocks:        95.82.32.0/21 maxlen: 21
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f4:3f:7a:3c:ae:f4:c0:24:c5:d9:fc:a3:b0:58:ae:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug 14 13:32:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=42240e30c4abbb2ca1d7e641d1adf48b01674a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:69:0f:33:a0:ca:d3:ad:5d:ee:2d:99:20:c5:
                    ea:35:83:03:b1:f8:b5:cc:24:de:d1:a4:fa:bd:d6:
                    15:0a:c7:f1:ed:7f:5b:f8:96:3e:9e:97:14:01:01:
                    ed:f7:67:7f:5e:0e:2a:db:2f:fa:4d:f7:d7:16:aa:
                    47:b0:83:05:72:96:ac:4c:3d:53:0f:e4:c8:d4:da:
                    fa:ef:7e:b1:40:8c:61:f2:28:4c:a8:e7:b7:01:e4:
                    64:32:64:a0:fb:44:49:d9:5c:35:ba:4c:cf:ea:c1:
                    85:4a:02:d3:94:4c:33:78:d8:1b:85:f6:4f:df:89:
                    0e:93:38:5f:28:08:3c:d4:b9:50:bb:31:16:7d:c3:
                    ff:e6:6a:12:a9:a2:13:05:70:cb:61:9b:4a:a5:09:
                    43:d8:09:b5:da:21:a2:f3:ae:4d:01:1a:55:52:ee:
                    f3:1a:00:a5:43:84:b4:f7:1e:b6:5c:1c:53:6f:58:
                    b4:b5:1f:00:48:7f:0d:87:a3:11:f0:e7:59:4b:44:
                    ce:2f:73:4d:32:2e:eb:1f:9a:a1:3c:51:c5:84:ba:
                    10:6d:74:e3:4c:ea:c8:e6:57:ac:b8:3b:03:13:75:
                    4e:ff:48:f5:2e:74:2c:6c:85:3c:5d:96:9d:ce:3e:
                    7a:0d:ed:76:c1:66:9f:c8:17:2c:bd:55:eb:c1:82:
                    48:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:24:0E:30:C4:AB:BB:2C:A1:D7:E6:41:D1:AD:F4:8B:01:67:4A:9D
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/QiQOMMSruyyh1-ZB0a30iwFnSp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.82.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         01:51:26:9a:f8:93:d0:73:0f:59:a0:83:f8:8e:27:af:3f:b1:
         79:77:44:6c:77:e2:0b:26:9e:7f:ec:26:7a:b0:06:08:e2:88:
         b1:18:19:ab:ea:81:3a:7a:69:63:57:5f:a3:09:b7:66:1f:a2:
         48:8f:76:8f:b2:09:39:bd:d0:8f:bd:96:55:0d:26:fa:5b:56:
         23:a0:5d:a1:74:aa:13:d8:d3:21:91:cf:7c:11:7a:c2:a4:c1:
         b0:27:4c:d2:f4:81:bc:28:6c:4a:e2:c8:d1:83:f5:93:3a:39:
         ac:89:63:d4:0c:cb:14:a8:bc:28:e0:df:e3:bc:4e:1d:27:38:
         cf:0f:7e:06:9e:10:76:46:2a:af:5b:99:a0:0e:3b:92:51:c7:
         f1:43:a0:47:b6:71:fe:e9:d5:3e:2f:e7:5f:a9:23:42:e2:0f:
         6c:e4:bc:af:ed:9f:d0:53:e3:d1:7c:df:be:59:bc:49:3c:44:
         ae:15:b4:33:b4:19:aa:e0:d5:a8:91:63:da:d5:73:a0:be:a1:
         96:e7:e3:7d:56:77:c8:90:47:ad:99:fd:2a:58:90:42:c2:73:
         04:f0:5e:cd:94:9a:fc:63:a7:6d:d1:2b:aa:e5:22:51:04:9d:
         d2:5c:e9:9f:fa:46:3e:21:74:c8:6a:7d:ea:b5:b3:a5:38:13:
         cd:b0:1e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYn0P3o8rvTAJMXZ/KOwWK7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwODE0MTMzMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjI0MGUzMGM0YWJiYjJjYTFkN2U2NDFkMWFkZjQ4YjAxNjc0YTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmkPM6DK061d7i2ZIMXqNYMDsfi1
zCTe0aT6vdYVCsfx7X9b+JY+npcUAQHt92d/Xg4q2y/6TffXFqpHsIMFcpasTD1T
D+TI1Nr6736xQIxh8ihMqOe3AeRkMmSg+0RJ2Vw1ukzP6sGFSgLTlEwzeNgbhfZP
34kOkzhfKAg81LlQuzEWfcP/5moSqaITBXDLYZtKpQlD2Am12iGi865NARpVUu7z
GgClQ4S09x62XBxTb1i0tR8ASH8Nh6MR8OdZS0TOL3NNMi7rH5qhPFHFhLoQbXTj
TOrI5lesuDsDE3VO/0j1LnQsbIU8XZadzj56De12wWafyBcsvVXrwYJIEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIkDjDEq7ssodfmQdGt9IsBZ0qdMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvUWlRT01NU3J1eXloMS1aQjBhMzBpd0ZuU3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX1IgMA0G
CSqGSIb3DQEBCwUAA4IBAQABUSaa+JPQcw9ZoIP4jievP7F5d0Rsd+ILJp5/7CZ6
sAYI4oixGBmr6oE6emljV1+jCbdmH6JIj3aPsgk5vdCPvZZVDSb6W1YjoF2hdKoT
2NMhkc98EXrCpMGwJ0zS9IG8KGxK4sjRg/WTOjmsiWPUDMsUqLwo4N/jvE4dJzjP
D34GnhB2RiqvW5mgDjuSUcfxQ6BHtnH+6dU+L+dfqSNC4g9s5Lyv7Z/QU+PRfN++
WbxJPESuFbQztBmq4NWokWPa1XOgvqGW5+N9VnfIkEetmf0qWJBCwnME8F7NlJr8
Y6dt0Suq5SJRBJ3SXOmf+kY+IXTIan3qtbOlOBPNsB6G
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:19:22 2025 by rpki-client