Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/EiaLGZhbhLnafbv_x4hCb3o0nww.roa
File:                     EiaLGZhbhLnafbv_x4hCb3o0nww.roa (raw, json)
Hash identifier:          EMpD/lx2TWk5G/1T2+14pgN7EfdFOGc6U/zGuTdqTak=
Subject key identifier:   12:26:8B:19:98:5B:84:B9:DA:7D:BB:FF:C7:88:42:6F:7A:34:9F:0C
Certificate issuer:       /CN=9344b4879f19ee719a351463001726f686d659ef
Certificate serial:       379F7936
Authority key identifier: 93:44:B4:87:9F:19:EE:71:9A:35:14:63:00:17:26:F6:86:D6:59:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/EiaLGZhbhLnafbv_x4hCb3o0nww.roa
Signing time:             Sat 01 Jan 2022 09:58:44 +0000
ROA not before:           Sat 01 Jan 2022 09:58:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51432
IP address blocks:        185.55.208.0/22 maxlen: 32
                          217.15.160.0/20 maxlen: 32
                          2a02:22f8::/29 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 933198134 (0x379f7936)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9344b4879f19ee719a351463001726f686d659ef
        Validity
            Not Before: Jan  1 09:58:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=12268b19985b84b9da7dbbffc788426f7a349f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4d:6b:7d:46:98:aa:3c:ce:54:0d:93:e5:e3:
                    64:f7:0e:e0:f5:fc:b4:64:b1:30:b3:36:e3:18:22:
                    6c:b4:6c:84:34:46:06:2d:bf:c7:c7:87:4e:b6:51:
                    18:19:3e:fd:95:ed:f1:ea:5a:e4:d7:35:0c:07:28:
                    8e:26:b1:19:84:14:63:cb:1b:63:6d:b2:55:30:e7:
                    2a:64:57:f9:29:48:d9:8f:5b:64:24:0f:2b:ce:bd:
                    68:32:fd:22:c6:99:d6:81:ad:23:14:92:37:b0:0f:
                    52:79:73:3a:23:5b:7f:7d:cc:1f:ed:b3:b6:0e:eb:
                    a9:35:36:91:ad:30:7a:da:37:80:c0:cc:85:77:45:
                    0e:89:36:6f:43:0a:02:02:2d:81:68:ce:16:78:66:
                    d1:9c:04:63:a8:56:8b:e8:63:1a:bf:5f:38:0e:dd:
                    97:d2:2a:1b:d2:b9:af:60:fa:4a:a4:e2:9b:70:92:
                    b7:38:e7:65:e9:56:14:13:95:c8:1d:62:6a:0c:3b:
                    27:4f:f3:48:7a:2d:57:17:bf:f8:13:9f:48:82:5d:
                    c6:dc:42:07:41:f1:aa:bd:b3:39:d9:a6:9f:67:b4:
                    ed:ca:a3:9d:6d:bb:d8:6b:89:32:98:fc:72:d7:87:
                    20:03:bd:17:fc:50:25:97:94:24:02:1f:7d:d1:b0:
                    3e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:26:8B:19:98:5B:84:B9:DA:7D:BB:FF:C7:88:42:6F:7A:34:9F:0C
            X509v3 Authority Key Identifier:
                keyid:93:44:B4:87:9F:19:EE:71:9A:35:14:63:00:17:26:F6:86:D6:59:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/EiaLGZhbhLnafbv_x4hCb3o0nww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/k0S0h58Z7nGaNRRjABcm9obWWe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.208.0/22
                  217.15.160.0/20
                IPv6:
                  2a02:22f8::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:1a:2d:d0:53:eb:f0:29:4f:86:7b:b9:67:96:1e:0a:2e:88:
         7d:3f:18:21:bd:0e:3c:13:15:71:49:7d:49:8b:b8:78:7d:25:
         34:e9:df:10:5a:31:c2:a0:a9:3b:88:b1:d5:93:8e:e8:09:8d:
         72:57:9f:3b:2a:f9:ed:9e:f6:b4:8e:14:1a:d2:9b:e0:ee:a9:
         6b:3a:06:e1:55:b1:75:98:bd:5f:09:c6:7b:24:a8:1f:4b:6f:
         f7:6c:dd:ae:a1:cd:c6:d7:4e:ed:ee:45:a6:93:1b:e6:25:93:
         01:0e:16:a6:39:bb:1e:9d:17:ae:f2:df:3e:46:71:75:9b:0c:
         e1:1f:45:ca:b0:86:42:8e:64:e5:8a:5c:43:b5:fb:86:21:16:
         aa:99:07:bb:63:05:1a:dd:2c:2c:da:95:20:fb:a7:1e:31:8a:
         ad:35:97:fc:1f:fd:b1:46:3d:62:b2:50:41:9d:7d:54:ea:14:
         04:b4:50:99:c8:37:c3:0e:1f:a1:cd:dc:e4:9a:bc:74:9a:46:
         89:96:8c:a9:12:7f:d7:dd:df:2f:e0:97:da:b5:60:0f:cb:a1:
         f3:36:fe:4c:65:22:f7:9e:50:43:b2:3e:75:90:b8:e3:a7:28:
         64:ac:59:6b:8d:42:43:5e:86:1e:c6:1f:48:66:bf:ca:9e:ee:
         5a:99:0e:9e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEN595NjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MzQ0YjQ4NzlmMTllZTcxOWEzNTE0NjMwMDE3MjZmNjg2ZDY1OWVmMB4XDTIyMDEw
MTA5NTg0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTIyNjhiMTk5ODVi
ODRiOWRhN2RiYmZmYzc4ODQyNmY3YTM0OWYwYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOJNa31GmKo8zlQNk+XjZPcO4PX8tGSxMLM24xgibLRshDRG
Bi2/x8eHTrZRGBk+/ZXt8epa5Nc1DAcojiaxGYQUY8sbY22yVTDnKmRX+SlI2Y9b
ZCQPK869aDL9IsaZ1oGtIxSSN7APUnlzOiNbf33MH+2ztg7rqTU2ka0weto3gMDM
hXdFDok2b0MKAgItgWjOFnhm0ZwEY6hWi+hjGr9fOA7dl9IqG9K5r2D6SqTim3CS
tzjnZelWFBOVyB1iagw7J0/zSHotVxe/+BOfSIJdxtxCB0Hxqr2zOdmmn2e07cqj
nW272GuJMpj8cteHIAO9F/xQJZeUJAIffdGwPmcCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQSJosZmFuEudp9u//HiEJvejSfDDAfBgNVHSMEGDAWgBSTRLSHnxnucZo1
FGMAFyb2htZZ7zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2swUzBoNThaN25HYU5SUmpBQmNtOW9iV1dlOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGMvNTg1OGYxLTI5YzUtNDZlNi1hNzZkLTVhNDBlNTJjZDQ4MS8x
L0VpYUxHWmhiaExuYWZidl94NGhDYjNvMG53dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMv
NTg1OGYxLTI5YzUtNDZlNi1hNzZkLTVhNDBlNTJjZDQ4MS8xL2swUzBoNThaN25H
YU5SUmpBQmNtOW9iV1dlOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArk30AMEBNkPoDANBAIAAjAHAwUD
KgIi+DANBgkqhkiG9w0BAQsFAAOCAQEAHhot0FPr8ClPhnu5Z5YeCi6IfT8YIb0O
PBMVcUl9SYu4eH0lNOnfEFoxwqCpO4ix1ZOO6AmNclefOyr57Z72tI4UGtKb4O6p
azoG4VWxdZi9XwnGeySoH0tv92zdrqHNxtdO7e5FppMb5iWTAQ4Wpjm7Hp0XrvLf
PkZxdZsM4R9FyrCGQo5k5YpcQ7X7hiEWqpkHu2MFGt0sLNqVIPunHjGKrTWX/B/9
sUY9YrJQQZ19VOoUBLRQmcg3ww4foc3c5Jq8dJpGiZaMqRJ/193fL+CX2rVgD8uh
8zb+TGUi955QQ7I+dZC446coZKxZa41CQ16GHsYfSGa/yp7uWpkOng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:38 2024 by rpki-client on console-fra.rpki-client.org