Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/gmuCmb_kpG9UCxe4cgg7G5BLeeY.roa
File:                     gmuCmb_kpG9UCxe4cgg7G5BLeeY.roa (raw, json)
Hash identifier:          koV9256UhAUX4KfNDqTZ0ZkhXbx2/e8w+ot1dx99/Uw=
Subject key identifier:   82:6B:82:99:BF:E4:A4:6F:54:0B:17:B8:72:08:3B:1B:90:4B:79:E6
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       0183591DD3DEF1AD7C4A3690BE536654BA44
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/gmuCmb_kpG9UCxe4cgg7G5BLeeY.roa
Signing time:             Tue 20 Sep 2022 04:17:50 +0000
ROA not before:           Tue 20 Sep 2022 04:17:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        185.104.43.0/24 maxlen: 24
                          185.104.40.0/24 maxlen: 24
                          185.101.168.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:59:1d:d3:de:f1:ad:7c:4a:36:90:be:53:66:54:ba:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: Sep 20 04:17:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=826b8299bfe4a46f540b17b872083b1b904b79e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e1:27:f1:68:96:24:fb:48:06:d4:58:78:94:
                    37:16:b2:7d:e8:bf:8a:39:6f:cd:1c:fb:d5:f2:5c:
                    a4:67:52:f6:04:0b:e8:8e:19:ec:92:f1:1d:1c:69:
                    b4:44:3e:d9:db:7a:3a:98:cf:4f:07:ee:89:ec:8c:
                    a6:a1:60:27:69:14:6e:4a:01:0f:76:4d:14:03:bc:
                    66:70:d6:8a:a5:9b:92:ab:02:e9:0a:e4:e0:06:d8:
                    45:11:95:65:79:d2:9d:99:73:d4:56:20:34:49:52:
                    f7:40:45:f1:31:d5:a8:d6:91:63:39:83:7c:69:5d:
                    b6:de:d7:76:0c:6b:e6:22:a2:b9:8e:33:e4:b6:84:
                    fd:0a:3b:25:82:a8:0a:36:54:9f:4a:e7:90:6b:1a:
                    8c:a8:20:ff:27:6f:59:19:0e:85:b2:26:bc:58:74:
                    54:8c:cc:4d:55:19:1f:35:d7:83:e5:cf:64:73:db:
                    8f:e6:b0:55:be:42:81:a6:d3:ae:6e:e9:0e:06:59:
                    a6:c8:f0:9f:11:49:1e:e9:07:0a:15:c3:40:11:14:
                    7b:a6:42:c1:8c:04:af:37:ca:0d:1d:0b:ef:9f:90:
                    33:6a:29:d1:c3:3f:47:03:77:2f:ce:60:c2:cd:d1:
                    33:fd:42:7b:66:27:75:d8:db:81:38:98:93:f5:61:
                    c1:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:6B:82:99:BF:E4:A4:6F:54:0B:17:B8:72:08:3B:1B:90:4B:79:E6
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/gmuCmb_kpG9UCxe4cgg7G5BLeeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.168.0/22
                  185.104.40.0/24
                  185.104.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:ad:90:5d:d1:bc:e9:b5:a2:0b:47:a3:b9:69:a9:f5:7c:3b:
         b9:c5:05:54:ce:f2:50:2b:61:e2:4c:2e:e8:3e:ed:ae:ed:3c:
         bb:e8:d1:9a:16:75:b4:cc:4f:12:75:fc:2f:65:f0:e7:c8:4d:
         ea:a3:dd:4c:f0:1e:d2:de:d4:a5:12:0d:b4:f8:0b:73:6a:62:
         0b:66:12:7e:8d:b2:d9:83:5c:dc:65:39:7c:cc:58:aa:97:80:
         7e:8c:6c:a2:36:bd:e6:06:66:9c:cd:22:69:dc:d6:66:a3:99:
         f3:ce:67:c2:da:46:f6:64:00:85:6a:93:fa:f1:d7:ef:ba:4f:
         5c:1d:53:38:3a:7e:04:02:dc:62:c3:b0:1c:e9:ce:c9:81:6c:
         45:ff:4e:b0:b0:8c:ae:29:05:06:88:27:b1:d3:41:8d:80:95:
         95:3c:6e:4f:3d:53:7c:fc:bc:48:a1:d6:d9:37:0f:28:e0:a9:
         27:1f:2e:2f:56:af:d5:84:8f:9b:dc:8e:07:f7:07:f6:0c:6b:
         af:b2:ef:49:34:29:6e:c6:47:60:33:04:07:bb:ba:06:fd:c2:
         6f:45:ca:84:19:9c:80:51:7d:ec:3e:a5:2f:dd:d8:9a:54:cf:
         0c:38:b8:94:51:ec:ca:2f:57:cc:30:37:c0:d4:fd:c3:32:d4:
         44:69:ea:2c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYNZHdPe8a18SjaQvlNmVLpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjIwOTIwMDQxNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjZiODI5OWJmZTRhNDZmNTQwYjE3Yjg3MjA4M2IxYjkwNGI3OWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+En8WiWJPtIBtRYeJQ3FrJ96L+K
OW/NHPvV8lykZ1L2BAvojhnskvEdHGm0RD7Z23o6mM9PB+6J7IymoWAnaRRuSgEP
dk0UA7xmcNaKpZuSqwLpCuTgBthFEZVledKdmXPUViA0SVL3QEXxMdWo1pFjOYN8
aV223td2DGvmIqK5jjPktoT9CjslgqgKNlSfSueQaxqMqCD/J29ZGQ6Fsia8WHRU
jMxNVRkfNdeD5c9kc9uP5rBVvkKBptOubukOBlmmyPCfEUke6QcKFcNAERR7pkLB
jASvN8oNHQvvn5AzainRwz9HA3cvzmDCzdEz/UJ7Zid12NuBOJiT9WHBAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIJrgpm/5KRvVAsXuHIIOxuQS3nmMB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvZ211Q21iX2twRzlVQ3hlNGNnZzdHNUJMZWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuWWoAwQA
uWgoAwQAuWgrMA0GCSqGSIb3DQEBCwUAA4IBAQAcrZBd0bzptaILR6O5aan1fDu5
xQVUzvJQK2HiTC7oPu2u7Ty76NGaFnW0zE8SdfwvZfDnyE3qo91M8B7S3tSlEg20
+AtzamILZhJ+jbLZg1zcZTl8zFiql4B+jGyiNr3mBmaczSJp3NZmo5nzzmfC2kb2
ZACFapP68dfvuk9cHVM4On4EAtxiw7Ac6c7JgWxF/06wsIyuKQUGiCex00GNgJWV
PG5PPVN8/LxIodbZNw8o4KknHy4vVq/VhI+b3I4H9wf2DGuvsu9JNCluxkdgMwQH
u7oG/cJvRcqEGZyAUX3sPqUv3diaVM8MOLiUUezKL1fMMDfA1P3DMtREaeos
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:04 2024 by rpki-client on console-ams.rpki-client.org