Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/k37hLWGtyHOY7AR9I_EtIyMuFxo.roa
File:                     k37hLWGtyHOY7AR9I_EtIyMuFxo.roa (raw, json)
Hash identifier:          32eQRx9/5Mp1a6CFMi3pydyp+uuPwCJRb8OaULsYRRI=
Subject key identifier:   93:7E:E1:2D:61:AD:C8:73:98:EC:04:7D:23:F1:2D:23:23:2E:17:1A
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       0595C8E9
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/k37hLWGtyHOY7AR9I_EtIyMuFxo.roa
Signing time:             Fri 13 May 2022 11:37:40 +0000
ROA not before:           Fri 13 May 2022 11:37:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211975
IP address blocks:        185.104.40.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 93702377 (0x595c8e9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: May 13 11:37:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=937ee12d61adc87398ec047d23f12d23232e171a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:40:0d:d3:b1:e5:2d:b4:f5:f3:cc:f0:3d:c1:
                    b6:24:ca:c4:50:61:3e:57:91:74:ca:97:9e:89:70:
                    8c:b6:70:48:6b:90:c0:c5:4a:e8:06:21:eb:2f:ef:
                    04:39:4a:98:88:d0:97:b0:46:98:08:88:41:c9:ab:
                    e6:a8:b7:3a:3a:af:66:c7:9c:08:de:ef:5e:c6:eb:
                    b2:c4:22:08:ac:99:31:06:3e:61:17:ed:be:e4:05:
                    ab:1a:22:84:d2:a5:fc:e0:be:a7:08:a4:24:8b:c2:
                    28:a2:9b:91:af:f9:04:3a:23:99:7d:65:34:64:b6:
                    9e:92:05:4b:af:18:cb:98:f0:14:ec:40:27:4b:86:
                    50:3f:65:b4:56:a4:23:9e:4f:46:a8:50:33:1c:a9:
                    88:ee:28:5c:35:df:3e:ef:a5:e7:5a:29:c4:4e:d4:
                    88:05:7f:e3:03:81:91:76:1e:0c:5a:4e:2e:51:af:
                    2d:f3:73:0f:7d:16:39:05:03:db:6d:36:21:4e:8a:
                    8c:35:14:de:13:62:eb:d8:86:66:f5:9b:f6:ff:7f:
                    0e:cb:d1:17:bd:7e:ff:3a:2a:d8:42:7a:51:7a:4e:
                    4a:ad:94:6d:fb:29:cd:f8:bc:93:ab:24:13:0a:ec:
                    3c:06:b9:04:7e:74:70:5a:73:a6:9b:51:3c:25:96:
                    d4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:7E:E1:2D:61:AD:C8:73:98:EC:04:7D:23:F1:2D:23:23:2E:17:1A
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/k37hLWGtyHOY7AR9I_EtIyMuFxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:76:a7:88:c0:20:b9:d7:81:da:11:33:67:f5:76:df:cd:e1:
         64:0c:11:cb:6c:2d:60:d3:fd:6f:23:33:26:76:2f:1e:cb:8a:
         f9:ed:5f:23:9f:6c:66:7d:59:c7:81:37:8c:b7:f4:af:41:be:
         43:b9:ac:fa:5d:e1:ae:2c:5b:92:23:f6:c5:4a:97:af:45:e8:
         3e:a6:de:89:57:53:97:05:f5:b8:8b:0d:3d:99:8c:bc:04:4d:
         ca:01:64:87:a7:66:31:5d:c4:5c:84:dd:43:c8:28:e0:20:24:
         fe:72:1e:59:c4:44:c4:f2:e7:56:e1:cb:0a:3a:90:71:44:ff:
         d6:b4:56:a1:24:6b:fd:77:0a:38:7f:bd:03:29:c7:f5:ba:78:
         54:4a:05:7c:79:63:52:ae:5f:04:a0:f3:86:16:c3:e4:9c:6e:
         18:44:ed:1d:c8:63:37:7d:f9:35:61:68:37:90:24:84:f0:79:
         da:27:0d:3e:d0:04:7d:12:59:25:b0:d3:42:2e:5c:62:95:0a:
         59:3e:9c:da:f2:1e:de:0f:c6:32:51:41:f3:0b:62:a4:38:96:
         61:7b:c2:34:43:6d:a2:8d:d0:f5:8b:69:7e:e4:88:23:90:f6:
         a5:03:b5:cd:23:3f:29:89:b2:6e:cd:81:cc:c5:4c:aa:dc:fd:
         25:d4:ae:2a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBZXI6TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NDFmZGM3YTJmMTFhNTc2NmQzYWQ3YmRmNjI1Y2U1ZTExOWE4ZmRmMB4XDTIyMDUx
MzExMzc0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTM3ZWUxMmQ2MWFk
Yzg3Mzk4ZWMwNDdkMjNmMTJkMjMyMzJlMTcxYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL5ADdOx5S209fPM8D3BtiTKxFBhPleRdMqXnolwjLZwSGuQ
wMVK6AYh6y/vBDlKmIjQl7BGmAiIQcmr5qi3OjqvZsecCN7vXsbrssQiCKyZMQY+
YRftvuQFqxoihNKl/OC+pwikJIvCKKKbka/5BDojmX1lNGS2npIFS68Yy5jwFOxA
J0uGUD9ltFakI55PRqhQMxypiO4oXDXfPu+l51opxE7UiAV/4wOBkXYeDFpOLlGv
LfNzD30WOQUD2202IU6KjDUU3hNi69iGZvWb9v9/DsvRF71+/zoq2EJ6UXpOSq2U
bfspzfi8k6skEwrsPAa5BH50cFpzpptRPCWW1G8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSTfuEtYa3Ic5jsBH0j8S0jIy4XGjAfBgNVHSMEGDAWgBRUH9x6LxGldm06
1732Jc5eEZqP3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZCX2NlaThScFhadE90ZTk5aVhPWGhHYWo5OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGQvOGZhZDY3LWJiNmItNDc3My1iODFlLWM5MDBhODlmMjBmMS8x
L2szN2hMV0d0eUhPWTdBUjlJX0V0SXlNdUZ4by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQv
OGZhZDY3LWJiNmItNDc3My1iODFlLWM5MDBhODlmMjBmMS8xL1ZCX2NlaThScFha
dE90ZTk5aVhPWGhHYWo5OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALloKDANBgkqhkiG9w0BAQsFAAOC
AQEArXaniMAgudeB2hEzZ/V2383hZAwRy2wtYNP9byMzJnYvHsuK+e1fI59sZn1Z
x4E3jLf0r0G+Q7ms+l3hrixbkiP2xUqXr0XoPqbeiVdTlwX1uIsNPZmMvARNygFk
h6dmMV3EXITdQ8go4CAk/nIeWcRExPLnVuHLCjqQcUT/1rRWoSRr/XcKOH+9AynH
9bp4VEoFfHljUq5fBKDzhhbD5JxuGETtHchjN335NWFoN5AkhPB52icNPtAEfRJZ
JbDTQi5cYpUKWT6c2vIe3g/GMlFB8wtipDiWYXvCNENtoo3Q9YtpfuSII5D2pQO1
zSM/KYmybs2BzMVMqtz9JdSuKg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:47 2024 by rpki-client on console-fra.rpki-client.org