Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/FDj9LGZNr5hMcHwa1NqDJtQxqV0.roa
File:                     FDj9LGZNr5hMcHwa1NqDJtQxqV0.roa (raw, json)
Hash identifier:          asuXg5aGNQVHZQG9+tr5AXdQyfAEmU0eZVscZ75hhew=
Subject key identifier:   14:38:FD:2C:66:4D:AF:98:4C:70:7C:1A:D4:DA:83:26:D4:31:A9:5D
Certificate issuer:       /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial:       05CD9D17
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/FDj9LGZNr5hMcHwa1NqDJtQxqV0.roa
Signing time:             Sat 01 Jan 2022 02:59:18 +0000
ROA not before:           Sat 01 Jan 2022 02:59:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56971
IP address blocks:        45.156.20.0/22 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 97361175 (0x5cd9d17)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
        Validity
            Not Before: Jan  1 02:59:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1438fd2c664daf984c707c1ad4da8326d431a95d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3e:2e:81:fb:66:5c:a9:a8:07:35:fc:16:27:
                    6c:ad:f4:92:bb:12:4d:69:ab:a2:e6:16:59:4b:ae:
                    0b:ba:9d:78:52:95:d8:5f:2a:5c:2a:c8:e0:05:95:
                    1f:91:af:f0:f1:5f:5c:78:14:74:7e:b3:46:2f:dd:
                    da:b2:50:99:d1:4d:2b:a7:52:bb:e4:b6:b3:63:b6:
                    9b:66:2a:0b:70:f8:02:bf:12:2b:62:cc:06:e2:16:
                    e3:1d:32:53:2f:af:73:52:8f:75:bc:72:72:d8:fe:
                    2f:83:e7:71:d5:18:1e:bb:88:0c:c3:1e:b6:bf:c4:
                    c6:2f:e2:f6:f4:76:6a:d4:65:2a:e1:dc:f0:28:8a:
                    9f:c6:bc:03:cb:36:ff:11:af:e8:c1:41:5a:dc:4c:
                    f1:c0:2f:0c:21:7a:21:91:99:7b:61:33:b8:ba:04:
                    67:48:eb:06:23:e2:36:d9:51:c8:1e:07:63:bf:d7:
                    05:b2:82:c2:52:64:1a:ca:5d:69:c5:e9:dc:2f:3e:
                    8e:8e:c7:c9:c4:bb:a7:95:b4:d1:5e:0a:04:96:0d:
                    3a:e5:e5:91:f0:c2:9e:83:23:26:ec:c8:8a:de:f4:
                    49:7c:5a:7e:a8:6f:2f:87:18:c1:87:95:74:a3:0c:
                    57:91:4c:26:76:ad:89:84:ec:d0:99:87:55:47:21:
                    85:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:38:FD:2C:66:4D:AF:98:4C:70:7C:1A:D4:DA:83:26:D4:31:A9:5D
            X509v3 Authority Key Identifier:
                keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/FDj9LGZNr5hMcHwa1NqDJtQxqV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:22:08:1b:10:05:30:92:bb:f5:6a:8d:d4:80:4b:46:b1:5d:
         1c:27:a9:d1:35:6f:02:fa:bb:ef:19:a1:4c:a9:f0:7e:61:f3:
         58:1b:db:1d:f8:07:5e:2c:90:95:a1:af:7b:f6:9e:f4:72:54:
         d7:93:aa:8e:c1:61:a6:76:c6:8f:92:45:d7:6a:63:08:e3:12:
         e3:1e:43:a2:12:9e:12:19:a4:5a:5f:5c:ea:66:bc:3e:db:dc:
         d0:68:86:26:c9:30:b8:32:2a:1b:46:2b:c7:2b:96:f2:91:c8:
         53:da:61:3a:e4:fc:89:30:85:ca:a1:2e:55:1e:96:3a:62:71:
         bb:11:3a:da:06:9c:cb:2c:ae:ae:45:7a:c6:c1:23:e5:57:a4:
         88:27:2d:91:23:34:c8:a6:2e:dd:d6:69:41:29:91:f1:34:a0:
         84:b0:94:c5:80:b4:c9:e3:c0:e0:44:83:74:0c:27:d2:63:a2:
         75:bb:92:6e:5f:4b:bf:12:0b:85:6f:4d:f5:a9:9d:8b:78:30:
         ed:cb:47:f4:44:2e:8b:42:77:da:47:4d:bc:fa:b7:47:ff:f3:
         cc:66:36:d0:42:6b:9e:55:bd:e9:33:fd:2c:85:29:b0:b0:88:
         9d:17:5f:5d:db:d3:60:54:de:01:8e:ba:e6:22:94:3e:5c:bd:
         35:93:8f:22
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBc2dFzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MWI4YmJiMWUxODZhNTk5ZDRjYzA1OGNhYmY0ZGYwZTI1MmYzMWZhMB4XDTIyMDEw
MTAyNTkxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTQzOGZkMmM2NjRk
YWY5ODRjNzA3YzFhZDRkYTgzMjZkNDMxYTk1ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKQ+LoH7ZlypqAc1/BYnbK30krsSTWmrouYWWUuuC7qdeFKV
2F8qXCrI4AWVH5Gv8PFfXHgUdH6zRi/d2rJQmdFNK6dSu+S2s2O2m2YqC3D4Ar8S
K2LMBuIW4x0yUy+vc1KPdbxyctj+L4PncdUYHruIDMMetr/Exi/i9vR2atRlKuHc
8CiKn8a8A8s2/xGv6MFBWtxM8cAvDCF6IZGZe2EzuLoEZ0jrBiPiNtlRyB4HY7/X
BbKCwlJkGspdacXp3C8+jo7HycS7p5W00V4KBJYNOuXlkfDCnoMjJuzIit70SXxa
fqhvL4cYwYeVdKMMV5FMJnatiYTs0JmHVUchhaUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQUOP0sZk2vmExwfBrU2oMm1DGpXTAfBgNVHSMEGDAWgBTxuLux4YalmdTM
BYyr9N8OJS8x+jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhiaTdzZUdHcFpuVXpBV01xX1RmRGlVdk1mby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGYvMzIxZWE2LWVmZjctNDUxNC1hYjJkLTViNGI4NWZkNWFlNS8x
L0ZEajlMR1pOcjVoTWNId2ExTnFESnRReHFWMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYv
MzIxZWE2LWVmZjctNDUxNC1hYjJkLTViNGI4NWZkNWFlNS8xLzhiaTdzZUdHcFpu
VXpBV01xX1RmRGlVdk1mby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2cFDANBgkqhkiG9w0BAQsFAAOC
AQEALyIIGxAFMJK79WqN1IBLRrFdHCep0TVvAvq77xmhTKnwfmHzWBvbHfgHXiyQ
laGve/ae9HJU15OqjsFhpnbGj5JF12pjCOMS4x5DohKeEhmkWl9c6ma8Ptvc0GiG
JskwuDIqG0YrxyuW8pHIU9phOuT8iTCFyqEuVR6WOmJxuxE62gacyyyurkV6xsEj
5VekiCctkSM0yKYu3dZpQSmR8TSghLCUxYC0yePA4ESDdAwn0mOidbuSbl9LvxIL
hW9N9amdi3gw7ctH9EQui0J32kdNvPq3R//zzGY20EJrnlW96TP9LIUpsLCInRdf
XdvTYFTeAY665iKUPly9NZOPIg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:00 2024 by rpki-client on console-fra.rpki-client.org