Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Qr3DVUzfaL6XmbWFJQVSxpQKFjM.roa
File:                     Qr3DVUzfaL6XmbWFJQVSxpQKFjM.roa (raw, json)
Hash identifier:          qZ/jLeSke9vn9mwUQcYLhuOCQieJ6vsjnOngNqaabpo=
Subject key identifier:   42:BD:C3:55:4C:DF:68:BE:97:99:B5:85:25:05:52:C6:94:0A:16:33
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018337A0D5714805E400B18FDF9FB0F033CB
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Qr3DVUzfaL6XmbWFJQVSxpQKFjM.roa
Signing time:             Tue 13 Sep 2022 16:13:50 +0000
ROA not before:           Tue 13 Sep 2022 16:13:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     26548
IP address blocks:        193.56.64.0/24 maxlen: 24
                          193.56.65.0/24 maxlen: 24
                          193.56.66.0/24 maxlen: 24
                          193.56.72.0/24 maxlen: 24
                          193.56.73.0/24 maxlen: 24
                          193.56.74.0/24 maxlen: 24
                          213.166.76.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:37:a0:d5:71:48:05:e4:00:b1:8f:df:9f:b0:f0:33:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Sep 13 16:13:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=42bdc3554cdf68be9799b585250552c6940a1633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:97:8a:0b:69:be:0a:c8:b9:c9:36:19:fd:5d:
                    32:96:c8:9d:79:20:97:d6:aa:1a:cb:4b:aa:5b:1e:
                    30:71:17:72:f3:0d:08:c2:5f:67:c2:e5:92:fe:0a:
                    b0:47:8c:3f:b3:0f:a1:ca:41:47:27:51:0b:2b:1e:
                    43:08:ac:fd:a0:4e:39:26:92:ad:85:59:56:42:77:
                    80:ac:3f:57:52:77:8d:c6:3b:06:ec:d6:67:70:9c:
                    30:38:3e:7e:13:98:c1:2f:53:05:29:d9:6b:cf:73:
                    47:db:f5:7b:02:e7:2a:25:fa:26:c6:b7:69:30:01:
                    d1:7f:45:ee:c5:a5:00:0b:b6:14:83:e9:2d:3e:79:
                    e8:81:bf:0e:7f:55:ba:f7:eb:d9:da:5c:17:50:50:
                    2a:ed:a0:03:9f:8b:71:9f:00:7a:2f:1e:80:7e:2d:
                    eb:28:ff:aa:76:a6:30:26:ae:d1:46:5f:30:c4:e8:
                    84:1b:43:07:1f:38:4e:cf:b0:37:36:b8:f3:86:ba:
                    54:ab:ed:88:49:7a:de:98:2a:f2:2f:9d:be:65:f5:
                    0d:34:d7:e6:75:8f:bc:f0:69:6a:38:ca:72:c8:12:
                    9d:f7:d3:5f:9b:ff:ce:b9:1d:f7:3d:95:c4:1b:2a:
                    4e:cf:f5:15:ac:bf:95:8b:bb:af:48:bb:5c:ce:3d:
                    e3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:BD:C3:55:4C:DF:68:BE:97:99:B5:85:25:05:52:C6:94:0A:16:33
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Qr3DVUzfaL6XmbWFJQVSxpQKFjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.64.0-193.56.66.255
                  193.56.72.0-193.56.74.255
                  213.166.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:53:31:be:a3:7e:32:00:bc:72:df:92:75:61:a8:af:bf:66:
         5c:ad:4f:e9:16:b0:1e:c2:e6:5a:22:47:2d:f1:60:88:4d:60:
         1a:f1:84:84:e9:ef:0f:6e:d9:89:37:87:7e:08:02:98:10:ef:
         ee:c6:55:dc:ce:ee:7f:53:97:40:3f:de:61:2f:2d:32:78:62:
         8f:4a:b0:6a:6f:24:d6:7e:49:f5:a5:31:6b:0c:4f:8d:1f:12:
         0b:0b:bb:43:48:4b:54:87:9e:f4:e0:26:a1:27:9e:89:96:19:
         b1:4e:d6:c0:9e:f2:a0:62:36:0b:fc:46:5c:69:89:03:7f:2d:
         88:aa:0f:4f:4c:03:33:8f:41:38:63:f8:55:aa:81:c3:70:ac:
         7c:4d:c9:c4:d6:72:61:dd:52:71:f8:80:56:e2:29:11:f0:a3:
         da:d9:51:19:e1:ac:81:38:e3:7e:ce:5d:58:81:49:31:be:5e:
         1f:99:76:f9:62:3d:49:e3:c2:dc:08:3e:35:64:8f:65:78:20:
         a9:1f:06:70:5c:6e:36:71:0a:4f:5c:43:20:b3:89:da:e8:14:
         48:7b:7e:cc:8a:ba:37:b1:2f:5d:39:8d:83:f4:2e:41:c2:fe:
         92:dd:83:4c:17:69:d4:0f:17:34:0d:69:b9:76:d5:d8:43:a0:
         30:d8:66:8f
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYM3oNVxSAXkALGP35+w8DPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjIwOTEzMTYxMzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmJkYzM1NTRjZGY2OGJlOTc5OWI1ODUyNTA1NTJjNjk0MGExNjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5eKC2m+Csi5yTYZ/V0ylsideSCX
1qoay0uqWx4wcRdy8w0Iwl9nwuWS/gqwR4w/sw+hykFHJ1ELKx5DCKz9oE45JpKt
hVlWQneArD9XUneNxjsG7NZncJwwOD5+E5jBL1MFKdlrz3NH2/V7AucqJfomxrdp
MAHRf0XuxaUAC7YUg+ktPnnogb8Of1W69+vZ2lwXUFAq7aADn4txnwB6Lx6Afi3r
KP+qdqYwJq7RRl8wxOiEG0MHHzhOz7A3NrjzhrpUq+2ISXremCryL52+ZfUNNNfm
dY+88GlqOMpyyBKd99Nfm//OuR33PZXEGypOz/UVrL+Vi7uvSLtczj3j5QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEK9w1VM32i+l5m1hSUFUsaUChYzMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvUXIzRFZVemZhTDZYbWJXRkpRVlN4cFFLRmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAbBOEAD
BADBOEIwDAMEA8E4SAMEAME4SgMEAtWmTDANBgkqhkiG9w0BAQsFAAOCAQEADFMx
vqN+MgC8ct+SdWGor79mXK1P6RawHsLmWiJHLfFgiE1gGvGEhOnvD27ZiTeHfggC
mBDv7sZV3M7uf1OXQD/eYS8tMnhij0qwam8k1n5J9aUxawxPjR8SCwu7Q0hLVIee
9OAmoSeeiZYZsU7WwJ7yoGI2C/xGXGmJA38tiKoPT0wDM49BOGP4VaqBw3CsfE3J
xNZyYd1ScfiAVuIpEfCj2tlRGeGsgTjjfs5dWIFJMb5eH5l2+WI9SePC3Ag+NWSP
ZXggqR8GcFxuNnEKT1xDILOJ2ugUSHt+zIq6N7EvXTmNg/QuQcL+kt2DTBdp1A8X
NA1puXbV2EOgMNhmjw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org