Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/hi5YWEICdEc3ghQYFw5f2LO6UV4.roa
File:                     hi5YWEICdEc3ghQYFw5f2LO6UV4.roa (raw, json)
Hash identifier:          DVKVBQqh9b0TCL7L2Z/9kUdc1q8i8TSLPlJVVjj52PI=
Subject key identifier:   86:2E:58:58:42:02:74:47:37:82:14:18:17:0E:5F:D8:B3:BA:51:5E
Certificate issuer:       /CN=f6f18c02405742c25377d696cd2a69dcc974bff8
Certificate serial:       0D2AADB5
Authority key identifier: F6:F1:8C:02:40:57:42:C2:53:77:D6:96:CD:2A:69:DC:C9:74:BF:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9vGMAkBXQsJTd9aWzSpp3Ml0v_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/hi5YWEICdEc3ghQYFw5f2LO6UV4.roa
Signing time:             Sat 01 Jan 2022 15:06:47 +0000
ROA not before:           Sat 01 Jan 2022 15:06:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48919
IP address blocks:        95.215.92.0/22 maxlen: 22
                          31.128.160.0/19 maxlen: 19
                          2001:67c:19ac::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 220900789 (0xd2aadb5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6f18c02405742c25377d696cd2a69dcc974bff8
        Validity
            Not Before: Jan  1 15:06:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=862e58584202744737821418170e5fd8b3ba515e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:95:a9:a8:24:47:3c:a0:54:98:95:48:2d:44:
                    42:19:20:29:51:87:fa:2c:23:3e:7f:3a:06:31:44:
                    69:f1:ff:e7:6f:58:e2:83:61:09:b4:2b:cc:62:04:
                    0c:ba:f0:11:68:24:fd:41:f2:af:b6:0f:b3:a5:69:
                    40:a7:ac:a2:25:37:77:a1:9f:f3:bb:86:57:cc:56:
                    51:a1:8c:7d:7e:c5:cd:1a:87:4d:ac:ae:ed:71:92:
                    67:72:f5:bb:9e:81:62:21:1f:8c:ed:65:6c:6f:ec:
                    8b:02:5d:55:7c:92:d2:7b:ca:ef:1a:2f:3e:46:7b:
                    7a:30:72:57:2b:5d:98:79:45:cb:39:10:8a:8e:e0:
                    df:ae:55:2a:39:5f:39:a1:c3:a4:2c:8b:ed:10:74:
                    df:c3:95:79:45:f7:9c:31:17:6d:18:c0:42:a1:8c:
                    c7:6a:db:86:53:1e:04:70:af:4c:9d:88:aa:09:b7:
                    05:1f:74:18:b3:e7:b1:45:b3:52:32:69:8c:24:37:
                    30:02:2f:5b:b8:eb:1a:e3:8a:e0:c2:3c:78:d1:b4:
                    12:f4:4e:c0:bc:d6:b5:d0:b5:8a:e4:85:20:0c:29:
                    7d:a6:1c:05:a5:4e:68:58:5f:9b:94:04:cd:35:15:
                    7c:98:24:42:de:bc:0a:00:75:9f:da:f8:b6:65:24:
                    f5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2E:58:58:42:02:74:47:37:82:14:18:17:0E:5F:D8:B3:BA:51:5E
            X509v3 Authority Key Identifier:
                keyid:F6:F1:8C:02:40:57:42:C2:53:77:D6:96:CD:2A:69:DC:C9:74:BF:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9vGMAkBXQsJTd9aWzSpp3Ml0v_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/hi5YWEICdEc3ghQYFw5f2LO6UV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/9vGMAkBXQsJTd9aWzSpp3Ml0v_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.160.0/19
                  95.215.92.0/22
                IPv6:
                  2001:67c:19ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:cc:5f:30:50:b2:b2:e5:f0:79:4b:bc:4e:c1:d7:85:e9:1c:
         4e:db:ed:42:c9:9f:98:08:c1:c3:dc:86:c7:da:c8:e7:2f:89:
         09:d4:a4:f7:c2:ce:ec:5f:d8:a3:d2:c0:05:e0:0e:08:7b:e5:
         11:4e:d9:4c:37:0d:ea:d1:b4:13:fb:88:22:c6:db:4c:0d:9e:
         26:b2:c6:31:e7:7e:0f:99:92:65:7f:16:9a:14:1c:7e:56:94:
         77:19:7c:87:49:e3:9c:0e:8b:97:98:28:c2:2e:f8:a7:57:1b:
         39:39:06:c9:6f:65:b8:08:7e:01:01:9d:ba:2d:ce:d8:3f:e4:
         5b:94:e9:1e:3e:8b:08:d1:0c:91:ff:32:9a:f6:f0:c4:a1:10:
         3b:03:17:9a:2f:db:94:a4:45:64:52:a3:94:5f:53:70:33:2f:
         21:5f:9f:13:b9:70:fd:1f:fd:17:68:cb:bb:40:a5:88:18:ed:
         49:be:19:87:2d:4b:b3:23:87:e6:fe:62:c1:db:50:21:3d:84:
         f4:8e:3a:06:3f:9c:b1:ea:14:dc:b8:44:5d:74:89:60:2f:95:
         51:df:1d:b5:67:b5:e6:c0:e9:bf:2a:41:1a:f6:bd:d1:43:85:
         19:ca:a5:1d:b8:7c:fe:3d:a6:74:0c:74:77:7e:87:dd:04:e0:
         d2:62:d6:bf
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIEDSqttTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
NmYxOGMwMjQwNTc0MmMyNTM3N2Q2OTZjZDJhNjlkY2M5NzRiZmY4MB4XDTIyMDEw
MTE1MDY0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODYyZTU4NTg0MjAy
NzQ0NzM3ODIxNDE4MTcwZTVmZDhiM2JhNTE1ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ2VqagkRzygVJiVSC1EQhkgKVGH+iwjPn86BjFEafH/529Y
4oNhCbQrzGIEDLrwEWgk/UHyr7YPs6VpQKesoiU3d6Gf87uGV8xWUaGMfX7FzRqH
Tayu7XGSZ3L1u56BYiEfjO1lbG/siwJdVXyS0nvK7xovPkZ7ejByVytdmHlFyzkQ
io7g365VKjlfOaHDpCyL7RB038OVeUX3nDEXbRjAQqGMx2rbhlMeBHCvTJ2Iqgm3
BR90GLPnsUWzUjJpjCQ3MAIvW7jrGuOK4MI8eNG0EvROwLzWtdC1iuSFIAwpfaYc
BaVOaFhfm5QEzTUVfJgkQt68CgB1n9r4tmUk9S0CAwEAAaOCAiAwggIcMB0GA1Ud
DgQWBBSGLlhYQgJ0RzeCFBgXDl/Ys7pRXjAfBgNVHSMEGDAWgBT28YwCQFdCwlN3
1pbNKmncyXS/+DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
Lzl2R01Ba0JYUXNKVGQ5YVd6U3BwM01sMHZfZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTMvZGYwNWUxLTY4NjItNGVkNC04NzZkLTE1MGI1ZGI0ZjU2Yi8x
L2hpNVlXRUlDZEVjM2doUVlGdzVmMkxPNlVWNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTMv
ZGYwNWUxLTY4NjItNGVkNC04NzZkLTE1MGI1ZGI0ZjU2Yi8xLzl2R01Ba0JYUXNK
VGQ5YVd6U3BwM01sMHZfZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA2
BggrBgEFBQcBBwEB/wQnMCUwEgQCAAEwDAMEBR+AoAMEAl/XXDAPBAIAAjAJAwcA
IAEGfBmsMA0GCSqGSIb3DQEBCwUAA4IBAQB2zF8wULKy5fB5S7xOwdeF6RxO2+1C
yZ+YCMHD3IbH2sjnL4kJ1KT3ws7sX9ij0sAF4A4Ie+URTtlMNw3q0bQT+4gixttM
DZ4mssYx534PmZJlfxaaFBx+VpR3GXyHSeOcDouXmCjCLvinVxs5OQbJb2W4CH4B
AZ26Lc7YP+RblOkePosI0QyR/zKa9vDEoRA7AxeaL9uUpEVkUqOUX1NwMy8hX58T
uXD9H/0XaMu7QKWIGO1JvhmHLUuzI4fm/mLB21AhPYT0jjoGP5yx6hTcuERddIlg
L5VR3x21Z7XmwOm/KkEa9r3RQ4UZyqUduHz+PaZ0DHR3fofdBODSYta/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:58 2024 by rpki-client on console-fra.rpki-client.org