Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/u9l7pKcdUqtMqAGq0_LhJiogCGU.roa
File:                     u9l7pKcdUqtMqAGq0_LhJiogCGU.roa (raw, json)
Hash identifier:          S+CnOgsJDFdztDqED6mIEz0t3BWjYmvEiBxOn786+EY=
Subject key identifier:   BB:D9:7B:A4:A7:1D:52:AB:4C:A8:01:AA:D3:F2:E1:26:2A:20:08:65
Certificate issuer:       /CN=e123860e20cdb2cfdf2cefb3753a15b822829266
Certificate serial:       1305691A
Authority key identifier: E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/u9l7pKcdUqtMqAGq0_LhJiogCGU.roa
Signing time:             Sat 01 Jan 2022 05:02:19 +0000
ROA not before:           Sat 01 Jan 2022 05:02:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56974
IP address blocks:        185.44.229.0/24 maxlen: 24
                          185.44.228.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 319121690 (0x1305691a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e123860e20cdb2cfdf2cefb3753a15b822829266
        Validity
            Not Before: Jan  1 05:02:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bbd97ba4a71d52ab4ca801aad3f2e1262a200865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5a:d3:8b:33:1a:b8:97:18:65:44:ba:f1:72:
                    9b:31:6b:1e:18:74:29:b2:1a:73:01:2a:ea:ec:51:
                    6f:ef:6d:6f:00:5a:ed:b5:19:9a:6d:77:4a:25:e8:
                    37:89:a1:55:c7:c1:41:d5:6f:02:c4:4e:a8:9d:0b:
                    28:ab:1d:f6:1d:d7:96:b0:14:3a:ab:e7:05:eb:fe:
                    78:9f:f2:d4:68:4d:ef:b7:01:7a:91:bc:48:74:f9:
                    7b:02:ac:2c:36:22:cd:50:b1:ab:56:d0:2e:4c:7f:
                    fe:33:55:5c:66:15:16:29:e2:f6:2d:ec:a6:a6:b9:
                    f7:c1:71:d5:49:f3:65:20:28:ad:a3:56:3b:db:67:
                    1a:99:6e:3e:84:4a:2b:9e:86:72:7d:56:b4:bb:ba:
                    89:0b:28:d3:ed:e1:cb:d4:26:ee:fa:c1:2c:14:db:
                    97:ce:12:d5:d3:bb:b8:d3:f2:1e:b1:a0:d8:a8:e3:
                    9c:31:6f:03:0a:27:db:13:df:d7:23:05:95:c5:40:
                    8b:d2:27:ba:0b:b2:53:62:6a:04:20:b4:1b:83:95:
                    38:59:35:22:1c:94:36:ec:ee:60:1a:d6:ab:87:e6:
                    96:47:1a:0d:33:39:e6:a6:a9:e4:38:1e:c7:e1:32:
                    4b:b1:db:63:53:f8:d3:b7:57:a9:2f:3a:e8:6b:e8:
                    3c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D9:7B:A4:A7:1D:52:AB:4C:A8:01:AA:D3:F2:E1:26:2A:20:08:65
            X509v3 Authority Key Identifier:
                keyid:E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/u9l7pKcdUqtMqAGq0_LhJiogCGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:b8:c7:5e:57:85:be:20:b0:9f:5c:bc:19:44:8b:c7:04:77:
         a0:25:8b:84:7e:d4:aa:56:68:aa:9d:14:ce:36:fd:2d:36:65:
         1c:0e:58:15:da:39:55:d2:15:26:ef:b7:18:44:bb:2c:9d:cd:
         60:d1:bc:91:c3:7c:f5:cd:48:ee:66:a2:a4:88:9e:ce:a9:f0:
         2d:45:d9:e2:5a:d0:5a:1c:a4:61:31:45:39:c3:76:d5:6e:ae:
         16:e3:af:23:e6:02:d0:d4:d2:46:2d:22:03:b0:f8:d0:bf:a9:
         78:af:43:5b:61:38:4b:aa:9d:7f:d6:3e:ad:b1:16:75:17:7e:
         22:ac:c9:32:d7:ee:e5:09:e6:25:ef:e3:e0:e3:90:19:7b:6c:
         09:33:1c:d0:a6:77:c9:5b:e8:43:70:88:d8:8f:3c:36:bd:f4:
         5b:30:72:70:6e:af:cf:60:a9:30:2a:29:25:8b:44:c3:ff:75:
         ee:4c:c6:ec:7f:9c:d9:df:cc:63:78:52:be:41:5a:3e:56:3e:
         c6:07:46:a6:49:2c:45:94:2e:ff:e9:d5:b6:cd:3c:42:a5:e1:
         72:fe:50:5b:0f:56:5a:c9:3d:e2:6a:28:36:91:87:33:c3:9c:
         e1:1d:7b:4b:61:18:49:a9:b2:96:93:fc:fd:4c:b1:ed:ca:12:
         87:48:3d:4b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEwVpGjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
MTIzODYwZTIwY2RiMmNmZGYyY2VmYjM3NTNhMTViODIyODI5MjY2MB4XDTIyMDEw
MTA1MDIxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmJkOTdiYTRhNzFk
NTJhYjRjYTgwMWFhZDNmMmUxMjYyYTIwMDg2NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALBa04szGriXGGVEuvFymzFrHhh0KbIacwEq6uxRb+9tbwBa
7bUZmm13SiXoN4mhVcfBQdVvAsROqJ0LKKsd9h3XlrAUOqvnBev+eJ/y1GhN77cB
epG8SHT5ewKsLDYizVCxq1bQLkx//jNVXGYVFini9i3spqa598Fx1UnzZSAoraNW
O9tnGpluPoRKK56Gcn1WtLu6iQso0+3hy9Qm7vrBLBTbl84S1dO7uNPyHrGg2Kjj
nDFvAwon2xPf1yMFlcVAi9InuguyU2JqBCC0G4OVOFk1IhyUNuzuYBrWq4fmlkca
DTM55qap5Dgex+EyS7HbY1P407dXqS866GvoPPMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBS72Xukpx1Sq0yoAarT8uEmKiAIZTAfBgNVHSMEGDAWgBThI4YOIM2yz98s
77N1OhW4IoKSZjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzRTT0dEaUROc3NfZkxPLXpkVG9WdUNLQ2ttWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTQvODEwNTk5LTczMWEtNDg2YS1iMjNmLTQ3NTM3ZWI2NDRmNS8x
L3U5bDdwS2NkVXF0TXFBR3EwX0xoSmlvZ0NHVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQv
ODEwNTk5LTczMWEtNDg2YS1iMjNmLTQ3NTM3ZWI2NDRmNS8xLzRTT0dEaUROc3Nf
ZkxPLXpkVG9WdUNLQ2ttWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbks5DANBgkqhkiG9w0BAQsFAAOC
AQEAP7jHXleFviCwn1y8GUSLxwR3oCWLhH7UqlZoqp0Uzjb9LTZlHA5YFdo5VdIV
Ju+3GES7LJ3NYNG8kcN89c1I7maipIiezqnwLUXZ4lrQWhykYTFFOcN21W6uFuOv
I+YC0NTSRi0iA7D40L+peK9DW2E4S6qdf9Y+rbEWdRd+IqzJMtfu5QnmJe/j4OOQ
GXtsCTMc0KZ3yVvoQ3CI2I88Nr30WzBycG6vz2CpMCopJYtEw/917kzG7H+c2d/M
Y3hSvkFaPlY+xgdGpkksRZQu/+nVts08QqXhcv5QWw9WWsk94mooNpGHM8Oc4R17
S2EYSamylpP8/Uyx7coSh0g9Sw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:05 2024 by rpki-client on console-ams.rpki-client.org