Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/HD-MM8IaHN8tziXeVkkVjqjDQTw.roa
File:                     HD-MM8IaHN8tziXeVkkVjqjDQTw.roa (raw, json)
Hash identifier:          oZ6r+sg8XElWRe2ecjAZjbTJZjXZsGHlb7Z3abTk/H4=
Subject key identifier:   1C:3F:8C:33:C2:1A:1C:DF:2D:CE:25:DE:56:49:15:8E:A8:C3:41:3C
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       17054BE8
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/HD-MM8IaHN8tziXeVkkVjqjDQTw.roa
Signing time:             Wed 09 Mar 2022 20:48:45 +0000
ROA not before:           Wed 09 Mar 2022 20:48:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28716
IP address blocks:        185.61.12.0/22 maxlen: 24
                          185.41.212.0/22 maxlen: 22
                          2a02:5ca0::/32 maxlen: 56

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 386223080 (0x17054be8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Mar  9 20:48:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1c3f8c33c21a1cdf2dce25de5649158ea8c3413c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2e:47:4c:57:8e:cb:1f:59:c0:a9:3d:af:80:
                    ff:fc:3b:e3:a6:75:5f:e6:7f:ae:3c:80:72:ec:d9:
                    d7:2f:a0:ab:a6:0d:03:ee:4f:a1:3f:c3:64:98:a6:
                    48:08:f0:d7:36:a5:f6:67:0e:3c:b2:de:48:8b:20:
                    ab:17:ea:78:8a:1a:8d:a2:07:28:50:cb:72:0c:13:
                    b7:d4:74:fc:ae:8b:d1:7a:67:ae:b5:12:a8:1a:23:
                    d8:a4:da:a9:95:2b:09:7a:4c:be:b6:fe:7f:b0:5f:
                    41:6a:cd:16:c6:df:c2:f6:0b:93:08:c3:b8:87:a0:
                    fe:3c:6e:31:e6:e6:f5:12:2d:83:ec:ff:43:0c:23:
                    c5:ae:82:71:07:30:ae:fb:71:2f:d3:3f:10:6a:e9:
                    d5:a2:a0:d4:da:d6:61:73:1e:38:19:40:16:6d:45:
                    cd:9d:8a:e5:8d:0b:a3:c5:c7:c2:fb:75:84:86:51:
                    32:58:cc:1c:ef:ff:91:84:37:90:53:56:85:5f:51:
                    89:bf:dd:a9:2f:5a:20:50:8f:39:15:b3:e9:3f:61:
                    4c:1b:08:33:0b:37:73:36:b6:4a:0d:e1:6a:80:9f:
                    89:c2:98:f7:2b:be:a4:c8:38:88:5e:10:10:a3:0c:
                    31:4c:1e:a0:f5:05:ce:61:fb:c0:9e:80:48:a1:25:
                    df:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:3F:8C:33:C2:1A:1C:DF:2D:CE:25:DE:56:49:15:8E:A8:C3:41:3C
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/HD-MM8IaHN8tziXeVkkVjqjDQTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.212.0/22
                  185.61.12.0/22
                IPv6:
                  2a02:5ca0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:84:c9:77:ab:e9:29:74:f4:07:02:21:6e:cc:e6:ab:cb:c2:
         7a:cd:b6:79:ad:77:c3:1a:5c:81:09:bb:7e:ec:ae:0a:fd:12:
         81:29:1e:e2:6b:78:48:9c:68:a0:72:b6:90:91:8e:dd:35:bf:
         23:36:30:ff:41:6f:05:df:d6:1e:c6:2b:4d:25:08:1c:a0:0c:
         45:11:d2:7d:2a:81:82:dc:c1:b7:cb:1e:34:af:b6:7c:84:aa:
         f3:f3:12:0d:a3:dd:0d:ba:23:71:35:e5:92:31:47:06:42:1c:
         1b:88:4e:d1:13:9d:ba:26:7d:f8:fd:5b:60:48:25:10:4f:12:
         e0:9e:bc:e3:8e:22:f4:20:01:c7:76:67:94:47:c2:99:bb:72:
         b5:d9:e8:42:5b:8a:0a:ba:af:fc:c1:11:4f:ab:4c:2f:20:97:
         f8:5d:6f:b8:c8:1b:17:9c:28:0b:46:27:cc:b6:2c:51:9d:6d:
         d8:bf:8e:27:c8:2e:dc:df:02:44:3e:49:dc:36:77:19:ad:5e:
         dd:a5:e3:3d:ad:0b:08:09:ae:a9:09:9a:23:f0:ed:b8:24:b0:
         d2:81:c4:90:da:46:c3:c0:88:fd:e7:36:e7:9f:75:25:e6:f1:
         de:3c:4c:eb:f9:30:55:d7:e2:be:d4:29:f7:f5:ae:a6:3c:63:
         3c:3d:1e:97
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEFwVL6DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YzdjYzMzNGY1MWQyYjZlYjRlMjdkNmQ1NmI5YmNlM2U4NTU2MGNjMB4XDTIyMDMw
OTIwNDg0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWMzZjhjMzNjMjFh
MWNkZjJkY2UyNWRlNTY0OTE1OGVhOGMzNDEzYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANAuR0xXjssfWcCpPa+A//w746Z1X+Z/rjyAcuzZ1y+gq6YN
A+5PoT/DZJimSAjw1zal9mcOPLLeSIsgqxfqeIoajaIHKFDLcgwTt9R0/K6L0Xpn
rrUSqBoj2KTaqZUrCXpMvrb+f7BfQWrNFsbfwvYLkwjDuIeg/jxuMebm9RItg+z/
Qwwjxa6CcQcwrvtxL9M/EGrp1aKg1NrWYXMeOBlAFm1FzZ2K5Y0Lo8XHwvt1hIZR
MljMHO//kYQ3kFNWhV9Rib/dqS9aIFCPORWz6T9hTBsIMws3cza2Sg3haoCficKY
9yu+pMg4iF4QEKMMMUweoPUFzmH7wJ6ASKEl36sCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQcP4wzwhoc3y3OJd5WSRWOqMNBPDAfBgNVHSMEGDAWgBSsfMM09R0rbrTi
fW1Wubzj6FVgzDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JIekROUFVkSzI2MDRuMXRWcm04NC1oVllNdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTUvZGQ1NWU4LWZlYmQtNDlkMC1hNWE3LTFjZjE1YjJiYTdiZS8x
L0hELU1NOElhSE44dHppWGVWa2tWanFqRFFUdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUv
ZGQ1NWU4LWZlYmQtNDlkMC1hNWE3LTFjZjE1YjJiYTdiZS8xL3JIekROUFVkSzI2
MDRuMXRWcm04NC1oVllNdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArkp1AMEArk9DDANBAIAAjAHAwUA
KgJcoDANBgkqhkiG9w0BAQsFAAOCAQEASoTJd6vpKXT0BwIhbszmq8vCes22ea13
wxpcgQm7fuyuCv0SgSke4mt4SJxooHK2kJGO3TW/IzYw/0FvBd/WHsYrTSUIHKAM
RRHSfSqBgtzBt8seNK+2fISq8/MSDaPdDbojcTXlkjFHBkIcG4hO0ROduiZ9+P1b
YEglEE8S4J68444i9CABx3ZnlEfCmbtytdnoQluKCrqv/MERT6tMLyCX+F1vuMgb
F5woC0YnzLYsUZ1t2L+OJ8gu3N8CRD5J3DZ3Ga1e3aXjPa0LCAmuqQmaI/DtuCSw
0oHEkNpGw8CI/ec25591Jebx3jxM6/kwVdfivtQp9/WupjxjPD0elw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:23 2024 by rpki-client on console-ams.rpki-client.org