Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/KPvPzeYVDZglBNyhgMPvcBTdLDQ.roa
File:                     KPvPzeYVDZglBNyhgMPvcBTdLDQ.roa (raw, json)
Hash identifier:          qoNUjtA1HRfsTHck5LXTRHDoJdOSGGCzrNHYzSDOYiI=
Subject key identifier:   28:FB:CF:CD:E6:15:0D:98:25:04:DC:A1:80:C3:EF:70:14:DD:2C:34
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       05630967
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/KPvPzeYVDZglBNyhgMPvcBTdLDQ.roa
Signing time:             Sat 01 Jan 2022 11:04:35 +0000
ROA not before:           Sat 01 Jan 2022 11:04:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3356
IP address blocks:        194.34.107.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 90376551 (0x5630967)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 11:04:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=28fbcfcde6150d982504dca180c3ef7014dd2c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9f:0f:50:84:45:0a:3b:54:f6:52:7e:f9:3c:
                    c0:3e:38:fc:5b:bf:c4:fc:b0:85:49:19:1d:1a:61:
                    71:a6:42:07:a4:d4:6f:43:94:03:ed:1d:5c:d3:b3:
                    c8:5e:38:2d:af:5e:81:e5:7f:02:6e:9c:76:25:44:
                    f0:b8:23:86:f8:bb:d5:0d:bf:de:76:d9:67:4a:35:
                    dc:ec:5c:2c:8f:a7:aa:53:aa:7e:db:02:bc:12:78:
                    9e:a0:34:5a:c4:a7:3d:0d:e5:0a:e7:d9:62:6e:b8:
                    58:93:75:17:37:d2:c8:38:48:20:55:2a:fc:ba:cd:
                    c3:a4:35:92:bf:f9:67:92:87:af:02:b0:f0:b8:85:
                    71:db:07:ca:31:e5:96:3d:44:d7:aa:53:f0:76:17:
                    73:b8:d3:6a:e4:8d:4c:12:31:34:11:53:1a:d7:a2:
                    18:22:a6:36:d9:e7:28:93:d5:4c:8d:60:c2:f8:65:
                    fb:c9:46:42:0f:9b:81:e1:4b:dd:c1:f9:90:2d:f3:
                    9e:3e:b2:d5:3b:d8:2d:22:14:c4:d7:22:3a:c2:0c:
                    55:ec:8b:0b:0d:69:17:6f:3b:8e:d1:82:b0:71:2e:
                    01:4d:af:57:66:50:da:2b:d6:e3:ee:e2:f9:1e:0e:
                    d9:0f:53:d9:28:a0:ef:64:76:66:1e:b6:3f:e0:c5:
                    b2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:FB:CF:CD:E6:15:0D:98:25:04:DC:A1:80:C3:EF:70:14:DD:2C:34
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/KPvPzeYVDZglBNyhgMPvcBTdLDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:7f:be:9e:4e:44:79:38:28:44:de:c8:b0:8e:d5:7b:44:f5:
         d5:fe:11:c8:dd:20:ce:c8:8c:8b:d8:21:83:32:a7:0b:3d:47:
         b3:b1:35:af:89:b7:27:f2:a8:a9:91:cb:67:ea:1c:af:bf:0b:
         ed:fd:44:5c:7e:d6:ab:f9:ed:a4:72:6e:f2:f7:f4:6d:35:11:
         fa:e8:1e:9e:20:34:5e:65:80:1a:8f:17:49:20:f2:65:3f:be:
         49:14:6c:32:7c:69:34:6c:17:8c:bd:23:2c:e6:16:19:d3:99:
         23:10:ee:55:2a:8f:94:d6:f5:2a:a9:3c:fd:d1:2c:4b:ef:58:
         85:65:c6:a8:d1:0d:46:82:ac:cc:a2:34:17:84:b3:f5:63:ab:
         f3:b7:5d:87:2b:8a:ff:f8:b1:0e:61:5d:09:d4:f3:51:0f:cd:
         03:9c:73:64:51:db:4c:f6:d7:1f:d4:dd:4c:17:a5:e9:6c:d7:
         fc:5e:0e:b8:00:f4:f3:92:4c:7a:c8:48:74:2d:65:46:41:c4:
         53:b8:b7:69:3c:1f:f1:32:5e:91:6c:bb:f8:c3:4e:96:01:16:
         a2:3e:01:97:97:6b:1c:c7:80:d0:7d:d6:32:16:cb:5a:5b:74:
         3f:20:19:d9:77:fc:de:46:5c:81:80:19:b9:2c:ad:f4:9b:df:
         e3:6c:57:f9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBWMJZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZGQ5NTRkM2M3N2M5YzRlMzdlZWJmNzUzZDg2ZjNkY2YwOTFkNGE5MB4XDTIyMDEw
MTExMDQzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjhmYmNmY2RlNjE1
MGQ5ODI1MDRkY2ExODBjM2VmNzAxNGRkMmMzNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKOfD1CERQo7VPZSfvk8wD44/Fu/xPywhUkZHRphcaZCB6TU
b0OUA+0dXNOzyF44La9egeV/Am6cdiVE8Lgjhvi71Q2/3nbZZ0o13OxcLI+nqlOq
ftsCvBJ4nqA0WsSnPQ3lCufZYm64WJN1FzfSyDhIIFUq/LrNw6Q1kr/5Z5KHrwKw
8LiFcdsHyjHllj1E16pT8HYXc7jTauSNTBIxNBFTGteiGCKmNtnnKJPVTI1gwvhl
+8lGQg+bgeFL3cH5kC3znj6y1TvYLSIUxNciOsIMVeyLCw1pF287jtGCsHEuAU2v
V2ZQ2ivW4+7i+R4O2Q9T2Sig72R2Zh62P+DFsoUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQo+8/N5hUNmCUE3KGAw+9wFN0sNDAfBgNVHSMEGDAWgBRN2VTTx3ycTjfu
v3U9hvPc8JHUqTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RkbFUwOGQ4bkU0MzdyOTFQWWJ6M1BDUjFLay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvN2EyYTk5LTE0NmMtNDc4MS1hMzAyLWViN2FhYTY4MjhiZS8x
L0tQdlB6ZVlWRFpnbEJOeWhnTVB2Y0JUZExEUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
N2EyYTk5LTE0NmMtNDc4MS1hMzAyLWViN2FhYTY4MjhiZS8xL1RkbFUwOGQ4bkU0
MzdyOTFQWWJ6M1BDUjFLay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIiazANBgkqhkiG9w0BAQsFAAOC
AQEALH++nk5EeTgoRN7IsI7Ve0T11f4RyN0gzsiMi9ghgzKnCz1Hs7E1r4m3J/Ko
qZHLZ+ocr78L7f1EXH7Wq/ntpHJu8vf0bTUR+ugeniA0XmWAGo8XSSDyZT++SRRs
MnxpNGwXjL0jLOYWGdOZIxDuVSqPlNb1Kqk8/dEsS+9YhWXGqNENRoKszKI0F4Sz
9WOr87ddhyuK//ixDmFdCdTzUQ/NA5xzZFHbTPbXH9TdTBel6WzX/F4OuAD085JM
eshIdC1lRkHEU7i3aTwf8TJekWy7+MNOlgEWoj4Bl5drHMeA0H3WMhbLWlt0PyAZ
2Xf83kZcgYAZuSyt9Jvf42xX+Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:12:14 2024 by rpki-client on console-ams.rpki-client.org