Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/V6Gx6HNmxqmwgqijX6-cxIGHzcs.roa
File:                     V6Gx6HNmxqmwgqijX6-cxIGHzcs.roa (raw, json)
Hash identifier:          d3SabbVaW8+in0w2lOYyMiYmQVROrx2NsiOrWVdR8Rs=
Subject key identifier:   57:A1:B1:E8:73:66:C6:A9:B0:82:A8:A3:5F:AF:9C:C4:81:87:CD:CB
Certificate issuer:       /CN=839d363b28f1c9084e1c1986876bb409b79a138c
Certificate serial:       0182352DFF5019F87F4C60699DA9EEFAB965
Authority key identifier: 83:9D:36:3B:28:F1:C9:08:4E:1C:19:86:87:6B:B4:09:B7:9A:13:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g502OyjxyQhOHBmGh2u0CbeaE4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/V6Gx6HNmxqmwgqijX6-cxIGHzcs.roa
Signing time:             Mon 25 Jul 2022 11:46:23 +0000
ROA not before:           Mon 25 Jul 2022 11:46:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34602
IP address blocks:        94.45.167.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:35:2d:ff:50:19:f8:7f:4c:60:69:9d:a9:ee:fa:b9:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=839d363b28f1c9084e1c1986876bb409b79a138c
        Validity
            Not Before: Jul 25 11:46:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=57a1b1e87366c6a9b082a8a35faf9cc48187cdcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4a:65:6c:16:fe:7c:8d:ee:5f:cd:36:35:74:
                    56:67:b1:14:76:72:5c:1b:49:bd:2a:00:18:ba:a2:
                    9c:4c:eb:2e:27:a2:6a:8e:3e:fc:a3:f4:a3:36:29:
                    08:8e:01:5a:ec:39:d3:d1:7a:07:fb:ad:17:7a:83:
                    89:4a:40:fb:1f:92:bd:bf:29:8a:17:0a:aa:5b:50:
                    a6:ab:e9:30:fe:2b:22:57:54:f6:0f:64:bc:f5:49:
                    c2:cb:1e:29:d7:c6:e8:fb:15:d9:37:a2:de:10:8a:
                    e9:b5:83:9e:48:4b:db:b6:bd:96:29:ba:81:bb:74:
                    77:96:7d:0a:b6:b1:1e:35:1b:f1:6f:96:b2:f9:b0:
                    43:57:6a:e1:c1:6b:0c:10:d4:d7:0d:b3:81:42:29:
                    5f:fb:7d:fe:b7:b8:ff:cb:1b:8e:80:0d:3c:4e:ec:
                    92:90:b0:17:42:72:f6:cb:08:60:f9:55:80:fd:1a:
                    df:3d:3a:b9:c1:8b:b7:b4:7a:2f:bb:56:fc:59:d1:
                    67:e1:3f:19:01:df:a6:d1:6f:b0:98:44:8b:89:f1:
                    0b:33:a4:cf:60:6c:dd:98:30:27:3a:fb:52:93:a7:
                    45:0d:7b:63:e8:69:d8:66:96:f6:54:f0:79:1c:13:
                    40:8c:8d:2e:cd:4d:55:ad:43:c7:c6:59:27:20:50:
                    cd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:A1:B1:E8:73:66:C6:A9:B0:82:A8:A3:5F:AF:9C:C4:81:87:CD:CB
            X509v3 Authority Key Identifier:
                keyid:83:9D:36:3B:28:F1:C9:08:4E:1C:19:86:87:6B:B4:09:B7:9A:13:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g502OyjxyQhOHBmGh2u0CbeaE4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/V6Gx6HNmxqmwgqijX6-cxIGHzcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/g502OyjxyQhOHBmGh2u0CbeaE4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.45.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:11:08:3d:c8:99:3f:1d:db:57:2f:c4:71:95:97:48:8d:88:
         d8:ee:d4:30:4e:10:2c:3f:d3:e7:35:ba:26:9b:49:81:a3:e3:
         48:3d:94:2a:6e:7d:4f:c9:29:82:c9:1d:c2:5c:77:ec:dd:d8:
         2d:07:0d:79:91:21:e0:4a:83:d7:6b:7f:65:93:f0:46:b7:fa:
         a0:1a:a4:02:63:cb:69:e6:fb:33:76:02:02:00:91:b1:a7:3c:
         dc:b2:90:90:e6:c8:bb:e1:88:1a:18:98:96:c1:23:20:39:c4:
         2f:d1:cd:02:c1:13:60:b5:18:80:8d:6c:f8:a0:5e:d8:1d:61:
         f7:2e:8b:09:47:39:c4:83:f9:c3:eb:fa:1d:d6:81:0d:e3:b9:
         cc:ea:e8:a6:38:52:f3:b8:a2:78:42:51:fa:9d:94:f0:00:15:
         da:1c:2b:1b:3c:34:e5:c8:26:9f:70:08:85:90:f5:40:3a:4e:
         3a:ad:e4:cf:66:77:36:34:e8:16:43:05:50:b8:06:b1:24:a0:
         f7:6b:c4:54:fe:8b:f2:3e:34:b3:0a:27:b6:05:47:00:29:32:
         65:f4:88:90:db:ad:d9:68:7e:11:68:eb:bb:4a:e4:f9:df:5b:
         4f:30:83:3e:83:c8:03:b9:6b:81:52:3e:1a:f6:b1:80:3b:a1:
         fc:16:c8:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYI1Lf9QGfh/TGBpnanu+rllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOWQzNjNiMjhmMWM5MDg0ZTFjMTk4Njg3NmJiNDA5Yjc5
YTEzOGMwHhcNMjIwNzI1MTE0NjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2ExYjFlODczNjZjNmE5YjA4MmE4YTM1ZmFmOWNjNDgxODdjZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkplbBb+fI3uX802NXRWZ7EUdnJc
G0m9KgAYuqKcTOsuJ6Jqjj78o/SjNikIjgFa7DnT0XoH+60XeoOJSkD7H5K9vymK
FwqqW1Cmq+kw/isiV1T2D2S89UnCyx4p18bo+xXZN6LeEIrptYOeSEvbtr2WKbqB
u3R3ln0KtrEeNRvxb5ay+bBDV2rhwWsMENTXDbOBQilf+33+t7j/yxuOgA08TuyS
kLAXQnL2ywhg+VWA/RrfPTq5wYu3tHovu1b8WdFn4T8ZAd+m0W+wmESLifELM6TP
YGzdmDAnOvtSk6dFDXtj6GnYZpb2VPB5HBNAjI0uzU1VrUPHxlknIFDNCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFehsehzZsapsIKoo1+vnMSBh83LMB8GA1UdIwQY
MBaAFIOdNjso8ckIThwZhodrtAm3mhOMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzUwMk95anh5UWhPSEJtR2gydTBDYmVhRTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9hOWU4YTYtMWNmMi00Yzg3LWI0OWEt
NTIyODgyM2ZiOTdiLzEvVjZHeDZITm14cW13Z3Fpalg2LWN4SUdIemNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9hOWU4YTYtMWNmMi00Yzg3LWI0OWEtNTIyODgyM2ZiOTdi
LzEvZzUwMk95anh5UWhPSEJtR2gydTBDYmVhRTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXi2nMA0G
CSqGSIb3DQEBCwUAA4IBAQBUEQg9yJk/HdtXL8RxlZdIjYjY7tQwThAsP9PnNbom
m0mBo+NIPZQqbn1PySmCyR3CXHfs3dgtBw15kSHgSoPXa39lk/BGt/qgGqQCY8tp
5vszdgICAJGxpzzcspCQ5si74YgaGJiWwSMgOcQv0c0CwRNgtRiAjWz4oF7YHWH3
LosJRznEg/nD6/od1oEN47nM6uimOFLzuKJ4QlH6nZTwABXaHCsbPDTlyCafcAiF
kPVAOk46reTPZnc2NOgWQwVQuAaxJKD3a8RU/ovyPjSzCie2BUcAKTJl9IiQ263Z
aH4RaOu7SuT531tPMIM+g8gDuWuBUj4a9rGAO6H8FsiP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:06 2024 by rpki-client on console-fra.rpki-client.org