Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/jKAXZGqwGOJdh7W7jCK-W1Pfomk.roa
File:                     jKAXZGqwGOJdh7W7jCK-W1Pfomk.roa (raw, json)
Hash identifier:          vEKaDK5eoKbSu946e3DOVnZRt/pMdcn1BC+2xsOZE7w=
Subject key identifier:   8C:A0:17:64:6A:B0:18:E2:5D:87:B5:BB:8C:22:BE:5B:53:DF:A2:69
Certificate issuer:       /CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
Certificate serial:       0810F5CC
Authority key identifier: C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/jKAXZGqwGOJdh7W7jCK-W1Pfomk.roa
Signing time:             Sat 01 Jan 2022 15:00:50 +0000
ROA not before:           Sat 01 Jan 2022 15:00:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51942
IP address blocks:        185.225.24.0/22 maxlen: 22
                          185.133.36.0/22 maxlen: 22
                          81.173.44.0/22 maxlen: 22
                          91.221.150.0/23 maxlen: 23
                          2001:67c:16b4::/48 maxlen: 48
                          2a06:21c0::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 135329228 (0x810f5cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
        Validity
            Not Before: Jan  1 15:00:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8ca017646ab018e25d87b5bb8c22be5b53dfa269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1c:e1:8b:3d:46:49:b3:47:3f:ff:a8:a6:09:
                    ad:2b:c0:1d:cd:c8:5f:b6:a2:65:d7:21:74:ff:b5:
                    ab:46:c9:d3:13:3a:e9:cd:b8:66:7d:e0:b2:6a:3e:
                    93:8d:7b:14:70:3a:b7:45:29:a4:34:5d:c4:ed:b5:
                    1b:90:c2:a9:a0:5c:69:9f:ae:f4:f8:0f:8c:66:65:
                    a4:9c:51:7d:de:10:17:a9:de:58:48:f3:3d:9d:60:
                    54:ef:15:83:b0:55:2b:fa:4b:7f:f6:e5:d3:9a:57:
                    7c:0e:1c:43:59:83:a9:e0:b0:07:12:9a:75:dd:e8:
                    a1:bd:e7:2a:b0:c2:dd:8b:20:0f:23:c6:cf:9b:6f:
                    0d:44:16:3e:e8:2a:07:b5:c0:33:28:03:c7:a4:cf:
                    26:49:21:33:81:c7:16:a8:02:5a:21:26:6c:a2:6c:
                    df:9c:0c:9b:af:e4:b8:44:94:b2:b2:cf:16:c9:3c:
                    90:07:f8:38:a0:84:fd:3e:ef:2a:88:96:0a:0d:13:
                    ba:cc:b6:fd:8a:0f:e7:c6:97:96:8b:d9:46:21:6e:
                    f6:6a:68:1e:a1:b2:85:b2:55:13:1a:63:12:d0:dd:
                    1f:ab:e4:b6:2b:3f:e6:bd:df:72:6f:7e:a5:90:71:
                    92:5e:be:95:ec:c9:b4:20:19:1e:97:7c:29:ed:41:
                    01:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A0:17:64:6A:B0:18:E2:5D:87:B5:BB:8C:22:BE:5B:53:DF:A2:69
            X509v3 Authority Key Identifier:
                keyid:C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/jKAXZGqwGOJdh7W7jCK-W1Pfomk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.44.0/22
                  91.221.150.0/23
                  185.133.36.0/22
                  185.225.24.0/22
                IPv6:
                  2001:67c:16b4::/48
                  2a06:21c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:f6:67:53:38:4d:7d:12:0a:d7:9f:0e:d8:88:0a:45:fa:8c:
         a0:20:f9:31:e1:0e:c5:80:fa:c1:86:9f:65:02:55:4c:c1:48:
         cc:70:b7:f5:d8:83:c1:ca:ac:9c:ed:a8:a3:f9:59:14:3a:12:
         8e:51:bb:fd:4d:44:06:2d:fd:83:6a:a2:73:ef:f3:fc:49:3d:
         e3:60:45:50:2e:3e:3f:c1:f3:5d:f5:49:bd:65:34:94:82:f9:
         d4:cb:33:f2:00:a9:49:d4:dc:71:07:be:65:5f:09:0a:83:e2:
         57:69:9b:0f:ea:08:4b:d5:a8:c1:2d:a6:02:db:61:69:a7:82:
         8d:dd:2f:9d:65:26:e0:07:76:bc:b2:62:c0:0b:08:01:2d:23:
         3f:9f:b3:14:8f:58:32:fd:e4:ee:de:55:10:33:6c:0e:35:ee:
         fa:1b:d7:f1:86:e3:90:c8:c0:e1:d5:b6:75:9a:75:97:07:c2:
         6d:b5:d8:69:43:44:7b:b1:b1:f9:ec:01:8d:24:ed:42:da:30:
         fe:56:5f:61:0a:67:d2:02:03:74:2f:0e:9b:20:d0:0b:fd:af:
         0d:20:6e:b7:57:82:af:2d:03:fe:96:77:bb:b9:1f:01:c5:f5:
         e6:06:f3:c3:50:d3:b9:e2:33:c6:eb:68:69:99:21:a6:d5:b9:
         47:c5:53:cf
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIECBD1zDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Nzc3MDEzNWQwZjBkMzBhODY4ZGY1NTFkODc1MmQ0YjRiYWRjMmMxMB4XDTIyMDEw
MTE1MDA1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGNhMDE3NjQ2YWIw
MThlMjVkODdiNWJiOGMyMmJlNWI1M2RmYTI2OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKMc4Ys9RkmzRz//qKYJrSvAHc3IX7aiZdchdP+1q0bJ0xM6
6c24Zn3gsmo+k417FHA6t0UppDRdxO21G5DCqaBcaZ+u9PgPjGZlpJxRfd4QF6ne
WEjzPZ1gVO8Vg7BVK/pLf/bl05pXfA4cQ1mDqeCwBxKadd3oob3nKrDC3YsgDyPG
z5tvDUQWPugqB7XAMygDx6TPJkkhM4HHFqgCWiEmbKJs35wMm6/kuESUsrLPFsk8
kAf4OKCE/T7vKoiWCg0Tusy2/YoP58aXlovZRiFu9mpoHqGyhbJVExpjEtDdH6vk
tis/5r3fcm9+pZBxkl6+lezJtCAZHpd8Ke1BAV0CAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBSMoBdkarAY4l2HtbuMIr5bU9+iaTAfBgNVHSMEGDAWgBTHdwE10PDTCoaN
9VHYdS1LS63CwTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3gzY0JOZER3MHdxR2pmVlIySFV0UzB1dHdzRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjEvYjk3MDcwLWM1ZjQtNDQxMC05NGI1LWQ2NGQ3NTM5NDAzNy8x
L2pLQVhaR3F3R09KZGg3VzdqQ0stVzFQZm9tay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEv
Yjk3MDcwLWM1ZjQtNDQxMC05NGI1LWQ2NGQ3NTM5NDAzNy8xL3gzY0JOZER3MHdx
R2pmVlIySFV0UzB1dHdzRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwHgQCAAEwGAMEAlGtLAMEAVvdlgMEArmFJAMEArnh
GDAWBAIAAjAQAwcAIAEGfBa0AwUDKgYhwDANBgkqhkiG9w0BAQsFAAOCAQEAuvZn
UzhNfRIK158O2IgKRfqMoCD5MeEOxYD6wYafZQJVTMFIzHC39diDwcqsnO2oo/lZ
FDoSjlG7/U1EBi39g2qic+/z/Ek942BFUC4+P8HzXfVJvWU0lIL51Msz8gCpSdTc
cQe+ZV8JCoPiV2mbD+oIS9WowS2mAtthaaeCjd0vnWUm4Ad2vLJiwAsIAS0jP5+z
FI9YMv3k7t5VEDNsDjXu+hvX8YbjkMjA4dW2dZp1lwfCbbXYaUNEe7Gx+ewBjSTt
Qtow/lZfYQpn0gIDdC8OmyDQC/2vDSBut1eCry0D/pZ3u7kfAcX15gbzw1DTueIz
xutoaZkhptW5R8VTzw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:27 2024 by rpki-client on console-fra.rpki-client.org