Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/PdjxmCujuPTOES_PVSlwab_izZc.roa
File:                     PdjxmCujuPTOES_PVSlwab_izZc.roa (raw, json)
Hash identifier:          czUJ7zQ1lREvAAfXSCkU14tRVSgzxqZhfVZFVlaEns4=
Subject key identifier:   3D:D8:F1:98:2B:A3:B8:F4:CE:11:2F:CF:55:29:70:69:BF:E2:CD:97
Certificate issuer:       /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial:       022BA5
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/PdjxmCujuPTOES_PVSlwab_izZc.roa
Signing time:             Wed 06 Apr 2022 09:01:12 +0000
ROA not before:           Wed 06 Apr 2022 09:01:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58024
IP address blocks:        84.54.44.0/22 maxlen: 22
                          84.54.47.0/24 maxlen: 24
                          84.54.45.0/24 maxlen: 24
                          194.31.132.0/22 maxlen: 22
                          176.113.112.0/24 maxlen: 24
                          176.113.112.0/23 maxlen: 23
                          176.113.113.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 142245 (0x22ba5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
        Validity
            Not Before: Apr  6 09:01:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3dd8f1982ba3b8f4ce112fcf55297069bfe2cd97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:6e:8f:4c:69:79:8e:1f:a6:06:27:1c:b6:4b:
                    01:da:fb:80:c9:45:07:1e:58:97:c6:2e:2a:2d:e7:
                    14:58:7d:6b:91:f9:9f:4f:04:b6:60:f3:04:81:fb:
                    60:a1:ff:ad:bc:66:31:7c:6e:da:29:1d:b9:7e:2a:
                    b3:9d:f8:9e:19:16:a0:4b:38:74:c9:9f:2a:5c:e6:
                    92:33:24:b8:c0:d7:e4:8d:bd:e1:57:33:df:3f:1e:
                    b6:4c:6e:13:17:9c:ba:55:d5:09:69:36:e3:a0:5f:
                    b4:c6:de:ef:9e:43:0d:61:bb:39:de:26:c8:2c:1e:
                    ff:06:3f:b2:f6:2a:e3:4a:3d:e3:a8:a6:16:9a:9f:
                    1c:74:77:41:9f:e4:9c:32:d1:9c:12:20:95:b0:7a:
                    ac:ec:54:d0:f5:0e:8d:19:45:11:0a:2e:25:7b:4e:
                    b4:5b:cc:aa:f2:60:0b:a0:64:8c:b2:d0:28:e9:2f:
                    a9:a0:24:be:de:57:c5:89:d3:61:d5:84:8c:1b:5d:
                    02:e8:d2:71:b9:cd:61:26:8e:12:bd:32:1a:69:80:
                    82:3b:13:31:9d:bb:ba:5b:aa:81:2a:5e:ed:de:85:
                    a7:ca:26:68:06:fe:09:4e:0f:4b:d6:7e:5c:1c:21:
                    42:4a:bb:3e:73:a9:bb:57:aa:b6:e9:9b:7d:2f:6e:
                    71:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D8:F1:98:2B:A3:B8:F4:CE:11:2F:CF:55:29:70:69:BF:E2:CD:97
            X509v3 Authority Key Identifier:
                keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/PdjxmCujuPTOES_PVSlwab_izZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.44.0/22
                  176.113.112.0/23
                  194.31.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:e7:42:e3:a2:44:e0:a3:04:7a:61:9c:c3:78:23:e2:aa:3c:
         64:cf:db:86:11:9c:43:e0:2d:7c:7e:b7:97:87:e9:38:56:76:
         82:3d:42:44:b8:8d:b6:10:48:26:32:5a:46:ea:40:19:86:c4:
         4d:fb:af:0d:2b:f9:81:db:51:94:95:50:42:a8:8e:40:ac:1a:
         ad:a7:18:78:22:82:1a:14:3a:1b:3d:f2:cd:24:97:fc:51:6c:
         4a:09:1d:48:b3:1c:5b:df:4d:ed:2d:0e:8d:69:8f:8a:9e:ed:
         c1:33:d3:6e:bc:0b:9b:c1:30:ef:d8:26:4a:f0:1a:8e:1f:65:
         a4:d2:d4:c5:c8:fe:f4:98:43:fc:36:2c:89:8b:fc:58:97:8f:
         1b:df:9a:7b:f0:25:ef:04:77:b0:94:e0:1c:17:df:03:d5:4b:
         e6:64:91:ac:a7:ae:46:08:ec:63:34:c4:32:ba:64:29:f9:dc:
         08:aa:9f:28:b9:58:3a:11:0e:48:77:03:82:cf:4e:66:e1:f3:
         70:75:a8:2b:56:ce:9c:86:a8:54:29:91:08:a8:6b:c6:ae:a3:
         68:4d:5d:52:aa:8a:fe:60:58:96:ff:e9:04:01:f7:6c:91:8c:
         10:1d:33:5d:e3:42:56:e7:b5:a9:fb:51:35:cd:a6:02:93:48:
         f2:f5:c2:d9
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIDAiulMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGRh
NzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMwMGM5YTQwHhcNMjIwNDA2
MDkwMTEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzZGQ4ZjE5ODJiYTNi
OGY0Y2UxMTJmY2Y1NTI5NzA2OWJmZTJjZDk3MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA126PTGl5jh+mBicctksB2vuAyUUHHliXxi4qLecUWH1rkfmf
TwS2YPMEgftgof+tvGYxfG7aKR25fiqznfieGRagSzh0yZ8qXOaSMyS4wNfkjb3h
VzPfPx62TG4TF5y6VdUJaTbjoF+0xt7vnkMNYbs53ibILB7/Bj+y9irjSj3jqKYW
mp8cdHdBn+ScMtGcEiCVsHqs7FTQ9Q6NGUURCi4le060W8yq8mALoGSMstAo6S+p
oCS+3lfFidNh1YSMG10C6NJxuc1hJo4SvTIaaYCCOxMxnbu6W6qBKl7t3oWnyiZo
Bv4JTg9L1n5cHCFCSrs+c6m7V6q26Zt9L25xgQIDAQABo4ICFTCCAhEwHQYDVR0O
BBYEFD3Y8Zgro7j0zhEvz1UpcGm/4s2XMB8GA1UdIwQYMBaAFNpwxEH7iSuMmBZT
SIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
Mm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0LzEv
UGRqeG1DdWp1UFRPRVNfUFZTbHdhYl9pelpjLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9l
NTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0LzEvMm5ERVFmdUpLNHlZ
RmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsG
CCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCVDYsAwQBsHFwAwQCwh+EMA0GCSqG
SIb3DQEBCwUAA4IBAQCk50LjokTgowR6YZzDeCPiqjxkz9uGEZxD4C18freXh+k4
VnaCPUJEuI22EEgmMlpG6kAZhsRN+68NK/mB21GUlVBCqI5ArBqtpxh4IoIaFDob
PfLNJJf8UWxKCR1Isxxb303tLQ6NaY+Knu3BM9NuvAubwTDv2CZK8BqOH2Wk0tTF
yP70mEP8NiyJi/xYl48b35p78CXvBHewlOAcF98D1UvmZJGsp65GCOxjNMQyumQp
+dwIqp8ouVg6EQ5IdwOCz05m4fNwdagrVs6chqhUKZEIqGvGrqNoTV1Sqor+YFiW
/+kEAfdskYwQHTNd40JW57Wp+1E1zaYCk0jy9cLZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:28 2024 by rpki-client on console-fra.rpki-client.org