Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/1NGTttzFst9jh625vPBN4TZSrvM.roa
File:                     1NGTttzFst9jh625vPBN4TZSrvM.roa (raw, json)
Hash identifier:          dnu91Ceqtt6w96KYFSd+eXAzPR9ioqhZwOrcfm0D8yo=
Subject key identifier:   D4:D1:93:B6:DC:C5:B2:DF:63:87:AD:B9:BC:F0:4D:E1:36:52:AE:F3
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0B92FDEE
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/1NGTttzFst9jh625vPBN4TZSrvM.roa
Signing time:             Wed 22 Jun 2022 20:11:32 +0000
ROA not before:           Wed 22 Jun 2022 20:11:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49392
IP address blocks:        185.149.12.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 194182638 (0xb92fdee)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jun 22 20:11:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d4d193b6dcc5b2df6387adb9bcf04de13652aef3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:0a:a7:0b:5a:29:a5:ef:a4:1b:ab:e3:78:3c:
                    d7:eb:75:28:55:25:0d:49:cd:68:33:b6:4d:82:5e:
                    77:ab:7d:f8:9c:47:ca:d9:06:35:62:8c:1a:66:62:
                    18:b2:67:b7:3c:2b:77:08:f2:97:6b:58:f1:b1:13:
                    52:c8:3f:4b:ef:fb:d2:3e:42:13:26:61:c8:c4:5a:
                    4c:ea:3d:d4:f2:3a:84:50:31:cc:cc:57:9c:8b:9f:
                    e3:3f:62:00:5e:29:31:9f:fd:a6:75:1b:f0:3b:f3:
                    ed:6c:17:47:98:c4:d3:8a:a1:20:cc:a8:1d:e4:3a:
                    7d:25:d6:58:be:54:11:71:70:43:15:b9:10:67:25:
                    05:5e:01:e1:1a:72:6b:82:1c:ed:75:32:e1:7e:bc:
                    c3:ce:62:5b:29:16:aa:ec:08:fe:52:b4:d6:3b:a5:
                    4c:ad:d0:86:20:f4:97:e8:5b:52:7a:ce:91:34:0f:
                    ec:a8:e3:13:ef:b1:a7:3e:45:0b:3e:b9:fb:89:e0:
                    fd:3f:c8:8e:9a:7d:ab:74:86:b8:37:19:c1:16:67:
                    90:b4:08:4c:9c:e6:8c:0f:2f:a6:79:55:7e:06:00:
                    4a:4a:b2:af:6e:62:ac:19:f7:82:7e:e8:16:7a:83:
                    cb:5e:00:8c:63:79:35:ce:8d:6d:3d:a7:79:c2:13:
                    42:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D1:93:B6:DC:C5:B2:DF:63:87:AD:B9:BC:F0:4D:E1:36:52:AE:F3
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/1NGTttzFst9jh625vPBN4TZSrvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:fd:7d:76:af:21:e0:82:ff:e3:b9:38:7a:ff:e9:ca:92:ad:
         59:3e:5c:72:65:03:2c:e8:20:97:20:5a:13:b4:07:71:0b:34:
         41:cd:64:af:b6:02:df:51:c2:76:6c:39:0a:2e:fc:7e:92:f2:
         19:6e:cd:eb:8b:86:78:5b:f1:22:e3:56:9f:99:04:b2:ef:79:
         d4:e9:0d:45:0e:92:51:a1:ab:b8:34:fa:b6:02:f9:9e:f4:ab:
         80:ee:8c:54:3f:ac:71:8e:dc:0c:36:a8:85:9c:be:64:b0:04:
         fd:18:7d:79:6f:0d:94:77:83:13:b9:5a:34:72:b7:6e:ab:35:
         dd:91:62:67:f6:61:77:8e:a7:51:72:3d:de:b4:3f:3d:aa:4c:
         4e:98:a4:d2:68:2d:68:3f:97:17:1f:e6:83:a5:a0:1d:5c:71:
         81:d8:41:92:68:7f:24:6b:46:e6:c6:5f:60:40:d6:dc:ff:3a:
         e9:6e:47:45:9f:29:b0:68:1b:6f:50:b4:80:6c:12:ec:57:cf:
         59:06:0c:ad:2d:77:7f:26:31:2b:a3:9f:63:8b:ab:cc:df:80:
         07:64:20:84:f0:07:5e:ba:08:af:22:59:28:aa:c4:86:70:ed:
         82:dd:20:69:98:77:7a:48:a3:9d:ed:5c:a9:08:11:3a:a6:d8:
         4b:95:46:07
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC5L97jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDYy
MjIwMTEzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDRkMTkzYjZkY2M1
YjJkZjYzODdhZGI5YmNmMDRkZTEzNjUyYWVmMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO8KpwtaKaXvpBur43g81+t1KFUlDUnNaDO2TYJed6t9+JxH
ytkGNWKMGmZiGLJntzwrdwjyl2tY8bETUsg/S+/70j5CEyZhyMRaTOo91PI6hFAx
zMxXnIuf4z9iAF4pMZ/9pnUb8Dvz7WwXR5jE04qhIMyoHeQ6fSXWWL5UEXFwQxW5
EGclBV4B4Rpya4Ic7XUy4X68w85iWykWquwI/lK01julTK3QhiD0l+hbUnrOkTQP
7KjjE++xpz5FCz65+4ng/T/Ijpp9q3SGuDcZwRZnkLQITJzmjA8vpnlVfgYASkqy
r25irBn3gn7oFnqDy14AjGN5Nc6NbT2necITQk0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTU0ZO23MWy32OHrbm88E3hNlKu8zAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
LzFOR1R0dHpGc3Q5amg2MjV2UEJONFRaU3J2TS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmVDDANBgkqhkiG9w0BAQsFAAOC
AQEAOf19dq8h4IL/47k4ev/pypKtWT5ccmUDLOgglyBaE7QHcQs0Qc1kr7YC31HC
dmw5Ci78fpLyGW7N64uGeFvxIuNWn5kEsu951OkNRQ6SUaGruDT6tgL5nvSrgO6M
VD+scY7cDDaohZy+ZLAE/Rh9eW8NlHeDE7laNHK3bqs13ZFiZ/Zhd46nUXI93rQ/
PapMTpik0mgtaD+XFx/mg6WgHVxxgdhBkmh/JGtG5sZfYEDW3P866W5HRZ8psGgb
b1C0gGwS7FfPWQYMrS13fyYxK6OfY4urzN+AB2QghPAHXroIryJZKKrEhnDtgt0g
aZh3ekijne1cqQgROqbYS5VGBw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org