Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/C9uphW1VdR3jcRp3kAZs8y42XBk.roa
File:                     C9uphW1VdR3jcRp3kAZs8y42XBk.roa (raw, json)
Hash identifier:          vB1USiRt/BSgPV8YEtaHeMJbG2dz072A7iNQsxh/AIw=
Subject key identifier:   0B:DB:A9:85:6D:55:75:1D:E3:71:1A:77:90:06:6C:F3:2E:36:5C:19
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0A31061B
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/C9uphW1VdR3jcRp3kAZs8y42XBk.roa
Signing time:             Mon 21 Feb 2022 11:34:39 +0000
ROA not before:           Mon 21 Feb 2022 11:34:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211936
IP address blocks:        89.46.97.0/24 maxlen: 24
                          89.46.96.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 170984987 (0xa31061b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Feb 21 11:34:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0bdba9856d55751de3711a7790066cf32e365c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:f1:83:4a:08:f2:5b:9a:6f:f6:a0:79:1f:
                    3e:43:0a:b6:36:53:f3:5e:10:af:56:0f:1c:38:48:
                    e0:7b:e0:86:a1:17:fc:00:92:d1:9e:19:be:5a:1a:
                    bd:6d:e7:54:22:79:46:c0:37:3e:9c:1b:af:a3:2a:
                    12:c7:4f:61:bf:a6:c7:0d:35:16:19:e1:c9:d4:9d:
                    47:f8:6e:32:18:9e:9e:fa:6d:49:50:f7:d8:65:0d:
                    14:df:ef:b3:38:e8:4d:eb:b7:0b:88:f8:f9:cd:57:
                    bd:fb:74:59:ca:28:ff:12:56:25:3c:e9:f2:98:12:
                    8f:df:73:bc:27:00:97:2b:ca:46:73:13:5a:00:0a:
                    8c:7b:b2:90:48:ec:be:d3:df:29:32:a1:73:60:c5:
                    ee:65:bd:33:29:5c:43:86:54:d9:7f:1e:37:a2:2f:
                    76:2d:72:f4:7a:97:ba:61:5e:05:61:42:b8:c6:32:
                    c5:35:aa:f9:ec:09:4d:4b:4a:73:c4:64:e6:7d:ce:
                    19:49:5c:52:f0:fb:60:23:e9:8c:25:ad:95:e4:95:
                    7d:ec:df:47:b0:3b:18:c0:b3:13:24:2c:cd:ed:c4:
                    25:e6:95:38:1a:1a:9c:b6:d2:b2:f1:07:be:f8:6e:
                    06:e6:a9:9d:91:9c:59:91:66:7c:79:37:e7:4d:88:
                    2f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:DB:A9:85:6D:55:75:1D:E3:71:1A:77:90:06:6C:F3:2E:36:5C:19
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/C9uphW1VdR3jcRp3kAZs8y42XBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:2d:66:f0:20:13:f3:78:ec:5f:78:86:be:26:e5:02:64:fb:
         89:78:48:19:59:8e:71:bb:c4:f0:2e:4e:e0:e7:53:ef:e9:5e:
         e7:14:2a:5a:d4:f2:20:3b:89:b8:00:b1:b7:13:02:1b:03:cd:
         f5:37:57:4c:80:b6:54:72:e3:76:64:65:bd:07:cc:49:ce:4c:
         e1:2c:f5:72:fa:21:b7:13:37:3e:d5:c7:6b:b8:a4:07:b5:c1:
         f2:d7:20:01:de:fb:13:0f:2a:4e:5e:76:bf:4f:87:ae:98:88:
         8f:35:01:08:b9:c0:24:23:b7:89:4b:83:19:81:2f:1f:24:bb:
         c7:89:20:6c:06:34:19:bd:4b:99:20:c0:1b:b7:35:39:24:c9:
         bd:93:f8:8c:40:55:9e:70:c9:c8:16:24:0f:63:38:69:da:a2:
         5f:9a:ed:79:4c:ca:85:ba:c0:07:ca:39:19:78:05:79:d7:f2:
         27:23:4d:0b:a7:70:73:d9:62:3b:17:9b:bf:f9:5e:2e:2e:77:
         59:40:ad:cf:6a:4f:a8:ce:fd:6e:da:38:06:1a:92:4e:fe:0a:
         84:eb:e5:c6:0d:98:ef:a9:4d:09:ef:7f:88:04:30:b2:46:98:
         30:bc:4f:1e:58:bd:20:6f:c8:8b:ef:45:d9:9f:44:fe:cb:ba:
         00:1e:e4:32
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECjEGGzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDIy
MTExMzQzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGJkYmE5ODU2ZDU1
NzUxZGUzNzExYTc3OTAwNjZjZjMyZTM2NWMxOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK9t8YNKCPJbmm/2oHkfPkMKtjZT814Qr1YPHDhI4HvghqEX
/ACS0Z4ZvloavW3nVCJ5RsA3Ppwbr6MqEsdPYb+mxw01FhnhydSdR/huMhienvpt
SVD32GUNFN/vszjoTeu3C4j4+c1Xvft0Wcoo/xJWJTzp8pgSj99zvCcAlyvKRnMT
WgAKjHuykEjsvtPfKTKhc2DF7mW9MylcQ4ZU2X8eN6Ivdi1y9HqXumFeBWFCuMYy
xTWq+ewJTUtKc8Rk5n3OGUlcUvD7YCPpjCWtleSVfezfR7A7GMCzEyQsze3EJeaV
OBoanLbSsvEHvvhuBuapnZGcWZFmfHk3502ILycCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQL26mFbVV1HeNxGneQBmzzLjZcGTAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L0M5dXBoVzFWZFIzamNScDNrQVpzOHk0MlhCay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVkuYDANBgkqhkiG9w0BAQsFAAOC
AQEANC1m8CAT83jsX3iGviblAmT7iXhIGVmOcbvE8C5O4OdT7+le5xQqWtTyIDuJ
uACxtxMCGwPN9TdXTIC2VHLjdmRlvQfMSc5M4Sz1cvohtxM3PtXHa7ikB7XB8tcg
Ad77Ew8qTl52v0+HrpiIjzUBCLnAJCO3iUuDGYEvHyS7x4kgbAY0Gb1LmSDAG7c1
OSTJvZP4jEBVnnDJyBYkD2M4adqiX5rteUzKhbrAB8o5GXgFedfyJyNNC6dwc9li
Oxebv/leLi53WUCtz2pPqM79bto4BhqSTv4KhOvlxg2Y76lNCe9/iAQwskaYMLxP
Hli9IG/Ii+9F2Z9E/su6AB7kMg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org