Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Ox76XJ4ztlAENMVejYP4GVDbdWg.roa
File:                     Ox76XJ4ztlAENMVejYP4GVDbdWg.roa (raw, json)
Hash identifier:          Jz43q+h3o5w+7nnEPIHZkvCodntZsD0RtvxCna+wSbc=
Subject key identifier:   3B:1E:FA:5C:9E:33:B6:50:04:34:C5:5E:8D:83:F8:19:50:DB:75:68
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0B600F91
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Ox76XJ4ztlAENMVejYP4GVDbdWg.roa
Signing time:             Tue 07 Jun 2022 18:14:02 +0000
ROA not before:           Tue 07 Jun 2022 18:14:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56971
IP address blocks:        89.46.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 190844817 (0xb600f91)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jun  7 18:14:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3b1efa5c9e33b6500434c55e8d83f81950db7568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1a:33:ec:82:39:b4:f5:15:d9:45:6b:a8:56:
                    a1:da:ca:0c:b6:91:35:7e:24:13:c9:51:34:30:1b:
                    30:60:69:df:c7:1e:ec:b5:2a:70:1d:41:35:e4:e4:
                    2c:6f:5c:95:10:d4:d6:f7:6f:03:94:48:20:4c:73:
                    a2:8b:06:84:f2:d5:d6:02:c9:91:84:08:64:a2:5b:
                    25:c2:9f:a5:f8:c0:13:93:b9:d1:e4:a5:90:20:1f:
                    d4:d4:1c:b0:57:d6:29:f2:d8:07:95:76:6e:fc:bf:
                    0a:a5:c7:8f:86:fd:12:70:ec:d4:2a:08:44:bc:8d:
                    48:68:f2:02:d6:6f:35:9d:e5:f7:7d:3d:71:de:5c:
                    4a:a9:78:0c:af:b2:75:b9:86:d3:42:aa:5c:a5:14:
                    4f:96:24:38:a4:e2:f0:5c:38:b0:70:f0:64:77:09:
                    e8:eb:79:08:a6:28:6a:c7:f6:29:df:61:05:a0:4e:
                    3f:6f:f6:02:f4:89:f3:a4:f5:2c:bb:18:92:5b:48:
                    b7:11:3b:8f:2d:36:92:d7:4b:7c:18:8a:42:55:3c:
                    20:3e:98:f4:3a:2c:ed:8b:ba:38:ad:4e:5a:b8:cb:
                    ff:8e:10:06:ff:6e:83:08:93:24:2d:76:39:29:f4:
                    bd:3c:ed:ff:38:24:60:19:db:a9:95:47:5a:9d:d3:
                    47:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:1E:FA:5C:9E:33:B6:50:04:34:C5:5E:8D:83:F8:19:50:DB:75:68
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Ox76XJ4ztlAENMVejYP4GVDbdWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b3:fb:d7:59:54:21:85:f6:90:ac:0f:2e:f3:ae:d1:c0:9c:
         e2:c8:63:38:06:bb:15:1c:b2:b3:53:4c:6f:bd:75:f2:a7:5a:
         e7:fe:62:d9:f7:fb:af:18:4a:9f:11:62:57:02:3b:25:fc:77:
         e2:3d:fb:40:a6:66:b4:fe:a7:dd:b1:27:0d:c0:77:4b:df:3a:
         66:1d:38:81:c8:25:4b:43:30:fe:ed:2c:18:fb:84:ad:e9:0e:
         68:dc:ba:87:2a:48:a3:cb:e3:bd:eb:0a:ee:e9:da:3c:c7:2c:
         70:b3:a0:fd:a6:19:6e:c2:0c:f7:70:f1:ae:06:11:cb:2c:40:
         0b:f3:2e:c4:91:fb:95:87:86:7e:87:24:45:89:62:e6:09:17:
         d6:9c:ac:fc:be:bc:c4:46:d1:52:65:8c:db:f5:28:cb:0b:e9:
         e4:3f:a8:84:f2:3c:5e:13:95:c3:d4:64:d4:51:30:79:6b:83:
         fc:b0:ae:47:a3:da:b6:7a:8d:64:58:87:05:a2:4c:50:86:60:
         83:12:42:c1:77:00:b3:8a:a8:c9:79:47:cd:88:08:33:70:80:
         dd:a7:26:09:79:95:5f:73:fe:6c:4f:58:65:d8:69:11:e7:b8:
         6d:54:04:ed:60:1c:66:30:46:8e:3b:35:7d:41:5b:8c:78:0e:
         a4:a7:a9:be
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC2APkTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDYw
NzE4MTQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2IxZWZhNWM5ZTMz
YjY1MDA0MzRjNTVlOGQ4M2Y4MTk1MGRiNzU2ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALoaM+yCObT1FdlFa6hWodrKDLaRNX4kE8lRNDAbMGBp38ce
7LUqcB1BNeTkLG9clRDU1vdvA5RIIExzoosGhPLV1gLJkYQIZKJbJcKfpfjAE5O5
0eSlkCAf1NQcsFfWKfLYB5V2bvy/CqXHj4b9EnDs1CoIRLyNSGjyAtZvNZ3l9309
cd5cSql4DK+ydbmG00KqXKUUT5YkOKTi8Fw4sHDwZHcJ6Ot5CKYoasf2Kd9hBaBO
P2/2AvSJ86T1LLsYkltItxE7jy02ktdLfBiKQlU8ID6Y9Dos7Yu6OK1OWrjL/44Q
Bv9ugwiTJC12OSn0vTzt/zgkYBnbqZVHWp3TRzkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ7HvpcnjO2UAQ0xV6Ng/gZUNt1aDAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L094NzZYSjR6dGxBRU5NVmVqWVA0R1ZEYmRXZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkuYzANBgkqhkiG9w0BAQsFAAOC
AQEAK7P711lUIYX2kKwPLvOu0cCc4shjOAa7FRyys1NMb7118qda5/5i2ff7rxhK
nxFiVwI7Jfx34j37QKZmtP6n3bEnDcB3S986Zh04gcglS0Mw/u0sGPuErekOaNy6
hypIo8vjvesK7unaPMcscLOg/aYZbsIM93DxrgYRyyxAC/MuxJH7lYeGfockRYli
5gkX1pys/L68xEbRUmWM2/Uoywvp5D+ohPI8XhOVw9Rk1FEweWuD/LCuR6PatnqN
ZFiHBaJMUIZggxJCwXcAs4qoyXlHzYgIM3CA3acmCXmVX3P+bE9YZdhpEee4bVQE
7WAcZjBGjjs1fUFbjHgOpKepvg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org