Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/ZSR-YhfNj3VSreBhF25rO7OPV7s.roa
File:                     ZSR-YhfNj3VSreBhF25rO7OPV7s.roa (raw, json)
Hash identifier:          HbWC8mYn4HdssXSc0YSsK8aj/PglHt8AuYGNYvi/7cI=
Subject key identifier:   65:24:7E:62:17:CD:8F:75:52:AD:E0:61:17:6E:6B:3B:B3:8F:57:BB
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0B1AA752
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/ZSR-YhfNj3VSreBhF25rO7OPV7s.roa
Signing time:             Thu 12 May 2022 20:27:22 +0000
ROA not before:           Thu 12 May 2022 20:27:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        171.22.146.0/24 maxlen: 24
                          95.111.128.0/20 maxlen: 24
                          177.222.64.0/19 maxlen: 24
                          95.111.144.0/20 maxlen: 24
                          185.149.13.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 186296146 (0xb1aa752)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: May 12 20:27:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=65247e6217cd8f7552ade061176e6b3bb38f57bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:33:b7:d3:d2:60:26:25:29:13:b4:80:49:dc:
                    33:ac:8c:2b:46:a0:a4:fa:76:04:eb:d2:26:a1:3c:
                    cb:29:4b:22:ea:e4:a8:c4:ae:d9:d5:7a:33:f1:bb:
                    45:58:8c:8b:25:24:8a:2e:e4:c4:83:1f:47:60:23:
                    97:9d:d9:0b:57:11:11:09:ff:08:00:e4:e4:08:10:
                    f0:43:89:db:a6:24:eb:ed:45:34:e6:bf:d4:65:db:
                    9b:1f:4b:5c:02:2d:f0:48:ea:d5:ab:40:2b:52:ab:
                    6b:bc:a6:28:fe:36:9b:b1:0e:e8:8a:eb:ed:71:4d:
                    fd:e1:63:8e:4c:3a:5f:30:e3:46:90:1a:2d:7c:1b:
                    76:99:bc:69:24:74:9b:3d:fa:c0:72:70:80:1a:89:
                    60:3a:c9:7f:5c:f3:10:c0:5b:6b:fa:ed:ca:95:e7:
                    7d:d6:7d:63:40:eb:48:ed:6a:4d:b2:72:81:d6:d7:
                    29:12:29:01:93:5e:23:7d:3d:50:dc:56:52:bc:ce:
                    b2:a2:12:c4:98:a7:bd:b7:0d:38:53:e9:0a:8e:57:
                    e3:1a:28:dc:e9:5b:f1:ee:da:11:ba:aa:9a:e2:d7:
                    1d:50:f7:70:f8:a1:82:e6:df:38:69:4a:f7:5b:15:
                    38:70:b1:35:71:9b:de:c4:62:86:3d:5d:f2:16:a2:
                    f5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:24:7E:62:17:CD:8F:75:52:AD:E0:61:17:6E:6B:3B:B3:8F:57:BB
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/ZSR-YhfNj3VSreBhF25rO7OPV7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.111.128.0/19
                  171.22.146.0/24
                  177.222.64.0/19
                  185.149.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:28:8e:dd:50:cd:53:63:bf:15:c1:6e:77:0d:4a:71:51:c3:
         dd:3b:c9:9e:f5:12:30:76:6f:d3:8e:1d:20:18:34:9f:6c:55:
         ca:2d:96:ff:74:6b:e7:90:1c:ae:96:7d:01:7d:53:dc:8a:94:
         64:60:04:aa:4a:db:c0:a4:22:27:8b:23:32:5f:da:1b:45:8a:
         7a:ce:30:30:26:27:7a:68:55:a8:2d:b4:b1:bd:2a:89:2f:5c:
         2f:65:15:55:09:35:80:8a:dc:d1:0f:92:78:22:d7:9d:22:31:
         be:07:75:02:4e:df:0e:b2:b8:f3:0b:24:0e:9b:d1:a4:f8:12:
         28:75:dc:e7:d7:3d:cb:f5:e7:07:ac:38:62:e9:64:df:1f:e4:
         a6:4c:20:e6:e3:69:30:37:88:01:19:c5:f6:cd:43:4d:20:18:
         0e:6e:b4:61:87:5f:d5:05:2a:38:38:bf:50:a5:18:ce:14:2f:
         f2:e6:b2:e9:35:7e:c9:0e:aa:68:fc:92:fb:cd:13:5a:2f:66:
         76:c4:40:62:06:3b:3d:b3:f1:9a:1d:0a:2d:8d:61:c5:29:ef:
         61:bf:a1:7d:c4:46:3d:de:51:e5:a4:db:ea:b1:57:17:ef:9b:
         a6:68:47:40:dd:e8:6e:b3:6e:69:9a:d4:63:c3:d2:3e:4e:3b:
         25:b1:51:31
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIECxqnUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDUx
MjIwMjcyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjUyNDdlNjIxN2Nk
OGY3NTUyYWRlMDYxMTc2ZTZiM2JiMzhmNTdiYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK8zt9PSYCYlKRO0gEncM6yMK0agpPp2BOvSJqE8yylLIurk
qMSu2dV6M/G7RViMiyUkii7kxIMfR2Ajl53ZC1cREQn/CADk5AgQ8EOJ26Yk6+1F
NOa/1GXbmx9LXAIt8Ejq1atAK1Kra7ymKP42m7EO6Irr7XFN/eFjjkw6XzDjRpAa
LXwbdpm8aSR0mz36wHJwgBqJYDrJf1zzEMBba/rtypXnfdZ9Y0DrSO1qTbJygdbX
KRIpAZNeI309UNxWUrzOsqISxJinvbcNOFPpCo5X4xoo3Olb8e7aEbqqmuLXHVD3
cPihgubfOGlK91sVOHCxNXGb3sRihj1d8hai9asCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBRlJH5iF82PdVKt4GEXbms7s49XuzAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L1pTUi1ZaGZOajNWU3JlQmhGMjVyTzdPUFY3cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEBV9vgAMEAKsWkgMEBbHeQAMEALmV
DTANBgkqhkiG9w0BAQsFAAOCAQEAgyiO3VDNU2O/FcFudw1KcVHD3TvJnvUSMHZv
044dIBg0n2xVyi2W/3Rr55AcrpZ9AX1T3IqUZGAEqkrbwKQiJ4sjMl/aG0WKes4w
MCYnemhVqC20sb0qiS9cL2UVVQk1gIrc0Q+SeCLXnSIxvgd1Ak7fDrK48wskDpvR
pPgSKHXc59c9y/XnB6w4Yulk3x/kpkwg5uNpMDeIARnF9s1DTSAYDm60YYdf1QUq
ODi/UKUYzhQv8uay6TV+yQ6qaPyS+80TWi9mdsRAYgY7PbPxmh0KLY1hxSnvYb+h
fcRGPd5R5aTb6rFXF++bpmhHQN3obrNuaZrUY8PSPk47JbFRMQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org