Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/aR3bScJwKjYFgfoCKyxt9BfkRWk.roa
File:                     aR3bScJwKjYFgfoCKyxt9BfkRWk.roa (raw, json)
Hash identifier:          kVV+3NrigX9glW28xHLfnfMJ0GauPavl6rmu+0oC7Lc=
Subject key identifier:   69:1D:DB:49:C2:70:2A:36:05:81:FA:02:2B:2C:6D:F4:17:E4:45:69
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       01860BCC6ED20F7B89B7A3E57BFEB7C1AD46
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/aR3bScJwKjYFgfoCKyxt9BfkRWk.roa
Signing time:             Wed 01 Feb 2023 07:06:32 +0000
ROA not before:           Wed 01 Feb 2023 07:06:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211936
IP address blocks:        171.22.147.0/24 maxlen: 24
                          171.22.146.0/24 maxlen: 24
                          185.235.71.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:0b:cc:6e:d2:0f:7b:89:b7:a3:e5:7b:fe:b7:c1:ad:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Feb  1 07:06:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=691ddb49c2702a360581fa022b2c6df417e44569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ee:00:24:96:51:ca:9c:d4:c0:21:dc:b2:87:
                    e3:17:1f:43:c1:ca:43:e1:a6:97:1a:d4:a1:fa:55:
                    25:6c:6d:9f:f8:e9:fb:6c:80:3f:5e:a6:34:bf:05:
                    c8:ad:7d:46:bc:26:c0:f2:41:98:28:3e:d5:8a:1c:
                    74:7d:0b:8d:9a:a4:a9:43:8f:22:e8:d7:21:06:2b:
                    9a:60:89:bd:4c:09:b9:55:55:33:7b:53:66:c8:c4:
                    fd:b6:67:08:d4:a6:f0:38:20:53:89:12:bc:ac:51:
                    c9:b9:6a:bf:54:a1:3b:d3:da:34:71:cf:cb:20:8c:
                    30:dc:98:2b:74:03:b6:ba:84:42:c4:a5:ae:f2:a2:
                    e7:fd:bf:b3:18:0a:63:18:9e:cd:a0:2e:ad:f9:f4:
                    fc:3d:2f:70:23:a4:a2:a3:24:97:25:d0:18:3d:a1:
                    e4:62:c6:e1:e2:c2:30:a6:21:8f:53:d6:2f:a6:16:
                    0a:11:8e:86:c3:3c:1d:38:16:db:a9:ad:34:d3:83:
                    df:d9:ea:b5:f9:bb:7d:c3:ee:9b:52:b7:5c:b3:6c:
                    41:35:af:5d:59:f2:8e:02:c5:7d:61:03:66:df:c7:
                    fc:b9:3c:eb:65:35:82:6f:cb:42:47:1a:5b:1e:e9:
                    d2:14:4f:03:c2:e5:b0:f3:4c:39:4e:12:be:7e:54:
                    5a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:1D:DB:49:C2:70:2A:36:05:81:FA:02:2B:2C:6D:F4:17:E4:45:69
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/aR3bScJwKjYFgfoCKyxt9BfkRWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.146.0/23
                  185.235.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c5:5c:f1:55:27:b8:44:60:65:62:0e:b2:c9:5b:73:8c:25:
         6b:f2:d9:fa:09:48:cc:ac:a2:f3:20:64:7a:3a:2b:a4:b5:33:
         78:7e:72:cb:d7:32:2b:4b:39:02:ec:a2:c8:87:c1:3e:2f:68:
         e6:d3:a1:f1:8e:f6:c2:71:69:76:a9:cf:8e:93:bb:0e:cc:d3:
         76:89:e1:51:d5:24:fd:13:e5:e8:93:79:aa:5f:e2:a2:66:7a:
         0c:b8:33:c7:e2:57:8f:52:9c:6c:9c:60:93:2c:a0:51:53:04:
         8c:07:86:87:71:00:c7:46:73:e4:7d:5b:85:bb:4e:08:0e:44:
         22:4b:c1:a9:61:1f:06:ca:56:98:e7:87:b6:d0:c8:49:99:d4:
         9f:0f:2c:53:3c:1f:e2:b2:8c:34:e4:44:2c:9c:79:92:40:b6:
         9b:52:c7:23:0c:01:6d:5a:48:84:2d:c7:cd:8a:c3:aa:c9:0e:
         d5:35:0d:c0:32:95:84:3d:4e:7a:4f:ed:2a:cd:1d:e2:36:bb:
         f8:19:24:34:61:c4:e8:70:07:b7:25:b5:28:52:89:a4:76:5c:
         c1:4f:dd:ed:19:3b:cf:aa:de:20:d8:e4:af:d7:1b:52:0e:fd:
         a6:22:76:68:f0:67:87:08:1b:54:09:04:79:63:f7:81:f5:c2:
         47:e8:9a:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYYLzG7SD3uJt6Ple/63wa1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMjAxMDcwNjMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTFkZGI0OWMyNzAyYTM2MDU4MWZhMDIyYjJjNmRmNDE3ZTQ0NTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgO4AJJZRypzUwCHcsofjFx9DwcpD
4aaXGtSh+lUlbG2f+On7bIA/XqY0vwXIrX1GvCbA8kGYKD7Vihx0fQuNmqSpQ48i
6NchBiuaYIm9TAm5VVUze1NmyMT9tmcI1KbwOCBTiRK8rFHJuWq/VKE709o0cc/L
IIww3JgrdAO2uoRCxKWu8qLn/b+zGApjGJ7NoC6t+fT8PS9wI6SioySXJdAYPaHk
Ysbh4sIwpiGPU9YvphYKEY6GwzwdOBbbqa0004Pf2eq1+bt9w+6bUrdcs2xBNa9d
WfKOAsV9YQNm38f8uTzrZTWCb8tCRxpbHunSFE8DwuWw80w5ThK+flRamwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGkd20nCcCo2BYH6AissbfQX5EVpMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvYVIzYlNjSndLallGZ2ZvQ0t5eHQ5QmZrUldrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBqxaSAwQA
uetHMA0GCSqGSIb3DQEBCwUAA4IBAQBHxVzxVSe4RGBlYg6yyVtzjCVr8tn6CUjM
rKLzIGR6OiuktTN4fnLL1zIrSzkC7KLIh8E+L2jm06HxjvbCcWl2qc+Ok7sOzNN2
ieFR1ST9E+Xok3mqX+KiZnoMuDPH4lePUpxsnGCTLKBRUwSMB4aHcQDHRnPkfVuF
u04IDkQiS8GpYR8GylaY54e20MhJmdSfDyxTPB/isow05EQsnHmSQLabUscjDAFt
WkiELcfNisOqyQ7VNQ3AMpWEPU56T+0qzR3iNrv4GSQ0YcTocAe3JbUoUomkdlzB
T93tGTvPqt4g2OSv1xtSDv2mInZo8GeHCBtUCQR5Y/eB9cJH6Jro
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org