Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/al-QFX_H7P_3Bax0hR7KshCRcM8.roa
File:                     al-QFX_H7P_3Bax0hR7KshCRcM8.roa (raw, json)
Hash identifier:          TrIIH5Wle60WwjMxT8JsALvF0sXUnG5AquhgH2rr28A=
Subject key identifier:   6A:5F:90:15:7F:C7:EC:FF:F7:05:AC:74:85:1E:CA:B2:10:91:70:CF
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       01892BCD04605B723D76D9577AAD2FB9AF22
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/al-QFX_H7P_3Bax0hR7KshCRcM8.roa
Signing time:             Thu 06 Jul 2023 15:23:23 +0000
ROA not before:           Thu 06 Jul 2023 15:23:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.235.71.0/24 maxlen: 24
                          95.111.128.0/20 maxlen: 20
                          95.111.144.0/20 maxlen: 20
                          185.149.12.0/23 maxlen: 24
                          185.149.13.0/24 maxlen: 24
                          185.149.14.0/23 maxlen: 24
                          89.46.97.0/24 maxlen: 24
                          89.46.98.0/24 maxlen: 24
                          89.46.96.0/24 maxlen: 24
                          89.46.96.0/22 maxlen: 24
                          89.46.99.0/24 maxlen: 24
                          171.22.146.0/24 maxlen: 24
                          91.103.120.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2b:cd:04:60:5b:72:3d:76:d9:57:7a:ad:2f:b9:af:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jul  6 15:23:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a5f90157fc7ecfff705ac74851ecab2109170cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:11:86:60:2f:cc:33:46:2c:d4:4c:49:9e:4d:
                    76:16:a5:c5:66:5d:43:3a:d6:b9:58:5e:83:b4:dd:
                    d6:41:da:dd:58:a0:c0:69:a6:b9:61:fb:d2:f7:eb:
                    88:1a:44:60:a7:cb:58:8f:c1:ba:c7:6a:c2:4e:d8:
                    88:5f:86:2b:58:8f:dc:cf:4d:c1:5b:06:74:c4:c6:
                    08:af:05:46:23:db:b9:98:f4:f7:6f:88:e0:1a:ad:
                    34:02:c5:2e:36:63:e3:28:7d:5d:01:66:11:d6:69:
                    a2:17:88:e0:1a:90:e5:de:1b:a2:19:87:e9:93:c8:
                    20:ea:9d:3c:90:39:06:57:06:05:e0:12:a3:0f:5c:
                    b0:77:ce:92:25:b1:cf:9b:78:a3:01:7a:1a:52:54:
                    73:70:4b:a3:70:93:e6:33:7f:90:7e:4e:ff:57:1f:
                    6e:c2:63:53:ac:53:38:82:5a:1b:d7:52:f4:41:54:
                    89:c8:72:d6:bd:c0:ed:d8:68:eb:52:f7:d2:fd:47:
                    99:e4:5b:01:a0:05:dd:82:ec:6e:4f:cf:42:5d:5a:
                    3d:3b:74:d1:07:1c:09:48:e0:b4:e6:6e:df:30:27:
                    14:89:33:69:39:e8:8c:63:fb:f2:c8:69:7f:c2:4d:
                    e4:a3:86:fd:35:0e:04:b3:0d:4b:40:ec:c7:12:62:
                    c4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:5F:90:15:7F:C7:EC:FF:F7:05:AC:74:85:1E:CA:B2:10:91:70:CF
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/al-QFX_H7P_3Bax0hR7KshCRcM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.96.0/22
                  91.103.120.0/21
                  95.111.128.0/19
                  171.22.146.0/24
                  185.149.12.0/22
                  185.235.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:8a:fc:d8:68:b1:4e:f0:d1:e1:d2:4f:a4:84:e4:d2:cd:d6:
         8b:de:93:64:36:cb:a3:ff:af:0e:35:2a:68:0f:bc:e2:ae:81:
         81:0e:c8:df:70:1a:1a:b4:6e:9b:33:6e:dc:36:31:63:5b:5d:
         d3:4c:c1:2e:64:da:cd:34:9f:d6:7b:8a:69:26:84:a0:c4:01:
         15:ba:3e:88:2d:bd:2e:8c:22:38:b8:a3:af:e3:e9:97:e1:d2:
         9a:77:55:e3:1f:d2:72:76:33:2b:50:cd:9a:fa:de:ba:f8:50:
         ef:48:e7:41:aa:64:77:ac:e4:91:23:90:37:7b:94:b8:58:95:
         7c:71:87:77:24:a5:bc:71:ab:18:9f:6c:fa:7f:13:71:25:a7:
         09:01:35:a6:62:09:e2:09:74:d8:1c:7c:85:04:32:53:fd:51:
         ba:3a:29:20:09:b9:e3:99:21:9e:e8:1f:1f:a3:db:ff:27:69:
         9f:94:7f:74:c4:34:ce:96:cf:cd:dd:26:eb:40:3c:9f:5b:f4:
         cf:46:a1:19:d3:bf:f7:c0:f7:ff:14:aa:2f:30:4a:e5:79:b7:
         17:b9:6b:fe:3a:f2:aa:6a:38:9f:c9:9a:d6:1c:a8:c6:2b:b3:
         86:d0:96:61:8e:34:c8:9b:b8:83:0d:39:72:01:2c:b4:fa:1e:
         50:34:62:fe
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYkrzQRgW3I9dtlXeq0vua8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNzA2MTUyMzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTVmOTAxNTdmYzdlY2ZmZjcwNWFjNzQ4NTFlY2FiMjEwOTE3MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRGGYC/MM0Ys1ExJnk12FqXFZl1D
Ota5WF6DtN3WQdrdWKDAaaa5YfvS9+uIGkRgp8tYj8G6x2rCTtiIX4YrWI/cz03B
WwZ0xMYIrwVGI9u5mPT3b4jgGq00AsUuNmPjKH1dAWYR1mmiF4jgGpDl3huiGYfp
k8gg6p08kDkGVwYF4BKjD1ywd86SJbHPm3ijAXoaUlRzcEujcJPmM3+Qfk7/Vx9u
wmNTrFM4glob11L0QVSJyHLWvcDt2GjrUvfS/UeZ5FsBoAXdguxuT89CXVo9O3TR
BxwJSOC05m7fMCcUiTNpOeiMY/vyyGl/wk3ko4b9NQ4Esw1LQOzHEmLEZQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFGpfkBV/x+z/9wWsdIUeyrIQkXDPMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvYWwtUUZYX0g3UF8zQmF4MGhSN0tzaENSY004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCWS5gAwQD
W2d4AwQFX2+AAwQAqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQCH
ivzYaLFO8NHh0k+khOTSzdaL3pNkNsuj/68ONSpoD7ziroGBDsjfcBoatG6bM27c
NjFjW13TTMEuZNrNNJ/We4ppJoSgxAEVuj6ILb0ujCI4uKOv4+mX4dKad1XjH9Jy
djMrUM2a+t66+FDvSOdBqmR3rOSRI5A3e5S4WJV8cYd3JKW8casYn2z6fxNxJacJ
ATWmYgniCXTYHHyFBDJT/VG6OikgCbnjmSGe6B8fo9v/J2mflH90xDTOls/N3Sbr
QDyfW/TPRqEZ07/3wPf/FKovMErlebcXuWv+OvKqajifyZrWHKjGK7OG0JZhjjTI
m7iDDTlyASy0+h5QNGL+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org