Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/fQvPHi3vR22_6xahSZZf4vvay0s.roa
File:                     fQvPHi3vR22_6xahSZZf4vvay0s.roa (raw, json)
Hash identifier:          K28VJJfT4qVpJBlIq3RwHdLMo17oRuRMVfw21gWwK2Q=
Subject key identifier:   7D:0B:CF:1E:2D:EF:47:6D:BF:EB:16:A1:49:96:5F:E2:FB:DA:CB:4B
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0B67EE4F
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/fQvPHi3vR22_6xahSZZf4vvay0s.roa
Signing time:             Wed 08 Jun 2022 18:47:02 +0000
ROA not before:           Wed 08 Jun 2022 18:47:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        171.22.146.0/24 maxlen: 24
                          95.111.128.0/20 maxlen: 24
                          177.222.64.0/19 maxlen: 24
                          95.111.144.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 191360591 (0xb67ee4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jun  8 18:47:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7d0bcf1e2def476dbfeb16a149965fe2fbdacb4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:03:57:85:25:ac:39:e6:69:54:ce:2e:4a:24:
                    c9:f0:97:1d:e7:2f:e6:73:6c:0f:08:75:49:26:8e:
                    89:23:a8:8e:f4:7e:c6:fc:21:cb:6f:99:26:05:ae:
                    00:47:66:c8:68:7d:70:43:16:59:f3:d8:a4:5c:ff:
                    35:75:f8:37:03:1f:5d:47:ea:c3:db:bd:b7:4d:3b:
                    34:47:9d:4e:32:74:7d:76:13:f0:f7:f6:1d:27:ef:
                    0f:b9:31:a4:74:2f:df:25:36:ca:77:88:99:56:96:
                    44:c4:ba:3e:d8:51:d9:d7:50:9e:cd:74:e3:6d:cd:
                    16:68:e4:27:cb:fc:87:6f:0a:7a:a7:b5:61:ab:b0:
                    4c:d4:1e:49:b9:b7:2f:ba:56:ae:45:ae:40:19:ac:
                    0a:2e:f7:23:28:7e:32:13:2b:29:a0:eb:f4:68:07:
                    e6:9b:9d:e6:4e:de:62:a8:59:00:4e:4d:f4:7c:69:
                    26:62:9f:46:cb:c4:b0:12:b6:cc:3e:cc:fa:f8:e5:
                    9f:36:98:f2:b3:68:bf:31:ea:3c:64:af:f2:31:e0:
                    aa:0e:86:fd:71:ba:57:9f:c7:bd:38:0c:34:54:d3:
                    9b:02:52:cd:dd:a4:24:3c:80:22:72:50:93:ca:25:
                    dc:37:61:ad:e5:d1:0b:33:5c:b0:20:77:c8:e6:d1:
                    f3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0B:CF:1E:2D:EF:47:6D:BF:EB:16:A1:49:96:5F:E2:FB:DA:CB:4B
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/fQvPHi3vR22_6xahSZZf4vvay0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.111.128.0/19
                  171.22.146.0/24
                  177.222.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         33:a1:0f:41:c8:46:67:5b:d8:2b:28:fb:c5:0d:5b:11:6a:3c:
         0b:6e:c6:02:70:8c:d7:bb:be:9c:3b:dc:af:09:24:88:f1:d0:
         06:ed:d4:9d:34:2c:34:1e:2a:9e:da:f3:50:48:54:66:1a:19:
         f2:20:95:f1:bd:f1:30:1b:51:46:6e:43:e7:b4:35:da:ba:33:
         ef:78:ad:54:19:21:64:19:55:c6:4a:59:b3:27:a7:40:b4:04:
         0b:e7:3c:64:d7:56:dc:9f:ff:94:30:9e:31:2c:63:f0:63:bc:
         6c:a6:53:a4:ec:67:52:67:71:c7:73:ce:64:a2:2a:5a:27:70:
         22:8f:bf:3f:67:7a:0c:07:6b:04:24:94:2e:aa:b4:d7:f5:74:
         73:34:ff:f0:27:a7:de:b4:29:83:6f:55:dc:0e:3a:3a:ee:0d:
         02:83:aa:9f:b1:3c:3b:05:6c:f2:95:b9:9b:e0:8e:fa:93:40:
         b4:e1:32:3d:b1:b9:80:8a:9d:d6:88:43:83:24:bb:64:80:b6:
         33:c9:bc:e0:68:1f:2c:d5:3f:c7:55:a8:56:0f:28:4a:ff:6e:
         37:53:10:c2:af:f5:8a:85:22:41:25:f9:98:b1:0b:b8:6f:26:
         95:22:ee:e3:cd:af:77:93:04:d0:56:ea:8e:b9:1f:5c:63:b4:
         ba:96:e5:d8
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEC2fuTzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDYw
ODE4NDcwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2QwYmNmMWUyZGVm
NDc2ZGJmZWIxNmExNDk5NjVmZTJmYmRhY2I0YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJwDV4UlrDnmaVTOLkokyfCXHecv5nNsDwh1SSaOiSOojvR+
xvwhy2+ZJgWuAEdmyGh9cEMWWfPYpFz/NXX4NwMfXUfqw9u9t007NEedTjJ0fXYT
8Pf2HSfvD7kxpHQv3yU2yneImVaWRMS6PthR2ddQns10423NFmjkJ8v8h28Keqe1
YauwTNQeSbm3L7pWrkWuQBmsCi73Iyh+MhMrKaDr9GgH5pud5k7eYqhZAE5N9Hxp
JmKfRsvEsBK2zD7M+vjlnzaY8rNovzHqPGSv8jHgqg6G/XG6V5/HvTgMNFTTmwJS
zd2kJDyAInJQk8ol3DdhreXRCzNcsCB3yObR840CAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBR9C88eLe9Hbb/rFqFJll/i+9rLSzAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L2ZRdlBIaTN2UjIyXzZ4YWhTWlpmNHZ2YXkwcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEBV9vgAMEAKsWkgMEBbHeQDANBgkq
hkiG9w0BAQsFAAOCAQEAM6EPQchGZ1vYKyj7xQ1bEWo8C27GAnCM17u+nDvcrwkk
iPHQBu3UnTQsNB4qntrzUEhUZhoZ8iCV8b3xMBtRRm5D57Q12roz73itVBkhZBlV
xkpZsyenQLQEC+c8ZNdW3J//lDCeMSxj8GO8bKZTpOxnUmdxx3POZKIqWidwIo+/
P2d6DAdrBCSULqq01/V0czT/8Cen3rQpg29V3A46Ou4NAoOqn7E8OwVs8pW5m+CO
+pNAtOEyPbG5gIqd1ohDgyS7ZIC2M8m84GgfLNU/x1WoVg8oSv9uN1MQwq/1ioUi
QSX5mLELuG8mlSLu482vd5ME0FbqjrkfXGO0upbl2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org