Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/l_dADeO6f1dlxwI7CPVJfS4pNWw.roa
File:                     l_dADeO6f1dlxwI7CPVJfS4pNWw.roa (raw, json)
Hash identifier:          wrBk+EDrPOnT0Z6r+3fGHxc9QyYV/0h5AdRotMqU8pk=
Subject key identifier:   97:F7:40:0D:E3:BA:7F:57:65:C7:02:3B:08:F5:49:7D:2E:29:35:6C
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0A10447A
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/l_dADeO6f1dlxwI7CPVJfS4pNWw.roa
Signing time:             Mon 14 Feb 2022 09:18:14 +0000
ROA not before:           Mon 14 Feb 2022 09:18:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     46573
IP address blocks:        89.46.98.0/23 maxlen: 24
                          89.46.98.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 168838266 (0xa10447a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Feb 14 09:18:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=97f7400de3ba7f5765c7023b08f5497d2e29356c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a5:4c:d2:7d:46:ff:3f:7c:9c:ac:3f:80:b0:
                    78:58:f3:6f:1d:49:63:42:fc:23:03:fb:c4:7f:68:
                    6b:3c:7a:6c:54:fc:5a:1e:88:b6:8f:a7:c8:86:cd:
                    32:ef:f7:c4:55:62:22:aa:9b:3b:ab:3e:19:46:ae:
                    b0:50:ec:95:a5:75:2a:c4:16:9a:53:1a:d8:7f:2f:
                    b2:aa:d2:f5:ae:af:8f:9c:2d:5e:67:09:c3:bc:ad:
                    42:06:ef:4a:a7:b1:0e:13:59:c7:ed:84:b5:12:96:
                    43:2d:b9:07:fd:19:60:e1:89:39:00:d0:fb:5a:b2:
                    07:de:bd:04:d2:7a:e7:87:7f:ad:82:c5:5e:2f:53:
                    ea:8d:32:c9:54:3f:c5:d7:83:5f:52:13:84:0d:07:
                    e9:bd:12:5e:fa:f9:39:d1:b4:f7:6b:bf:8d:3a:f8:
                    ce:5f:25:30:c8:33:80:d0:84:c4:c6:20:1c:bb:2c:
                    89:31:f2:1c:47:01:dd:d0:84:db:38:5c:44:21:8a:
                    6d:8d:e6:06:9c:e7:7c:6a:d9:3d:81:ad:37:08:83:
                    04:ee:18:19:e6:48:3e:f5:31:10:64:3b:b6:d9:f7:
                    c8:b6:6d:7c:a5:b1:88:fe:24:18:3f:6a:5c:9b:7d:
                    7c:5e:58:79:e6:39:73:74:eb:a5:ad:19:d9:ca:89:
                    11:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F7:40:0D:E3:BA:7F:57:65:C7:02:3B:08:F5:49:7D:2E:29:35:6C
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/l_dADeO6f1dlxwI7CPVJfS4pNWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:7e:b3:25:07:77:07:77:67:e0:16:3b:0b:e2:1a:f2:a4:50:
         ba:f7:1d:d8:a5:2f:52:97:e0:ce:c9:13:10:12:c6:98:a5:34:
         3b:01:56:9b:22:2a:fa:54:80:09:64:ac:f6:fd:46:13:51:18:
         f3:d9:ac:0f:e0:9b:75:dc:b8:04:62:64:06:b6:76:8e:9c:7b:
         47:a1:56:18:ad:79:a1:2d:4b:85:64:72:66:44:0a:00:2f:d6:
         33:f8:cb:63:fa:d8:07:d7:09:dd:90:06:77:08:24:d5:61:4e:
         d0:11:c7:28:fd:e4:1a:0a:c9:26:85:a7:f5:ec:c6:2b:70:b1:
         88:d4:92:91:27:b3:39:78:02:78:19:4c:02:00:6d:36:67:03:
         90:68:59:c5:22:7a:92:60:11:c0:a7:2a:8e:88:60:d1:d0:88:
         72:55:4e:95:3b:0b:70:b5:19:71:de:ad:01:ba:ef:59:e5:f0:
         ea:26:ea:c7:dc:46:b3:b0:1a:1c:d0:48:61:fa:04:e0:2d:c8:
         ba:41:0c:a1:57:d5:bc:d3:96:e3:17:4e:8f:18:07:c3:74:fc:
         5c:be:72:c5:91:22:6a:59:90:89:31:d4:16:91:4d:de:62:fb:
         92:4e:93:22:0a:8a:23:cf:55:a3:ca:c2:a2:4d:ea:64:19:75:
         76:82:96:6e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEChBEejANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDIx
NDA5MTgxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTdmNzQwMGRlM2Jh
N2Y1NzY1YzcwMjNiMDhmNTQ5N2QyZTI5MzU2YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM2lTNJ9Rv8/fJysP4CweFjzbx1JY0L8IwP7xH9oazx6bFT8
Wh6Ito+nyIbNMu/3xFViIqqbO6s+GUausFDslaV1KsQWmlMa2H8vsqrS9a6vj5wt
XmcJw7ytQgbvSqexDhNZx+2EtRKWQy25B/0ZYOGJOQDQ+1qyB969BNJ654d/rYLF
Xi9T6o0yyVQ/xdeDX1IThA0H6b0SXvr5OdG092u/jTr4zl8lMMgzgNCExMYgHLss
iTHyHEcB3dCE2zhcRCGKbY3mBpznfGrZPYGtNwiDBO4YGeZIPvUxEGQ7ttn3yLZt
fKWxiP4kGD9qXJt9fF5YeeY5c3Trpa0Z2cqJEbkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSX90AN47p/V2XHAjsI9Ul9Lik1bDAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L2xfZEFEZU82ZjFkbHh3STdDUFZKZlM0cE5Xdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVkuYjANBgkqhkiG9w0BAQsFAAOC
AQEAA36zJQd3B3dn4BY7C+Ia8qRQuvcd2KUvUpfgzskTEBLGmKU0OwFWmyIq+lSA
CWSs9v1GE1EY89msD+Cbddy4BGJkBrZ2jpx7R6FWGK15oS1LhWRyZkQKAC/WM/jL
Y/rYB9cJ3ZAGdwgk1WFO0BHHKP3kGgrJJoWn9ezGK3CxiNSSkSezOXgCeBlMAgBt
NmcDkGhZxSJ6kmARwKcqjohg0dCIclVOlTsLcLUZcd6tAbrvWeXw6ibqx9xGs7Aa
HNBIYfoE4C3IukEMoVfVvNOW4xdOjxgHw3T8XL5yxZEialmQiTHUFpFN3mL7kk6T
IgqKI89Vo8rCok3qZBl1doKWbg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org