Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/mRnc_1X9rbLZR3MnldjBuzMI8Rc.roa
File:                     mRnc_1X9rbLZR3MnldjBuzMI8Rc.roa (raw, json)
Hash identifier:          w/R1GIpT5cy/p/drqBRT3O1Efxmwa5vgmUPuPQY79Rg=
Subject key identifier:   99:19:DC:FF:55:FD:AD:B2:D9:47:73:27:95:D8:C1:BB:33:08:F1:17
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       09A8E430
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/mRnc_1X9rbLZR3MnldjBuzMI8Rc.roa
Signing time:             Sat 01 Jan 2022 09:56:52 +0000
ROA not before:           Sat 01 Jan 2022 09:56:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25369
IP address blocks:        31.43.175.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 162063408 (0x9a8e430)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  1 09:56:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9919dcff55fdadb2d947732795d8c1bb3308f117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b5:4e:9c:02:1f:0c:3b:ec:e7:1c:aa:25:51:
                    d2:ba:6e:e1:8f:74:89:e0:a9:59:43:7f:93:83:c3:
                    63:79:ed:7d:f7:35:48:54:cb:d2:e5:75:1b:9d:4a:
                    5d:dc:50:cd:39:50:48:a4:66:07:62:56:26:63:79:
                    53:7f:a7:96:25:79:05:4c:f9:9c:a3:7f:ea:3c:e9:
                    58:a5:82:89:7c:ab:33:cb:8f:e7:47:68:52:91:58:
                    f6:eb:66:e6:dd:49:1c:82:2c:75:7f:cc:95:72:67:
                    0a:80:2d:81:1c:1d:27:4a:c0:aa:04:18:6a:c1:fb:
                    d8:7e:7d:d4:35:0e:e6:05:0f:ce:36:29:9c:2a:2e:
                    90:2d:5b:53:f6:68:b8:5a:e4:bc:7a:64:e7:ac:97:
                    c2:bf:0e:ff:21:f4:73:60:63:f0:49:3a:7f:88:0e:
                    87:b4:fb:03:da:98:0b:63:6c:68:45:44:ac:a9:3d:
                    2e:9a:7f:06:9f:da:00:df:dd:eb:fd:0a:22:0b:16:
                    b9:6f:a0:9f:87:05:9c:79:fc:a6:a3:b0:6e:8f:14:
                    24:58:30:1c:8f:19:46:42:f9:95:d7:27:e5:c0:2a:
                    ec:58:84:8a:af:be:85:44:79:46:ab:bb:02:0a:44:
                    23:b7:40:2c:37:f7:7f:c1:57:17:4b:c0:56:bb:a4:
                    72:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:19:DC:FF:55:FD:AD:B2:D9:47:73:27:95:D8:C1:BB:33:08:F1:17
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/mRnc_1X9rbLZR3MnldjBuzMI8Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:a4:21:ff:6b:c7:49:18:11:02:8e:95:4f:26:97:1a:ad:e2:
         43:bf:8d:6c:ac:a3:0d:c0:92:bd:50:68:4a:da:33:d2:90:7d:
         8c:01:a6:1f:a2:0c:0e:73:bf:6d:23:ed:ea:e9:ae:35:a8:d2:
         3e:99:3f:2f:7d:6b:d0:ea:00:77:17:57:92:21:d5:8b:63:5a:
         f6:ab:d8:63:9d:46:c3:cd:17:55:97:52:4a:5c:20:dd:41:6b:
         0a:af:ea:ad:ef:11:83:cc:7b:99:ce:ff:0c:a2:89:76:e0:55:
         53:f4:b0:84:f4:81:6e:1c:1e:31:e9:44:6d:b1:32:cf:6b:b5:
         6e:8f:b7:e9:f6:b9:93:1f:42:f2:a4:10:ca:e8:ef:c9:95:76:
         58:03:fc:f5:44:5a:42:00:49:b3:b7:e3:d4:cb:58:83:e9:99:
         e2:51:3e:3d:de:03:19:7a:36:0e:17:ea:b6:b0:57:6c:5a:f4:
         79:62:ef:16:fb:bc:96:ca:d2:f9:dd:c7:e5:11:36:2d:62:1d:
         70:2f:d6:ee:a0:04:a8:6d:32:16:ff:59:70:90:74:37:f8:ce:
         05:f1:f3:15:98:5c:62:6a:35:29:49:4f:10:7b:53:3e:03:c0:
         38:b7:39:5f:71:eb:68:2b:c1:eb:94:6e:c2:4d:5a:72:2d:2f:
         b0:92:a4:f1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECajkMDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDEw
MTA5NTY1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTkxOWRjZmY1NWZk
YWRiMmQ5NDc3MzI3OTVkOGMxYmIzMzA4ZjExNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMu1TpwCHww77OccqiVR0rpu4Y90ieCpWUN/k4PDY3ntffc1
SFTL0uV1G51KXdxQzTlQSKRmB2JWJmN5U3+nliV5BUz5nKN/6jzpWKWCiXyrM8uP
50doUpFY9utm5t1JHIIsdX/MlXJnCoAtgRwdJ0rAqgQYasH72H591DUO5gUPzjYp
nCoukC1bU/ZouFrkvHpk56yXwr8O/yH0c2Bj8Ek6f4gOh7T7A9qYC2NsaEVErKk9
Lpp/Bp/aAN/d6/0KIgsWuW+gn4cFnHn8pqOwbo8UJFgwHI8ZRkL5ldcn5cAq7FiE
iq++hUR5Rqu7AgpEI7dALDf3f8FXF0vAVrukcr8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSZGdz/Vf2tstlHcyeV2MG7MwjxFzAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L21SbmNfMVg5cmJMWlIzTW5sZGpCdXpNSThSYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8rrzANBgkqhkiG9w0BAQsFAAOC
AQEAl6Qh/2vHSRgRAo6VTyaXGq3iQ7+NbKyjDcCSvVBoStoz0pB9jAGmH6IMDnO/
bSPt6umuNajSPpk/L31r0OoAdxdXkiHVi2Na9qvYY51Gw80XVZdSSlwg3UFrCq/q
re8Rg8x7mc7/DKKJduBVU/SwhPSBbhweMelEbbEyz2u1bo+36fa5kx9C8qQQyujv
yZV2WAP89URaQgBJs7fj1MtYg+mZ4lE+Pd4DGXo2DhfqtrBXbFr0eWLvFvu8lsrS
+d3H5RE2LWIdcC/W7qAEqG0yFv9ZcJB0N/jOBfHzFZhcYmo1KUlPEHtTPgPAOLc5
X3HraCvB65Ruwk1aci0vsJKk8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org