Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sM963m8vdFVOW879wwc5vchZhYE.roa
File:                     sM963m8vdFVOW879wwc5vchZhYE.roa (raw, json)
Hash identifier:          3/e5QxutDEgh07AmWxc6uvnN3brMgbGTZqI8GUsbWM8=
Subject key identifier:   B0:CF:7A:DE:6F:2F:74:55:4E:5B:CE:FD:C3:07:39:BD:C8:59:85:81
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0B648930
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sM963m8vdFVOW879wwc5vchZhYE.roa
Signing time:             Wed 08 Jun 2022 07:53:02 +0000
ROA not before:           Wed 08 Jun 2022 07:53:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56971
IP address blocks:        89.46.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 191138096 (0xb648930)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jun  8 07:53:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b0cf7ade6f2f74554e5bcefdc30739bdc8598581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:61:22:f8:9a:94:79:35:41:16:01:42:b7:42:
                    2a:84:bd:96:90:74:92:22:e9:c8:f5:a4:1e:ca:d8:
                    bb:55:a3:b0:b5:0c:c8:f7:12:77:98:cc:7a:86:57:
                    54:ef:93:22:bd:6e:3d:52:6e:62:b2:0c:48:26:ce:
                    46:ae:d5:c8:f7:b6:57:de:b4:d0:4e:34:41:15:e1:
                    0a:6a:a5:fb:b4:17:5e:f4:86:35:3e:02:67:96:ee:
                    bd:71:33:59:ee:00:5d:ee:9e:60:8b:44:9c:c8:96:
                    94:a3:d5:14:c9:38:b8:b8:44:55:91:92:f9:68:47:
                    ca:a2:ea:54:25:bb:f9:9b:e0:01:c7:a2:e6:9f:61:
                    e8:cb:5c:2b:13:dc:6d:6c:a8:b2:c4:3a:a9:ca:e7:
                    30:9e:d4:26:27:aa:a4:e3:10:7b:71:9f:24:85:c6:
                    ad:cc:14:91:31:d5:53:71:0c:42:f3:b9:ec:fa:48:
                    4c:5a:7f:35:6a:70:12:f7:3b:89:3c:2c:d5:2e:89:
                    85:72:79:33:02:7f:57:18:d6:45:a9:21:7f:1f:8b:
                    c6:7f:02:50:0e:49:ea:bb:24:5b:70:9a:95:4f:73:
                    d7:ac:33:d3:95:e9:79:11:61:5b:41:d8:91:76:7c:
                    fc:91:5b:bd:74:e8:db:e0:52:a3:3a:76:f2:fe:5b:
                    38:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:CF:7A:DE:6F:2F:74:55:4E:5B:CE:FD:C3:07:39:BD:C8:59:85:81
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sM963m8vdFVOW879wwc5vchZhYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:ac:cf:21:dd:20:f8:2b:7b:1c:a0:f6:b4:a4:e5:e3:05:9c:
         5f:63:c4:b7:14:7d:4a:f3:6b:ad:14:9b:cb:6a:80:d0:26:f9:
         99:c6:b7:f5:2c:d9:7e:b9:b4:ae:64:da:2a:37:a3:00:6f:27:
         07:b4:a4:f6:d7:b3:54:06:18:83:db:7f:3f:a7:08:bc:51:4d:
         65:b5:0a:7f:c5:df:86:03:1b:9e:a5:ce:a6:73:b5:80:2c:87:
         d1:90:93:24:26:e9:5a:f4:2f:78:6e:d9:59:04:b6:ed:d1:7b:
         c8:91:d1:df:bb:08:65:7a:1c:eb:1b:e5:6c:10:fa:69:03:b1:
         a5:18:82:45:e0:47:18:aa:85:4d:66:43:0b:5e:d4:08:d1:4d:
         40:4b:b8:f5:09:7a:b6:49:af:61:4a:ca:8e:2a:7a:82:29:d6:
         7f:19:63:0c:5a:76:86:92:cc:4b:81:c2:00:76:d0:72:eb:cb:
         f0:eb:33:3e:39:89:71:64:a6:99:36:7d:83:97:57:bd:9d:54:
         a5:18:75:b2:73:94:c8:47:a7:9f:9b:4f:a2:9a:6c:e9:cf:62:
         49:75:99:03:67:56:a1:0a:bf:51:98:ca:13:95:44:3c:6e:85:
         74:23:e7:d6:eb:1c:c9:a4:05:ef:f1:a8:4e:b5:9b:13:49:f6:
         c3:d6:eb:93
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC2SJMDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDYw
ODA3NTMwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjBjZjdhZGU2ZjJm
NzQ1NTRlNWJjZWZkYzMwNzM5YmRjODU5ODU4MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALFhIvialHk1QRYBQrdCKoS9lpB0kiLpyPWkHsrYu1WjsLUM
yPcSd5jMeoZXVO+TIr1uPVJuYrIMSCbORq7VyPe2V9600E40QRXhCmql+7QXXvSG
NT4CZ5buvXEzWe4AXe6eYItEnMiWlKPVFMk4uLhEVZGS+WhHyqLqVCW7+ZvgAcei
5p9h6MtcKxPcbWyossQ6qcrnMJ7UJieqpOMQe3GfJIXGrcwUkTHVU3EMQvO57PpI
TFp/NWpwEvc7iTws1S6JhXJ5MwJ/VxjWRakhfx+Lxn8CUA5J6rskW3CalU9z16wz
05XpeRFhW0HYkXZ8/JFbvXTo2+BSozp28v5bOA8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSwz3reby90VU5bzv3DBzm9yFmFgTAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L3NNOTYzbTh2ZEZWT1c4Nzl3d2M1dmNoWmhZRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkuYzANBgkqhkiG9w0BAQsFAAOC
AQEAHKzPId0g+Ct7HKD2tKTl4wWcX2PEtxR9SvNrrRSby2qA0Cb5mca39SzZfrm0
rmTaKjejAG8nB7Sk9tezVAYYg9t/P6cIvFFNZbUKf8XfhgMbnqXOpnO1gCyH0ZCT
JCbpWvQveG7ZWQS27dF7yJHR37sIZXoc6xvlbBD6aQOxpRiCReBHGKqFTWZDC17U
CNFNQEu49Ql6tkmvYUrKjip6ginWfxljDFp2hpLMS4HCAHbQcuvL8OszPjmJcWSm
mTZ9g5dXvZ1UpRh1snOUyEenn5tPopps6c9iSXWZA2dWoQq/UZjKE5VEPG6FdCPn
1uscyaQF7/GoTrWbE0n2w9brkw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org