Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/yoqDjt4Fj70dllcTL32toxxy9wY.roa
File:                     yoqDjt4Fj70dllcTL32toxxy9wY.roa (raw, json)
Hash identifier:          gaXuiiuoQ89LWsCDVtqZ4DoZHIHQGtvd2oe/3+A1bIA=
Subject key identifier:   CA:8A:83:8E:DE:05:8F:BD:1D:96:57:13:2F:7D:AD:A3:1C:72:F7:06
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0A9041AA
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/yoqDjt4Fj70dllcTL32toxxy9wY.roa
Signing time:             Sat 19 Mar 2022 23:39:05 +0000
ROA not before:           Sat 19 Mar 2022 23:39:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        185.149.12.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 177226154 (0xa9041aa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Mar 19 23:39:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca8a838ede058fbd1d9657132f7dada31c72f706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:84:06:32:71:d2:c3:4f:89:0a:9d:47:2d:df:
                    f5:4d:23:6d:61:6b:e9:4b:17:87:26:b7:4a:f9:dd:
                    56:b4:a7:1c:a9:2b:3e:14:28:a7:77:4c:32:0a:76:
                    5d:bf:e8:92:0d:44:a6:82:21:5b:85:8f:28:5c:f5:
                    6a:a3:bb:2d:da:19:93:af:ea:84:7e:d8:cb:de:ff:
                    3f:57:de:81:85:39:17:88:d3:20:f3:44:b1:3e:1c:
                    97:d6:e7:4e:45:96:d0:46:2d:87:c9:ac:f0:c6:41:
                    fb:97:f7:ca:ff:8e:20:96:bb:c0:83:7d:ca:0a:86:
                    00:bf:d9:59:6a:29:b0:d7:83:54:86:ee:29:6d:09:
                    25:cb:60:1a:49:c1:d0:c1:5d:54:33:db:e5:78:4b:
                    28:56:c8:c5:af:25:bf:41:5e:bb:11:66:ed:2c:82:
                    d3:24:1b:29:f2:23:10:f9:f4:40:db:86:9d:f9:d3:
                    03:6a:4c:2b:d1:45:c6:7b:d9:14:42:8a:f2:d0:f0:
                    61:23:94:c0:fd:cf:bd:57:12:af:14:97:4d:79:c5:
                    4d:0a:31:78:94:de:d3:a9:1d:52:05:ac:ae:8e:2f:
                    8c:75:ea:41:81:1c:f3:fc:3e:74:80:ee:99:ac:0d:
                    0e:ef:56:78:f1:84:c7:ce:24:0e:d2:59:f9:87:65:
                    af:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:8A:83:8E:DE:05:8F:BD:1D:96:57:13:2F:7D:AD:A3:1C:72:F7:06
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/yoqDjt4Fj70dllcTL32toxxy9wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:66:a4:a1:c4:f2:87:c5:fc:ec:0f:b2:ce:29:8a:a2:42:2f:
         90:94:7b:ca:2a:41:56:25:ac:78:e0:18:06:18:a9:6a:a3:41:
         8a:26:94:76:49:e7:30:2c:23:07:60:69:bd:31:31:ab:60:b7:
         11:25:29:fa:85:73:9f:dd:1f:d7:87:e9:90:da:f2:b9:0b:1b:
         f2:f9:02:5c:1a:16:6d:8b:1e:90:59:11:89:cd:5d:71:27:7b:
         e5:68:f8:40:b6:15:e2:a7:87:8d:d8:55:28:4c:a9:8a:cd:5e:
         90:c7:ac:e5:c7:ad:88:81:84:66:c7:b4:45:f1:df:cf:ae:77:
         9e:d4:97:62:4a:74:7a:49:7c:7c:9b:55:8e:44:28:87:16:13:
         61:dc:6d:0f:49:77:07:13:c6:ad:9f:9a:a6:57:d6:42:7c:89:
         d6:d0:af:55:b5:57:fa:f6:1c:66:74:5a:60:8b:1e:97:37:a8:
         d5:b0:da:4b:2c:02:c6:0d:47:04:12:16:a4:80:5c:32:9d:40:
         7a:8c:f9:51:8c:34:5c:5c:e1:84:10:37:b5:cc:71:d2:53:3a:
         b8:02:d4:24:fb:4b:35:0f:50:17:60:02:f9:67:85:b8:fe:f6:
         5c:82:8d:91:15:ce:19:33:2c:ed:bd:2b:a5:46:71:80:c7:7f:
         67:3d:f0:2d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECpBBqjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDMx
OTIzMzkwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2E4YTgzOGVkZTA1
OGZiZDFkOTY1NzEzMmY3ZGFkYTMxYzcyZjcwNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALaEBjJx0sNPiQqdRy3f9U0jbWFr6UsXhya3SvndVrSnHKkr
PhQop3dMMgp2Xb/okg1EpoIhW4WPKFz1aqO7LdoZk6/qhH7Yy97/P1fegYU5F4jT
IPNEsT4cl9bnTkWW0EYth8ms8MZB+5f3yv+OIJa7wIN9ygqGAL/ZWWopsNeDVIbu
KW0JJctgGknB0MFdVDPb5XhLKFbIxa8lv0FeuxFm7SyC0yQbKfIjEPn0QNuGnfnT
A2pMK9FFxnvZFEKK8tDwYSOUwP3PvVcSrxSXTXnFTQoxeJTe06kdUgWsro4vjHXq
QYEc8/w+dIDumawNDu9WePGEx84kDtJZ+Ydlr60CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTKioOO3gWPvR2WVxMvfa2jHHL3BjAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L3lvcURqdDRGajcwZGxsY1RMMzJ0b3h4eTl3WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmVDDANBgkqhkiG9w0BAQsFAAOC
AQEAaWakocTyh8X87A+yzimKokIvkJR7yipBViWseOAYBhipaqNBiiaUdknnMCwj
B2BpvTExq2C3ESUp+oVzn90f14fpkNryuQsb8vkCXBoWbYsekFkRic1dcSd75Wj4
QLYV4qeHjdhVKEypis1ekMes5cetiIGEZse0RfHfz653ntSXYkp0ekl8fJtVjkQo
hxYTYdxtD0l3BxPGrZ+aplfWQnyJ1tCvVbVX+vYcZnRaYIselzeo1bDaSywCxg1H
BBIWpIBcMp1Aeoz5UYw0XFzhhBA3tcxx0lM6uALUJPtLNQ9QF2AC+WeFuP72XIKN
kRXOGTMs7b0rpUZxgMd/Zz3wLQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org