Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/zU4u0l-BKEIR4UJpRNJr_gJcYIU.roa
File:                     zU4u0l-BKEIR4UJpRNJr_gJcYIU.roa (raw, json)
Hash identifier:          6loGBYYW24m6ovnaAWhEcuHZPMZ6KG59iEC5GV9Alpo=
Subject key identifier:   CD:4E:2E:D2:5F:81:28:42:11:E1:42:69:44:D2:6B:FE:02:5C:60:85
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0A5F7B4C
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/zU4u0l-BKEIR4UJpRNJr_gJcYIU.roa
Signing time:             Tue 08 Mar 2022 08:04:04 +0000
ROA not before:           Tue 08 Mar 2022 08:04:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        95.111.128.0/20 maxlen: 24
                          177.222.64.0/19 maxlen: 24
                          95.111.144.0/20 maxlen: 24
                          185.149.13.0/24 maxlen: 24
                          185.149.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 174029644 (0xa5f7b4c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Mar  8 08:04:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cd4e2ed25f81284211e1426944d26bfe025c6085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:78:87:9b:9b:a0:49:b4:ac:00:e7:f1:19:4b:
                    05:ca:6b:38:c7:7b:e7:83:d6:57:7a:6a:36:c1:1e:
                    63:29:72:2f:90:80:03:2b:a8:a5:3e:08:95:ee:b0:
                    ae:80:ab:f6:95:ef:cd:b1:b5:43:cc:e8:69:4c:54:
                    51:f6:55:cd:8e:5e:4c:c1:a8:9e:cb:d2:51:01:6a:
                    00:0b:f0:f6:a2:3e:00:d4:56:be:5a:bb:37:c0:eb:
                    62:2d:f8:9a:87:0d:41:da:cd:46:65:6c:bb:76:09:
                    1a:b4:9d:41:91:6b:76:96:f9:24:29:5f:41:42:b1:
                    3b:2c:62:34:6f:78:a7:7a:13:a1:a2:08:68:16:3e:
                    63:93:96:9d:66:ac:21:47:97:14:7e:2e:8d:55:23:
                    da:d0:67:f6:9b:af:96:66:77:1b:03:f7:83:db:0c:
                    bb:e2:ae:82:8d:14:56:b3:58:53:8d:ed:37:d5:31:
                    38:d9:be:30:d9:e5:a1:ee:0d:36:fc:8b:0e:00:f5:
                    57:c5:2e:97:e1:09:8b:85:32:cd:59:72:88:5e:07:
                    e9:9e:b1:40:c6:6f:a8:e7:97:e6:0b:6c:0f:50:fc:
                    15:23:60:bb:ea:e9:ce:d1:6f:73:e0:01:b9:a6:5a:
                    d6:cd:f1:c9:90:36:de:ef:ad:82:d8:77:a3:8d:80:
                    29:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:4E:2E:D2:5F:81:28:42:11:E1:42:69:44:D2:6B:FE:02:5C:60:85
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/zU4u0l-BKEIR4UJpRNJr_gJcYIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.111.128.0/19
                  177.222.64.0/19
                  185.149.13.0-185.149.14.255

    Signature Algorithm: sha256WithRSAEncryption
         03:9c:fb:ac:dc:47:ea:3b:2b:d2:99:ae:61:dd:b5:b2:a0:6c:
         85:1b:c1:15:35:46:0a:49:86:d9:27:41:2e:f8:c1:ac:e2:b4:
         24:70:32:32:4d:e6:fd:43:ec:0f:d6:5b:f2:8c:62:f7:05:0e:
         eb:b7:07:75:75:59:08:7b:e0:57:fb:70:8c:39:51:28:79:67:
         7b:67:2e:89:b5:79:51:23:fa:aa:83:a8:cc:fc:34:bc:82:df:
         dd:84:7c:43:5d:a5:92:fa:c7:b2:a0:69:6a:ac:ef:60:c0:31:
         5a:97:92:05:e2:a6:d2:d8:44:e0:5d:a8:2c:3f:b0:9e:21:4f:
         58:e0:c6:96:c8:fa:91:4f:0b:f9:af:66:44:c6:3f:35:02:c1:
         8c:11:54:25:0d:29:7d:11:01:1b:91:81:79:45:f1:4a:55:9a:
         0b:d9:cc:aa:7c:9f:79:29:c1:12:cb:ba:7e:8a:a6:cc:c9:0f:
         70:c6:ce:c8:50:61:75:a2:b4:e6:d0:1e:e1:5e:65:b1:bd:65:
         f5:ae:3c:33:2e:21:a0:05:e4:d7:ae:1a:5f:2e:1b:bb:3c:f8:
         d6:8e:1c:5a:e4:ec:aa:a6:77:36:34:ae:d1:7f:53:8c:1e:f0:
         70:e2:f0:5d:f7:e7:c9:d2:8c:cd:15:cc:f3:8c:fa:ce:57:08:
         d2:10:b2:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIECl97TDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDMw
ODA4MDQwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Q0ZTJlZDI1Zjgx
Mjg0MjExZTE0MjY5NDRkMjZiZmUwMjVjNjA4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJN4h5uboEm0rADn8RlLBcprOMd754PWV3pqNsEeYylyL5CA
AyuopT4Ile6wroCr9pXvzbG1Q8zoaUxUUfZVzY5eTMGonsvSUQFqAAvw9qI+ANRW
vlq7N8DrYi34mocNQdrNRmVsu3YJGrSdQZFrdpb5JClfQUKxOyxiNG94p3oToaII
aBY+Y5OWnWasIUeXFH4ujVUj2tBn9puvlmZ3GwP3g9sMu+Kugo0UVrNYU43tN9Ux
ONm+MNnloe4NNvyLDgD1V8Uul+EJi4UyzVlyiF4H6Z6xQMZvqOeX5gtsD1D8FSNg
u+rpztFvc+ABuaZa1s3xyZA23u+tgth3o42AKWsCAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBTNTi7SX4EoQhHhQmlE0mv+AlxghTAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L3pVNHUwbC1CS0VJUjRVSnBSTkpyX2dKY1lJVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMEBV9vgAMEBbHeQDAMAwQAuZUNAwQA
uZUOMA0GCSqGSIb3DQEBCwUAA4IBAQADnPus3EfqOyvSma5h3bWyoGyFG8EVNUYK
SYbZJ0Eu+MGs4rQkcDIyTeb9Q+wP1lvyjGL3BQ7rtwd1dVkIe+BX+3CMOVEoeWd7
Zy6JtXlRI/qqg6jM/DS8gt/dhHxDXaWS+seyoGlqrO9gwDFal5IF4qbS2ETgXags
P7CeIU9Y4MaWyPqRTwv5r2ZExj81AsGMEVQlDSl9EQEbkYF5RfFKVZoL2cyqfJ95
KcESy7p+iqbMyQ9wxs7IUGF1orTm0B7hXmWxvWX1rjwzLiGgBeTXrhpfLhu7PPjW
jhxa5Oyqpnc2NK7Rf1OMHvBw4vBd9+fJ0ozNFczzjPrOVwjSELIu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org