Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/UY8vo-zOhHsnG-mKmEVj8LgFzN0.roa
File:                     UY8vo-zOhHsnG-mKmEVj8LgFzN0.roa (raw, json)
Hash identifier:          haaBt5bZzqPq9DoyyFLHe4RqOrDPV97445r7YhbGwO0=
Subject key identifier:   51:8F:2F:A3:EC:CE:84:7B:27:1B:E9:8A:98:45:63:F0:B8:05:CC:DD
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       3868CEFC
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/UY8vo-zOhHsnG-mKmEVj8LgFzN0.roa
Signing time:             Fri 27 May 2022 16:07:13 +0000
ROA not before:           Fri 27 May 2022 16:07:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30738
IP address blocks:        195.211.53.0/24 maxlen: 24
                          195.2.226.0/23 maxlen: 23
                          188.130.254.0/24 maxlen: 24
                          109.248.229.0/24 maxlen: 24
                          188.130.182.0/24 maxlen: 24
                          2001:1468:8000::/36 maxlen: 36
                          2001:1468::/32 maxlen: 33

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 946392828 (0x3868cefc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: May 27 16:07:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=518f2fa3ecce847b271be98a984563f0b805ccdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3c:99:4e:48:d8:28:97:26:cb:d0:b6:04:ac:
                    39:3f:61:52:f3:33:94:40:59:79:f1:cd:08:2f:ae:
                    ac:24:aa:99:a7:83:96:68:04:99:35:ef:2e:ca:2d:
                    8f:59:1c:41:89:db:9a:40:c1:5a:3e:6b:e7:49:d1:
                    ed:11:78:47:89:50:c3:ad:6e:30:b2:77:d5:b0:8f:
                    6a:ca:85:b2:94:a3:02:60:54:ab:44:c1:c1:a5:c4:
                    f4:ab:e1:f8:c4:e6:9b:7b:45:55:4f:db:1e:69:8f:
                    c9:97:d1:b0:f0:98:e2:c5:ee:43:3d:dc:b5:e2:7e:
                    7f:23:dc:d8:e5:ce:52:e9:07:77:55:2f:0c:7b:22:
                    bf:cd:e1:ab:6d:2f:f4:d7:d8:a9:55:0a:3b:4b:42:
                    67:64:4d:4a:bd:7d:e2:80:5b:b0:d0:37:bb:29:de:
                    1f:dd:ad:ae:46:af:2f:d4:54:f9:d5:b9:cf:15:fc:
                    4d:16:87:87:d9:fe:b2:0b:a4:56:ed:bc:73:ee:c7:
                    77:d9:83:c4:41:32:3e:ec:fb:c3:5e:13:80:b5:69:
                    3b:40:2e:b0:27:43:60:c4:87:df:8e:34:b3:e3:e7:
                    2e:11:6d:b0:34:a4:34:09:23:45:f3:66:5a:bf:6e:
                    0c:03:99:aa:79:bb:c2:40:bf:1f:b8:0c:f4:04:d6:
                    a6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:8F:2F:A3:EC:CE:84:7B:27:1B:E9:8A:98:45:63:F0:B8:05:CC:DD
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/UY8vo-zOhHsnG-mKmEVj8LgFzN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.229.0/24
                  188.130.182.0/24
                  188.130.254.0/24
                  195.2.226.0/23
                  195.211.53.0/24
                IPv6:
                  2001:1468::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:3a:e0:a9:27:dc:5e:d0:e2:da:11:0e:88:67:03:aa:da:6d:
         1c:43:11:18:86:dc:04:92:3f:35:0b:77:26:c7:50:ad:2e:98:
         e7:24:72:37:1e:4c:a7:e1:bd:b8:c9:f0:db:e4:1d:44:1d:a7:
         a7:4c:5a:c3:dd:e0:8c:53:76:27:9f:1f:07:f4:5f:19:db:9b:
         8a:c2:81:40:68:2b:83:f3:35:1a:83:ab:82:e6:28:b5:fe:65:
         47:6b:ff:ea:49:5e:b1:ca:ec:36:95:f8:00:39:c1:12:6e:00:
         7b:a8:3a:6b:85:28:96:b1:bf:40:c3:ac:0e:4d:5a:2d:3f:ae:
         5b:fa:d7:91:9d:62:24:60:32:82:89:6d:05:dc:17:3c:4a:7a:
         80:bb:92:31:58:4d:34:ca:aa:46:ba:4c:4f:eb:46:0f:67:8c:
         44:7a:02:67:df:df:02:61:30:21:97:a0:6a:7d:42:cb:98:d1:
         6f:f6:3b:5b:26:bb:85:4e:45:64:40:a8:e4:61:2a:75:9c:77:
         f5:b3:09:42:4d:c4:42:a4:81:d5:53:9b:75:e8:02:46:3b:a9:
         75:68:3d:69:e0:9c:24:80:06:15:e4:b8:ae:a4:f9:91:0a:af:
         86:bb:90:ef:62:93:37:56:0c:b5:da:f6:ab:43:9c:e7:f1:03:
         37:b2:ef:cf
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEOGjO/DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDUy
NzE2MDcxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTE4ZjJmYTNlY2Nl
ODQ3YjI3MWJlOThhOTg0NTYzZjBiODA1Y2NkZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKs8mU5I2CiXJsvQtgSsOT9hUvMzlEBZefHNCC+urCSqmaeD
lmgEmTXvLsotj1kcQYnbmkDBWj5r50nR7RF4R4lQw61uMLJ31bCPasqFspSjAmBU
q0TBwaXE9Kvh+MTmm3tFVU/bHmmPyZfRsPCY4sXuQz3cteJ+fyPc2OXOUukHd1Uv
DHsiv83hq20v9NfYqVUKO0tCZ2RNSr194oBbsNA3uyneH92trkavL9RU+dW5zxX8
TRaHh9n+sgukVu28c+7Hd9mDxEEyPuz7w14TgLVpO0AusCdDYMSH3440s+PnLhFt
sDSkNAkjRfNmWr9uDAOZqnm7wkC/H7gM9ATWpjUCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBRRjy+j7M6Eeycb6YqYRWPwuAXM3TAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L1VZOHZvLXpPaEhzbkctbUttRVZqOExnRnpOMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAG345QMEALyCtgMEALyC/gMEAcMC
4gMEAMPTNTANBAIAAjAHAwUAIAEUaDANBgkqhkiG9w0BAQsFAAOCAQEANzrgqSfc
XtDi2hEOiGcDqtptHEMRGIbcBJI/NQt3JsdQrS6Y5yRyNx5Mp+G9uMnw2+QdRB2n
p0xaw93gjFN2J58fB/RfGdubisKBQGgrg/M1GoOrguYotf5lR2v/6klescrsNpX4
ADnBEm4Ae6g6a4UolrG/QMOsDk1aLT+uW/rXkZ1iJGAygoltBdwXPEp6gLuSMVhN
NMqqRrpMT+tGD2eMRHoCZ9/fAmEwIZegan1Cy5jRb/Y7Wya7hU5FZECo5GEqdZx3
9bMJQk3EQqSB1VObdegCRjupdWg9aeCcJIAGFeS4rqT5kQqvhruQ72KTN1YMtdr2
q0Oc5/EDN7Lvzw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:00 2024 by rpki-client on console-ams.rpki-client.org