Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/dCTFlQ79ta-bj-yY-dnKedshuN8.roa
File:                     dCTFlQ79ta-bj-yY-dnKedshuN8.roa (raw, json)
Hash identifier:          Ru6Igsa55ZdescUtgBkldfpaKoI/rb7Wr/KjewBQx9E=
Subject key identifier:   74:24:C5:95:0E:FD:B5:AF:9B:8F:EC:98:F9:D9:CA:79:DB:21:B8:DF
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       37A5F221
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/dCTFlQ79ta-bj-yY-dnKedshuN8.roa
Signing time:             Wed 09 Mar 2022 04:42:50 +0000
ROA not before:           Wed 09 Mar 2022 04:42:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30738
IP address blocks:        195.211.53.0/24 maxlen: 24
                          109.248.196.0/22 maxlen: 24
                          195.2.226.0/23 maxlen: 23
                          188.130.254.0/24 maxlen: 24
                          188.130.182.0/24 maxlen: 24
                          2001:1468:8000::/36 maxlen: 36
                          2001:1468::/32 maxlen: 33

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 933622305 (0x37a5f221)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Mar  9 04:42:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7424c5950efdb5af9b8fec98f9d9ca79db21b8df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:50:9e:6c:8d:3e:a8:75:53:89:e7:70:3c:a4:
                    84:0e:02:e9:d6:2c:59:95:17:6d:c0:1e:da:8b:f6:
                    cb:8a:0f:2e:76:42:1d:7f:7b:4c:d9:b1:a0:2e:91:
                    c1:92:99:b1:1c:e1:45:05:53:04:62:4d:a3:66:84:
                    6e:4c:a8:20:15:b3:37:4e:21:b6:61:2d:8c:5b:08:
                    e4:11:ea:e9:dd:21:42:d9:fb:e1:a4:30:fe:32:15:
                    5d:78:3d:9d:57:2e:73:a9:f0:28:c3:bf:55:a4:02:
                    5f:36:51:63:fa:02:9b:df:73:c7:46:c0:e8:3e:6b:
                    b9:0c:33:4e:b4:1d:43:ce:bd:f8:0e:7c:16:2f:4a:
                    e7:80:8c:f3:1a:f6:65:03:d2:39:cf:75:1a:3b:06:
                    c1:32:68:a5:af:20:f1:d0:91:4e:7c:23:bb:33:25:
                    69:54:4e:bd:bf:75:16:b9:e1:fe:cc:e4:10:8a:25:
                    b4:06:ca:9a:71:72:4d:fd:ba:29:d0:a9:ca:64:1d:
                    60:19:8f:c4:96:30:22:ec:17:6c:12:46:47:81:2c:
                    35:73:a3:bf:2d:ac:f5:f1:c9:dd:c4:8a:52:9b:ec:
                    11:46:e6:17:0a:e9:fe:87:95:94:e7:8b:2d:47:46:
                    67:43:d2:5e:f5:02:94:89:56:f1:b2:26:38:02:e5:
                    bd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:24:C5:95:0E:FD:B5:AF:9B:8F:EC:98:F9:D9:CA:79:DB:21:B8:DF
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/dCTFlQ79ta-bj-yY-dnKedshuN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.196.0/22
                  188.130.182.0/24
                  188.130.254.0/24
                  195.2.226.0/23
                  195.211.53.0/24
                IPv6:
                  2001:1468::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:41:2d:44:ed:9b:d6:02:91:c5:b6:ab:b9:99:a3:f3:00:c1:
         06:df:2f:e9:61:98:86:fd:d1:c6:54:b0:40:eb:96:7a:2b:8d:
         b5:7f:c2:c1:49:7d:49:73:8e:14:ac:4d:65:a9:3d:d1:db:18:
         27:88:fe:f4:2b:f9:2d:ce:53:6a:39:9e:76:c2:a7:7c:b6:d6:
         f6:2a:95:09:5a:10:c7:20:b0:d3:7f:47:23:98:ea:86:92:b3:
         32:a1:1c:39:e6:36:cc:aa:c4:dc:c3:e7:b8:ed:08:0c:eb:7c:
         bc:cd:c8:36:aa:84:4a:8c:1e:cb:9e:36:55:df:a1:5d:d6:d7:
         74:af:b4:4e:71:5c:6b:e5:ec:43:41:a0:61:79:92:66:6a:24:
         86:90:37:06:7f:c9:52:74:7a:81:ae:3a:04:fb:09:8f:8d:ab:
         16:be:06:89:82:79:ec:bd:fa:b8:7e:44:2a:28:40:0e:ae:f7:
         bd:03:df:ac:ee:c1:f3:f4:fa:a4:41:1c:80:c7:e4:68:3d:49:
         31:de:62:ce:eb:d4:73:3a:6c:c2:e2:a3:68:75:4a:09:89:88:
         81:d7:4c:8d:8b:3a:3c:2b:b2:a6:94:f4:68:bd:29:a1:00:2c:
         6c:89:15:6a:59:fc:5d:19:fc:78:ca:46:02:2a:4d:ac:06:71:
         2e:58:b4:76
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEN6XyITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDMw
OTA0NDI1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzQyNGM1OTUwZWZk
YjVhZjliOGZlYzk4ZjlkOWNhNzlkYjIxYjhkZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALRQnmyNPqh1U4nncDykhA4C6dYsWZUXbcAe2ov2y4oPLnZC
HX97TNmxoC6RwZKZsRzhRQVTBGJNo2aEbkyoIBWzN04htmEtjFsI5BHq6d0hQtn7
4aQw/jIVXXg9nVcuc6nwKMO/VaQCXzZRY/oCm99zx0bA6D5ruQwzTrQdQ869+A58
Fi9K54CM8xr2ZQPSOc91GjsGwTJopa8g8dCRTnwjuzMlaVROvb91Frnh/szkEIol
tAbKmnFyTf26KdCpymQdYBmPxJYwIuwXbBJGR4EsNXOjvy2s9fHJ3cSKUpvsEUbm
Fwrp/oeVlOeLLUdGZ0PSXvUClIlW8bImOALlvb0CAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBR0JMWVDv21r5uP7Jj52cp52yG43zAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L2RDVEZsUTc5dGEtYmoteVktZG5LZWRzaHVOOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAm34xAMEALyCtgMEALyC/gMEAcMC
4gMEAMPTNTANBAIAAjAHAwUAIAEUaDANBgkqhkiG9w0BAQsFAAOCAQEAOEEtRO2b
1gKRxbaruZmj8wDBBt8v6WGYhv3RxlSwQOuWeiuNtX/CwUl9SXOOFKxNZak90dsY
J4j+9Cv5Lc5TajmedsKnfLbW9iqVCVoQxyCw039HI5jqhpKzMqEcOeY2zKrE3MPn
uO0IDOt8vM3INqqESowey542Vd+hXdbXdK+0TnFca+XsQ0GgYXmSZmokhpA3Bn/J
UnR6ga46BPsJj42rFr4GiYJ57L36uH5EKihADq73vQPfrO7B8/T6pEEcgMfkaD1J
Md5izuvUczpswuKjaHVKCYmIgddMjYs6PCuyppT0aL0poQAsbIkValn8XRn8eMpG
AipNrAZxLli0dg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:57 2024 by rpki-client on console-fra.rpki-client.org