Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/7dfNtGX6E8AmXDPMYjLxL3_BJN4.roa
File:                     7dfNtGX6E8AmXDPMYjLxL3_BJN4.roa (raw, json)
Hash identifier:          F30rSTCBEZGbqq8HAIrYkWpXblO1HS9xnrqz7B1UkNg=
Subject key identifier:   ED:D7:CD:B4:65:FA:13:C0:26:5C:33:CC:62:32:F1:2F:7F:C1:24:DE
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       0A0FB32C
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/7dfNtGX6E8AmXDPMYjLxL3_BJN4.roa
Signing time:             Tue 01 Feb 2022 10:04:36 +0000
ROA not before:           Tue 01 Feb 2022 10:04:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     32475
IP address blocks:        37.60.224.0/19 maxlen: 24
                          185.225.236.0/22 maxlen: 24
                          77.104.128.0/18 maxlen: 24
                          109.199.96.0/19 maxlen: 24
                          185.56.84.0/22 maxlen: 24
                          185.197.129.0/24 maxlen: 24
                          185.197.130.0/24 maxlen: 24
                          185.197.128.0/24 maxlen: 24
                          185.197.131.0/24 maxlen: 24
                          146.66.64.0/18 maxlen: 24
                          93.187.136.0/21 maxlen: 24
                          185.62.236.0/22 maxlen: 24
                          109.73.224.0/20 maxlen: 24
                          2a04:f280::/40 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 168801068 (0xa0fb32c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Feb  1 10:04:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=edd7cdb465fa13c0265c33cc6232f12f7fc124de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:93:05:0c:4b:94:bc:d9:a9:0d:9a:ae:da:05:
                    a0:89:39:13:c9:d6:af:8a:e6:23:5e:57:bc:64:50:
                    94:ce:47:78:28:43:f8:1b:6a:af:60:6d:18:ee:97:
                    24:5c:35:a9:07:b1:ae:09:be:b1:56:98:71:45:dd:
                    08:8f:95:1f:c4:8b:a3:90:61:6b:f1:45:da:2a:cc:
                    a0:ba:e0:67:e3:0b:f3:e3:1d:a0:6f:94:7d:09:1b:
                    fa:40:a3:47:6c:23:c0:cb:59:92:ef:a6:fe:22:23:
                    8c:ee:62:47:a8:15:4c:15:ee:1e:3f:c8:2f:d5:79:
                    76:77:8e:df:27:ef:04:7a:fd:02:b8:af:ae:df:db:
                    fc:b5:ea:fc:f5:4c:7e:29:79:99:08:ad:8d:73:f6:
                    89:ce:f3:14:11:c1:d4:aa:a1:4a:39:91:2b:5f:92:
                    87:83:fd:67:99:2e:2e:d0:48:56:6d:23:72:a3:2c:
                    e7:84:03:36:42:d1:a2:ce:c8:84:86:02:c5:2f:a9:
                    1f:f0:db:36:0a:13:38:5c:ed:8a:b4:52:61:d1:3f:
                    3c:2b:8a:33:94:bc:30:13:63:18:bb:ca:65:b3:e1:
                    94:c0:fb:53:60:7e:6f:a0:7d:5a:ac:10:ab:35:bb:
                    91:48:26:bb:60:25:de:e2:95:ee:4e:17:22:f5:f6:
                    10:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:D7:CD:B4:65:FA:13:C0:26:5C:33:CC:62:32:F1:2F:7F:C1:24:DE
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/7dfNtGX6E8AmXDPMYjLxL3_BJN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.224.0/19
                  77.104.128.0/18
                  93.187.136.0/21
                  109.73.224.0/20
                  109.199.96.0/19
                  146.66.64.0/18
                  185.56.84.0/22
                  185.62.236.0/22
                  185.197.128.0/22
                  185.225.236.0/22
                IPv6:
                  2a04:f280::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:ed:eb:41:ec:ac:34:6c:e4:4a:2f:cf:67:b5:b0:9d:29:45:
         5e:6b:35:0f:6c:77:d2:de:e0:e8:0f:b8:60:8c:f5:9d:c7:6c:
         62:3a:04:d0:8c:1f:45:b9:d4:ac:dd:83:47:b0:87:a2:28:1f:
         31:24:25:d5:0b:39:2e:3f:9c:1d:04:9b:22:7a:d7:f9:1b:98:
         2e:a5:6b:e3:ef:72:e9:b7:7f:85:ad:3e:7d:ec:0c:97:1e:eb:
         dc:b2:91:1f:a8:69:a9:bb:8a:fa:87:25:50:4e:69:18:05:fb:
         94:20:8e:12:ab:bb:cb:86:b2:0a:26:fd:40:a3:fc:06:cb:90:
         db:04:1d:01:52:0c:d3:8c:b2:47:8a:3c:6d:d9:09:5b:a5:ed:
         fb:0d:3d:72:d8:95:85:ae:b2:27:d8:24:4e:d2:94:41:05:68:
         46:8d:c6:8c:11:8d:3d:37:af:c6:cf:2c:a9:63:15:09:57:1b:
         23:2f:08:d7:32:40:db:b1:4c:9a:a4:4e:76:9a:19:2b:dd:a6:
         6f:8f:9b:46:cb:9c:66:32:19:b9:c6:49:aa:48:e3:d1:db:7e:
         0c:f9:57:06:6e:1f:81:10:66:ed:aa:5c:53:48:f6:df:64:1f:
         15:5b:d8:d2:83:f6:26:d7:5d:40:94:91:2b:26:66:6f:ab:e4:
         f5:d5:12:fd
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIECg+zLDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZDg4ZWI3MzBhYjFhNTAxZWEzNmVhMzQ4MmQ3NjQ1NDRlMTQxMTExMB4XDTIyMDIw
MTEwMDQzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWRkN2NkYjQ2NWZh
MTNjMDI2NWMzM2NjNjIzMmYxMmY3ZmMxMjRkZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALaTBQxLlLzZqQ2artoFoIk5E8nWr4rmI15XvGRQlM5HeChD
+Btqr2BtGO6XJFw1qQexrgm+sVaYcUXdCI+VH8SLo5Bha/FF2irMoLrgZ+ML8+Md
oG+UfQkb+kCjR2wjwMtZku+m/iIjjO5iR6gVTBXuHj/IL9V5dneO3yfvBHr9Ariv
rt/b/LXq/PVMfil5mQitjXP2ic7zFBHB1KqhSjmRK1+Sh4P9Z5kuLtBIVm0jcqMs
54QDNkLRos7IhIYCxS+pH/DbNgoTOFztirRSYdE/PCuKM5S8MBNjGLvKZbPhlMD7
U2B+b6B9WqwQqzW7kUgmu2Al3uKV7k4XIvX2EC8CAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBTt1820ZfoTwCZcM8xiMvEvf8Ek3jAfBgNVHSMEGDAWgBRNiOtzCrGlAeo2
6jSC12RUThQRETAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RZanJjd3F4cFFIcU51bzBndGRrVkU0VUVSRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmEvYzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8x
LzdkZk50R1g2RThBbVhEUE1Zakx4TDNfQkpONC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEv
YzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8xL1RZanJjd3F4cFFI
cU51bzBndGRrVkU0VUVSRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwQgQCAAEwPAMEBSU84AMEBk1ogAMEA127iAMEBG1J
4AMEBW3HYAMEBpJCQAMEArk4VAMEArk+7AMEArnFgAMEArnh7DAOBAIAAjAIAwYA
KgTygAAwDQYJKoZIhvcNAQELBQADggEBAAXt60HsrDRs5Eovz2e1sJ0pRV5rNQ9s
d9Le4OgPuGCM9Z3HbGI6BNCMH0W51Kzdg0ewh6IoHzEkJdULOS4/nB0EmyJ61/kb
mC6la+Pvcum3f4WtPn3sDJce69yykR+oaam7ivqHJVBOaRgF+5QgjhKru8uGsgom
/UCj/AbLkNsEHQFSDNOMskeKPG3ZCVul7fsNPXLYlYWusifYJE7SlEEFaEaNxowR
jT03r8bPLKljFQlXGyMvCNcyQNuxTJqkTnaaGSvdpm+Pm0bLnGYyGbnGSapI49Hb
fgz5VwZuH4EQZu2qXFNI9t9kHxVb2NKD9ibXXUCUkSsmZm+r5PXVEv0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:14 2024 by rpki-client on console-ams.rpki-client.org