Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/IxSdIAkUTvptfKAUsgt1oHvz9ss.roa
File:                     IxSdIAkUTvptfKAUsgt1oHvz9ss.roa (raw, json)
Hash identifier:          LUt9ihVrzTQTPutkwQ0/d3wAdeyEzepRdV9uvjrlR24=
Subject key identifier:   23:14:9D:20:09:14:4E:FA:6D:7C:A0:14:B2:0B:75:A0:7B:F3:F6:CB
Certificate issuer:       /CN=064983d3a4a1c26aa295034869c584f757380b2b
Certificate serial:       0B331BEF
Authority key identifier: 06:49:83:D3:A4:A1:C2:6A:A2:95:03:48:69:C5:84:F7:57:38:0B:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/IxSdIAkUTvptfKAUsgt1oHvz9ss.roa
Signing time:             Sat 01 Jan 2022 11:05:07 +0000
ROA not before:           Sat 01 Jan 2022 11:05:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31500
IP address blocks:        178.18.232.0/24 maxlen: 24
                          178.18.229.0/24 maxlen: 24
                          178.18.228.0/24 maxlen: 24
                          2a03:5f80:2:10::/64 maxlen: 64
                          2a03:5f80::/46 maxlen: 46

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 187898863 (0xb331bef)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=064983d3a4a1c26aa295034869c584f757380b2b
        Validity
            Not Before: Jan  1 11:05:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=23149d2009144efa6d7ca014b20b75a07bf3f6cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b0:47:17:b2:f7:55:67:2b:aa:d5:f8:07:02:
                    da:b6:d9:1c:89:f2:1d:6a:cf:d6:9d:f2:3b:56:1e:
                    35:a8:bc:c2:75:90:0f:67:44:07:0b:0a:a0:00:5c:
                    dd:40:23:ea:63:40:de:41:e4:7a:a9:e9:61:34:e2:
                    d4:9b:09:cf:58:30:b4:46:60:0f:a7:74:51:97:fc:
                    56:11:d1:9f:9d:54:e9:23:1e:e4:56:bc:a0:b3:fd:
                    b4:41:2e:a1:40:3f:89:46:cc:94:5e:1f:95:15:0f:
                    e0:76:bc:0c:a6:b3:96:e3:ae:49:82:39:98:1f:75:
                    b2:3c:a4:24:45:e7:db:ce:4e:ba:26:9e:f1:b5:fd:
                    b6:9b:eb:8c:b4:5e:e1:b6:40:e5:cc:2c:67:b4:18:
                    f4:e6:97:d9:da:17:6a:aa:29:7c:aa:1e:7d:90:68:
                    d8:8a:3a:1f:90:d0:92:81:44:ff:82:c9:8d:2e:2e:
                    59:49:db:4e:c4:11:4f:59:c6:b5:8f:ad:59:c7:e7:
                    54:2a:b6:b3:4f:00:49:64:c3:e4:d9:db:40:e3:14:
                    b0:88:34:90:f7:6a:70:6b:2d:7e:84:c7:08:ae:a9:
                    f2:fc:80:86:81:b6:d5:1c:80:a4:cd:49:9f:5e:a8:
                    b1:4b:71:14:92:48:f1:9a:54:08:95:2e:03:ad:ff:
                    e8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:14:9D:20:09:14:4E:FA:6D:7C:A0:14:B2:0B:75:A0:7B:F3:F6:CB
            X509v3 Authority Key Identifier:
                keyid:06:49:83:D3:A4:A1:C2:6A:A2:95:03:48:69:C5:84:F7:57:38:0B:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/IxSdIAkUTvptfKAUsgt1oHvz9ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/BkmD06ShwmqilQNIacWE91c4Cys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.228.0/23
                  178.18.232.0/24
                IPv6:
                  2a03:5f80::/46

    Signature Algorithm: sha256WithRSAEncryption
         0f:08:e8:c9:60:aa:3d:e2:cd:6d:9f:90:b6:a1:ed:92:93:30:
         c4:6e:49:53:ea:71:4e:0a:bf:25:fd:69:02:27:57:1b:b8:9f:
         3e:02:f9:d9:87:50:d3:9a:66:e1:46:0f:0b:80:d6:32:d9:7e:
         fc:a1:09:37:68:6e:50:a6:29:db:64:f1:b6:20:40:d4:84:00:
         2a:c2:ef:dc:79:97:9a:55:b8:b1:b3:98:65:06:49:46:e0:1d:
         78:84:d7:3e:7d:4a:79:f0:73:fa:7d:72:40:c7:fe:92:c1:cb:
         12:be:fb:cc:34:5c:ee:eb:a7:6f:1b:c4:b6:55:20:a1:9b:e4:
         85:92:f4:fd:54:76:11:b4:39:7a:c5:33:e1:57:a7:f3:dd:b1:
         f7:54:4d:ae:3f:8f:88:9f:3b:b5:ce:e2:27:cb:ad:68:ac:64:
         5d:1a:94:2a:69:85:58:df:b2:00:36:56:bf:96:fb:37:35:bf:
         3a:74:09:b8:03:f2:b9:9a:26:dd:24:6e:b8:7e:28:51:71:90:
         f0:d0:00:01:97:1d:8a:dd:a5:02:ce:d0:d2:aa:ef:d7:bd:fc:
         c4:d8:c2:50:15:16:12:9f:fa:50:cc:4a:e7:0c:6e:44:74:1d:
         86:13:11:0d:56:79:a4:58:84:df:78:b0:46:71:19:35:31:a5:
         3f:ef:ea:5f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIECzMb7zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NjQ5ODNkM2E0YTFjMjZhYTI5NTAzNDg2OWM1ODRmNzU3MzgwYjJiMB4XDTIyMDEw
MTExMDUwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjMxNDlkMjAwOTE0
NGVmYTZkN2NhMDE0YjIwYjc1YTA3YmYzZjZjYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK+wRxey91VnK6rV+AcC2rbZHInyHWrP1p3yO1YeNai8wnWQ
D2dEBwsKoABc3UAj6mNA3kHkeqnpYTTi1JsJz1gwtEZgD6d0UZf8VhHRn51U6SMe
5Fa8oLP9tEEuoUA/iUbMlF4flRUP4Ha8DKazluOuSYI5mB91sjykJEXn285Ouiae
8bX9tpvrjLRe4bZA5cwsZ7QY9OaX2doXaqopfKoefZBo2Io6H5DQkoFE/4LJjS4u
WUnbTsQRT1nGtY+tWcfnVCq2s08ASWTD5NnbQOMUsIg0kPdqcGstfoTHCK6p8vyA
hoG21RyApM1Jn16osUtxFJJI8ZpUCJUuA63/6KcCAwEAAaOCAiAwggIcMB0GA1Ud
DgQWBBQjFJ0gCRRO+m18oBSyC3Wge/P2yzAfBgNVHSMEGDAWgBQGSYPTpKHCaqKV
A0hpxYT3VzgLKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JrbUQwNlNod21xaWxRTklhY1dFOTFjNEN5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmIvZDM3OTE1LTZhMzktNDRkMS04ZTIxLTRiYTNmYzM0ODRjZS8x
L0l4U2RJQWtVVHZwdGZLQVVzZ3Qxb0h2ejlzcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIv
ZDM3OTE1LTZhMzktNDRkMS04ZTIxLTRiYTNmYzM0ODRjZS8xL0JrbUQwNlNod21x
aWxRTklhY1dFOTFjNEN5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA2
BggrBgEFBQcBBwEB/wQnMCUwEgQCAAEwDAMEAbIS5AMEALIS6DAPBAIAAjAJAwcC
KgNfgAAAMA0GCSqGSIb3DQEBCwUAA4IBAQAPCOjJYKo94s1tn5C2oe2SkzDEbklT
6nFOCr8l/WkCJ1cbuJ8+AvnZh1DTmmbhRg8LgNYy2X78oQk3aG5QpinbZPG2IEDU
hAAqwu/ceZeaVbixs5hlBklG4B14hNc+fUp58HP6fXJAx/6SwcsSvvvMNFzu66dv
G8S2VSChm+SFkvT9VHYRtDl6xTPhV6fz3bH3VE2uP4+Inzu1zuIny61orGRdGpQq
aYVY37IANla/lvs3Nb86dAm4A/K5mibdJG64fihRcZDw0AABlx2K3aUCztDSqu/X
vfzE2MJQFRYSn/pQzErnDG5EdB2GExENVnmkWITfeLBGcRk1MaU/7+pf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:55 2024 by rpki-client on console-fra.rpki-client.org