Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/fJ5EpcZzVXbOHY8FM0P4xYzRCq4.roa
File:                     fJ5EpcZzVXbOHY8FM0P4xYzRCq4.roa (raw, json)
Hash identifier:          nFs5R39ucxFSerb++rzDViEDA0IHEpYKy/VryB7rKFo=
Subject key identifier:   7C:9E:44:A5:C6:73:55:76:CE:1D:8F:05:33:43:F8:C5:8C:D1:0A:AE
Certificate issuer:       /CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Certificate serial:       35440C06
Authority key identifier: E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/fJ5EpcZzVXbOHY8FM0P4xYzRCq4.roa
Signing time:             Sat 01 Jan 2022 09:54:42 +0000
ROA not before:           Sat 01 Jan 2022 09:54:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3261
IP address blocks:        5.153.128.0/18 maxlen: 24
                          92.242.96.0/19 maxlen: 32
                          195.184.192.0/19 maxlen: 24
                          2.57.112.0/22 maxlen: 22
                          2a02:300::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 893651974 (0x35440c06)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
        Validity
            Not Before: Jan  1 09:54:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7c9e44a5c6735576ce1d8f053343f8c58cd10aae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a0:96:9f:ee:0c:46:4f:dc:d7:94:cd:59:31:
                    b9:46:e7:db:01:c4:7f:1e:95:3a:e6:df:9b:8e:bb:
                    bc:50:17:48:bd:4f:1c:91:8f:d4:73:5d:74:05:1b:
                    fd:0d:99:55:47:39:4b:1d:2a:b3:32:30:28:d8:a1:
                    27:6d:bd:be:3c:8e:04:7d:8b:f6:56:ed:44:9e:cf:
                    7f:1a:50:8b:6d:06:89:74:d2:e2:12:a6:00:be:87:
                    3a:d3:9c:4a:35:f5:fc:61:8e:6c:ff:31:37:94:65:
                    71:57:67:0a:22:50:7f:ee:60:95:a1:fe:11:c0:02:
                    ed:99:50:d2:da:f9:4e:7a:e7:42:77:b0:04:95:9e:
                    4c:ef:11:57:91:c2:d2:0c:15:50:af:9a:e7:41:2e:
                    7f:88:18:92:fe:41:d0:a3:89:d9:10:28:fe:45:40:
                    57:7e:ab:26:14:96:1b:18:c7:b5:71:4d:a5:8f:43:
                    0a:53:56:6e:66:4a:b2:25:42:6e:f4:c9:9f:f1:13:
                    30:e0:56:e6:a9:92:6c:3d:be:04:21:46:c4:94:44:
                    db:81:f0:e1:e8:10:86:38:04:f9:20:d3:9f:43:31:
                    e1:6e:28:cd:f6:e4:6d:6e:c0:13:76:5d:81:a7:34:
                    f1:d8:50:04:36:df:e4:9e:96:ab:e9:08:46:9c:9c:
                    4f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9E:44:A5:C6:73:55:76:CE:1D:8F:05:33:43:F8:C5:8C:D1:0A:AE
            X509v3 Authority Key Identifier:
                keyid:E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/fJ5EpcZzVXbOHY8FM0P4xYzRCq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.112.0/22
                  5.153.128.0/18
                  92.242.96.0/19
                  195.184.192.0/19
                IPv6:
                  2a02:300::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:71:3a:d5:4c:a4:d2:6c:64:30:2b:68:0a:16:73:d5:99:b8:
         0e:94:d5:3c:6a:4f:e2:10:7f:48:cd:44:aa:1b:95:be:b1:e6:
         58:56:12:75:f2:01:f4:3f:e2:4e:ca:b5:c5:25:80:3c:3e:df:
         39:9d:1c:ec:af:e7:05:eb:38:b6:17:66:b2:5f:d3:df:fa:d8:
         b7:93:fa:63:43:82:36:10:6b:0d:86:fe:ba:48:60:33:7d:52:
         c9:be:83:25:17:94:78:00:d4:3c:89:50:a9:90:41:44:06:23:
         f1:79:dd:e9:41:82:36:22:05:1e:89:5e:1b:b6:98:9a:e0:37:
         d1:de:ca:fa:a6:15:b6:da:7a:df:7a:18:03:76:25:fa:1d:58:
         31:d4:18:f0:bc:d6:fd:5a:0b:85:95:c2:38:54:4c:35:67:be:
         6f:54:02:93:d6:84:15:bc:46:11:0a:96:84:18:38:20:cd:03:
         e5:5f:f5:46:14:6b:a2:03:0e:1e:18:b3:88:88:c9:6a:94:94:
         5c:34:88:0b:fe:27:d7:d2:2d:e2:29:ad:f8:cc:d9:c2:81:d4:
         1b:98:6f:3c:1f:01:70:79:ef:5c:6a:c5:3e:8e:2e:ba:96:97:
         55:d9:bd:76:1a:e8:95:1e:ee:0e:70:7e:0f:ad:6e:2c:13:a4:
         8e:42:cc:6f
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIENUQMBjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
N2Q3OTlhZTBlZmRkOTg2ZGRlNzdmYjM1YWQwYTEwODIzY2I5NzJmMB4XDTIyMDEw
MTA5NTQ0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2M5ZTQ0YTVjNjcz
NTU3NmNlMWQ4ZjA1MzM0M2Y4YzU4Y2QxMGFhZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMyglp/uDEZP3NeUzVkxuUbn2wHEfx6VOubfm467vFAXSL1P
HJGP1HNddAUb/Q2ZVUc5Sx0qszIwKNihJ229vjyOBH2L9lbtRJ7PfxpQi20GiXTS
4hKmAL6HOtOcSjX1/GGObP8xN5RlcVdnCiJQf+5glaH+EcAC7ZlQ0tr5TnrnQnew
BJWeTO8RV5HC0gwVUK+a50Euf4gYkv5B0KOJ2RAo/kVAV36rJhSWGxjHtXFNpY9D
ClNWbmZKsiVCbvTJn/ETMOBW5qmSbD2+BCFGxJRE24Hw4egQhjgE+SDTn0Mx4W4o
zfbkbW7AE3Zdgac08dhQBDbf5J6Wq+kIRpycT5cCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBR8nkSlxnNVds4djwUzQ/jFjNEKrjAfBgNVHSMEGDAWgBTn15muDv3Zht3n
f7Na0KEII8uXLzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzU5ZVpyZzc5MlliZDUzLXpXdENoQ0NQTGx5OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzkvMTEwODFiLTRlZjktNGUyZi04MTUzLTI4NzkzNzk0MGQ3Yi8x
L2ZKNUVwY1p6VlhiT0hZOEZNMFA0eFl6UkNxNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkv
MTEwODFiLTRlZjktNGUyZi04MTUzLTI4NzkzNzk0MGQ3Yi8xLzU5ZVpyZzc5Mlli
ZDUzLXpXdENoQ0NQTGx5OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAgI5cAMEBgWZgAMEBVzyYAMEBcO4
wDANBAIAAjAHAwUAKgIDADANBgkqhkiG9w0BAQsFAAOCAQEAjHE61Uyk0mxkMCto
ChZz1Zm4DpTVPGpP4hB/SM1EqhuVvrHmWFYSdfIB9D/iTsq1xSWAPD7fOZ0c7K/n
Bes4thdmsl/T3/rYt5P6Y0OCNhBrDYb+ukhgM31Syb6DJReUeADUPIlQqZBBRAYj
8Xnd6UGCNiIFHoleG7aYmuA30d7K+qYVttp633oYA3Yl+h1YMdQY8LzW/VoLhZXC
OFRMNWe+b1QCk9aEFbxGEQqWhBg4IM0D5V/1RhRrogMOHhiziIjJapSUXDSIC/4n
19It4imt+MzZwoHUG5hvPB8BcHnvXGrFPo4uupaXVdm9dhrolR7uDnB+D61uLBOk
jkLMbw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:44 2024 by rpki-client on console-fra.rpki-client.org