Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/QSpLuDpXUNkOUkYW39ewmuOjeXU.roa
File:                     QSpLuDpXUNkOUkYW39ewmuOjeXU.roa (raw, json)
Hash identifier:          UG4y2e7y7KNq53LhfMoJNHkpPB6I/mgLmyPvfgQKMd0=
Subject key identifier:   41:2A:4B:B8:3A:57:50:D9:0E:52:46:16:DF:D7:B0:9A:E3:A3:79:75
Certificate issuer:       /CN=ce2c505f77dca8117ef0625710744cb359736b19
Certificate serial:       0182DB68BE2475DC47C609118B2C1560F676
Authority key identifier: CE:2C:50:5F:77:DC:A8:11:7E:F0:62:57:10:74:4C:B3:59:73:6B:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zixQX3fcqBF-8GJXEHRMs1lzaxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/QSpLuDpXUNkOUkYW39ewmuOjeXU.roa
Signing time:             Fri 26 Aug 2022 18:27:30 +0000
ROA not before:           Fri 26 Aug 2022 18:27:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197290
IP address blocks:        46.31.128.0/23 maxlen: 24
                          46.31.132.0/23 maxlen: 24
                          46.31.130.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:db:68:be:24:75:dc:47:c6:09:11:8b:2c:15:60:f6:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce2c505f77dca8117ef0625710744cb359736b19
        Validity
            Not Before: Aug 26 18:27:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=412a4bb83a5750d90e524616dfd7b09ae3a37975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b2:02:0a:8a:ad:8c:ab:f1:17:16:9f:55:75:
                    7e:d0:fa:ab:93:cb:aa:30:9c:ea:45:94:03:cb:1e:
                    5b:1e:19:01:89:2b:a2:34:9a:69:19:65:ce:a7:82:
                    17:17:a5:64:33:af:66:ca:9f:59:4a:6d:c9:62:2f:
                    d8:de:1b:fb:92:2e:0a:2e:40:cc:28:d8:94:6a:72:
                    90:e3:6e:b8:00:92:c7:01:17:d3:ac:10:09:15:85:
                    da:6c:97:67:c7:bd:65:cb:7a:41:10:db:9c:58:89:
                    3b:b3:b8:a3:0e:21:bb:92:cd:e0:ef:67:9c:e6:a1:
                    7e:b5:18:c0:59:96:af:c3:da:5a:23:41:af:98:8d:
                    dc:11:a4:02:59:57:e5:35:8d:38:0d:34:ca:93:8d:
                    07:7a:e6:f1:2b:e0:e5:62:ed:e8:e2:4e:93:40:da:
                    c9:6f:a2:41:6b:7d:aa:18:2c:2b:72:54:7a:0c:3b:
                    d4:15:ef:bf:cb:4b:aa:a7:fa:0a:94:c5:ae:16:7f:
                    34:25:e0:1e:67:af:79:6a:9e:c2:23:4f:bb:7a:ce:
                    c1:82:e8:06:e0:33:1b:3e:6a:9a:cd:5b:03:95:79:
                    54:10:51:e7:4a:a5:c4:cb:9b:11:0d:c6:4b:1f:90:
                    14:86:f4:a0:55:09:28:18:fa:2e:ad:3a:6e:fc:75:
                    20:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:2A:4B:B8:3A:57:50:D9:0E:52:46:16:DF:D7:B0:9A:E3:A3:79:75
            X509v3 Authority Key Identifier:
                keyid:CE:2C:50:5F:77:DC:A8:11:7E:F0:62:57:10:74:4C:B3:59:73:6B:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zixQX3fcqBF-8GJXEHRMs1lzaxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/QSpLuDpXUNkOUkYW39ewmuOjeXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/09f918-aced-42a8-8a3a-33e2705b4c3e/1/zixQX3fcqBF-8GJXEHRMs1lzaxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.128.0-46.31.133.255

    Signature Algorithm: sha256WithRSAEncryption
         9e:f7:fb:7b:ae:65:bc:4f:84:e7:1f:5c:c9:ae:9a:2f:d6:6b:
         79:fe:b1:0b:8b:da:d4:40:cc:74:c1:ab:6b:bf:47:01:ac:c2:
         0c:c5:8a:b9:c3:81:2f:31:1d:9b:ee:a0:a1:93:56:b5:7a:e9:
         1c:cd:58:55:ee:d6:8a:69:6a:9c:de:47:ce:7c:fd:03:b7:b7:
         bc:d6:f1:e3:75:79:36:63:55:8b:4a:5c:a1:9e:d9:54:09:cb:
         ab:e8:a8:cc:fc:36:64:d0:ab:86:31:e9:d5:6e:72:6c:e2:7b:
         82:a8:b2:e9:a0:0a:42:d3:8c:27:4f:91:f0:18:04:12:76:a0:
         37:17:9b:f5:94:ca:73:fd:c8:24:72:74:9f:1b:c3:bb:1c:78:
         c8:e2:1f:03:d0:f1:1d:f8:52:84:a7:e4:4a:59:88:e3:70:a1:
         77:dd:d7:37:d9:b0:25:37:09:bc:fd:13:e7:d0:d0:5a:d1:0e:
         05:b4:f3:4b:d5:cc:59:72:3a:e8:04:fb:0c:2e:7e:a2:43:d7:
         30:76:63:89:99:f3:17:8e:29:c4:21:0c:92:c6:b2:23:33:7d:
         90:f9:34:85:d5:c6:67:5f:19:b8:3b:29:59:db:fa:83:42:33:
         b7:33:f1:57:b0:8b:e7:ee:82:72:26:a1:f6:61:f1:76:ba:7f:
         d3:90:24:a3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYLbaL4kddxHxgkRiywVYPZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMmM1MDVmNzdkY2E4MTE3ZWYwNjI1NzEwNzQ0Y2IzNTk3
MzZiMTkwHhcNMjIwODI2MTgyNzMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTJhNGJiODNhNTc1MGQ5MGU1MjQ2MTZkZmQ3YjA5YWUzYTM3OTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLICCoqtjKvxFxafVXV+0Pqrk8uq
MJzqRZQDyx5bHhkBiSuiNJppGWXOp4IXF6VkM69myp9ZSm3JYi/Y3hv7ki4KLkDM
KNiUanKQ4264AJLHARfTrBAJFYXabJdnx71ly3pBENucWIk7s7ijDiG7ks3g72ec
5qF+tRjAWZavw9paI0GvmI3cEaQCWVflNY04DTTKk40HeubxK+DlYu3o4k6TQNrJ
b6JBa32qGCwrclR6DDvUFe+/y0uqp/oKlMWuFn80JeAeZ695ap7CI0+7es7BgugG
4DMbPmqazVsDlXlUEFHnSqXEy5sRDcZLH5AUhvSgVQkoGPourTpu/HUgiQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEEqS7g6V1DZDlJGFt/XsJrjo3l1MB8GA1UdIwQY
MBaAFM4sUF933KgRfvBiVxB0TLNZc2sZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveml4UVgzZmNxQkYtOEdKWEVIUk1zMWx6YXhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wOWY5MTgtYWNlZC00MmE4LThhM2Et
MzNlMjcwNWI0YzNlLzEvUVNwTHVEcFhVTmtPVWtZVzM5ZXdtdU9qZVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wOWY5MTgtYWNlZC00MmE4LThhM2EtMzNlMjcwNWI0YzNl
LzEveml4UVgzZmNxQkYtOEdKWEVIUk1zMWx6YXhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAcuH4AD
BAEuH4QwDQYJKoZIhvcNAQELBQADggEBAJ73+3uuZbxPhOcfXMmumi/Wa3n+sQuL
2tRAzHTBq2u/RwGswgzFirnDgS8xHZvuoKGTVrV66RzNWFXu1oppapzeR858/QO3
t7zW8eN1eTZjVYtKXKGe2VQJy6voqMz8NmTQq4Yx6dVucmzie4KosumgCkLTjCdP
kfAYBBJ2oDcXm/WUynP9yCRydJ8bw7sceMjiHwPQ8R34UoSn5EpZiONwoXfd1zfZ
sCU3Cbz9E+fQ0FrRDgW080vVzFlyOugE+wwufqJD1zB2Y4mZ8xeOKcQhDJLGsiMz
fZD5NIXVxmdfGbg7KVnb+oNCM7cz8Vewi+fugnImofZh8Xa6f9OQJKM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:56 2024 by rpki-client on console-ams.rpki-client.org