Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/sZE-3d2URlHJ_Q-lKLne5OLz6fQ.roa
File:                     sZE-3d2URlHJ_Q-lKLne5OLz6fQ.roa (raw, json)
Hash identifier:          NpbVgw2Q0GPljNlgHzLGPlNVB3h9th6usogFeLneToA=
Subject key identifier:   B1:91:3E:DD:DD:94:46:51:C9:FD:0F:A5:28:B9:DE:E4:E2:F3:E9:F4
Certificate issuer:       /CN=7f7734dfea120657412ea867ddbc7b84d132bf78
Certificate serial:       6A4857
Authority key identifier: 7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/sZE-3d2URlHJ_Q-lKLne5OLz6fQ.roa
Signing time:             Tue 11 Jan 2022 22:17:29 +0000
ROA not before:           Tue 11 Jan 2022 22:17:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        146.19.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6965335 (0x6a4857)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f7734dfea120657412ea867ddbc7b84d132bf78
        Validity
            Not Before: Jan 11 22:17:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1913edddd944651c9fd0fa528b9dee4e2f3e9f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ee:4a:4e:8f:f7:f5:ed:8e:5e:15:f0:24:55:
                    a4:68:0d:41:6a:27:b4:64:0c:be:fe:31:66:f8:b3:
                    c8:41:c9:59:28:34:12:72:a6:3d:4d:01:1d:1f:69:
                    49:a2:1f:64:f9:e3:96:ed:2d:d1:e6:e2:14:de:d4:
                    07:0f:bc:29:73:1d:c9:1f:03:cf:08:c7:a2:ba:bc:
                    fe:bb:64:99:4b:92:cd:4c:76:26:f3:38:0f:e7:c6:
                    1f:e7:06:e7:23:86:74:b7:e6:8e:69:d5:cf:61:b0:
                    ff:21:e9:d7:7a:8b:c9:92:3a:fe:40:9f:4f:3f:02:
                    21:bc:44:d8:f7:7c:d7:4a:48:11:18:16:75:c2:35:
                    0a:46:10:dc:7c:b3:cf:57:1d:96:4d:38:4a:a4:31:
                    47:fb:a2:31:4a:2a:10:14:eb:47:47:e3:9d:7c:02:
                    52:63:4a:96:4e:59:2f:77:ee:ff:ce:61:c3:fb:75:
                    86:6c:2c:a6:38:c7:7b:08:23:b5:4b:14:e7:9c:78:
                    a1:17:b4:fe:6d:76:d6:e6:be:f3:6f:e5:55:92:1a:
                    ea:11:7e:b0:ad:a7:58:de:6a:b0:3d:49:a4:bc:ae:
                    87:19:88:46:e2:43:f7:c6:16:7e:9e:30:53:97:8e:
                    d9:de:1c:03:80:79:5c:a9:6e:33:aa:f4:a5:12:4a:
                    86:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:91:3E:DD:DD:94:46:51:C9:FD:0F:A5:28:B9:DE:E4:E2:F3:E9:F4
            X509v3 Authority Key Identifier:
                keyid:7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/sZE-3d2URlHJ_Q-lKLne5OLz6fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:a1:3e:c0:4c:e8:aa:a6:a8:43:ed:62:bd:2e:23:4a:2b:4c:
         2c:23:c3:0b:13:0f:ca:56:48:97:94:93:0d:cf:07:77:ea:62:
         b8:7a:5b:b3:a2:26:54:24:3c:dc:92:43:7b:cb:0b:ec:22:eb:
         6f:5c:ab:38:c6:a6:eb:ea:8e:78:5f:36:fa:c7:bd:f1:6d:69:
         ef:8d:5d:bf:5a:47:58:51:02:63:18:55:e1:61:ee:d7:e3:3c:
         74:f2:4e:82:fb:0b:f2:8e:ce:75:b0:3f:17:18:75:37:7f:c4:
         a1:a7:84:b7:ae:2f:85:58:4a:c9:81:83:84:ae:4b:89:64:e8:
         3f:65:4c:9d:d2:7e:bb:5f:d6:ab:e4:bf:7b:84:45:0f:8e:42:
         2b:2e:78:3a:30:c7:52:42:49:76:d9:b7:db:06:a6:da:27:31:
         5b:f9:f6:26:20:e3:fb:ca:b9:25:e1:a3:b2:15:ef:62:24:ed:
         7e:59:af:8a:49:34:ea:5b:47:1a:d8:8d:bf:5c:1e:1d:dc:44:
         bf:90:c0:55:86:9f:28:71:98:ea:4b:38:e7:56:99:b8:4d:69:
         19:57:99:8f:ee:1b:ae:f7:9a:1c:be:c0:b8:66:95:1f:35:e6:
         c3:52:55:2e:3e:ff:5b:98:a4:9f:d4:0f:f7:2c:32:35:69:63:
         38:e7:6e:13
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDakhXMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDdm
NzczNGRmZWExMjA2NTc0MTJlYTg2N2RkYmM3Yjg0ZDEzMmJmNzgwHhcNMjIwMTEx
MjIxNzI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiMTkxM2VkZGRkOTQ0
NjUxYzlmZDBmYTUyOGI5ZGVlNGUyZjNlOWY0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAku5KTo/39e2OXhXwJFWkaA1Baie0ZAy+/jFm+LPIQclZKDQS
cqY9TQEdH2lJoh9k+eOW7S3R5uIU3tQHD7wpcx3JHwPPCMeiurz+u2SZS5LNTHYm
8zgP58Yf5wbnI4Z0t+aOadXPYbD/IenXeovJkjr+QJ9PPwIhvETY93zXSkgRGBZ1
wjUKRhDcfLPPVx2WTThKpDFH+6IxSioQFOtHR+OdfAJSY0qWTlkvd+7/zmHD+3WG
bCymOMd7CCO1SxTnnHihF7T+bXbW5r7zb+VVkhrqEX6wradY3mqwPUmkvK6HGYhG
4kP3xhZ+njBTl47Z3hwDgHlcqW4zqvSlEkqGWwIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFLGRPt3dlEZRyf0PpSi53uTi8+n0MB8GA1UdIwQYMBaAFH93NN/qEgZXQS6o
Z928e4TRMr94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
ZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNjLzEv
c1pFLTNkMlVSbEhKX1EtbEtMbmU1T0x6NmZRLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82
ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNjLzEvZjNjMDMtb1NCbGRC
THFobjNieDdoTkV5djNnLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhP8MA0GCSqGSIb3DQEBCwUAA4IB
AQAMoT7ATOiqpqhD7WK9LiNKK0wsI8MLEw/KVkiXlJMNzwd36mK4eluzoiZUJDzc
kkN7ywvsIutvXKs4xqbr6o54Xzb6x73xbWnvjV2/WkdYUQJjGFXhYe7X4zx08k6C
+wvyjs51sD8XGHU3f8Shp4S3ri+FWErJgYOErkuJZOg/ZUyd0n67X9ar5L97hEUP
jkIrLng6MMdSQkl22bfbBqbaJzFb+fYmIOP7yrkl4aOyFe9iJO1+Wa+KSTTqW0ca
2I2/XB4d3ES/kMBVhp8ocZjqSzjnVpm4TWkZV5mP7huu95ocvsC4ZpUfNebDUlUu
Pv9bmKSf1A/3LDI1aWM4524T
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:59 2024 by rpki-client on console-ams.rpki-client.org