Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/cZLNnL8KD8Avlna81Ks2NCttdSg.roa
File:                     cZLNnL8KD8Avlna81Ks2NCttdSg.roa (raw, json)
Hash identifier:          LmnTs5YK3wg3mIiG2C30FLVaZxp7/6WNLkO8g2Q45n8=
Subject key identifier:   71:92:CD:9C:BF:0A:0F:C0:2F:96:76:BC:D4:AB:36:34:2B:6D:75:28
Certificate issuer:       /CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Certificate serial:       0227F39D
Authority key identifier: 1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/cZLNnL8KD8Avlna81Ks2NCttdSg.roa
Signing time:             Sat 01 Jan 2022 05:55:59 +0000
ROA not before:           Sat 01 Jan 2022 05:55:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204467
IP address blocks:        185.247.156.0/22 maxlen: 22
                          92.39.48.0/20 maxlen: 20
                          2a0d:c680::/29 maxlen: 29
                          2a01:6dc0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 36172701 (0x227f39d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
        Validity
            Not Before: Jan  1 05:55:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7192cd9cbf0a0fc02f9676bcd4ab36342b6d7528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c6:4b:7b:bc:2f:47:90:8a:55:81:68:4b:fb:
                    c5:2b:32:30:45:61:b2:4f:a5:f2:c9:1b:34:d4:48:
                    d8:64:87:88:74:4a:f7:54:5c:9d:e7:b0:73:b9:9a:
                    3a:20:99:41:ef:52:f8:bf:a8:13:65:7a:1c:8e:5a:
                    2f:2e:8f:82:8e:c2:de:b1:58:b9:01:c1:c2:55:c0:
                    ef:37:c4:f1:fd:98:30:61:87:3a:d5:25:e3:28:ef:
                    75:08:a5:72:42:d3:70:df:16:44:8b:90:2e:31:d2:
                    9d:ae:a7:2f:8e:cf:02:d5:82:39:6f:27:42:d3:e6:
                    74:15:3e:81:4b:30:b5:28:fd:d7:84:f1:9d:cc:de:
                    65:99:e2:23:dc:a0:83:41:fd:a4:e9:82:fe:3a:19:
                    cb:9c:84:33:b5:94:f0:e5:24:6b:fc:62:b4:30:d2:
                    94:54:06:37:7b:df:f2:2d:9f:54:4c:db:5b:d6:8a:
                    72:5e:10:50:b9:ae:fd:49:96:82:83:37:29:57:00:
                    eb:27:90:64:84:60:07:db:60:4d:5b:c9:66:19:6e:
                    33:15:98:af:06:a4:f7:31:9a:61:c1:57:0f:22:03:
                    ae:2a:c8:15:c1:e2:b9:66:b9:af:2d:59:f3:c6:28:
                    17:4b:11:d5:28:8d:0a:5d:2c:e6:43:b6:32:9e:64:
                    e7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:92:CD:9C:BF:0A:0F:C0:2F:96:76:BC:D4:AB:36:34:2B:6D:75:28
            X509v3 Authority Key Identifier:
                keyid:1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/cZLNnL8KD8Avlna81Ks2NCttdSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.39.48.0/20
                  185.247.156.0/22
                IPv6:
                  2a01:6dc0::/32
                  2a0d:c680::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:ad:83:02:01:2f:b9:60:47:86:dc:ba:46:90:bf:2d:8f:06:
         20:85:3d:71:b7:ea:9d:3a:47:1a:b3:42:81:6b:43:0b:ba:28:
         b2:bf:d4:d3:d6:33:ef:95:a4:4c:ce:78:11:ec:ec:ed:41:29:
         09:36:f5:4e:fe:a6:27:b4:7b:82:de:db:d2:9e:de:ff:8c:ad:
         97:ac:3b:05:8f:22:f0:c5:c1:d9:bf:63:08:3b:31:f7:c0:0d:
         0e:7a:1f:ea:aa:85:6f:63:51:13:df:19:98:a4:e0:09:14:ca:
         b5:ff:f2:4e:53:5e:d4:64:1a:3d:08:ba:85:68:12:40:d1:4f:
         36:c9:ef:b3:cf:bc:fa:d1:98:41:88:51:2b:82:d5:9c:be:31:
         14:ca:9f:c0:d5:b4:1e:50:a0:d4:29:5f:2e:7c:0f:d6:41:1f:
         2e:f1:7c:d6:8f:40:91:4b:40:16:82:39:8d:a9:27:41:c3:58:
         29:fa:96:4f:2f:9c:1b:46:eb:4f:a3:73:64:d8:29:3b:ff:8d:
         30:cb:28:8e:7a:d3:33:7f:8a:7f:13:79:75:fd:6e:ee:65:5e:
         50:42:ae:cd:70:00:a5:4b:78:db:f1:b9:2f:b6:20:73:d8:b0:
         7e:a4:be:32:a9:c4:0a:eb:de:df:39:17:0a:ab:8c:b9:7e:6f:
         36:c7:0b:49
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEAifznTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YmQyZDQ2M2FlMTUzNDZkNWVkZDc5MzdiOGJmYThlMDliMTQzNzZkMB4XDTIyMDEw
MTA1NTU1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzE5MmNkOWNiZjBh
MGZjMDJmOTY3NmJjZDRhYjM2MzQyYjZkNzUyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK7GS3u8L0eQilWBaEv7xSsyMEVhsk+l8skbNNRI2GSHiHRK
91Rcneewc7maOiCZQe9S+L+oE2V6HI5aLy6Pgo7C3rFYuQHBwlXA7zfE8f2YMGGH
OtUl4yjvdQilckLTcN8WRIuQLjHSna6nL47PAtWCOW8nQtPmdBU+gUswtSj914Tx
nczeZZniI9ygg0H9pOmC/joZy5yEM7WU8OUka/xitDDSlFQGN3vf8i2fVEzbW9aK
cl4QULmu/UmWgoM3KVcA6yeQZIRgB9tgTVvJZhluMxWYrwak9zGaYcFXDyIDrirI
FcHiuWa5ry1Z88YoF0sR1SiNCl0s5kO2Mp5k508CAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBRxks2cvwoPwC+WdrzUqzY0K211KDAfBgNVHSMEGDAWgBQb0tRjrhU0bV7d
eTe4v6jgmxQ3bTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0c5TFVZNjRWTkcxZTNYazN1TC1vNEpzVU4yMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODgvNzBjNDc3LWE4Y2QtNGE3Mi1iNjY5LTFmOTNjMjM5YTAxMi8x
L2NaTE5uTDhLRDhBdmxuYTgxS3MyTkN0dGRTZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgv
NzBjNDc3LWE4Y2QtNGE3Mi1iNjY5LTFmOTNjMjM5YTAxMi8xL0c5TFVZNjRWTkcx
ZTNYazN1TC1vNEpzVU4yMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEBFwnMAMEArn3nDAUBAIAAjAOAwUA
KgFtwAMFAyoNxoAwDQYJKoZIhvcNAQELBQADggEBABqtgwIBL7lgR4bcukaQvy2P
BiCFPXG36p06RxqzQoFrQwu6KLK/1NPWM++VpEzOeBHs7O1BKQk29U7+pie0e4Le
29Ke3v+MrZesOwWPIvDFwdm/Ywg7MffADQ56H+qqhW9jURPfGZik4AkUyrX/8k5T
XtRkGj0IuoVoEkDRTzbJ77PPvPrRmEGIUSuC1Zy+MRTKn8DVtB5QoNQpXy58D9ZB
Hy7xfNaPQJFLQBaCOY2pJ0HDWCn6lk8vnBtG60+jc2TYKTv/jTDLKI560zN/in8T
eXX9bu5lXlBCrs1wAKVLeNvxuS+2IHPYsH6kvjKpxArr3t85FwqrjLl+bzbHC0k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:52 2024 by rpki-client on console-fra.rpki-client.org