Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/1Lo1bEUsIHaXQGjNZkPpfN9sQPg.roa
File:                     1Lo1bEUsIHaXQGjNZkPpfN9sQPg.roa (raw, json)
Hash identifier:          U/Iv9C8JYLD7ph3Ld9jphopITMiQsUuidfhpLhCKBkw=
Subject key identifier:   D4:BA:35:6C:45:2C:20:76:97:40:68:CD:66:43:E9:7C:DF:6C:40:F8
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       0543C6C7
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/1Lo1bEUsIHaXQGjNZkPpfN9sQPg.roa
Signing time:             Sat 01 Jan 2022 11:58:47 +0000
ROA not before:           Sat 01 Jan 2022 11:58:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205220
IP address blocks:        185.244.49.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 88327879 (0x543c6c7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Jan  1 11:58:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d4ba356c452c2076974068cd6643e97cdf6c40f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ec:80:5e:6b:0d:1e:64:1e:dc:ad:16:ce:94:
                    5f:65:58:9f:15:da:53:91:3b:fc:58:94:c3:5f:c0:
                    5b:59:8d:b0:4b:f6:94:0d:23:b4:87:f2:41:26:6a:
                    94:9d:94:6b:a7:65:89:fb:6e:08:f2:dd:51:c3:c4:
                    c2:56:85:cc:7c:7d:ab:01:90:00:3f:59:8c:a9:67:
                    e7:18:53:e6:d0:56:dd:bb:a5:82:5e:73:ec:0b:18:
                    65:ef:d8:3a:0f:6d:87:73:42:3f:ae:f0:b7:c6:b7:
                    1b:80:02:35:ca:3b:86:78:e6:0e:e4:7e:af:fd:04:
                    e8:f7:b5:ac:44:95:38:72:90:f5:9c:65:3d:85:f5:
                    a0:68:07:32:01:7e:d3:4d:e4:05:2a:34:71:78:08:
                    17:04:e0:21:76:f1:02:fb:5d:86:ba:a6:71:1c:8f:
                    e0:7d:d1:d5:cb:01:24:aa:f7:38:a7:6c:ec:e1:95:
                    ea:66:63:09:c4:fc:dd:55:6f:f6:43:75:ed:3c:89:
                    e8:c7:71:49:2f:52:fe:9f:23:8d:5a:5d:34:93:29:
                    e4:00:76:f8:78:54:0a:eb:89:25:ab:8f:78:ae:1a:
                    1a:87:17:f6:c4:f9:9b:7b:a0:28:69:94:90:21:23:
                    fb:92:84:f1:34:04:8b:b3:8c:c2:ae:8e:e5:a1:3b:
                    4b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:BA:35:6C:45:2C:20:76:97:40:68:CD:66:43:E9:7C:DF:6C:40:F8
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/1Lo1bEUsIHaXQGjNZkPpfN9sQPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:b1:d9:71:43:d1:85:95:ef:54:16:78:0e:fb:6e:2f:02:c6:
         98:87:6a:de:7d:df:ea:0d:46:8b:cf:43:6b:26:52:89:29:68:
         0b:90:aa:38:63:1e:ca:35:1a:be:91:bf:27:44:7c:b7:b1:bd:
         7c:3d:dd:b9:69:c0:69:9d:c2:b2:56:21:b6:71:91:da:cb:64:
         7f:b8:e3:e2:41:d0:25:82:ca:fa:86:73:f5:b8:1b:bf:ba:4e:
         82:fa:05:0e:7f:84:b0:3d:af:3f:99:1a:c3:a8:18:e3:54:11:
         98:f4:77:89:cf:94:bc:7f:b4:4d:0a:e1:6a:eb:77:73:e9:71:
         15:5b:31:dd:db:b2:69:d0:5a:d9:d4:42:df:c4:87:74:47:4a:
         2a:18:81:b9:4d:c3:e8:f1:ea:8d:6b:3a:ba:48:29:46:7f:b5:
         6f:a5:31:43:20:51:66:13:59:e8:14:a7:59:ce:5c:08:ed:5f:
         c5:92:c4:32:7a:86:3a:98:39:32:cc:c0:ff:b0:6e:d1:c9:98:
         b9:a0:3c:cd:d2:ff:91:ae:8b:3c:33:9f:fb:b1:ed:7c:06:e4:
         81:c9:c6:1c:1e:77:4c:69:86:7a:fc:a8:c3:8d:d0:83:ee:a9:
         98:de:be:8b:f8:b8:c6:69:48:d6:3e:d8:5f:18:e4:25:7f:58:
         60:7e:a8:b7
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBUPGxzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NjVlYmE1YzFhODBmODZhNDU4OTI3OGVkZDkzMDRiM2Y1MTY5ZjgzMB4XDTIyMDEw
MTExNTg0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDRiYTM1NmM0NTJj
MjA3Njk3NDA2OGNkNjY0M2U5N2NkZjZjNDBmODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMjsgF5rDR5kHtytFs6UX2VYnxXaU5E7/FiUw1/AW1mNsEv2
lA0jtIfyQSZqlJ2Ua6dliftuCPLdUcPEwlaFzHx9qwGQAD9ZjKln5xhT5tBW3bul
gl5z7AsYZe/YOg9th3NCP67wt8a3G4ACNco7hnjmDuR+r/0E6Pe1rESVOHKQ9Zxl
PYX1oGgHMgF+003kBSo0cXgIFwTgIXbxAvtdhrqmcRyP4H3R1csBJKr3OKds7OGV
6mZjCcT83VVv9kN17TyJ6MdxSS9S/p8jjVpdNJMp5AB2+HhUCuuJJauPeK4aGocX
9sT5m3ugKGmUkCEj+5KE8TQEi7OMwq6O5aE7SwsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTUujVsRSwgdpdAaM1mQ+l832xA+DAfBgNVHSMEGDAWgBRGXrpcGoD4akWJ
J47dkwSz9RafgzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JsNjZYQnFBLUdwRmlTZU8zWk1Fc19VV240TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTIvYzEyYTdiLTVjYWYtNGU3Yy05NzBkLTVjNDc2ZTMzMjVmNS8x
LzFMbzFiRVVzSUhhWFFHak5aa1BwZk45c1FQZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTIv
YzEyYTdiLTVjYWYtNGU3Yy05NzBkLTVjNDc2ZTMzMjVmNS8xL1JsNjZYQnFBLUdw
RmlTZU8zWk1Fc19VV240TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALn0MTANBgkqhkiG9w0BAQsFAAOC
AQEAirHZcUPRhZXvVBZ4DvtuLwLGmIdq3n3f6g1Gi89DayZSiSloC5CqOGMeyjUa
vpG/J0R8t7G9fD3duWnAaZ3CslYhtnGR2stkf7jj4kHQJYLK+oZz9bgbv7pOgvoF
Dn+EsD2vP5kaw6gY41QRmPR3ic+UvH+0TQrhaut3c+lxFVsx3duyadBa2dRC38SH
dEdKKhiBuU3D6PHqjWs6ukgpRn+1b6UxQyBRZhNZ6BSnWc5cCO1fxZLEMnqGOpg5
MszA/7Bu0cmYuaA8zdL/ka6LPDOf+7HtfAbkgcnGHB53TGmGevyow43Qg+6pmN6+
i/i4xmlI1j7YXxjkJX9YYH6otw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:10 2024 by rpki-client on console-ams.rpki-client.org