Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/QyL_cq_oCdbRbdLXFXQIffJsslo.roa
File:                     QyL_cq_oCdbRbdLXFXQIffJsslo.roa (raw, json)
Hash identifier:          mC5SpiMcPED96azw75URaccq4W0NRN9BC06eLhMcfh4=
Subject key identifier:   43:22:FF:72:AF:E8:09:D6:D1:6D:D2:D7:15:74:08:7D:F2:6C:B2:5A
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       0FDCCE37
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/QyL_cq_oCdbRbdLXFXQIffJsslo.roa
Signing time:             Sat 01 Jan 2022 14:59:39 +0000
ROA not before:           Sat 01 Jan 2022 14:59:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48550
IP address blocks:        185.133.210.0/24 maxlen: 24
                          2a06:e881:198::/48 maxlen: 56
                          2001:67c:4e0::/48 maxlen: 48
                          2a06:e880::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 266128951 (0xfdcce37)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  1 14:59:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4322ff72afe809d6d16dd2d71574087df26cb25a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9f:1a:f5:fa:3a:a8:f6:da:e9:8d:f0:49:5a:
                    03:ce:70:96:f7:77:a3:6f:6e:4e:01:aa:cd:1b:83:
                    a1:f8:38:16:92:be:b5:7b:55:54:76:51:44:f7:a1:
                    8c:f7:b5:b7:21:30:c9:55:f6:eb:ed:af:c1:61:b1:
                    27:2e:f4:e2:c7:c2:32:19:e7:67:7c:4e:83:99:a8:
                    3e:60:b7:16:22:1b:13:c9:12:8b:b7:d3:f0:bc:7d:
                    05:1c:51:b0:69:36:4e:8a:69:a8:7f:41:11:38:ca:
                    95:cd:e5:7e:58:2f:ca:a8:34:9c:3c:3e:92:00:aa:
                    ed:b4:34:e5:ea:3d:f1:75:ea:53:41:98:4b:b3:de:
                    44:ff:e1:67:0f:6d:50:e2:59:2e:6c:af:1a:58:16:
                    42:a0:9c:07:48:9c:90:74:ce:b7:60:ba:9c:cb:45:
                    a4:c2:cf:05:bb:f1:33:02:08:9a:a4:85:a7:2d:b7:
                    47:fe:a4:ac:ec:80:d6:5c:38:47:33:b4:c8:2a:15:
                    38:f3:8e:c2:4f:af:c6:83:47:48:19:2a:71:54:5d:
                    e2:c9:a1:92:97:6b:49:4d:47:09:8b:82:f1:41:ae:
                    3d:16:aa:e2:3a:33:50:b8:51:91:24:fd:d7:3b:8f:
                    25:30:ef:72:a3:b9:bd:07:bb:47:57:b4:34:d7:94:
                    27:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:22:FF:72:AF:E8:09:D6:D1:6D:D2:D7:15:74:08:7D:F2:6C:B2:5A
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/QyL_cq_oCdbRbdLXFXQIffJsslo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.210.0/24
                IPv6:
                  2001:67c:4e0::/48
                  2a06:e880::/32
                  2a06:e881:198::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:ea:6b:bc:7b:66:f2:e6:d3:c9:33:6b:ae:35:3a:35:06:5c:
         d1:40:ef:63:68:cb:9e:c5:8d:34:1e:d7:e9:14:7f:62:a1:f1:
         a4:3f:b0:f6:b3:9a:49:db:70:6a:91:9c:1a:4b:bb:df:96:e1:
         07:ed:4c:3c:5c:40:39:69:a7:16:26:30:64:e9:0c:40:df:b0:
         7e:f6:04:9d:c4:3b:1f:d8:32:31:32:eb:75:2f:65:31:b8:8a:
         ff:65:7a:d6:1a:b4:1b:06:06:b8:8e:08:f6:9e:60:34:5c:e0:
         63:a3:d3:3f:b0:1c:39:50:fb:8b:52:49:f6:45:af:25:79:3a:
         f5:18:2b:0a:af:5d:6e:b8:bb:25:69:02:87:5b:03:5d:c7:38:
         65:fb:71:9c:62:6e:82:71:4b:d7:d2:c3:f2:4e:fe:cc:07:77:
         42:0a:33:bb:93:f5:65:46:b3:29:8c:ac:29:a4:b9:c8:1e:7a:
         d8:83:8d:1b:a5:80:2f:39:b7:77:0a:b3:fe:ff:61:ff:c0:5a:
         8e:81:b8:c9:46:90:86:b2:af:c8:90:73:9c:ce:f2:ba:14:3f:
         0e:98:18:db:be:11:d3:00:91:d4:2b:7e:37:6a:2c:c5:21:b9:
         16:e2:83:60:f1:b6:9c:c7:02:1e:8c:be:c1:f0:e1:0d:7a:a6:
         bc:03:a3:0d
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIED9zONzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ODA3NGI0MTllYWQ0Y2VmZWEyZjJhZDJjMjU5ZDk3OGM1ZWQ3OTU0MB4XDTIyMDEw
MTE0NTkzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDMyMmZmNzJhZmU4
MDlkNmQxNmRkMmQ3MTU3NDA4N2RmMjZjYjI1YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALmfGvX6Oqj22umN8ElaA85wlvd3o29uTgGqzRuDofg4FpK+
tXtVVHZRRPehjPe1tyEwyVX26+2vwWGxJy704sfCMhnnZ3xOg5moPmC3FiIbE8kS
i7fT8Lx9BRxRsGk2ToppqH9BETjKlc3lflgvyqg0nDw+kgCq7bQ05eo98XXqU0GY
S7PeRP/hZw9tUOJZLmyvGlgWQqCcB0ickHTOt2C6nMtFpMLPBbvxMwIImqSFpy23
R/6krOyA1lw4RzO0yCoVOPOOwk+vxoNHSBkqcVRd4smhkpdrSU1HCYuC8UGuPRaq
4jozULhRkST91zuPJTDvcqO5vQe7R1e0NNeUJ8ECAwEAAaOCAiowggImMB0GA1Ud
DgQWBBRDIv9yr+gJ1tFt0tcVdAh98myyWjAfBgNVHSMEGDAWgBS4B0tBnq1M7+ov
KtLCWdl4xe15VDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VBZExRWjZ0VE9fcUx5clN3bG5aZU1YdGVWUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWIvMWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8x
L1F5TF9jcV9vQ2RiUmJkTFhGWFFJZmZKc3Nsby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIv
MWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8xL3VBZExRWjZ0VE9f
cUx5clN3bG5aZU1YdGVWUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wDAQCAAEwBgMEALmF0jAfBAIAAjAZAwcAIAEGfATg
AwUAKgbogAMHACoG6IEBmDANBgkqhkiG9w0BAQsFAAOCAQEAB+prvHtm8ubTyTNr
rjU6NQZc0UDvY2jLnsWNNB7X6RR/YqHxpD+w9rOaSdtwapGcGku735bhB+1MPFxA
OWmnFiYwZOkMQN+wfvYEncQ7H9gyMTLrdS9lMbiK/2V61hq0GwYGuI4I9p5gNFzg
Y6PTP7AcOVD7i1JJ9kWvJXk69RgrCq9dbri7JWkCh1sDXcc4ZftxnGJugnFL19LD
8k7+zAd3Qgozu5P1ZUazKYysKaS5yB562IONG6WALzm3dwqz/v9h/8BajoG4yUaQ
hrKvyJBznM7yuhQ/DpgY274R0wCR1Ct+N2osxSG5FuKDYPG2nMcCHoy+wfDhDXqm
vAOjDQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:40 2024 by rpki-client on console-ams.rpki-client.org