Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/ZF9qjuWVavQXd0sQLOkgb5PBMaw.roa
File:                     ZF9qjuWVavQXd0sQLOkgb5PBMaw.roa (raw, json)
Hash identifier:          LS+qU6gUVfMXZfmyr58icyKXLHSjv8k50XAoH7jOvcU=
Subject key identifier:   64:5F:6A:8E:E5:95:6A:F4:17:77:4B:10:2C:E9:20:6F:93:C1:31:AC
Certificate issuer:       /CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
Certificate serial:       01855338B31A32AA5870197A701DBBFB931D
Authority key identifier: 02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/ZF9qjuWVavQXd0sQLOkgb5PBMaw.roa
Signing time:             Tue 27 Dec 2022 10:55:02 +0000
ROA not before:           Tue 27 Dec 2022 10:55:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16322
IP address blocks:        46.224.64.0/19 maxlen: 19
                          77.42.96.0/19 maxlen: 19
                          46.225.32.0/19 maxlen: 19
                          46.224.96.0/20 maxlen: 20
                          46.225.64.0/19 maxlen: 19
                          46.224.224.0/19 maxlen: 19
                          77.42.32.0/19 maxlen: 19
                          46.225.192.0/19 maxlen: 19
                          46.224.32.0/19 maxlen: 19
                          77.42.64.0/19 maxlen: 19
                          46.225.0.0/19 maxlen: 19
                          77.42.64.0/18 maxlen: 18
                          46.225.120.0/24 maxlen: 24
                          46.225.121.0/24 maxlen: 24
                          46.224.160.0/19 maxlen: 19
                          77.42.0.0/17 maxlen: 17
                          77.42.0.0/18 maxlen: 18
                          77.42.0.0/19 maxlen: 19
                          46.224.192.0/19 maxlen: 19
                          46.167.128.0/19 maxlen: 19
                          46.225.160.0/19 maxlen: 19
                          46.224.112.0/20 maxlen: 20
                          46.225.96.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:53:38:b3:1a:32:aa:58:70:19:7a:70:1d:bb:fb:93:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
        Validity
            Not Before: Dec 27 10:55:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=645f6a8ee5956af417774b102ce9206f93c131ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cf:dc:15:15:2c:b1:45:f8:fe:79:55:02:c2:
                    cf:61:92:19:0d:34:69:b7:69:4b:6d:92:95:64:ce:
                    33:03:3b:1e:b2:a7:c3:ae:b4:ad:40:d3:d2:04:fb:
                    e8:0c:c8:1f:68:71:91:84:59:3d:12:7b:06:cb:14:
                    70:ad:0f:56:e6:b0:6e:5b:c5:2d:57:20:a9:5b:20:
                    1c:1e:e6:ff:21:39:b3:90:36:83:b5:7f:80:a0:72:
                    0c:a3:50:c9:73:16:8b:f4:d9:b5:6c:02:97:be:56:
                    be:db:c6:a1:a2:63:9e:94:5a:2b:a6:ba:a9:49:95:
                    d5:f7:e5:9d:1e:c1:66:8f:81:e7:8a:e0:d7:f6:bc:
                    ac:8e:bb:f9:7a:a5:a0:f1:be:63:8e:f5:12:f0:9a:
                    7c:00:b9:74:33:dd:05:36:bb:64:51:b9:ad:3c:b9:
                    a3:b5:45:bd:d3:0b:75:cb:d9:78:5f:81:73:f0:53:
                    2e:36:41:3c:9d:30:5e:86:ea:74:a0:28:b5:d9:b7:
                    ea:17:99:22:e7:72:de:0e:ac:89:c3:94:f0:a5:62:
                    a7:09:dc:b0:f0:4a:e8:ca:52:74:c5:d5:64:0d:c8:
                    6d:47:a5:b1:6c:56:8a:48:a1:83:94:9a:ab:72:04:
                    cc:1f:91:59:72:9f:8d:30:23:e9:6b:8b:d5:3b:1c:
                    26:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5F:6A:8E:E5:95:6A:F4:17:77:4B:10:2C:E9:20:6F:93:C1:31:AC
            X509v3 Authority Key Identifier:
                keyid:02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/ZF9qjuWVavQXd0sQLOkgb5PBMaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.167.128.0/19
                  46.224.32.0-46.224.127.255
                  46.224.160.0-46.225.127.255
                  46.225.160.0-46.225.223.255
                  77.42.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         1e:0e:72:3b:81:8e:fb:92:da:5d:13:1b:fb:0c:09:80:f2:42:
         dc:fa:d3:0c:f0:8b:ee:ee:72:33:d6:cf:4c:3d:9d:83:60:0a:
         bd:c1:15:40:d3:02:65:7f:89:1c:be:e3:d8:3b:18:3d:61:c9:
         14:e9:76:7a:fd:76:39:0d:4b:a1:61:61:1d:95:01:2d:16:57:
         ba:e3:4a:38:5d:93:6d:08:65:40:84:b3:87:18:0f:c3:56:a0:
         f8:7b:c8:66:17:54:c7:fc:c6:af:f6:d9:37:45:df:1f:66:b1:
         96:43:e9:83:20:6f:4c:7b:55:83:46:aa:fc:a2:70:ab:e7:86:
         f7:13:0c:1a:a5:7b:41:ca:cf:3c:4d:97:6c:0b:97:49:2b:f0:
         06:20:2e:1f:ae:bc:7c:34:48:49:7c:10:b3:be:82:18:e2:1e:
         44:51:c9:2b:9b:e5:f2:9c:53:7d:c4:77:af:36:10:0d:8a:7b:
         d9:5a:25:30:e8:8d:94:31:00:5a:a0:45:57:49:b2:69:e8:c3:
         36:6c:9e:cf:4f:58:a8:1e:23:f0:d3:1f:d1:75:98:22:17:e0:
         69:70:e7:55:83:7a:aa:0a:8f:31:8a:b7:90:f0:83:91:36:c4:
         7a:07:0f:07:72:52:60:d0:09:57:e0:ed:78:cc:f8:02:1e:95:
         0d:df:45:73
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVTOLMaMqpYcBl6cB27+5MdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyODNhOGM2OWEyNjMwY2Q4ZjZmYTcwYWYyYTUzZmUwMTlm
MmNjMDcwHhcNMjIxMjI3MTA1NTAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDVmNmE4ZWU1OTU2YWY0MTc3NzRiMTAyY2U5MjA2ZjkzYzEzMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc/cFRUssUX4/nlVAsLPYZIZDTRp
t2lLbZKVZM4zAzsesqfDrrStQNPSBPvoDMgfaHGRhFk9EnsGyxRwrQ9W5rBuW8Ut
VyCpWyAcHub/ITmzkDaDtX+AoHIMo1DJcxaL9Nm1bAKXvla+28ahomOelForprqp
SZXV9+WdHsFmj4HniuDX9rysjrv5eqWg8b5jjvUS8Jp8ALl0M90FNrtkUbmtPLmj
tUW90wt1y9l4X4Fz8FMuNkE8nTBehup0oCi12bfqF5ki53LeDqyJw5TwpWKnCdyw
8EroylJ0xdVkDchtR6WxbFaKSKGDlJqrcgTMH5FZcp+NMCPpa4vVOxwmAwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGRfao7llWr0F3dLECzpIG+TwTGsMB8GA1UdIwQY
MBaAFAKDqMaaJjDNj2+nCvKlP+AZ8swHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTkt
NTkyYzBkY2RhZjc5LzEvWkY5cWp1V1ZhdlFYZDBzUUxPa2diNVBCTWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTktNTkyYzBkY2RhZjc5
LzEvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQFLqeAMAwD
BAUu4CADBAcu4AAwDAMEBS7goAMEBy7hADAMAwQFLuGgAwQFLuHAAwQHTSoAMA0G
CSqGSIb3DQEBCwUAA4IBAQAeDnI7gY77ktpdExv7DAmA8kLc+tMM8Ivu7nIz1s9M
PZ2DYAq9wRVA0wJlf4kcvuPYOxg9YckU6XZ6/XY5DUuhYWEdlQEtFle640o4XZNt
CGVAhLOHGA/DVqD4e8hmF1TH/Mav9tk3Rd8fZrGWQ+mDIG9Me1WDRqr8onCr54b3
EwwapXtBys88TZdsC5dJK/AGIC4frrx8NEhJfBCzvoIY4h5EUckrm+XynFN9xHev
NhANinvZWiUw6I2UMQBaoEVXSbJp6MM2bJ7PT1ioHiPw0x/RdZgiF+BpcOdVg3qq
Co8xireQ8IORNsR6Bw8HclJg0AlX4O14zPgCHpUN30Vz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:04 2024 by rpki-client on console-ams.rpki-client.org