Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/WYx_GrG_zkgUkF0kpcgb6N_Ekb4.roa
File:                     WYx_GrG_zkgUkF0kpcgb6N_Ekb4.roa (raw, json)
Hash identifier:          ceB67a068+vnTvkgONrfftxtglfyX0+bG2XLHvAO5bQ=
Subject key identifier:   59:8C:7F:1A:B1:BF:CE:48:14:90:5D:24:A5:C8:1B:E8:DF:C4:91:BE
Certificate issuer:       /CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
Certificate serial:       03325DA4
Authority key identifier: 9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/WYx_GrG_zkgUkF0kpcgb6N_Ekb4.roa
Signing time:             Sat 01 Jan 2022 14:58:56 +0000
ROA not before:           Sat 01 Jan 2022 14:58:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2200
IP address blocks:        160.228.0.0/16 maxlen: 16
                          138.195.0.0/16 maxlen: 16

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 53632420 (0x3325da4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
        Validity
            Not Before: Jan  1 14:58:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=598c7f1ab1bfce4814905d24a5c81be8dfc491be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:79:28:b0:f7:2a:6f:f3:ae:7a:d9:ec:f8:09:
                    f7:ef:27:e4:e9:71:14:30:f2:b4:9c:8c:46:c3:2e:
                    af:39:e8:c2:57:f0:d2:e5:dd:86:50:dc:3e:12:b3:
                    4c:2b:4a:92:da:eb:24:37:53:cd:bb:fa:0b:43:eb:
                    64:12:b8:20:4b:fb:30:e7:c2:0f:31:db:0e:24:e1:
                    1a:e4:82:09:4f:e4:a4:96:86:06:09:0c:4a:58:ea:
                    3a:e9:8c:da:c9:71:47:5f:96:c7:a0:86:41:d3:52:
                    0b:80:2a:cb:a0:00:06:44:e2:95:74:b7:0c:8d:47:
                    db:c1:55:36:b0:df:ad:53:83:3c:af:8b:f4:63:d0:
                    59:dd:21:af:17:26:46:6e:12:f6:14:a5:0b:c2:be:
                    39:51:4f:d7:cd:d4:22:bb:23:ea:c6:bb:c4:fd:1f:
                    02:6c:80:7f:16:43:63:9d:83:9b:de:d2:f0:91:a7:
                    8d:fa:b9:28:1c:d0:73:55:c0:d2:ec:ef:50:e3:94:
                    2f:08:52:99:cd:88:7f:fe:56:21:d8:47:67:b2:df:
                    63:63:14:b0:17:a9:2c:31:fc:9b:e8:cd:5f:0d:8e:
                    19:15:a2:01:e1:88:fa:c9:40:11:fd:c1:d2:7a:34:
                    63:71:0c:b7:1c:b3:62:69:47:ca:d9:cc:71:64:13:
                    f6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:8C:7F:1A:B1:BF:CE:48:14:90:5D:24:A5:C8:1B:E8:DF:C4:91:BE
            X509v3 Authority Key Identifier:
                keyid:9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/WYx_GrG_zkgUkF0kpcgb6N_Ekb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.195.0.0/16
                  160.228.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         dd:5f:8d:ba:28:7a:6c:d4:74:ec:87:f0:80:4d:29:6e:64:fb:
         e6:0a:24:f5:9c:4c:4e:6a:02:00:b0:2f:57:1e:7a:f4:c8:00:
         06:78:0c:0f:48:cc:9b:de:9d:2b:02:8e:ca:25:57:ff:19:ab:
         99:22:05:e6:43:fe:23:cf:16:93:6b:5f:75:93:45:31:58:0d:
         eb:fe:dc:12:5e:fb:50:72:c5:2d:b7:ee:fd:a3:50:42:be:3a:
         ad:5b:46:a2:a9:54:92:d3:46:32:dc:74:e3:26:ae:98:51:c9:
         aa:d6:31:a7:e5:7f:8c:a3:4e:ba:2a:e2:f6:fa:cc:e6:16:40:
         46:b9:53:94:bb:1d:bb:f4:73:56:ee:12:a4:6e:07:52:a3:d2:
         53:ae:4b:b3:61:f1:a4:86:7b:64:9a:2e:05:4e:1a:6d:58:6f:
         d6:dc:c6:1a:17:bf:b7:75:7e:1a:54:5c:d7:49:8e:19:27:98:
         a1:3a:3c:6b:6a:2c:7b:2e:f0:20:a4:b3:a6:69:00:ab:6f:4e:
         ea:f1:c5:a8:8b:19:7c:38:07:c8:48:31:62:8a:95:06:ea:72:
         51:de:15:42:fb:6e:43:eb:4c:ef:29:54:02:7a:b6:93:56:a8:
         24:38:fb:98:85:c7:26:14:20:44:7e:48:c0:84:27:45:8f:f5:
         10:93:33:bf
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIEAzJdpDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YTM5M2VmMTYwMjdmYzAzYmM1YzA0NWZmOTI4OWQ0YmJiN2ZmMzY0MB4XDTIyMDEw
MTE0NTg1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTk4YzdmMWFiMWJm
Y2U0ODE0OTA1ZDI0YTVjODFiZThkZmM0OTFiZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKZ5KLD3Km/zrnrZ7PgJ9+8n5OlxFDDytJyMRsMurznowlfw
0uXdhlDcPhKzTCtKktrrJDdTzbv6C0PrZBK4IEv7MOfCDzHbDiThGuSCCU/kpJaG
BgkMSljqOumM2slxR1+Wx6CGQdNSC4Aqy6AABkTilXS3DI1H28FVNrDfrVODPK+L
9GPQWd0hrxcmRm4S9hSlC8K+OVFP183UIrsj6sa7xP0fAmyAfxZDY52Dm97S8JGn
jfq5KBzQc1XA0uzvUOOULwhSmc2If/5WIdhHZ7LfY2MUsBepLDH8m+jNXw2OGRWi
AeGI+slAEf3B0no0Y3EMtxyzYmlHytnMcWQT9k0CAwEAAaOCAg0wggIJMB0GA1Ud
DgQWBBRZjH8asb/OSBSQXSSlyBvo38SRvjAfBgNVHSMEGDAWgBSaOT7xYCf8A7xc
BF/5KJ1Lu3/zZDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21qay04V0FuX0FPOFhBUmYtU2lkUzd0XzgyUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTQvYzZkOTg0LTZiZmMtNDYwMi05ZDU4LWFiMmQ1ZTdkNGE3Yi8x
L1dZeF9HckdfemtnVWtGMGtwY2diNk5fRWtiNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTQv
YzZkOTg0LTZiZmMtNDYwMi05ZDU4LWFiMmQ1ZTdkNGE3Yi8xL21qay04V0FuX0FP
OFhBUmYtU2lkUzd0XzgyUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAj
BggrBgEFBQcBBwEB/wQUMBIwEAQCAAEwCgMDAIrDAwMAoOQwDQYJKoZIhvcNAQEL
BQADggEBAN1fjbooemzUdOyH8IBNKW5k++YKJPWcTE5qAgCwL1ceevTIAAZ4DA9I
zJvenSsCjsolV/8Zq5kiBeZD/iPPFpNrX3WTRTFYDev+3BJe+1ByxS237v2jUEK+
Oq1bRqKpVJLTRjLcdOMmrphRyarWMaflf4yjTroq4vb6zOYWQEa5U5S7Hbv0c1bu
EqRuB1Kj0lOuS7Nh8aSGe2SaLgVOGm1Yb9bcxhoXv7d1fhpUXNdJjhknmKE6PGtq
LHsu8CCks6ZpAKtvTurxxaiLGXw4B8hIMWKKlQbqclHeFUL7bkPrTO8pVAJ6tpNW
qCQ4+5iFxyYUIER+SMCEJ0WP9RCTM78=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:21 2024 by rpki-client on console-fra.rpki-client.org