Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/UvGJLB4BuIR0p0lO3VVEtI76cuc.roa
File:                     UvGJLB4BuIR0p0lO3VVEtI76cuc.roa (raw, json)
Hash identifier:          lQXoJL74kzIKixmux5A862/ICw3UZ6OP4EKogp8IAFc=
Subject key identifier:   52:F1:89:2C:1E:01:B8:84:74:A7:49:4E:DD:55:44:B4:8E:FA:72:E7
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       01921F3C26D62ECA8F801316000CE02C2214
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/UvGJLB4BuIR0p0lO3VVEtI76cuc.roa
Signing time:             Mon 23 Sep 2024 14:14:48 +0000
ROA not before:           Mon 23 Sep 2024 14:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214770
IP address blocks:        46.17.216.0/24 maxlen: 24
                          2001:67c:e9c::/48 maxlen: 48
                          2a01:e900::/40 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1f:3c:26:d6:2e:ca:8f:80:13:16:00:0c:e0:2c:22:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Sep 23 14:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52f1892c1e01b88474a7494edd5544b48efa72e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c8:64:34:20:65:ad:c7:5e:5d:7b:fa:ba:20:
                    9d:9a:30:58:80:9b:09:37:ef:44:7d:39:fa:dd:e9:
                    d3:d2:23:ce:c2:b8:05:b6:2f:b5:64:50:42:21:6e:
                    d0:44:cb:f2:e6:be:79:84:e1:50:d9:f6:8e:6b:a8:
                    b7:df:9a:01:92:a3:d7:b9:ee:71:e5:43:cf:bc:b3:
                    30:e9:e4:b1:09:f2:cb:38:e8:d7:9f:59:c9:b3:11:
                    0d:db:5d:2e:44:16:09:64:68:5d:75:2e:11:fe:71:
                    d4:e1:c8:c6:bb:d8:f8:7f:55:65:96:66:71:cd:f8:
                    e0:0b:42:af:a8:4c:8b:9b:13:dc:53:cb:e0:07:de:
                    ff:f6:b8:7a:1e:ac:7a:ea:78:3a:55:ea:b2:28:9a:
                    68:32:88:ef:67:d6:0a:00:a1:25:3e:e4:5f:2a:43:
                    df:cc:a4:e2:cc:e3:e3:8e:3d:cb:84:b2:bf:c0:11:
                    1c:9a:7e:d2:bb:c1:4c:a5:dc:f5:cf:52:96:18:37:
                    3a:09:5c:ca:67:5c:80:68:9c:0a:21:fb:0e:38:97:
                    8f:4c:b4:8e:70:89:50:79:e9:d2:c4:9d:e6:26:40:
                    9d:06:c0:fe:f8:af:c8:c1:a2:ad:0d:f6:65:f0:c1:
                    99:5c:f0:30:16:7a:5e:0c:b1:c9:dc:31:82:4e:a8:
                    78:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:F1:89:2C:1E:01:B8:84:74:A7:49:4E:DD:55:44:B4:8E:FA:72:E7
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/UvGJLB4BuIR0p0lO3VVEtI76cuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.216.0/24
                IPv6:
                  2001:67c:e9c::/48
                  2a01:e900::/40

    Signature Algorithm: sha256WithRSAEncryption
         0a:aa:4d:c5:29:04:08:81:3d:4b:02:22:5f:f1:14:5b:c7:7a:
         3f:18:98:82:8b:33:8e:e6:eb:e0:83:38:79:8e:2b:fd:8a:e2:
         7e:a7:58:b5:e2:74:04:a5:92:5a:41:82:d9:00:4d:ef:b5:43:
         30:cb:3b:2b:90:a7:08:11:32:e8:ea:22:4a:90:ba:fb:e3:7b:
         8d:d0:e0:e0:cb:c3:d4:1b:df:a8:49:30:e1:5c:e7:c0:5a:b0:
         d7:bb:56:17:9d:ad:cf:b0:e3:8b:16:03:b7:78:20:6f:b8:aa:
         ec:a5:d5:03:f0:5d:43:c8:4d:08:ea:7e:4c:c1:3c:5a:71:ee:
         dd:f0:b4:1e:dc:d1:42:48:4a:7b:66:3c:ed:7e:52:f0:4b:38:
         cb:2a:a7:a4:e7:ee:3e:9f:ed:ad:25:4a:4b:95:ad:aa:99:d1:
         3a:e2:42:cb:ab:25:b2:bc:5d:92:e5:90:d7:e2:89:6c:e4:dd:
         ec:2b:17:03:6d:96:e7:82:ee:61:aa:1b:e4:97:e1:55:3e:2b:
         e6:24:7a:68:ba:16:c1:1d:b8:bc:de:37:69:e9:f7:0f:ce:e0:
         4e:54:cd:26:f5:f1:52:9b:1d:bd:e8:80:7b:8e:d8:98:95:9f:
         16:36:b5:89:b9:e7:80:8a:a9:6a:aa:93:38:a9:b5:19:6c:a4:
         37:16:07:5e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZIfPCbWLsqPgBMWAAzgLCIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjQwOTIzMTQxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmYxODkyYzFlMDFiODg0NzRhNzQ5NGVkZDU1NDRiNDhlZmE3MmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0chkNCBlrcdeXXv6uiCdmjBYgJsJ
N+9EfTn63enT0iPOwrgFti+1ZFBCIW7QRMvy5r55hOFQ2faOa6i335oBkqPXue5x
5UPPvLMw6eSxCfLLOOjXn1nJsxEN210uRBYJZGhddS4R/nHU4cjGu9j4f1VllmZx
zfjgC0KvqEyLmxPcU8vgB97/9rh6Hqx66ng6VeqyKJpoMojvZ9YKAKElPuRfKkPf
zKTizOPjjj3LhLK/wBEcmn7Su8FMpdz1z1KWGDc6CVzKZ1yAaJwKIfsOOJePTLSO
cIlQeenSxJ3mJkCdBsD++K/IwaKtDfZl8MGZXPAwFnpeDLHJ3DGCTqh4PQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFLxiSweAbiEdKdJTt1VRLSO+nLnMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvVXZHSkxCNEJ1SVIwcDBsTzNWVkV0STc2Y3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAMBAIAATAGAwQALhHYMBcE
AgACMBEDBwAgAQZ8DpwDBgAqAekAADANBgkqhkiG9w0BAQsFAAOCAQEACqpNxSkE
CIE9SwIiX/EUW8d6PxiYgoszjubr4IM4eY4r/YrifqdYteJ0BKWSWkGC2QBN77VD
MMs7K5CnCBEy6OoiSpC6++N7jdDg4MvD1BvfqEkw4VznwFqw17tWF52tz7DjixYD
t3ggb7iq7KXVA/BdQ8hNCOp+TME8WnHu3fC0HtzRQkhKe2Y87X5S8Es4yyqnpOfu
Pp/trSVKS5WtqpnROuJCy6slsrxdkuWQ1+KJbOTd7CsXA22W54LuYaob5JfhVT4r
5iR6aLoWwR24vN43aen3D87gTlTNJvXxUpsdveiAe47YmJWfFja1ibnngIqpaqqT
OKm1GWykNxYHXg==
-----END CERTIFICATE-----
Generated at Mon Oct 28 12:17:13 2024 by rpki-client on console-ams.rpki-client.org