Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/iGE97LOyvuDn7BnohiW_uJMWSzE.roa
File:                     iGE97LOyvuDn7BnohiW_uJMWSzE.roa (raw, json)
Hash identifier:          hIA5n9OCNuIGvNemxXISwh+gaiaQbE5s7GS9N5Q3KBY=
Subject key identifier:   88:61:3D:EC:B3:B2:BE:E0:E7:EC:19:E8:86:25:BF:B8:93:16:4B:31
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01856E2FC0D4E9B148D582EEA3E63F3ABF5E
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/iGE97LOyvuDn7BnohiW_uJMWSzE.roa
Signing time:             Sun 01 Jan 2023 16:35:01 +0000
ROA not before:           Sun 01 Jan 2023 16:35:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207713
IP address blocks:        31.129.22.0/24 maxlen: 24
                          5.44.42.0/24 maxlen: 24
                          45.129.184.0/24 maxlen: 24
                          45.80.128.0/24 maxlen: 24
                          195.80.49.0/24 maxlen: 24
                          195.80.48.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:c0:d4:e9:b1:48:d5:82:ee:a3:e6:3f:3a:bf:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  1 16:35:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=88613decb3b2bee0e7ec19e88625bfb893164b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:58:55:fb:d3:c9:89:a1:2d:d5:b4:20:f5:70:
                    8e:4e:4e:71:68:8c:97:59:f8:87:76:37:aa:1f:72:
                    dd:e1:b3:6b:05:95:a4:51:a9:01:4d:ec:6a:50:41:
                    65:ce:21:dc:78:08:c0:20:99:45:77:9b:2a:ba:0f:
                    38:18:10:c0:20:9e:c4:b6:72:ed:a1:cc:d4:e8:ab:
                    57:76:6d:0f:6c:b1:44:25:23:2f:d9:c4:25:9d:e1:
                    e4:3b:9a:27:01:6f:7a:0f:22:24:31:50:cd:85:29:
                    c1:32:62:78:e1:59:a1:b6:43:73:ce:1f:fa:f5:97:
                    5c:d2:1e:99:50:f6:2a:4e:82:7d:b6:bb:1e:19:46:
                    6d:76:16:a5:06:07:50:35:a2:d0:e2:c5:70:f8:e7:
                    60:03:34:b4:3a:71:06:87:41:fa:9c:af:d2:26:03:
                    f6:5f:71:af:f9:ad:81:59:7e:a8:51:25:0e:8b:e5:
                    f4:c2:70:55:a6:3b:9f:47:de:f5:ca:89:7c:ff:61:
                    ab:fd:53:e7:7e:2b:61:5d:03:a2:70:94:36:27:5e:
                    e0:e6:b5:4c:ea:bd:37:d8:0e:cd:c9:55:52:94:f9:
                    e2:b6:b5:f1:67:c9:f4:bf:be:0c:cd:b8:e4:9d:3e:
                    ad:76:31:0e:b8:3b:04:a0:81:43:3f:7c:62:c7:a3:
                    b7:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:61:3D:EC:B3:B2:BE:E0:E7:EC:19:E8:86:25:BF:B8:93:16:4B:31
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/iGE97LOyvuDn7BnohiW_uJMWSzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.42.0/24
                  31.129.22.0/24
                  45.80.128.0/24
                  45.129.184.0/24
                  195.80.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:8a:9c:65:88:15:14:07:91:9e:f9:53:29:b5:5d:83:a4:bb:
         20:d9:af:43:2a:94:39:de:0e:37:f3:05:8a:5a:17:f2:60:a5:
         de:19:66:c1:ac:e7:7f:3a:0d:d8:0a:fd:25:0f:0f:4e:13:5a:
         b0:df:25:da:04:7b:50:e0:32:d3:26:f7:57:2a:1e:9f:41:24:
         b1:3e:ff:46:8c:c0:36:2e:95:47:69:f2:b1:73:dc:7c:63:6b:
         ba:ff:f0:58:bc:8a:f3:4b:a6:1f:74:47:17:7d:eb:1b:d9:4b:
         09:37:34:a4:ca:8e:03:a8:22:c3:ed:e0:b6:10:00:63:a8:01:
         8f:0a:67:25:78:22:19:74:ba:f1:cb:ab:08:1c:03:90:42:c9:
         63:d1:eb:8e:62:c6:97:cb:a9:a6:6d:7f:98:f2:bb:42:54:20:
         1a:aa:50:ed:17:7e:f5:99:d9:f2:05:0a:12:41:c5:ca:bb:3c:
         5e:42:27:de:a5:1b:e0:ee:fa:6a:f9:85:94:d3:19:d9:5c:82:
         39:de:20:60:f6:1b:01:38:0a:c3:32:08:90:f8:05:fa:79:53:
         d3:ab:43:68:98:fd:59:02:6c:2d:19:d6:77:42:ee:d4:5c:0b:
         d3:00:9f:3e:c7:b6:cd:c6:14:95:0a:49:7d:55:1f:99:b6:0e:
         52:ea:c5:0f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVuL8DU6bFI1YLuo+Y/Or9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTAxMTYzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODYxM2RlY2IzYjJiZWUwZTdlYzE5ZTg4NjI1YmZiODkzMTY0YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlhV+9PJiaEt1bQg9XCOTk5xaIyX
WfiHdjeqH3Ld4bNrBZWkUakBTexqUEFlziHceAjAIJlFd5squg84GBDAIJ7EtnLt
oczU6KtXdm0PbLFEJSMv2cQlneHkO5onAW96DyIkMVDNhSnBMmJ44VmhtkNzzh/6
9Zdc0h6ZUPYqToJ9trseGUZtdhalBgdQNaLQ4sVw+OdgAzS0OnEGh0H6nK/SJgP2
X3Gv+a2BWX6oUSUOi+X0wnBVpjufR971yol8/2Gr/VPnfithXQOicJQ2J17g5rVM
6r032A7NyVVSlPnitrXxZ8n0v74MzbjknT6tdjEOuDsEoIFDP3xix6O3UQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIhhPeyzsr7g5+wZ6IYlv7iTFksxMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvaUdFOTdMT3l2dURuN0Jub2hpV191Sk1XU3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQABSwqAwQA
H4EWAwQALVCAAwQALYG4AwQBw1AwMA0GCSqGSIb3DQEBCwUAA4IBAQAripxliBUU
B5Ge+VMptV2DpLsg2a9DKpQ53g438wWKWhfyYKXeGWbBrOd/Og3YCv0lDw9OE1qw
3yXaBHtQ4DLTJvdXKh6fQSSxPv9GjMA2LpVHafKxc9x8Y2u6//BYvIrzS6YfdEcX
fesb2UsJNzSkyo4DqCLD7eC2EABjqAGPCmcleCIZdLrxy6sIHAOQQslj0euOYsaX
y6mmbX+Y8rtCVCAaqlDtF371mdnyBQoSQcXKuzxeQifepRvg7vpq+YWU0xnZXII5
3iBg9hsBOArDMgiQ+AX6eVPTq0NomP1ZAmwtGdZ3Qu7UXAvTAJ8+x7bNxhSVCkl9
VR+Ztg5S6sUP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:55 2024 by rpki-client on console-fra.rpki-client.org