Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/tgRmrU0h9aQUnJXjXHj2sfGnP6E.roa
File:                     tgRmrU0h9aQUnJXjXHj2sfGnP6E.roa (raw, json)
Hash identifier:          9PXNQFDwo9HyV/k7B5QOKNu3pmr4OmRpZBz270zWPYg=
Subject key identifier:   B6:04:66:AD:4D:21:F5:A4:14:9C:95:E3:5C:78:F6:B1:F1:A7:3F:A1
Certificate issuer:       /CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
Certificate serial:       021644F7
Authority key identifier: 3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/tgRmrU0h9aQUnJXjXHj2sfGnP6E.roa
Signing time:             Fri 24 Jun 2022 15:33:40 +0000
ROA not before:           Fri 24 Jun 2022 15:33:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39305
IP address blocks:        185.151.214.0/23 maxlen: 24
                          91.211.64.0/22 maxlen: 22
                          185.88.9.0/24 maxlen: 24
                          62.106.73.0/24 maxlen: 24
                          2a0c:7140::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 35013879 (0x21644f7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
        Validity
            Not Before: Jun 24 15:33:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b60466ad4d21f5a4149c95e35c78f6b1f1a73fa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:13:49:23:a3:33:24:b5:66:07:9a:3c:9e:dd:
                    53:eb:2a:6b:9b:a8:c4:90:68:73:e4:f6:b4:be:bf:
                    22:20:00:1c:8a:38:57:c0:87:90:2e:91:ad:7a:9e:
                    68:2f:58:b9:23:2d:86:a4:86:61:08:e0:4c:b0:a1:
                    a2:50:5a:66:b2:c4:ee:a2:e2:ce:56:d0:70:d6:5b:
                    f1:e2:a6:5d:81:97:fd:70:4b:f4:2f:e1:d0:ea:93:
                    b8:ff:c1:ac:d7:4b:dd:36:27:cc:2a:d1:1f:9f:dd:
                    6a:3e:fe:57:43:c5:75:f5:d4:25:16:14:75:3e:4d:
                    f7:15:b0:e0:ae:01:cc:49:84:40:d8:fc:4b:4e:ad:
                    e5:67:ba:d8:a2:ff:5f:a0:14:38:23:ac:a1:5e:82:
                    ae:91:95:bd:d2:4c:16:89:4f:f1:45:9c:96:32:61:
                    ff:81:90:17:e3:e2:9d:2c:a0:48:35:06:1f:c4:3d:
                    1a:a9:2e:ad:6f:ec:0e:45:f1:c6:63:37:bc:1d:13:
                    cd:45:b9:6e:31:7f:ea:13:41:45:cc:87:9b:ef:ae:
                    bb:a6:26:04:92:72:62:4e:2b:0c:c5:ac:c0:4a:ee:
                    cc:6e:23:2b:c6:35:12:ac:f1:23:61:15:10:f0:41:
                    0f:c5:cd:0f:e8:e5:64:17:13:7e:11:aa:d6:53:e5:
                    9d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:04:66:AD:4D:21:F5:A4:14:9C:95:E3:5C:78:F6:B1:F1:A7:3F:A1
            X509v3 Authority Key Identifier:
                keyid:3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/tgRmrU0h9aQUnJXjXHj2sfGnP6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.73.0/24
                  91.211.64.0/22
                  185.88.9.0/24
                  185.151.214.0/23
                IPv6:
                  2a0c:7140::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:cd:d3:32:5d:fe:bd:af:c5:68:94:ff:8b:e1:c5:c5:c2:0d:
         a5:24:10:94:63:ff:1c:fc:77:6d:aa:f5:c0:60:db:5a:05:cb:
         ca:57:87:2e:10:78:83:4d:c5:76:ab:24:47:b7:77:4c:a1:51:
         e8:b4:84:1e:e8:8f:27:91:9a:66:a3:4c:16:a7:c2:84:b2:c8:
         52:11:a9:36:6b:e3:ae:c8:66:1a:f4:72:b3:ee:3c:ce:d0:95:
         1c:e6:47:3b:6b:55:80:96:3b:6c:61:e5:5c:f0:22:62:1b:dc:
         25:8f:ab:91:b7:d2:46:21:a5:90:be:59:a3:37:5e:8d:da:26:
         03:ab:93:03:45:81:9a:c9:99:a0:b0:5e:6d:7f:a3:5b:f7:d0:
         64:87:f9:9d:a2:ad:ac:12:f8:ba:19:0d:7e:04:50:6a:fc:3e:
         75:67:4f:44:77:86:23:4e:ac:1b:55:6e:de:dd:07:75:b6:c4:
         4e:21:de:32:8f:0d:54:45:72:59:30:5f:9d:4c:2d:41:0b:b9:
         3a:a1:d1:00:2c:5d:04:5b:47:bc:b3:2b:55:c2:f0:6d:8c:3e:
         f7:e2:0c:b5:db:cd:98:f6:7c:5a:09:88:da:57:9a:64:f0:13:
         bc:0b:32:29:17:b3:86:d7:0d:ba:a0:14:a2:a8:cb:7e:61:8e:
         4f:00:39:4e
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEAhZE9zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZjIzMDc1MmYzYmEwMDI2ZmJiMjBjNWU0Yzk2M2IxMTI5YWM5ZDM0MB4XDTIyMDYy
NDE1MzM0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjYwNDY2YWQ0ZDIx
ZjVhNDE0OWM5NWUzNWM3OGY2YjFmMWE3M2ZhMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANoTSSOjMyS1ZgeaPJ7dU+sqa5uoxJBoc+T2tL6/IiAAHIo4
V8CHkC6RrXqeaC9YuSMthqSGYQjgTLCholBaZrLE7qLizlbQcNZb8eKmXYGX/XBL
9C/h0OqTuP/BrNdL3TYnzCrRH5/daj7+V0PFdfXUJRYUdT5N9xWw4K4BzEmEQNj8
S06t5We62KL/X6AUOCOsoV6CrpGVvdJMFolP8UWcljJh/4GQF+PinSygSDUGH8Q9
GqkurW/sDkXxxmM3vB0TzUW5bjF/6hNBRcyHm++uu6YmBJJyYk4rDMWswEruzG4j
K8Y1EqzxI2EVEPBBD8XND+jlZBcTfhGq1lPlndECAwEAAaOCAiowggImMB0GA1Ud
DgQWBBS2BGatTSH1pBScleNcePax8ac/oTAfBgNVHSMEGDAWgBQ/IwdS87oAJvuy
DF5MljsRKaydNDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1B5TUhVdk82QUNiN3NneGVUSlk3RVNtc25UUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWMvNTFmOWExLTQzNjgtNDU2OC1iMDI5LWRkMjI1MzBlMTVhNC8x
L3RnUm1yVTBoOWFRVW5KWGpYSGoyc2ZHblA2RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMv
NTFmOWExLTQzNjgtNDU2OC1iMDI5LWRkMjI1MzBlMTVhNC8xL1B5TUhVdk82QUNi
N3NneGVUSlk3RVNtc25UUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAD5qSQMEAlvTQAMEALlYCQMEAbmX
1jANBAIAAjAHAwUDKgxxQDANBgkqhkiG9w0BAQsFAAOCAQEAGs3TMl3+va/FaJT/
i+HFxcINpSQQlGP/HPx3bar1wGDbWgXLyleHLhB4g03FdqskR7d3TKFR6LSEHuiP
J5GaZqNMFqfChLLIUhGpNmvjrshmGvRys+48ztCVHOZHO2tVgJY7bGHlXPAiYhvc
JY+rkbfSRiGlkL5ZozdejdomA6uTA0WBmsmZoLBebX+jW/fQZIf5naKtrBL4uhkN
fgRQavw+dWdPRHeGI06sG1Vu3t0HdbbETiHeMo8NVEVyWTBfnUwtQQu5OqHRACxd
BFtHvLMrVcLwbYw+9+IMtdvNmPZ8WgmI2leaZPATvAsyKRezhtcNuqAUoqjLfmGO
TwA5Tg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:02 2024 by rpki-client on console-ams.rpki-client.org