Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/w5T36Gag7LN91EIrJgwigwQHjQ8.roa
File:                     w5T36Gag7LN91EIrJgwigwQHjQ8.roa (raw, json)
Hash identifier:          2abQF6HjkSom3YGfWTaTo/NByTpF6W+3Tapde4cbxXM=
Subject key identifier:   C3:94:F7:E8:66:A0:EC:B3:7D:D4:42:2B:26:0C:22:83:04:07:8D:0F
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       07FA4C6E
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/w5T36Gag7LN91EIrJgwigwQHjQ8.roa
Signing time:             Tue 01 Mar 2022 18:46:00 +0000
ROA not before:           Tue 01 Mar 2022 18:46:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        176.105.228.0/22 maxlen: 24
                          45.137.16.0/22 maxlen: 24
                          45.150.52.0/23 maxlen: 24
                          95.214.176.0/22 maxlen: 24
                          91.239.148.0/23 maxlen: 24
                          91.238.92.0/23 maxlen: 24
                          212.115.124.0/22 maxlen: 24
                          45.132.80.0/22 maxlen: 24
                          91.244.196.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 133844078 (0x7fa4c6e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Mar  1 18:46:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c394f7e866a0ecb37dd4422b260c228304078d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6c:45:f9:1a:4d:17:34:b7:b9:c6:3f:82:5e:
                    89:2c:3f:a7:9e:e5:fa:fe:d9:05:a6:68:9b:cd:4a:
                    a1:fc:23:c1:ed:93:a1:24:b5:5d:17:e6:ff:54:f2:
                    8b:89:68:b0:0a:17:b4:f3:68:25:ba:4e:20:cb:a9:
                    50:17:57:6f:b2:f7:fc:b9:da:a6:a6:bf:85:df:4a:
                    96:73:88:dc:0d:ac:3c:27:e3:d0:52:f0:e6:31:07:
                    c7:c8:5c:0e:36:14:80:48:c6:5f:d9:5d:07:6c:31:
                    ae:6e:1a:75:c1:5f:8f:f8:6b:18:76:f7:d0:04:38:
                    88:d8:5f:6d:f4:89:f0:60:d0:74:37:b0:68:27:e4:
                    14:00:25:eb:7c:f5:cd:d7:79:36:04:ac:50:fd:52:
                    b7:86:e2:86:92:ca:47:e5:47:38:53:c1:e0:4b:dc:
                    f5:db:7a:ec:99:34:cc:2f:17:3d:ac:65:ba:48:c4:
                    c9:2e:56:2c:e4:5e:04:90:6c:3e:04:56:23:de:62:
                    98:72:3b:40:e5:6c:b4:22:98:f4:45:33:dd:3c:1f:
                    ad:29:83:9e:8d:dd:7c:d1:50:2f:4d:1d:61:a6:23:
                    58:fb:9d:4f:20:68:49:d8:46:a3:65:4d:e4:5c:c3:
                    a1:41:5a:ae:a5:ed:22:21:d9:9c:6c:28:31:aa:f9:
                    53:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:94:F7:E8:66:A0:EC:B3:7D:D4:42:2B:26:0C:22:83:04:07:8D:0F
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/w5T36Gag7LN91EIrJgwigwQHjQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.80.0/22
                  45.137.16.0/22
                  45.150.52.0/23
                  91.238.92.0/23
                  91.239.148.0/23
                  91.244.196.0/22
                  95.214.176.0/22
                  176.105.228.0/22
                  212.115.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:fa:1d:34:22:1b:53:0f:70:26:b0:c0:87:94:98:fd:b4:20:
         35:09:c9:00:b5:c0:91:b7:62:05:e4:53:69:ad:0f:ef:91:ac:
         5e:89:56:28:97:36:a2:85:c6:c4:43:95:7d:45:d7:3c:f9:db:
         b9:5b:5b:8d:9e:d8:bd:ee:3e:6e:7f:45:61:a7:dd:84:98:7f:
         12:19:a3:80:b2:d2:34:1e:36:79:38:54:09:41:94:31:d0:f8:
         b7:43:c8:65:83:7f:57:be:2c:a7:6e:c9:d4:58:a8:18:f9:a3:
         83:ab:8b:36:4d:95:98:11:9d:24:40:b6:3d:ab:13:62:f0:6e:
         5f:3b:2d:52:f1:22:af:45:a5:c7:a2:48:f9:06:86:e0:53:4c:
         ba:95:f7:80:af:0c:0d:66:a7:5a:97:8d:c6:35:7e:1a:c9:31:
         ac:b5:90:26:99:23:61:28:0f:b4:38:71:6b:4d:8c:de:0f:f6:
         4e:61:fc:24:e0:7f:b1:c5:57:e8:11:ab:e6:a4:e1:36:a5:48:
         43:31:d0:da:a0:01:11:35:19:e4:8d:49:43:1e:34:cd:9a:15:
         d5:b6:af:9b:dd:66:81:bd:64:df:13:f8:95:c6:18:1c:59:76:
         f2:d8:d4:5a:d8:8d:9b:2c:93:02:dd:c2:97:8a:e5:71:bc:76:
         34:c4:e1:4e
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEB/pMbjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YjBjMGQwNDIyNTU2NmRiOTVlOWFkM2IyZWY2MDUwMTQ5NzVhYWEyMB4XDTIyMDMw
MTE4NDYwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzM5NGY3ZTg2NmEw
ZWNiMzdkZDQ0MjJiMjYwYzIyODMwNDA3OGQwZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKBsRfkaTRc0t7nGP4JeiSw/p57l+v7ZBaZom81Kofwjwe2T
oSS1XRfm/1Tyi4losAoXtPNoJbpOIMupUBdXb7L3/Lnapqa/hd9KlnOI3A2sPCfj
0FLw5jEHx8hcDjYUgEjGX9ldB2wxrm4adcFfj/hrGHb30AQ4iNhfbfSJ8GDQdDew
aCfkFAAl63z1zdd5NgSsUP1St4bihpLKR+VHOFPB4Evc9dt67Jk0zC8XPaxlukjE
yS5WLOReBJBsPgRWI95imHI7QOVstCKY9EUz3TwfrSmDno3dfNFQL00dYaYjWPud
TyBoSdhGo2VN5FzDoUFarqXtIiHZnGwoMar5U1ECAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBTDlPfoZqDss33UQismDCKDBAeNDzAfBgNVHSMEGDAWgBSbDA0EIlVm25Xp
rTsu9gUBSXWqojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L213d05CQ0pWWnR1VjZhMDdMdllGQVVsMXFxSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvMGVjNmQyLWYxZDctNGIwYS1hZDMzLWU4ZWYyZjA5NTk4ZS8x
L3c1VDM2R2FnN0xOOTFFSXJKZ3dpZ3dRSGpROC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
MGVjNmQyLWYxZDctNGIwYS1hZDMzLWU4ZWYyZjA5NTk4ZS8xL213d05CQ0pWWnR1
VjZhMDdMdllGQVVsMXFxSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAi2EUAMEAi2JEAMEAS2WNAMEAVvu
XAMEAVvvlAMEAlv0xAMEAl/WsAMEArBp5AMEAtRzfDANBgkqhkiG9w0BAQsFAAOC
AQEAUvodNCIbUw9wJrDAh5SY/bQgNQnJALXAkbdiBeRTaa0P75GsXolWKJc2ooXG
xEOVfUXXPPnbuVtbjZ7Yve4+bn9FYafdhJh/EhmjgLLSNB42eThUCUGUMdD4t0PI
ZYN/V74sp27J1FioGPmjg6uLNk2VmBGdJEC2PasTYvBuXzstUvEir0Wlx6JI+QaG
4FNMupX3gK8MDWanWpeNxjV+GskxrLWQJpkjYSgPtDhxa02M3g/2TmH8JOB/scVX
6BGr5qThNqVIQzHQ2qABETUZ5I1JQx40zZoV1bavm91mgb1k3xP4lcYYHFl28tjU
WtiNmyyTAt3Cl4rlcbx2NMThTg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:01 2024 by rpki-client on console-fra.rpki-client.org