Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/nHbXo52heExmoNvwStPGSrp9b20.roa
File:                     nHbXo52heExmoNvwStPGSrp9b20.roa (raw, json)
Hash identifier:          byilWy2VVrx5RgvKC3AqFaILiktae6sV4aLf3GCZTRU=
Subject key identifier:   9C:76:D7:A3:9D:A1:78:4C:66:A0:DB:F0:4A:D3:C6:4A:BA:7D:6F:6D
Certificate issuer:       /CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
Certificate serial:       032AE6A2
Authority key identifier: 1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/nHbXo52heExmoNvwStPGSrp9b20.roa
Signing time:             Tue 22 Feb 2022 03:52:15 +0000
ROA not before:           Tue 22 Feb 2022 03:52:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     24875
IP address blocks:        217.144.171.0/24 maxlen: 24
                          217.144.168.0/22 maxlen: 22
                          217.144.168.0/24 maxlen: 24
                          217.144.169.0/24 maxlen: 24
                          217.144.170.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 53143202 (0x32ae6a2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
        Validity
            Not Before: Feb 22 03:52:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9c76d7a39da1784c66a0dbf04ad3c64aba7d6f6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:bc:c6:7b:17:94:82:fe:ae:64:de:8e:3b:dc:
                    e8:69:51:92:17:8a:05:a4:92:d8:ee:7a:99:2b:94:
                    0c:0e:15:a1:21:28:53:69:4f:89:2d:70:98:24:43:
                    3b:ce:70:4e:e1:fc:a7:83:d5:b1:d9:64:4e:c4:1d:
                    ea:ff:87:ae:13:43:5c:27:ce:17:65:d3:78:51:47:
                    51:3f:51:6a:3d:31:3b:9e:b1:a0:56:ed:5a:b4:94:
                    b1:45:f9:15:7d:b9:79:5a:ae:2d:92:49:1b:31:68:
                    53:9c:e0:be:8d:b0:24:9b:92:83:16:52:03:ee:c1:
                    b4:23:6f:35:e5:65:18:03:8a:e0:7a:d7:d1:e0:7f:
                    76:81:13:28:f8:07:d7:93:3a:7a:49:07:21:19:67:
                    e3:36:e7:00:1d:39:a0:b5:87:fd:b1:20:e3:56:51:
                    5e:23:c6:74:50:01:ec:95:2c:ff:67:4c:55:8d:79:
                    14:ce:68:3b:47:96:e9:28:05:e9:1b:98:e6:2c:83:
                    10:c9:28:f5:0c:e0:c4:8e:8f:ed:5e:fd:40:48:93:
                    93:ad:55:f0:54:22:5f:c3:c4:cf:42:39:15:f8:a2:
                    eb:94:dd:7a:5b:b7:3c:3f:f8:29:64:c0:eb:5b:e7:
                    07:9c:0f:18:eb:dd:49:d2:ba:71:51:35:54:02:ce:
                    dc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:76:D7:A3:9D:A1:78:4C:66:A0:DB:F0:4A:D3:C6:4A:BA:7D:6F:6D
            X509v3 Authority Key Identifier:
                keyid:1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/nHbXo52heExmoNvwStPGSrp9b20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:35:92:9b:bd:84:f3:29:1e:5e:12:30:47:fb:66:db:42:55:
         f7:7a:1d:c6:8d:14:75:88:a1:b3:79:55:a1:09:57:12:e8:e9:
         ff:88:e8:9a:8f:2f:06:0c:46:42:11:96:40:ec:f6:ea:9f:3a:
         df:7a:94:13:ee:cd:2b:28:3a:b0:8a:09:3a:54:08:b3:f9:c0:
         10:6b:93:e8:a5:44:d5:55:b1:a1:2d:17:6f:c1:42:19:37:63:
         97:b4:6c:f0:e5:5a:1c:a3:23:8b:33:44:6f:4f:96:da:a7:6d:
         04:63:52:66:b6:26:15:b7:9e:ba:88:ea:62:db:0e:b2:eb:7e:
         2c:5d:d0:82:78:80:39:0d:5b:0f:55:8e:d6:46:30:c7:22:bb:
         7a:c8:c7:c4:2d:9f:c7:7e:6e:4a:9a:6b:5c:a6:4f:9b:07:62:
         92:67:08:a8:d9:20:54:b7:18:12:95:9e:39:3f:33:b2:3d:e0:
         a4:69:bb:25:91:f1:78:59:85:b5:64:95:df:8d:68:5a:34:40:
         81:16:56:4a:45:78:59:17:ca:57:ef:a3:56:de:30:9b:e0:d8:
         4b:63:9b:d8:bb:71:59:5f:ea:9f:a0:ed:ca:e0:f1:c3:5e:5c:
         50:5d:2d:09:20:61:e2:57:82:5e:37:84:26:87:28:3b:b9:66:
         76:b9:38:24
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAyrmojANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZTlhOTJkYWYwOGMyMGI0NjkxYjkyNWNmMDMyZTU0OTFmZTBhY2MwMB4XDTIyMDIy
MjAzNTIxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWM3NmQ3YTM5ZGEx
Nzg0YzY2YTBkYmYwNGFkM2M2NGFiYTdkNmY2ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALi8xnsXlIL+rmTejjvc6GlRkheKBaSS2O56mSuUDA4VoSEo
U2lPiS1wmCRDO85wTuH8p4PVsdlkTsQd6v+HrhNDXCfOF2XTeFFHUT9Raj0xO56x
oFbtWrSUsUX5FX25eVquLZJJGzFoU5zgvo2wJJuSgxZSA+7BtCNvNeVlGAOK4HrX
0eB/doETKPgH15M6ekkHIRln4zbnAB05oLWH/bEg41ZRXiPGdFAB7JUs/2dMVY15
FM5oO0eW6SgF6RuY5iyDEMko9QzgxI6P7V79QEiTk61V8FQiX8PEz0I5Ffii65Td
elu3PD/4KWTA61vnB5wPGOvdSdK6cVE1VALO3D0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBScdtejnaF4TGag2/BK08ZKun1vbTAfBgNVHSMEGDAWgBQempLa8IwgtGkb
klzwMuVJH+CswDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hwcVMydkNNSUxScEc1SmM4RExsU1JfZ3JNQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvYzE0MTE1LThjZjgtNDBjOC04N2M4LWNlODJlYmUxMWFjOC8x
L25IYlhvNTJoZUV4bW9OdndTdFBHU3JwOWIyMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
YzE0MTE1LThjZjgtNDBjOC04N2M4LWNlODJlYmUxMWFjOC8xL0hwcVMydkNNSUxS
cEc1SmM4RExsU1JfZ3JNQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtmQqDANBgkqhkiG9w0BAQsFAAOC
AQEARzWSm72E8ykeXhIwR/tm20JV93odxo0UdYihs3lVoQlXEujp/4jomo8vBgxG
QhGWQOz26p8633qUE+7NKyg6sIoJOlQIs/nAEGuT6KVE1VWxoS0Xb8FCGTdjl7Rs
8OVaHKMjizNEb0+W2qdtBGNSZrYmFbeeuojqYtsOsut+LF3QgniAOQ1bD1WO1kYw
xyK7esjHxC2fx35uSpprXKZPmwdikmcIqNkgVLcYEpWeOT8zsj3gpGm7JZHxeFmF
tWSV341oWjRAgRZWSkV4WRfKV++jVt4wm+DYS2Ob2LtxWV/qn6DtyuDxw15cUF0t
CSBh4leCXjeEJocoO7lmdrk4JA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:24 2024 by rpki-client on console-ams.rpki-client.org