Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/igwi1RBYLh6QaYCG4U-ofWIQyTU.roa
File:                     igwi1RBYLh6QaYCG4U-ofWIQyTU.roa (raw, json)
Hash identifier:          9YEApC5VEL9RlxBdfxDCrVOpvzDE19qrduO/gIWMUeA=
Subject key identifier:   8A:0C:22:D5:10:58:2E:1E:90:69:80:86:E1:4F:A8:7D:62:10:C9:35
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0CBA9EFC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/igwi1RBYLh6QaYCG4U-ofWIQyTU.roa
Signing time:             Sat 01 Jan 2022 05:05:01 +0000
ROA not before:           Sat 01 Jan 2022 05:05:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59253
IP address blocks:        103.7.204.0/22 maxlen: 22
                          193.164.20.0/22 maxlen: 22
                          45.117.136.0/22 maxlen: 22
                          62.133.48.0/22 maxlen: 22
                          95.214.228.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 213556988 (0xcba9efc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 05:05:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8a0c22d510582e1e90698086e14fa87d6210c935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:45:a5:12:05:db:71:93:68:93:dc:3f:01:42:
                    a8:c5:ec:98:f5:1f:26:55:ad:de:01:38:d5:5b:fd:
                    78:72:89:27:42:3d:bf:6a:cf:c0:de:a4:cb:66:7f:
                    23:b6:01:fb:a5:44:6f:b0:19:d4:8f:dd:73:48:08:
                    c9:df:a3:42:10:dc:51:5b:35:6e:e4:e0:70:08:12:
                    a8:e5:b9:1a:85:09:c8:61:0e:c1:d1:cd:56:b4:1d:
                    c1:62:88:c6:00:90:47:ed:85:e6:4b:30:82:84:7e:
                    da:3c:95:a1:53:0a:39:bf:ad:f5:8f:e0:da:df:48:
                    ba:16:a5:ef:1d:bb:96:25:df:91:31:73:74:ad:36:
                    d7:b3:e1:3f:d4:a0:4b:65:01:1a:7b:96:6d:0a:04:
                    cc:ab:64:f8:a0:99:b2:2d:d4:29:71:6a:44:0f:73:
                    a9:2a:f0:02:b6:1b:a8:c7:23:99:55:bf:5b:9c:51:
                    d6:2a:51:48:0a:4f:8a:94:89:20:82:d8:41:1b:63:
                    39:1b:a6:4f:1d:fb:34:70:2a:70:ce:42:6e:dd:27:
                    3c:0b:9e:40:d4:93:70:31:6f:0c:73:a9:e8:51:29:
                    ac:93:be:8e:dd:fa:b8:b9:da:9d:ef:2e:f3:28:20:
                    26:df:45:1f:28:c2:dc:f4:d8:96:c7:99:2f:2e:7c:
                    d2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0C:22:D5:10:58:2E:1E:90:69:80:86:E1:4F:A8:7D:62:10:C9:35
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/igwi1RBYLh6QaYCG4U-ofWIQyTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.136.0/22
                  62.133.48.0/22
                  95.214.228.0/22
                  103.7.204.0/22
                  193.164.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:6f:bc:1a:a5:9f:d1:10:48:94:3a:76:c0:bb:97:17:30:d6:
         d6:d1:dd:d3:59:95:cd:04:45:41:6e:c3:f6:fc:51:dd:97:76:
         1e:86:99:58:7d:b1:09:ca:9a:31:fc:a3:7c:67:59:af:df:34:
         a3:2b:a9:b0:5e:f7:56:5e:ea:3e:ba:c7:9d:79:a5:25:08:c8:
         28:d6:ff:2d:f7:93:b7:81:37:41:14:e8:79:94:b0:aa:b6:d9:
         71:60:aa:dc:ac:81:41:d1:11:89:15:a8:af:ce:e0:d4:ea:06:
         6c:7d:8f:12:04:45:15:47:81:14:c4:ad:09:f1:48:ae:0d:cf:
         87:f0:39:69:53:4a:53:1e:55:10:f0:73:28:92:66:3f:d1:55:
         fc:9b:86:48:c7:55:19:49:73:2b:72:e8:30:80:6c:b5:6a:88:
         89:32:cd:94:58:bb:f5:9f:c8:dc:ff:2b:ad:42:bb:fc:15:d5:
         e6:ef:3b:0f:42:df:b6:b2:e8:78:fd:37:b7:e7:1b:36:b4:54:
         8a:2c:c3:ff:ee:f8:64:c3:0c:2b:ec:d3:5e:bf:c2:3d:0c:37:
         3e:48:4e:9a:cd:4a:1a:a4:b9:55:3d:30:9a:86:8f:42:b8:ee:
         78:7a:b1:d0:a6:e9:12:0e:26:84:85:30:93:6d:37:27:a8:1e:
         3f:fb:ec:a9
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEDLqe/DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDUwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGEwYzIyZDUxMDU4
MmUxZTkwNjk4MDg2ZTE0ZmE4N2Q2MjEwYzkzNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALlFpRIF23GTaJPcPwFCqMXsmPUfJlWt3gE41Vv9eHKJJ0I9
v2rPwN6ky2Z/I7YB+6VEb7AZ1I/dc0gIyd+jQhDcUVs1buTgcAgSqOW5GoUJyGEO
wdHNVrQdwWKIxgCQR+2F5kswgoR+2jyVoVMKOb+t9Y/g2t9Iuhal7x27liXfkTFz
dK0217PhP9SgS2UBGnuWbQoEzKtk+KCZsi3UKXFqRA9zqSrwArYbqMcjmVW/W5xR
1ipRSApPipSJIILYQRtjORumTx37NHAqcM5Cbt0nPAueQNSTcDFvDHOp6FEprJO+
jt36uLnane8u8yggJt9FHyjC3PTYlseZLy580tkCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBSKDCLVEFguHpBpgIbhT6h9YhDJNTAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L2lnd2kxUkJZTGg2UWFZQ0c0VS1vZldJUXlUVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAi11iAMEAj6FMAMEAl/W5AMEAmcH
zAMEAsGkFDANBgkqhkiG9w0BAQsFAAOCAQEAPW+8GqWf0RBIlDp2wLuXFzDW1tHd
01mVzQRFQW7D9vxR3Zd2HoaZWH2xCcqaMfyjfGdZr980oyupsF73Vl7qPrrHnXml
JQjIKNb/LfeTt4E3QRToeZSwqrbZcWCq3KyBQdERiRWor87g1OoGbH2PEgRFFUeB
FMStCfFIrg3Ph/A5aVNKUx5VEPBzKJJmP9FV/JuGSMdVGUlzK3LoMIBstWqIiTLN
lFi79Z/I3P8rrUK7/BXV5u87D0LftrLoeP03t+cbNrRUiizD/+74ZMMMK+zTXr/C
PQw3PkhOms1KGqS5VT0wmoaPQrjueHqx0KbpEg4mhIUwk203J6geP/vsqQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org