Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/dWbGH3bKPTFgugJFIu8ulIDimCM.roa
File:                     dWbGH3bKPTFgugJFIu8ulIDimCM.roa (raw, json)
Hash identifier:          6FYOCzSL4X9yjxQmS5xa/FcO74vF8NRt3t31MQTudQ4=
Subject key identifier:   75:66:C6:1F:76:CA:3D:31:60:BA:02:45:22:EF:2E:94:80:E2:98:23
Certificate issuer:       /CN=c605871889b9dcafe7ec3136aed1ddfee2dfbc7d
Certificate serial:       16A50C8A
Authority key identifier: C6:05:87:18:89:B9:DC:AF:E7:EC:31:36:AE:D1:DD:FE:E2:DF:BC:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xgWHGIm53K_n7DE2rtHd_uLfvH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/dWbGH3bKPTFgugJFIu8ulIDimCM.roa
Signing time:             Thu 26 May 2022 14:48:13 +0000
ROA not before:           Thu 26 May 2022 14:48:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31019
IP address blocks:        91.228.151.0/25 maxlen: 25
                          91.228.151.0/24 maxlen: 24
                          185.82.184.0/22 maxlen: 22
                          2a05:9280::/29 maxlen: 29
                          2001:67c:22dc::/48 maxlen: 48
                          2a05:9280::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 379915402 (0x16a50c8a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c605871889b9dcafe7ec3136aed1ddfee2dfbc7d
        Validity
            Not Before: May 26 14:48:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7566c61f76ca3d3160ba024522ef2e9480e29823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:55:ff:7c:eb:44:68:7a:63:69:f7:df:1d:2f:
                    0e:65:73:47:fc:3f:4c:f6:34:a1:93:7c:ee:d7:17:
                    b4:2a:28:17:6e:9c:04:44:c4:87:1f:7d:f0:5a:e6:
                    b3:79:f9:8d:db:fe:ef:16:49:af:e9:84:2b:2a:c2:
                    19:af:13:13:d6:ae:90:c3:b2:d5:4e:78:ea:03:3d:
                    eb:5c:25:2d:5a:b1:9f:37:6b:05:f4:53:15:8f:3e:
                    f6:25:9f:3b:29:d4:c9:08:95:ef:c7:85:53:50:21:
                    f7:6c:d5:a5:04:fe:34:a4:47:7a:69:63:9f:e7:5d:
                    8d:09:ee:6c:b6:18:6d:39:66:99:1c:a5:6e:4c:08:
                    8b:e4:8e:7b:0e:50:7b:b7:f4:50:e5:73:74:9e:28:
                    0c:d6:fd:7b:ed:e4:08:2e:78:b9:51:c7:92:8f:0a:
                    9b:8b:a7:b9:e9:e8:3c:2f:2b:f9:b2:3f:25:5b:9b:
                    a8:3e:75:55:b2:c6:9d:dc:5f:80:ea:df:e6:65:9e:
                    88:b7:a5:f4:b0:9b:41:79:2e:d3:e9:ff:89:d9:14:
                    94:7d:94:69:c2:0f:23:40:7b:ed:7a:56:fc:e4:30:
                    51:72:e5:41:3b:24:f3:f4:76:b5:ab:80:98:04:ce:
                    ed:b1:cf:39:a3:73:b2:3e:59:fc:9b:f8:81:ed:81:
                    c3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:66:C6:1F:76:CA:3D:31:60:BA:02:45:22:EF:2E:94:80:E2:98:23
            X509v3 Authority Key Identifier:
                keyid:C6:05:87:18:89:B9:DC:AF:E7:EC:31:36:AE:D1:DD:FE:E2:DF:BC:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xgWHGIm53K_n7DE2rtHd_uLfvH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/dWbGH3bKPTFgugJFIu8ulIDimCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/xgWHGIm53K_n7DE2rtHd_uLfvH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.151.0/24
                  185.82.184.0/22
                IPv6:
                  2001:67c:22dc::/48
                  2a05:9280::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:6e:8c:cb:66:b0:ef:0d:57:e0:60:5c:79:cb:d3:40:5e:85:
         4e:0b:9a:e3:78:b4:85:98:28:5f:e7:94:23:1e:be:9f:03:61:
         4b:5d:51:2f:a8:bd:26:76:b0:90:07:96:90:fc:e7:a2:91:17:
         22:2d:45:75:c0:58:62:7e:04:34:33:70:0f:0a:45:d2:d2:6e:
         05:af:03:ab:36:5a:b1:a3:43:9c:7c:fd:0a:d3:fd:99:b8:cd:
         63:3e:3b:66:47:56:c7:47:36:2e:89:1f:99:9e:f5:1a:a8:12:
         97:27:f4:ad:ad:b0:e7:a5:4c:23:4f:85:00:be:2f:87:6d:e5:
         ec:d1:a4:86:f3:b2:55:a8:25:67:42:a8:fc:75:bb:31:b9:ab:
         96:99:c0:bb:50:31:f5:fe:f8:f9:ff:e6:41:79:ac:40:76:1d:
         65:30:4b:14:b0:18:78:67:23:05:56:42:f8:6e:55:c9:4a:19:
         ca:5b:3a:86:a0:08:69:43:81:09:2f:c6:82:e3:a8:6b:b9:a4:
         41:65:6b:d1:2c:a4:7e:4e:61:c4:29:46:f1:f8:9e:4e:7d:13:
         01:f5:f1:5a:1a:fe:f2:13:10:56:2f:9b:d6:72:f9:53:ab:17:
         21:1d:b9:42:10:53:7a:00:cf:e9:61:b3:72:11:04:62:19:5c:
         65:44:84:11
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEFqUMijANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NjA1ODcxODg5YjlkY2FmZTdlYzMxMzZhZWQxZGRmZWUyZGZiYzdkMB4XDTIyMDUy
NjE0NDgxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzU2NmM2MWY3NmNh
M2QzMTYwYmEwMjQ1MjJlZjJlOTQ4MGUyOTgyMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJhV/3zrRGh6Y2n33x0vDmVzR/w/TPY0oZN87tcXtCooF26c
BETEhx998Frms3n5jdv+7xZJr+mEKyrCGa8TE9aukMOy1U546gM961wlLVqxnzdr
BfRTFY8+9iWfOynUyQiV78eFU1Ah92zVpQT+NKRHemljn+ddjQnubLYYbTlmmRyl
bkwIi+SOew5Qe7f0UOVzdJ4oDNb9e+3kCC54uVHHko8Km4unuenoPC8r+bI/JVub
qD51VbLGndxfgOrf5mWeiLel9LCbQXku0+n/idkUlH2UacIPI0B77XpW/OQwUXLl
QTsk8/R2tauAmATO7bHPOaNzsj5Z/Jv4ge2Bw7sCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBR1ZsYfdso9MWC6AkUi7y6UgOKYIzAfBgNVHSMEGDAWgBTGBYcYibncr+fs
MTau0d3+4t+8fTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hnV0hHSW01M0tfbjdERTJydEhkX3VMZnZIMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzcvNjA0NmE2LWRlY2ItNDlhMy1hM2I0LTMwODdmODZhNjNhYi8x
L2RXYkdIM2JLUFRGZ3VnSkZJdTh1bElEaW1DTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcv
NjA0NmE2LWRlY2ItNDlhMy1hM2I0LTMwODdmODZhNjNhYi8xL3hnV0hHSW01M0tf
bjdERTJydEhkX3VMZnZIMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwEgQCAAEwDAMEAFvklwMEArlSuDAWBAIAAjAQAwcA
IAEGfCLcAwUDKgWSgDANBgkqhkiG9w0BAQsFAAOCAQEAXm6My2aw7w1X4GBcecvT
QF6FTgua43i0hZgoX+eUIx6+nwNhS11RL6i9JnawkAeWkPznopEXIi1FdcBYYn4E
NDNwDwpF0tJuBa8DqzZasaNDnHz9CtP9mbjNYz47ZkdWx0c2LokfmZ71GqgSlyf0
ra2w56VMI0+FAL4vh23l7NGkhvOyVaglZ0Ko/HW7MbmrlpnAu1Ax9f74+f/mQXms
QHYdZTBLFLAYeGcjBVZC+G5VyUoZyls6hqAIaUOBCS/GguOoa7mkQWVr0Sykfk5h
xClG8fieTn0TAfXxWhr+8hMQVi+b1nL5U6sXIR25QhBTegDP6WGzchEEYhlcZUSE
EQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:21 2024 by rpki-client on console-fra.rpki-client.org