Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/KuC3zzbUq01nnqr1_kXprOaPrEA.roa
File:                     KuC3zzbUq01nnqr1_kXprOaPrEA.roa (raw, json)
Hash identifier:          yNQ5KnctT7hSeSVHHgC6uuFE2kTswEeNA13ytcZmpXs=
Subject key identifier:   2A:E0:B7:CF:36:D4:AB:4D:67:9E:AA:F5:FE:45:E9:AC:E6:8F:AC:40
Certificate issuer:       /CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
Certificate serial:       0A47C566
Authority key identifier: 8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/KuC3zzbUq01nnqr1_kXprOaPrEA.roa
Signing time:             Thu 24 Mar 2022 12:50:57 +0000
ROA not before:           Thu 24 Mar 2022 12:50:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210560
IP address blocks:        46.243.144.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 172475750 (0xa47c566)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
        Validity
            Not Before: Mar 24 12:50:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2ae0b7cf36d4ab4d679eaaf5fe45e9ace68fac40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f4:ec:9b:b3:6e:e2:98:da:a7:c3:09:bb:c5:
                    f5:89:c9:cf:f6:94:43:4f:7e:8b:29:b3:3e:7c:1b:
                    53:bb:fb:af:d6:69:d3:72:b3:2e:c0:15:40:d2:dd:
                    ce:36:74:06:7b:7c:f6:76:76:38:da:46:3a:4d:dc:
                    fc:ef:22:44:f8:2e:95:56:47:ad:b7:17:0d:ea:6f:
                    22:ea:6a:42:0e:41:f5:19:3d:07:3f:14:d7:19:30:
                    78:a4:cb:ef:b2:31:38:db:23:bd:b9:93:86:47:89:
                    bd:a9:16:25:9a:51:14:ac:be:8a:2b:f3:18:5c:40:
                    bd:0f:39:a0:b7:c3:ba:70:ec:1c:c2:ef:93:d4:b3:
                    01:d8:8d:0f:8c:e1:c3:ae:cf:c5:fb:83:f9:14:67:
                    a9:f2:66:c4:36:70:de:92:ff:37:c4:bc:4a:cf:5e:
                    9b:95:d2:dc:5c:6c:7d:a2:53:7e:7c:8d:46:aa:e5:
                    22:22:7c:8a:7d:89:9d:3c:33:77:37:24:06:83:1a:
                    0e:2e:b9:62:0a:40:a5:d3:b8:db:2f:f9:96:f2:6e:
                    1c:aa:5e:f7:be:29:a9:63:b8:20:dd:46:7a:c9:2e:
                    7d:7c:d3:7a:c5:55:8c:55:a5:f4:8f:a6:6a:18:9d:
                    bd:f4:a0:7f:76:74:a2:90:52:d7:b2:f8:b2:fc:c6:
                    96:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E0:B7:CF:36:D4:AB:4D:67:9E:AA:F5:FE:45:E9:AC:E6:8F:AC:40
            X509v3 Authority Key Identifier:
                keyid:8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/KuC3zzbUq01nnqr1_kXprOaPrEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:56:37:4a:83:78:47:08:4e:5d:ff:b4:8d:69:dd:4f:58:34:
         8b:af:bf:0e:92:12:bb:0e:a3:2b:39:d7:70:b9:33:1c:2e:8f:
         4c:9c:a4:b2:b1:20:8a:74:2c:df:09:30:b9:9c:3a:07:8d:62:
         7d:0b:78:be:b6:d4:dd:e1:e5:d8:36:a2:dc:cc:ec:02:e1:fd:
         28:5a:6c:c1:4b:97:41:44:bc:a3:61:5a:2e:ad:c8:e0:74:8c:
         df:5d:f5:4a:20:84:c7:e6:9c:c8:01:4a:28:88:07:83:70:84:
         e2:9d:0c:db:c0:92:54:1f:22:96:ca:85:58:b1:a2:eb:48:2c:
         a0:0b:dc:df:49:f5:ed:07:0e:4b:6d:f5:b8:6c:72:08:27:9b:
         c3:c3:a2:42:7f:03:43:26:b1:31:c3:be:4b:ef:a5:4f:33:4a:
         57:c5:c7:75:38:78:e6:ce:e4:87:b3:7b:d8:ec:e0:f4:f6:fd:
         d5:a4:80:08:c5:32:63:7c:1e:f4:5e:8c:67:eb:43:56:0f:5a:
         36:db:5e:e4:00:db:c6:de:79:d5:6f:d4:19:55:9c:67:5a:b2:
         97:33:b2:74:41:06:5d:6c:55:e4:91:64:54:ba:0c:0f:a7:35:
         bd:37:64:4c:de:07:90:2d:0d:ce:6f:e3:2c:0f:af:ce:28:2e:
         e4:f0:1d:6b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECkfFZjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZDg0NDA0ZTVmOGE0YjExN2FlNDRlNzNkNTNjNDRlY2RkNTc4MzQyMB4XDTIyMDMy
NDEyNTA1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmFlMGI3Y2YzNmQ0
YWI0ZDY3OWVhYWY1ZmU0NWU5YWNlNjhmYWM0MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANv07JuzbuKY2qfDCbvF9YnJz/aUQ09+iymzPnwbU7v7r9Zp
03KzLsAVQNLdzjZ0Bnt89nZ2ONpGOk3c/O8iRPgulVZHrbcXDepvIupqQg5B9Rk9
Bz8U1xkweKTL77IxONsjvbmThkeJvakWJZpRFKy+iivzGFxAvQ85oLfDunDsHMLv
k9SzAdiND4zhw67PxfuD+RRnqfJmxDZw3pL/N8S8Ss9em5XS3FxsfaJTfnyNRqrl
IiJ8in2JnTwzdzckBoMaDi65YgpApdO42y/5lvJuHKpe974pqWO4IN1GeskufXzT
esVVjFWl9I+mahidvfSgf3Z0opBS17L4svzGltkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQq4LfPNtSrTWeeqvX+Rems5o+sQDAfBgNVHSMEGDAWgBSNhEBOX4pLEXrk
TnPVPETs3VeDQjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pZUkFUbC1LU3hGNjVFNXoxVHhFN04xWGcwSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvZDUxZjY0LTVkMDYtNGZjMC1hYjY5LTJjZDk4ZWU1MzU2OS8x
L0t1QzN6emJVcTAxbm5xcjFfa1hwck9hUHJFQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
ZDUxZjY0LTVkMDYtNGZjMC1hYjY5LTJjZDk4ZWU1MzU2OS8xL2pZUkFUbC1LU3hG
NjVFNXoxVHhFN04xWGcwSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi7zkDANBgkqhkiG9w0BAQsFAAOC
AQEAlVY3SoN4RwhOXf+0jWndT1g0i6+/DpISuw6jKznXcLkzHC6PTJyksrEginQs
3wkwuZw6B41ifQt4vrbU3eHl2Dai3MzsAuH9KFpswUuXQUS8o2FaLq3I4HSM3131
SiCEx+acyAFKKIgHg3CE4p0M28CSVB8ilsqFWLGi60gsoAvc30n17QcOS231uGxy
CCebw8OiQn8DQyaxMcO+S++lTzNKV8XHdTh45s7kh7N72Ozg9Pb91aSACMUyY3we
9F6MZ+tDVg9aNtte5ADbxt551W/UGVWcZ1qylzOydEEGXWxV5JFkVLoMD6c1vTdk
TN4HkC0Nzm/jLA+vzigu5PAdaw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:21 2024 by rpki-client on console-ams.rpki-client.org