Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/SUKcexm52xqW99zkGhWyKtlpaYA.roa
File:                     SUKcexm52xqW99zkGhWyKtlpaYA.roa (raw, json)
Hash identifier:          7qfYadoq9XyCdIar1yDzZzfKK+3J2SVdX1+26wHkqyQ=
Subject key identifier:   49:42:9C:7B:19:B9:DB:1A:96:F7:DC:E4:1A:15:B2:2A:D9:69:69:80
Certificate issuer:       /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial:       09A39D62
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/SUKcexm52xqW99zkGhWyKtlpaYA.roa
Signing time:             Thu 28 Apr 2022 06:54:46 +0000
ROA not before:           Thu 28 Apr 2022 06:54:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209898
IP address blocks:        147.78.192.0/22 maxlen: 24
                          91.194.139.0/24 maxlen: 24
                          185.203.112.0/22 maxlen: 24
                          2a0a:e5c0::/29 maxlen: 48
                          2a0a:e5c0:2::/48 maxlen: 48
                          2a09:2940::/29 maxlen: 48
                          2a0a:e5c1:100::/40 maxlen: 48
                          2a0a:e5c0:1::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 161717602 (0x9a39d62)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
        Validity
            Not Before: Apr 28 06:54:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=49429c7b19b9db1a96f7dce41a15b22ad9696980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3e:39:b0:37:cb:31:50:96:c6:fc:82:d9:4d:
                    e9:fb:f6:1e:b5:96:b7:54:9d:59:17:f2:fa:1c:1d:
                    e5:b0:4e:6a:c4:21:f5:16:c2:24:af:11:64:17:a7:
                    53:35:06:fd:48:ee:2d:a5:64:9f:32:d4:c3:d4:58:
                    77:35:92:0c:ed:4e:19:d3:0f:57:9a:a6:80:e8:24:
                    c8:07:1e:86:04:b9:18:95:4a:3f:67:9f:c3:32:55:
                    bf:b3:58:2c:ed:04:9f:1e:d4:cd:a6:e4:6b:b6:10:
                    49:ef:5a:46:e9:72:b7:97:db:a6:de:22:e4:11:af:
                    ec:14:07:39:d9:9b:d8:6c:14:0a:ef:ef:d0:51:80:
                    1e:84:f3:27:26:f0:64:41:62:b8:95:e4:75:7e:1d:
                    d1:27:c7:fa:78:53:13:03:59:ee:cd:3e:f1:d8:04:
                    bc:73:f7:4d:3f:70:36:4c:56:d7:ed:d5:dd:e6:9e:
                    d5:2c:9e:a9:04:19:19:79:86:09:c8:0b:9a:7f:82:
                    5b:5e:1d:55:9e:af:c6:73:68:b3:cd:01:5f:71:35:
                    66:bc:3a:5f:38:3b:32:ae:33:d5:42:94:c2:ca:d6:
                    56:31:a5:8c:3c:46:24:77:9c:48:f7:83:42:9f:d5:
                    2a:12:9d:02:c7:da:2d:fc:da:2c:b6:ff:24:a5:8b:
                    c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:42:9C:7B:19:B9:DB:1A:96:F7:DC:E4:1A:15:B2:2A:D9:69:69:80
            X509v3 Authority Key Identifier:
                keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/SUKcexm52xqW99zkGhWyKtlpaYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.139.0/24
                  147.78.192.0/22
                  185.203.112.0/22
                IPv6:
                  2a09:2940::/29
                  2a0a:e5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:1e:8d:56:6c:41:16:b7:80:1e:15:ec:8c:6a:55:b6:79:79:
         da:a3:cd:53:a3:94:57:e7:05:93:7c:a1:9e:70:35:22:f4:20:
         75:c3:4b:ce:cf:1e:e9:61:e3:6c:f3:ae:1f:2c:bd:6f:da:b6:
         9c:8d:09:ae:1b:81:8f:28:df:72:98:fd:52:82:a7:ee:24:2b:
         08:ff:44:aa:97:19:40:9c:7c:0c:36:21:f1:4b:19:9a:08:62:
         cf:b0:73:4a:60:98:a0:ec:9f:cd:14:39:2e:bc:04:44:ab:2d:
         0b:84:18:47:a7:fe:c2:d4:40:5d:1b:e9:21:44:c3:15:91:fb:
         4a:26:ba:66:1c:03:4b:87:fa:ff:a5:7c:85:72:ed:e0:a6:59:
         95:dd:c8:9d:bb:84:2e:73:44:ad:d0:ed:89:1e:bb:e8:83:2e:
         fe:a2:3a:b3:c4:eb:37:73:82:fe:b2:2d:a6:a1:f8:e7:bf:80:
         b3:37:08:18:dd:26:1f:ce:7b:b8:6f:37:ab:f6:70:7a:fa:94:
         18:c8:ff:28:7a:7e:f5:a6:0f:80:3b:ef:02:6c:56:3b:27:63:
         ba:dd:26:2b:b1:6e:39:89:ac:59:8b:59:fc:7f:76:69:23:c5:
         cc:73:09:4d:2d:c1:e4:24:58:7f:ff:2c:03:2f:dc:f8:a0:22:
         65:46:fc:10
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIECaOdYjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NmJmYzVhMTcyNjU0ZGQ2MDA5ZGIxZDgyZDkyZmZhZjcxMjM0MTIwMB4XDTIyMDQy
ODA2NTQ0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDk0MjljN2IxOWI5
ZGIxYTk2ZjdkY2U0MWExNWIyMmFkOTY5Njk4MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOs+ObA3yzFQlsb8gtlN6fv2HrWWt1SdWRfy+hwd5bBOasQh
9RbCJK8RZBenUzUG/UjuLaVknzLUw9RYdzWSDO1OGdMPV5qmgOgkyAcehgS5GJVK
P2efwzJVv7NYLO0Enx7Uzabka7YQSe9aRulyt5fbpt4i5BGv7BQHOdmb2GwUCu/v
0FGAHoTzJybwZEFiuJXkdX4d0SfH+nhTEwNZ7s0+8dgEvHP3TT9wNkxW1+3V3eae
1SyeqQQZGXmGCcgLmn+CW14dVZ6vxnNos80BX3E1Zrw6Xzg7Mq4z1UKUwsrWVjGl
jDxGJHecSPeDQp/VKhKdAsfaLfzaLLb/JKWLyUUCAwEAAaOCAiswggInMB0GA1Ud
DgQWBBRJQpx7GbnbGpb33OQaFbIq2WlpgDAfBgNVHSMEGDAWgBSWv8WhcmVN1gCd
sdgtkv+vcSNBIDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xyX0ZvWEpsVGRZQW5iSFlMWkxfcjNFalFTQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2MvMzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8x
L1NVS2NleG01MnhxVzk5emtHaFd5S3RscGFZQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Mv
MzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8xL2xyX0ZvWEpsVGRZ
QW5iSFlMWkxfcjNFalFTQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBB
BggrBgEFBQcBBwEB/wQyMDAwGAQCAAEwEgMEAFvCiwMEApNOwAMEArnLcDAUBAIA
AjAOAwUDKgkpQAMFAyoK5cAwDQYJKoZIhvcNAQELBQADggEBAEIejVZsQRa3gB4V
7IxqVbZ5edqjzVOjlFfnBZN8oZ5wNSL0IHXDS87PHulh42zzrh8svW/atpyNCa4b
gY8o33KY/VKCp+4kKwj/RKqXGUCcfAw2IfFLGZoIYs+wc0pgmKDsn80UOS68BESr
LQuEGEen/sLUQF0b6SFEwxWR+0omumYcA0uH+v+lfIVy7eCmWZXdyJ27hC5zRK3Q
7Ykeu+iDLv6iOrPE6zdzgv6yLaah+Oe/gLM3CBjdJh/Oe7hvN6v2cHr6lBjI/yh6
fvWmD4A77wJsVjsnY7rdJiuxbjmJrFmLWfx/dmkjxcxzCU0tweQkWH//LAMv3Pig
ImVG/BA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:34 2024 by rpki-client on console-ams.rpki-client.org