Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/UI9cJy5UqCuUzZtwJhlxDr7o8Wg.roa
File:                     UI9cJy5UqCuUzZtwJhlxDr7o8Wg.roa (raw, json)
Hash identifier:          tBvnsBn2sVLHCjy2tA75VSRkvywvXWlUqhTEnXIHIOw=
Subject key identifier:   50:8F:5C:27:2E:54:A8:2B:94:CD:9B:70:26:19:71:0E:BE:E8:F1:68
Certificate issuer:       /CN=805db5678139e2eeace89b5ee9982c35449c0b3b
Certificate serial:       03677A2F
Authority key identifier: 80:5D:B5:67:81:39:E2:EE:AC:E8:9B:5E:E9:98:2C:35:44:9C:0B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gF21Z4E54u6s6Jte6ZgsNUScCzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/UI9cJy5UqCuUzZtwJhlxDr7o8Wg.roa
Signing time:             Sat 01 Jan 2022 08:03:56 +0000
ROA not before:           Sat 01 Jan 2022 08:03:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209638
IP address blocks:        80.249.112.0/24 maxlen: 32
                          80.249.113.0/24 maxlen: 32
                          80.249.114.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57113135 (0x3677a2f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=805db5678139e2eeace89b5ee9982c35449c0b3b
        Validity
            Not Before: Jan  1 08:03:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=508f5c272e54a82b94cd9b702619710ebee8f168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:97:7b:52:8e:25:e6:7a:f4:cc:79:63:f2:0c:
                    90:5d:9b:ba:9a:7e:16:d8:8d:bc:53:38:d4:2c:c5:
                    11:8d:50:66:66:27:63:12:a7:f1:60:8b:e6:21:68:
                    7d:ee:40:68:27:9d:e3:67:bb:11:1e:04:39:eb:6d:
                    7b:c9:29:98:04:21:17:13:b8:f7:1a:0f:ed:d4:f9:
                    a1:ce:93:df:8c:d5:9c:d9:b3:e2:73:d8:c1:05:c6:
                    30:f6:4f:ed:09:8e:59:71:d8:1f:f4:ba:67:c5:66:
                    f0:b3:08:55:2a:d4:f8:a2:0b:41:a8:a8:99:fc:04:
                    77:aa:e2:a8:9c:f8:63:6f:84:be:76:68:48:c9:ba:
                    e4:e4:93:bd:15:81:b8:62:45:36:0b:db:10:91:28:
                    2a:dc:91:09:5f:81:65:c8:19:bd:12:31:0a:71:4d:
                    b7:26:61:a9:61:b9:d1:6e:1f:6d:ea:08:7f:22:80:
                    e8:3f:c2:79:36:88:52:bc:7c:93:9f:12:af:51:37:
                    2d:d5:a3:01:f0:41:ba:6a:20:26:f2:59:dd:83:1c:
                    bb:7e:36:76:ed:de:f9:33:3c:c5:06:de:be:31:8f:
                    75:2d:a7:18:7f:38:e5:57:0c:4b:24:e6:cb:3f:88:
                    78:b8:94:47:b4:96:c7:0c:6c:8e:e3:83:c9:0c:96:
                    6c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:8F:5C:27:2E:54:A8:2B:94:CD:9B:70:26:19:71:0E:BE:E8:F1:68
            X509v3 Authority Key Identifier:
                keyid:80:5D:B5:67:81:39:E2:EE:AC:E8:9B:5E:E9:98:2C:35:44:9C:0B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gF21Z4E54u6s6Jte6ZgsNUScCzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/UI9cJy5UqCuUzZtwJhlxDr7o8Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/gF21Z4E54u6s6Jte6ZgsNUScCzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.112.0-80.249.114.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:33:5f:fe:a4:7d:ed:0f:4f:61:1b:fa:71:bd:db:f9:1a:6d:
         a4:66:65:68:66:16:d9:02:77:51:b5:fa:a9:32:b4:dc:18:ba:
         8c:7c:5f:4c:17:18:0b:2b:ff:6c:fe:6b:de:2f:5b:37:29:5c:
         b4:3f:5e:6c:8a:35:4c:8d:1a:16:5d:c9:4f:f8:34:ef:f4:75:
         13:47:f6:9e:4d:98:f8:66:43:57:55:19:da:92:ae:ab:63:2b:
         d5:2d:e4:e2:38:93:44:46:c7:aa:7e:41:7b:95:a8:14:61:81:
         f0:9e:24:99:04:c1:63:22:bf:c3:e0:8b:43:f0:f2:77:ef:8f:
         79:53:9f:93:dc:45:1c:a6:4d:58:57:f2:2c:cc:10:38:ab:7d:
         d2:45:9a:cc:2f:f5:44:a9:29:01:9d:35:80:0a:a2:68:61:00:
         bf:4d:e2:e6:53:d0:51:0e:bb:b2:8a:fd:35:06:ca:60:67:59:
         23:a1:36:23:03:11:17:a2:56:80:a8:ef:bb:2e:b2:7d:3c:a8:
         ca:90:61:2d:bf:cb:4b:c8:22:6b:03:1d:91:f3:7c:07:64:b2:
         83:f9:03:c6:f2:5c:d8:68:5f:5f:ec:59:b9:00:7c:5f:a6:f2:
         d8:94:fe:c3:b0:d6:c7:4a:0f:5f:5f:65:f6:8b:b2:b9:ec:d1:
         82:3b:db:4e
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEA2d6LzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MDVkYjU2NzgxMzllMmVlYWNlODliNWVlOTk4MmMzNTQ0OWMwYjNiMB4XDTIyMDEw
MTA4MDM1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTA4ZjVjMjcyZTU0
YTgyYjk0Y2Q5YjcwMjYxOTcxMGViZWU4ZjE2ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJeXe1KOJeZ69Mx5Y/IMkF2bupp+FtiNvFM41CzFEY1QZmYn
YxKn8WCL5iFofe5AaCed42e7ER4EOette8kpmAQhFxO49xoP7dT5oc6T34zVnNmz
4nPYwQXGMPZP7QmOWXHYH/S6Z8Vm8LMIVSrU+KILQaiomfwEd6riqJz4Y2+EvnZo
SMm65OSTvRWBuGJFNgvbEJEoKtyRCV+BZcgZvRIxCnFNtyZhqWG50W4fbeoIfyKA
6D/CeTaIUrx8k58Sr1E3LdWjAfBBumogJvJZ3YMcu342du3e+TM8xQbevjGPdS2n
GH845VcMSyTmyz+IeLiUR7SWxwxsjuODyQyWbA0CAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBRQj1wnLlSoK5TNm3AmGXEOvujxaDAfBgNVHSMEGDAWgBSAXbVngTni7qzo
m17pmCw1RJwLOzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dGMjFaNEU1NHU2czZKdGU2WmdzTlVTY0N6cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2QvM2RkMDgyLWM1MDMtNDViOC05YjA3LTkyMjkyM2U4OThlNi8x
L1VJOWNKeTVVcUN1VXpadHdKaGx4RHI3bzhXZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Qv
M2RkMDgyLWM1MDMtNDViOC05YjA3LTkyMjkyM2U4OThlNi8xL2dGMjFaNEU1NHU2
czZKdGU2WmdzTlVTY0N6cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQEUPlwAwQAUPlyMA0GCSqGSIb3
DQEBCwUAA4IBAQBsM1/+pH3tD09hG/pxvdv5Gm2kZmVoZhbZAndRtfqpMrTcGLqM
fF9MFxgLK/9s/mveL1s3KVy0P15sijVMjRoWXclP+DTv9HUTR/aeTZj4ZkNXVRna
kq6rYyvVLeTiOJNERseqfkF7lagUYYHwniSZBMFjIr/D4ItD8PJ37495U5+T3EUc
pk1YV/IszBA4q33SRZrML/VEqSkBnTWACqJoYQC/TeLmU9BRDruyiv01BspgZ1kj
oTYjAxEXolaAqO+7LrJ9PKjKkGEtv8tLyCJrAx2R83wHZLKD+QPG8lzYaF9f7Fm5
AHxfpvLYlP7DsNbHSg9fX2X2i7K57NGCO9tO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:44 2024 by rpki-client on console-ams.rpki-client.org