Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/Naeob0U1lAlHNKI7qcME09KZBAA.roa
File:                     Naeob0U1lAlHNKI7qcME09KZBAA.roa (raw, json)
Hash identifier:          0zGcbMC3wi3npcMCLKsaVxOvJkP3gVo513FSiXsEttc=
Subject key identifier:   35:A7:A8:6F:45:35:94:09:47:34:A2:3B:A9:C3:04:D3:D2:99:04:00
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       3769B55B
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/Naeob0U1lAlHNKI7qcME09KZBAA.roa
Signing time:             Sat 29 Jan 2022 21:00:54 +0000
ROA not before:           Sat 29 Jan 2022 21:00:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56582
IP address blocks:        185.33.61.0/24 maxlen: 24
                          185.33.63.0/24 maxlen: 24
                          31.169.65.0/24 maxlen: 24
                          31.169.70.0/24 maxlen: 24
                          31.169.69.0/24 maxlen: 24
                          31.169.71.0/24 maxlen: 24
                          31.169.67.0/24 maxlen: 24
                          31.169.66.0/24 maxlen: 24
                          31.169.68.0/24 maxlen: 24
                          31.169.72.0/24 maxlen: 24
                          31.169.77.0/24 maxlen: 24
                          31.169.76.0/24 maxlen: 24
                          31.169.78.0/24 maxlen: 24
                          31.169.74.0/24 maxlen: 24
                          31.169.81.0/24 maxlen: 24
                          31.169.91.0/24 maxlen: 24
                          31.169.90.0/24 maxlen: 24
                          31.169.88.0/24 maxlen: 24
                          31.169.93.0/24 maxlen: 24
                          31.169.92.0/24 maxlen: 24
                          31.169.94.0/24 maxlen: 24
                          31.169.95.0/24 maxlen: 24
                          31.169.64.0/24 maxlen: 24
                          2a00:5740::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 929674587 (0x3769b55b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan 29 21:00:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=35a7a86f453594094734a23ba9c304d3d2990400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d2:a3:d0:9f:27:20:60:07:35:c3:f7:15:58:
                    20:f9:12:cc:b7:d0:3a:ba:c0:2d:6c:ea:4d:82:90:
                    36:e4:be:30:1a:46:f5:53:a8:79:42:b0:df:1f:8f:
                    dc:32:f3:74:9e:5a:1c:82:d6:33:d8:52:0a:68:dc:
                    d0:a4:83:5a:5f:6c:a5:a4:f4:c5:a4:87:41:67:e9:
                    bf:a9:cb:cd:b2:64:30:17:f0:17:68:d2:b5:03:7b:
                    e5:8f:68:b4:b0:e9:fb:61:ab:22:cf:71:77:75:2e:
                    8d:04:7b:e9:bf:84:79:cf:87:2a:a2:26:82:13:85:
                    e4:67:0c:8d:7d:3a:43:07:4a:84:13:7a:df:a9:4a:
                    6f:1e:1f:b9:d8:2c:16:92:53:7f:7c:dc:d1:c8:43:
                    45:19:6b:2e:ec:f2:d5:f5:31:e9:bd:50:be:63:f2:
                    93:20:48:bd:b7:76:e7:3e:ed:55:36:5d:38:1c:f5:
                    59:fc:82:92:5a:96:fd:ac:dc:6f:21:de:ff:c6:18:
                    2a:1e:a6:92:c2:09:b1:7b:9d:42:e7:59:45:28:96:
                    34:de:54:85:d8:07:33:74:18:5b:3e:b9:f6:1b:89:
                    1e:2b:5f:81:d5:dd:20:93:e7:09:3f:a5:74:68:c3:
                    a5:8d:62:0e:74:0a:d8:fe:86:b1:36:67:3e:7f:05:
                    d7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A7:A8:6F:45:35:94:09:47:34:A2:3B:A9:C3:04:D3:D2:99:04:00
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/Naeob0U1lAlHNKI7qcME09KZBAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.64.0-31.169.72.255
                  31.169.74.0/24
                  31.169.76.0-31.169.78.255
                  31.169.81.0/24
                  31.169.88.0/24
                  31.169.90.0-31.169.95.255
                  185.33.61.0/24
                  185.33.63.0/24
                IPv6:
                  2a00:5740::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:03:11:36:ee:78:f1:e4:99:d9:ad:63:2d:16:0d:1f:b6:4c:
         98:88:45:dc:b1:c6:9f:f1:ea:53:b9:61:ce:b0:6f:cf:e9:f4:
         ef:2e:fd:c8:3d:ce:05:4a:71:02:29:01:7b:d9:bf:fa:f3:ac:
         00:3c:70:43:75:4b:88:e9:fa:43:1b:f6:8e:bc:68:89:81:f9:
         b6:d0:35:84:b9:2a:9c:d7:ca:aa:29:9f:ef:c5:f9:d4:79:2d:
         7e:f0:07:f2:96:3a:fa:07:44:79:9f:64:25:db:2b:d5:1f:77:
         e1:5c:06:24:10:f7:c4:c4:75:21:e3:38:0a:ff:a6:b7:40:86:
         a4:62:e6:91:be:a6:28:ea:47:59:de:88:b9:96:a9:91:39:49:
         01:b8:b8:3a:4e:ea:63:10:46:64:3b:82:4a:7b:a8:3d:00:5a:
         43:10:69:a6:19:55:29:a9:49:65:89:90:5a:f8:d3:f8:6b:13:
         2d:eb:c2:6e:c6:09:06:b8:b1:39:9c:32:89:54:aa:ed:4a:72:
         18:66:01:48:b7:0b:50:7d:bc:ce:85:ce:1a:28:f7:9d:ee:3c:
         42:5d:5e:ab:e0:85:fb:f9:9f:0e:b2:95:af:29:01:52:2c:31:
         0c:72:b3:7d:66:5d:50:b4:ba:bc:ca:43:b8:fd:43:3c:8a:81:
         a8:d0:10:ab
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIEN2m1WzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDY5ZGE0NGFlMDY3ZmMxYTk4YTVmNmYwNWYxMmU1NDVkMGZjNjJhMB4XDTIyMDEy
OTIxMDA1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzVhN2E4NmY0NTM1
OTQwOTQ3MzRhMjNiYTljMzA0ZDNkMjk5MDQwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANzSo9CfJyBgBzXD9xVYIPkSzLfQOrrALWzqTYKQNuS+MBpG
9VOoeUKw3x+P3DLzdJ5aHILWM9hSCmjc0KSDWl9spaT0xaSHQWfpv6nLzbJkMBfw
F2jStQN75Y9otLDp+2GrIs9xd3UujQR76b+Eec+HKqImghOF5GcMjX06QwdKhBN6
36lKbx4fudgsFpJTf3zc0chDRRlrLuzy1fUx6b1QvmPykyBIvbd25z7tVTZdOBz1
WfyCklqW/azcbyHe/8YYKh6mksIJsXudQudZRSiWNN5UhdgHM3QYWz659huJHitf
gdXdIJPnCT+ldGjDpY1iDnQK2P6GsTZnPn8F13kCAwEAAaOCAlowggJWMB0GA1Ud
DgQWBBQ1p6hvRTWUCUc0ojupwwTT0pkEADAfBgNVHSMEGDAWgBRtadpErgZ/wamK
X28F8S5UXQ/GKjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JXbmFSSzRHZjhHcGlsOXZCZkV1VkYwUHhpby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDEvYjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8x
L05hZW9iMFUxbEFsSE5LSTdxY01FMDlLWkJBQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEv
YjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8xL2JXbmFSSzRHZjhH
cGlsOXZCZkV1VkYwUHhpby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBw
BggrBgEFBQcBBwEB/wRhMF8wTgQCAAEwSDAMAwQGH6lAAwQAH6lIAwQAH6lKMAwD
BAIfqUwDBAAfqU4DBAAfqVEDBAAfqVgwDAMEAR+pWgMEBR+pQAMEALkhPQMEALkh
PzANBAIAAjAHAwUAKgBXQDANBgkqhkiG9w0BAQsFAAOCAQEAfgMRNu548eSZ2a1j
LRYNH7ZMmIhF3LHGn/HqU7lhzrBvz+n07y79yD3OBUpxAikBe9m/+vOsADxwQ3VL
iOn6Qxv2jrxoiYH5ttA1hLkqnNfKqimf78X51HktfvAH8pY6+gdEeZ9kJdsr1R93
4VwGJBD3xMR1IeM4Cv+mt0CGpGLmkb6mKOpHWd6IuZapkTlJAbi4Ok7qYxBGZDuC
SnuoPQBaQxBpphlVKalJZYmQWvjT+GsTLevCbsYJBrixOZwyiVSq7UpyGGYBSLcL
UH28zoXOGij3ne48Ql1eq+CF+/mfDrKVrykBUiwxDHKzfWZdULS6vMpDuP1DPIqB
qNAQqw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:47 2024 by rpki-client on console-ams.rpki-client.org