Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/_dgR2xbDrImSDEcz1W-810Y7Ojc.roa
File:                     _dgR2xbDrImSDEcz1W-810Y7Ojc.roa (raw, json)
Hash identifier:          8pCm5IKA5S6Cs9wlvp/9Ugg2cdJiorviP+ZYB9AfKdM=
Subject key identifier:   FD:D8:11:DB:16:C3:AC:89:92:0C:47:33:D5:6F:BC:D7:46:3B:3A:37
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       3830A53A
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/_dgR2xbDrImSDEcz1W-810Y7Ojc.roa
Signing time:             Fri 29 Apr 2022 15:32:08 +0000
ROA not before:           Fri 29 Apr 2022 15:32:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34984
IP address blocks:        31.169.68.0/24 maxlen: 24
                          31.169.83.0/24 maxlen: 24
                          31.169.84.0/24 maxlen: 24
                          31.169.80.0/24 maxlen: 24
                          31.169.82.0/24 maxlen: 24
                          31.169.90.0/24 maxlen: 24
                          31.169.86.0/24 maxlen: 24
                          31.169.88.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 942712122 (0x3830a53a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Apr 29 15:32:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fdd811db16c3ac89920c4733d56fbcd7463b3a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:87:f1:9e:67:32:c1:e6:6f:97:c8:29:13:51:
                    41:b5:0e:fb:e9:63:c3:5d:e5:83:4a:02:cd:ba:1c:
                    01:26:d0:bc:bd:fc:5b:9e:42:7b:41:5b:45:ad:86:
                    08:b4:20:69:f3:88:88:48:a5:cc:3a:b0:d7:d3:65:
                    e7:38:84:1b:af:4b:74:5c:30:53:64:31:8b:09:5e:
                    69:8b:61:e3:8f:5f:e4:6b:6d:f3:4c:3b:66:35:f6:
                    4c:d9:9c:b0:47:08:31:b3:b7:8e:3f:33:13:29:7b:
                    ce:3e:66:00:fd:ee:96:31:d8:bb:9f:8f:0e:23:fb:
                    b5:19:93:40:16:9e:1f:19:74:53:c9:85:64:2a:5e:
                    8e:4f:74:0f:3c:82:d4:8d:c3:0a:66:95:9a:e5:0c:
                    d8:be:d2:1e:56:6d:70:0b:ec:21:21:2f:e1:bd:2f:
                    8b:cd:eb:8a:e2:ec:e7:f3:e1:06:5c:bf:2f:69:56:
                    45:0c:a8:2a:bf:7b:73:c6:b5:8d:68:ca:cc:ee:d8:
                    5c:73:ce:d8:53:ef:07:e4:94:91:7d:17:31:33:15:
                    8b:19:79:b0:c9:4c:ea:3d:ba:de:ce:b7:78:ac:dd:
                    ba:06:fe:23:1a:d2:59:92:b6:1a:2c:cf:a9:0e:4d:
                    34:f4:e7:d8:54:f1:73:1a:af:d6:c0:81:80:cf:4d:
                    6d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D8:11:DB:16:C3:AC:89:92:0C:47:33:D5:6F:BC:D7:46:3B:3A:37
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/_dgR2xbDrImSDEcz1W-810Y7Ojc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.68.0/24
                  31.169.80.0/24
                  31.169.82.0-31.169.84.255
                  31.169.86.0/24
                  31.169.88.0/24
                  31.169.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:cc:6c:da:a6:2a:31:c5:a9:84:1f:3c:c7:55:2e:89:16:8f:
         90:6b:e1:35:78:e5:89:3b:ce:9d:0b:3f:e9:6f:02:8e:21:4b:
         bd:c7:af:62:48:78:f6:3f:e5:08:99:04:5b:27:9a:20:1f:4e:
         7c:85:9e:39:b2:02:c1:d5:05:42:22:58:1c:b4:c4:b2:76:6a:
         35:ea:aa:a6:d4:dc:f1:a9:84:4d:24:e0:15:56:1c:13:99:e1:
         4b:4f:ec:7f:cb:ed:36:17:64:52:47:6d:0b:4b:3c:bd:ee:10:
         34:0a:36:26:b3:08:78:78:81:fe:d2:bc:b7:54:a7:f5:6c:10:
         14:4b:ee:d9:70:20:3d:a5:f5:75:5b:84:08:0a:dc:00:62:a4:
         85:5a:31:bd:46:b2:73:55:e5:5d:66:06:3a:40:17:1c:76:02:
         44:72:84:3e:82:49:5c:e0:bf:e1:b5:8e:7d:9d:64:c8:e9:57:
         26:91:da:ee:a1:bd:6f:c0:f4:7c:5f:5e:88:dd:d8:6a:fb:24:
         5d:67:d4:12:19:11:6d:39:6b:72:b5:2a:02:ed:a8:df:c9:6f:
         c7:41:1f:aa:97:0c:06:0c:f8:15:01:88:1d:55:d1:31:95:1b:
         f3:2b:c1:94:be:67:fc:5d:f1:05:27:24:5b:8d:95:55:08:db:
         27:3d:6d:21
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIEODClOjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDY5ZGE0NGFlMDY3ZmMxYTk4YTVmNmYwNWYxMmU1NDVkMGZjNjJhMB4XDTIyMDQy
OTE1MzIwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmRkODExZGIxNmMz
YWM4OTkyMGM0NzMzZDU2ZmJjZDc0NjNiM2EzNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGH8Z5nMsHmb5fIKRNRQbUO++ljw13lg0oCzbocASbQvL38
W55Ce0FbRa2GCLQgafOIiEilzDqw19Nl5ziEG69LdFwwU2QxiwleaYth449f5Gtt
80w7ZjX2TNmcsEcIMbO3jj8zEyl7zj5mAP3uljHYu5+PDiP7tRmTQBaeHxl0U8mF
ZCpejk90DzyC1I3DCmaVmuUM2L7SHlZtcAvsISEv4b0vi83riuLs5/PhBly/L2lW
RQyoKr97c8a1jWjKzO7YXHPO2FPvB+SUkX0XMTMVixl5sMlM6j263s63eKzdugb+
IxrSWZK2GizPqQ5NNPTn2FTxcxqv1sCBgM9NbQMCAwEAAaOCAi8wggIrMB0GA1Ud
DgQWBBT92BHbFsOsiZIMRzPVb7zXRjs6NzAfBgNVHSMEGDAWgBRtadpErgZ/wamK
X28F8S5UXQ/GKjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JXbmFSSzRHZjhHcGlsOXZCZkV1VkYwUHhpby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDEvYjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8x
L19kZ1IyeGJEckltU0RFY3oxVy04MTBZN09qYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEv
YjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8xL2JXbmFSSzRHZjhH
cGlsOXZCZkV1VkYwUHhpby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBF
BggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLAMEAB+pRAMEAB+pUDAMAwQBH6lSAwQA
H6lUAwQAH6lWAwQAH6lYAwQAH6laMA0GCSqGSIb3DQEBCwUAA4IBAQAUzGzapiox
xamEHzzHVS6JFo+Qa+E1eOWJO86dCz/pbwKOIUu9x69iSHj2P+UImQRbJ5ogH058
hZ45sgLB1QVCIlgctMSydmo16qqm1NzxqYRNJOAVVhwTmeFLT+x/y+02F2RSR20L
Szy97hA0CjYmswh4eIH+0ry3VKf1bBAUS+7ZcCA9pfV1W4QICtwAYqSFWjG9RrJz
VeVdZgY6QBccdgJEcoQ+gklc4L/htY59nWTI6Vcmkdruob1vwPR8X16I3dhq+yRd
Z9QSGRFtOWtytSoC7ajfyW/HQR+qlwwGDPgVAYgdVdExlRvzK8GUvmf8XfEFJyRb
jZVVCNsnPW0h
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:56 2024 by rpki-client on console-fra.rpki-client.org