Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/1FO9QGe3MNLfUEnvCSHh3B0uHgU.roa
File:                     1FO9QGe3MNLfUEnvCSHh3B0uHgU.roa (raw, json)
Hash identifier:          b5Ca7lfRvqCHe05+Vh4I+02bQ3FQ46sCyuHqy/TzqNo=
Subject key identifier:   D4:53:BD:40:67:B7:30:D2:DF:50:49:EF:09:21:E1:DC:1D:2E:1E:05
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       12F0EF2B
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/1FO9QGe3MNLfUEnvCSHh3B0uHgU.roa
Signing time:             Fri 13 May 2022 07:52:02 +0000
ROA not before:           Fri 13 May 2022 07:52:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8866
IP address blocks:        87.246.28.0/22 maxlen: 22
                          87.246.26.0/23 maxlen: 23
                          87.246.50.0/23 maxlen: 23
                          87.246.46.0/23 maxlen: 23
                          87.246.58.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 317779755 (0x12f0ef2b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: May 13 07:52:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d453bd4067b730d2df5049ef0921e1dc1d2e1e05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:87:15:e1:62:56:4d:f8:19:bb:68:b9:26:fb:
                    75:75:e7:3d:57:8f:ec:9f:50:9e:27:48:38:ae:9d:
                    8f:cc:d7:50:6a:c7:85:da:d0:46:6a:01:0a:d3:f7:
                    1d:65:ca:44:98:8a:8a:7b:a7:2c:e1:03:c6:07:27:
                    88:10:27:48:b5:6e:df:a4:39:89:97:6e:f0:85:69:
                    60:22:89:18:a8:e8:ce:c4:8a:a9:24:d1:1d:ca:e8:
                    41:a7:d8:dd:00:b6:03:e5:fe:20:ac:cc:0d:2c:4b:
                    26:70:3a:aa:f5:48:16:6b:60:e0:e9:be:6e:d5:09:
                    57:f9:d5:d0:d9:db:a1:20:5d:f6:fa:0c:2c:d4:45:
                    f0:84:d1:e7:b1:a6:92:22:1e:2e:20:8b:37:1e:28:
                    57:bc:64:4b:42:0d:fa:be:8e:fd:58:08:e2:d0:f4:
                    81:28:35:cd:cb:c9:f8:3c:19:70:b2:9e:86:df:db:
                    f1:07:31:73:54:cf:0a:0a:f4:a8:31:f4:19:8d:44:
                    fb:68:a3:37:97:d5:97:e1:2d:ad:76:15:03:f3:2e:
                    5d:d9:c7:f5:73:bc:65:6e:e5:8c:aa:68:8a:eb:a2:
                    51:b3:80:c0:a6:ae:16:c4:36:86:74:68:1f:55:ce:
                    1a:f8:02:de:ae:43:cd:b3:1a:e6:f8:69:ff:27:eb:
                    de:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:53:BD:40:67:B7:30:D2:DF:50:49:EF:09:21:E1:DC:1D:2E:1E:05
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/1FO9QGe3MNLfUEnvCSHh3B0uHgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.26.0-87.246.31.255
                  87.246.46.0/23
                  87.246.50.0/23
                  87.246.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:7c:0e:38:84:2f:b6:b4:78:6a:d1:29:1e:b2:c7:a5:75:28:
         e2:00:29:3d:db:98:9d:3d:90:19:9c:32:f3:aa:58:c9:87:ee:
         35:64:74:74:e5:fe:50:9f:79:cd:b2:ac:e6:00:c3:0c:81:93:
         74:da:d1:56:6b:1a:99:c5:03:83:76:cd:7a:27:38:48:d2:ed:
         2b:84:cf:00:b6:2e:9a:c5:e1:50:7d:e2:db:ac:66:4d:4b:fa:
         e2:1a:d6:54:45:c2:73:aa:cd:41:72:49:0b:7f:9d:c8:74:a3:
         c6:88:38:5c:bc:85:1f:9f:7d:7f:38:7f:2a:7b:38:c9:39:86:
         35:d7:f7:ed:2e:2b:2f:d9:5b:8a:e4:47:29:8b:44:9a:a5:11:
         6d:4c:7c:ad:0d:8a:db:a1:20:71:10:66:9f:b8:1d:8c:67:83:
         47:4c:30:76:94:d5:c4:fe:4b:d3:cc:0c:0f:f2:8e:42:91:fd:
         0a:1a:3a:67:9f:09:86:24:f3:79:d2:83:71:c9:d1:7b:3e:38:
         61:79:d4:73:55:76:40:22:65:c3:d1:2c:43:df:47:02:ef:05:
         75:f1:3e:ad:f1:4a:2d:34:f2:58:19:a9:12:d0:40:fc:8b:b7:
         3e:09:79:21:bc:c7:40:89:82:0e:86:ff:ba:15:a4:f8:1a:38:
         d0:c9:e4:a0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIEEvDvKzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MzVlYWM2NGVhNDgwMmU2ODI0Njg2ZjdjMGQyMDFmMmM4NWNiMmFhMB4XDTIyMDUx
MzA3NTIwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDQ1M2JkNDA2N2I3
MzBkMmRmNTA0OWVmMDkyMWUxZGMxZDJlMWUwNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK+HFeFiVk34GbtouSb7dXXnPVeP7J9QnidIOK6dj8zXUGrH
hdrQRmoBCtP3HWXKRJiKinunLOEDxgcniBAnSLVu36Q5iZdu8IVpYCKJGKjozsSK
qSTRHcroQafY3QC2A+X+IKzMDSxLJnA6qvVIFmtg4Om+btUJV/nV0NnboSBd9voM
LNRF8ITR57GmkiIeLiCLNx4oV7xkS0IN+r6O/VgI4tD0gSg1zcvJ+DwZcLKeht/b
8Qcxc1TPCgr0qDH0GY1E+2ijN5fVl+EtrXYVA/MuXdnH9XO8ZW7ljKpoiuuiUbOA
wKauFsQ2hnRoH1XOGvgC3q5DzbMa5vhp/yfr3v0CAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBTUU71AZ7cw0t9QSe8JIeHcHS4eBTAfBgNVHSMEGDAWgBTDXqxk6kgC5oJG
hvfA0gHyyFyyqjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3cxNnNaT3BJQXVhQ1JvYjN3TklCOHNoY3Nxby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvY2NkZDhiLTc3MjAtNGRlMC04YzQzLWRhY2I1ZjM1NmVhMy8x
LzFGTzlRR2UzTU5MZlVFbnZDU0hoM0IwdUhnVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
Y2NkZDhiLTc3MjAtNGRlMC04YzQzLWRhY2I1ZjM1NmVhMy8xL3cxNnNaT3BJQXVh
Q1JvYjN3TklCOHNoY3Nxby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwJgQCAAEwIDAMAwQBV/YaAwQFV/YAAwQBV/YuAwQB
V/YyAwQBV/Y6MA0GCSqGSIb3DQEBCwUAA4IBAQClfA44hC+2tHhq0SkesseldSji
ACk925idPZAZnDLzqljJh+41ZHR05f5Qn3nNsqzmAMMMgZN02tFWaxqZxQODds16
JzhI0u0rhM8Ati6axeFQfeLbrGZNS/riGtZURcJzqs1BckkLf53IdKPGiDhcvIUf
n31/OH8qezjJOYY11/ftLisv2VuK5Ecpi0SapRFtTHytDYrboSBxEGafuB2MZ4NH
TDB2lNXE/kvTzAwP8o5Ckf0KGjpnnwmGJPN50oNxydF7PjhhedRzVXZAImXD0SxD
30cC7wV18T6t8UotNPJYGakS0ED8i7c+CXkhvMdAiYIOhv+6FaT4GjjQyeSg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:14 2024 by rpki-client on console-fra.rpki-client.org