Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/4a7cdf-c750-4ba4-9060-5f79dbcf5ddd/1/eqFR2BZDVCW2o55DfDSvBirH0uk.roa
File:                     eqFR2BZDVCW2o55DfDSvBirH0uk.roa (raw, json)
Hash identifier:          4/rxMqvHZjoGsWVz8vxB5xaA3IkSyhOg8Cq3G5s2iag=
Subject key identifier:   7A:A1:51:D8:16:43:54:25:B6:A3:9E:43:7C:34:AF:06:2A:C7:D2:E9
Certificate issuer:       /CN=895851d6c3257f218451a258a8e9b94947334e10
Certificate serial:       E8950D
Authority key identifier: 89:58:51:D6:C3:25:7F:21:84:51:A2:58:A8:E9:B9:49:47:33:4E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iVhR1sMlfyGEUaJYqOm5SUczThA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/4a7cdf-c750-4ba4-9060-5f79dbcf5ddd/1/eqFR2BZDVCW2o55DfDSvBirH0uk.roa
Signing time:             Sat 01 Jan 2022 09:00:35 +0000
ROA not before:           Sat 01 Jan 2022 09:00:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38986
IP address blocks:        79.171.168.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15242509 (0xe8950d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=895851d6c3257f218451a258a8e9b94947334e10
        Validity
            Not Before: Jan  1 09:00:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7aa151d816435425b6a39e437c34af062ac7d2e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:48:24:61:fe:8e:50:df:98:6b:fc:10:ca:
                    de:c9:9b:86:0c:60:91:34:a1:78:10:92:7b:18:85:
                    7a:f2:2e:e3:f3:6a:a4:30:5b:f3:58:49:96:10:1a:
                    74:71:e2:96:60:9c:8f:85:8b:85:20:06:a0:bf:b9:
                    99:bd:84:62:22:72:1f:59:9c:34:db:e7:75:52:8a:
                    1d:c2:24:1f:36:90:fc:27:6a:71:46:b6:6e:62:d7:
                    30:10:0d:88:45:0d:76:88:66:bc:57:28:07:a8:09:
                    db:94:81:d3:30:05:25:9a:1e:c5:02:36:4e:bc:e0:
                    bd:1e:c8:34:06:c5:16:a5:87:ad:4e:d7:47:d8:db:
                    af:9e:18:58:dd:47:b3:6f:36:09:53:33:6b:05:28:
                    1f:b9:ac:73:bd:03:08:ab:73:bc:21:bf:56:fe:9b:
                    81:a5:59:75:0b:72:45:e1:a4:8a:cc:9e:c6:10:89:
                    cd:41:d1:9c:a9:52:5c:e7:02:39:ac:7b:8f:00:12:
                    64:3f:ed:be:5b:83:39:79:8c:9e:b8:ab:51:c8:e8:
                    c8:99:6a:d8:ca:5b:ef:ee:e7:0d:18:63:8c:39:20:
                    2f:31:a3:e7:bc:54:c3:97:bf:c2:0c:f7:6a:dd:40:
                    3d:a2:60:98:6a:90:5b:98:c8:b4:41:27:01:7b:ca:
                    53:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A1:51:D8:16:43:54:25:B6:A3:9E:43:7C:34:AF:06:2A:C7:D2:E9
            X509v3 Authority Key Identifier:
                keyid:89:58:51:D6:C3:25:7F:21:84:51:A2:58:A8:E9:B9:49:47:33:4E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iVhR1sMlfyGEUaJYqOm5SUczThA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/4a7cdf-c750-4ba4-9060-5f79dbcf5ddd/1/eqFR2BZDVCW2o55DfDSvBirH0uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/4a7cdf-c750-4ba4-9060-5f79dbcf5ddd/1/iVhR1sMlfyGEUaJYqOm5SUczThA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.171.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:bc:00:89:97:07:df:e5:08:3c:87:7d:b3:af:cf:76:22:b7:
         a0:4d:91:46:37:c4:47:89:61:d4:6c:66:9c:e0:dc:84:9b:36:
         a6:43:44:ca:31:c4:6f:74:2a:f8:f5:01:d8:44:f4:57:aa:ad:
         53:3d:79:08:c2:54:05:9b:37:9d:fd:cc:1f:c8:83:2e:b7:68:
         10:09:ed:ef:e3:53:3d:5e:0f:0c:8b:cc:1c:7c:8f:39:73:b9:
         eb:30:59:e7:f0:99:17:22:b3:bd:ff:04:84:19:45:60:f6:76:
         df:fd:de:0f:1c:43:40:13:b0:56:80:79:ed:3a:91:90:af:d8:
         8b:30:39:e3:29:cc:f4:fc:04:cf:5e:3a:ff:ce:85:94:1e:b0:
         fc:bc:36:d0:95:28:b3:9c:eb:c7:23:c2:02:60:a6:81:27:91:
         c9:c2:69:eb:ae:fe:cb:cc:7f:fb:da:2b:7b:96:56:10:00:fc:
         93:ea:90:f5:69:70:04:80:43:99:46:10:37:61:0b:84:36:43:
         a2:59:04:1b:3a:55:43:66:ca:32:bd:a1:a3:65:30:83:74:4d:
         83:5e:5f:50:98:01:23:9c:4b:fe:e3:0c:36:82:1e:42:0f:08:
         ce:94:07:ca:74:d6:3a:fa:bb:8e:a5:72:b4:b5:72:22:ee:b2:
         66:aa:19:0d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAOiVDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OTU4NTFkNmMzMjU3ZjIxODQ1MWEyNThhOGU5Yjk0OTQ3MzM0ZTEwMB4XDTIyMDEw
MTA5MDAzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2FhMTUxZDgxNjQz
NTQyNWI2YTM5ZTQzN2MzNGFmMDYyYWM3ZDJlOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL5+SCRh/o5Q35hr/BDK3smbhgxgkTSheBCSexiFevIu4/Nq
pDBb81hJlhAadHHilmCcj4WLhSAGoL+5mb2EYiJyH1mcNNvndVKKHcIkHzaQ/Cdq
cUa2bmLXMBANiEUNdohmvFcoB6gJ25SB0zAFJZoexQI2TrzgvR7INAbFFqWHrU7X
R9jbr54YWN1Hs282CVMzawUoH7msc70DCKtzvCG/Vv6bgaVZdQtyReGkisyexhCJ
zUHRnKlSXOcCOax7jwASZD/tvluDOXmMnrirUcjoyJlq2Mpb7+7nDRhjjDkgLzGj
57xUw5e/wgz3at1APaJgmGqQW5jItEEnAXvKU1sCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR6oVHYFkNUJbajnkN8NK8GKsfS6TAfBgNVHSMEGDAWgBSJWFHWwyV/IYRR
olio6blJRzNOEDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lWaFIxc01sZnlHRVVhSllxT201U1VjelRoQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDUvNGE3Y2RmLWM3NTAtNGJhNC05MDYwLTVmNzlkYmNmNWRkZC8x
L2VxRlIyQlpEVkNXMm81NURmRFN2QmlySDB1ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDUv
NGE3Y2RmLWM3NTAtNGJhNC05MDYwLTVmNzlkYmNmNWRkZC8xL2lWaFIxc01sZnlH
RVVhSllxT201U1VjelRoQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAk+rqDANBgkqhkiG9w0BAQsFAAOC
AQEAL7wAiZcH3+UIPId9s6/PdiK3oE2RRjfER4lh1GxmnODchJs2pkNEyjHEb3Qq
+PUB2ET0V6qtUz15CMJUBZs3nf3MH8iDLrdoEAnt7+NTPV4PDIvMHHyPOXO56zBZ
5/CZFyKzvf8EhBlFYPZ23/3eDxxDQBOwVoB57TqRkK/YizA54ynM9PwEz146/86F
lB6w/Lw20JUos5zrxyPCAmCmgSeRycJp667+y8x/+9ore5ZWEAD8k+qQ9WlwBIBD
mUYQN2ELhDZDolkEGzpVQ2bKMr2ho2Uwg3RNg15fUJgBI5xL/uMMNoIeQg8IzpQH
ynTWOvq7jqVytLVyIu6yZqoZDQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:27 2024 by rpki-client on console-ams.rpki-client.org