Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/Uqi_cFgULKU9uTIK8Zlok5uSwtI.roa
File:                     Uqi_cFgULKU9uTIK8Zlok5uSwtI.roa (raw, json)
Hash identifier:          1r6EFRtYXTtfk3t/xjWBOnibl98BCZ3zPHRPoBmkdMI=
Subject key identifier:   52:A8:BF:70:58:14:2C:A5:3D:B9:32:0A:F1:99:68:93:9B:92:C2:D2
Certificate issuer:       /CN=0620eadb2e1562b4e2e4f480772c36887a777f24
Certificate serial:       2FFC1484
Authority key identifier: 06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/Uqi_cFgULKU9uTIK8Zlok5uSwtI.roa
Signing time:             Sat 01 Jan 2022 10:01:35 +0000
ROA not before:           Sat 01 Jan 2022 10:01:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        217.195.197.0/24 maxlen: 24
                          217.195.195.0/24 maxlen: 24
                          80.93.220.0/24 maxlen: 24
                          217.195.202.0/24 maxlen: 24
                          37.122.140.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 805049476 (0x2ffc1484)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0620eadb2e1562b4e2e4f480772c36887a777f24
        Validity
            Not Before: Jan  1 10:01:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=52a8bf7058142ca53db9320af19968939b92c2d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:58:2d:f1:68:58:e6:da:15:80:eb:fb:3d:40:
                    1b:4e:fb:14:0d:0a:15:c1:20:36:66:72:24:2a:8d:
                    78:70:a0:be:8f:a2:00:31:f8:8e:bd:49:79:42:a6:
                    09:be:c9:a3:e6:cd:0a:52:05:c7:d0:7f:f8:84:9e:
                    3f:a5:3d:86:55:7b:df:fc:d9:77:69:c4:d2:c2:9e:
                    71:14:c4:86:db:e9:8f:b5:d0:40:4e:38:b9:36:60:
                    bd:d1:fb:f7:d4:0e:f3:5b:38:f0:ef:6d:28:77:e1:
                    ab:7e:bc:ef:33:6a:43:92:9b:b2:ee:31:45:3a:95:
                    68:46:c7:6b:59:36:3b:2f:b6:e2:b2:00:20:9f:4e:
                    eb:bb:92:8b:15:6e:f0:39:59:d0:3a:e8:d7:ec:0d:
                    fe:0c:01:d2:50:81:77:ee:22:39:2b:99:43:da:46:
                    93:a4:1e:20:e1:ab:e2:2d:02:e9:8c:be:b2:bc:0e:
                    eb:a9:d1:eb:80:c6:d3:85:d2:af:72:a5:91:88:48:
                    3f:50:8b:df:bf:3c:1b:0f:52:cc:75:42:91:38:39:
                    58:0b:a5:b0:49:a7:31:0e:29:77:ca:20:65:9b:16:
                    2d:9e:3c:3c:a2:a9:fa:2b:3d:f1:19:08:79:9f:b8:
                    6d:f6:ba:26:92:a5:a1:7f:32:13:f9:04:c0:44:0a:
                    02:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:A8:BF:70:58:14:2C:A5:3D:B9:32:0A:F1:99:68:93:9B:92:C2:D2
            X509v3 Authority Key Identifier:
                keyid:06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/Uqi_cFgULKU9uTIK8Zlok5uSwtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.140.0/24
                  80.93.220.0/24
                  217.195.195.0/24
                  217.195.197.0/24
                  217.195.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:26:e0:a1:14:8b:44:99:aa:ea:bd:5f:0b:48:a0:43:6f:71:
         0c:ef:83:ab:0d:61:05:06:77:8b:e5:f6:65:20:f1:b6:8b:22:
         6a:da:e8:b9:b4:eb:67:00:2e:5b:83:5e:69:94:ee:0c:c3:9b:
         2f:ff:ac:a5:54:26:94:ac:a0:57:29:30:c7:6c:8a:5f:a1:ed:
         2a:fa:08:52:80:85:84:eb:90:8f:14:6c:8e:fa:21:b0:6f:f5:
         84:41:1e:a2:33:51:cb:3f:84:eb:d2:8a:d8:60:0c:31:c8:c2:
         a5:b2:5c:33:b8:3b:4e:f3:61:0b:d0:c6:6b:72:dd:d6:7a:4c:
         50:8a:f9:f5:31:7b:17:6f:94:37:50:54:6e:10:67:70:d4:b9:
         08:f4:e2:4a:27:31:e0:a1:52:c7:bd:b9:10:eb:76:ba:ad:d9:
         6b:1d:c6:94:37:df:2a:2e:c9:b2:8e:03:19:97:ff:48:c9:7a:
         6e:bb:52:18:fa:64:0e:75:c7:6f:79:e9:3a:a6:19:7a:6f:1c:
         25:1b:2a:52:c2:eb:50:e4:7d:cf:ac:4f:be:b6:50:a2:f7:6f:
         11:06:32:12:a9:5f:f4:ea:a5:e2:24:57:a7:9d:21:64:4a:95:
         5d:fb:9a:38:f1:7e:03:99:86:20:fd:c2:9f:03:b2:df:24:83:
         87:e5:19:18
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEL/wUhDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NjIwZWFkYjJlMTU2MmI0ZTJlNGY0ODA3NzJjMzY4ODdhNzc3ZjI0MB4XDTIyMDEw
MTEwMDEzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTJhOGJmNzA1ODE0
MmNhNTNkYjkzMjBhZjE5OTY4OTM5YjkyYzJkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAItYLfFoWObaFYDr+z1AG077FA0KFcEgNmZyJCqNeHCgvo+i
ADH4jr1JeUKmCb7Jo+bNClIFx9B/+ISeP6U9hlV73/zZd2nE0sKecRTEhtvpj7XQ
QE44uTZgvdH799QO81s48O9tKHfhq3687zNqQ5Kbsu4xRTqVaEbHa1k2Oy+24rIA
IJ9O67uSixVu8DlZ0Dro1+wN/gwB0lCBd+4iOSuZQ9pGk6QeIOGr4i0C6Yy+srwO
66nR64DG04XSr3KlkYhIP1CL3788Gw9SzHVCkTg5WAulsEmnMQ4pd8ogZZsWLZ48
PKKp+is98RkIeZ+4bfa6JpKloX8yE/kEwEQKAvECAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRSqL9wWBQspT25MgrxmWiTm5LC0jAfBgNVHSMEGDAWgBQGIOrbLhVitOLk
9IB3LDaIend/JDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JpRHEyeTRWWXJUaTVQU0FkeXcyaUhwM2Z5US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDUvY2M4YmZhLTJiMTMtNDY3NC1hOTg0LWE1ZmRiNTcwZmU5YS8x
L1VxaV9jRmdVTEtVOXVUSUs4WmxvazV1U3d0SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDUv
Y2M4YmZhLTJiMTMtNDY3NC1hOTg0LWE1ZmRiNTcwZmU5YS8xL0JpRHEyeTRWWXJU
aTVQU0FkeXcyaUhwM2Z5US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEACV6jAMEAFBd3AMEANnDwwMEANnD
xQMEANnDyjANBgkqhkiG9w0BAQsFAAOCAQEAIibgoRSLRJmq6r1fC0igQ29xDO+D
qw1hBQZ3i+X2ZSDxtosiatroubTrZwAuW4NeaZTuDMObL/+spVQmlKygVykwx2yK
X6HtKvoIUoCFhOuQjxRsjvohsG/1hEEeojNRyz+E69KK2GAMMcjCpbJcM7g7TvNh
C9DGa3Ld1npMUIr59TF7F2+UN1BUbhBncNS5CPTiSicx4KFSx725EOt2uq3Zax3G
lDffKi7Jso4DGZf/SMl6brtSGPpkDnXHb3npOqYZem8cJRsqUsLrUOR9z6xPvrZQ
ovdvEQYyEqlf9Oql4iRXp50hZEqVXfuaOPF+A5mGIP3CnwOy3ySDh+UZGA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:33 2024 by rpki-client on console-ams.rpki-client.org