Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/ehyQToUVop4F7Vr_8CqltvIVbws.roa
File:                     ehyQToUVop4F7Vr_8CqltvIVbws.roa (raw, json)
Hash identifier:          1ZTKPT1crBuDL3BqEjgn50xbwuPs/HGwz5wsH0oWh/U=
Subject key identifier:   7A:1C:90:4E:85:15:A2:9E:05:ED:5A:FF:F0:2A:A5:B6:F2:15:6F:0B
Certificate issuer:       /CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
Certificate serial:       01856B256D6B8352788FDAB1D787664E44BB
Authority key identifier: A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/ehyQToUVop4F7Vr_8CqltvIVbws.roa
Signing time:             Sun 01 Jan 2023 02:24:52 +0000
ROA not before:           Sun 01 Jan 2023 02:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     396982
IP address blocks:        46.16.161.0/24 maxlen: 24
                          46.16.160.0/24 maxlen: 24
                          46.16.160.0/23 maxlen: 23
                          46.16.164.0/24 maxlen: 24
                          46.16.166.0/24 maxlen: 24
                          185.27.146.0/24 maxlen: 24
                          46.16.165.0/24 maxlen: 24
                          185.27.147.0/24 maxlen: 24
                          91.197.140.0/24 maxlen: 24
                          91.197.140.0/22 maxlen: 22
                          91.197.141.0/24 maxlen: 24
                          91.197.143.0/24 maxlen: 24
                          91.197.142.0/23 maxlen: 23
                          91.197.142.0/24 maxlen: 24
                          185.27.144.0/24 maxlen: 24
                          185.27.144.0/22 maxlen: 22
                          185.27.145.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:25:6d:6b:83:52:78:8f:da:b1:d7:87:66:4e:44:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
        Validity
            Not Before: Jan  1 02:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7a1c904e8515a29e05ed5afff02aa5b6f2156f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e0:0e:0a:87:16:f0:69:06:cf:1a:f6:0d:a6:
                    6b:68:9c:9e:ba:78:ff:9d:c9:32:a6:98:ca:a6:c2:
                    02:b9:77:f3:09:72:0e:82:9a:92:b0:37:39:a8:d1:
                    80:ee:34:58:f9:91:ba:c0:a4:c2:04:8d:92:4c:fa:
                    33:ec:10:df:90:cd:82:58:e9:0b:78:58:06:f5:10:
                    77:42:77:ca:a5:b3:86:52:69:22:83:a5:5b:f9:78:
                    ca:ee:53:37:62:6b:d0:8d:77:ad:ca:c8:9f:56:49:
                    8c:13:3f:21:17:61:1e:e3:80:34:1f:03:00:80:69:
                    c3:88:8a:1a:95:66:29:a0:57:36:05:80:b7:31:e6:
                    c6:76:3c:21:d2:9d:bb:93:41:d5:74:b5:5f:6b:a5:
                    90:16:34:27:0a:e1:5b:ce:d3:e2:2f:4e:6b:46:6a:
                    8f:0e:d7:f9:0b:eb:fa:2a:c0:54:01:18:a7:c0:8f:
                    8e:1c:04:cf:5e:ff:4d:c9:4f:cc:db:06:44:66:d2:
                    3a:00:3a:03:e6:32:21:3a:6f:ac:4b:dc:77:dd:60:
                    2b:a6:14:3b:9d:50:7d:59:78:42:ee:eb:7f:ef:99:
                    3c:4a:02:80:c1:a4:84:ef:2c:43:95:53:d5:4f:77:
                    33:3b:0b:ce:eb:70:20:86:38:e8:69:86:39:14:1e:
                    a3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:1C:90:4E:85:15:A2:9E:05:ED:5A:FF:F0:2A:A5:B6:F2:15:6F:0B
            X509v3 Authority Key Identifier:
                keyid:A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/ehyQToUVop4F7Vr_8CqltvIVbws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/po_5Ip79jRK0Jz80b4xkVOpYfsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.160.0/23
                  46.16.164.0-46.16.166.255
                  91.197.140.0/22
                  185.27.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:71:4c:33:56:3d:19:02:2c:fd:2e:17:3a:ed:7c:1a:73:e6:
         bb:f4:f6:6d:ae:f0:f2:97:14:d9:c3:51:38:ed:87:0b:98:d5:
         a6:dc:f2:c1:91:cc:1b:9f:93:5c:d6:4f:ca:3d:20:1a:5a:e1:
         fe:b1:1d:a7:5f:47:86:4b:ea:18:4d:61:cd:a9:ef:95:d4:b3:
         5c:9e:b7:54:37:53:47:ca:2d:75:7b:3a:72:a3:92:43:82:ec:
         25:93:6d:16:ca:2c:a8:19:0c:c1:49:f2:13:41:cf:57:67:5c:
         3c:45:a8:8e:f4:00:ee:ea:59:11:3e:b1:41:6b:c6:ae:9a:7f:
         32:c9:d4:e1:6b:47:b3:01:25:7b:76:a7:8a:e8:10:60:8e:85:
         02:bd:3f:6b:3d:70:c4:30:64:30:b9:77:55:54:b4:c9:0c:1c:
         f5:d8:fa:27:bd:93:eb:05:f4:fe:85:05:d6:4d:98:94:54:77:
         39:47:59:5d:b3:e6:eb:48:04:d6:b8:67:d7:4e:a5:97:8e:51:
         be:35:46:a4:ef:1a:00:ba:e7:84:0b:9b:de:ec:85:ab:37:37:
         07:de:42:02:18:97:16:a8:4e:97:b1:de:05:69:ed:2d:e0:d6:
         a9:de:dc:46:d0:1c:03:69:e9:2c:77:11:bf:f9:58:ea:3f:9a:
         b3:46:ea:b6
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVrJW1rg1J4j9qx14dmTkS7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2OGZmOTIyOWVmZDhkMTJiNDI3M2YzNDZmOGM2NDU0ZWE1
ODdlY2MwHhcNMjMwMTAxMDIyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTFjOTA0ZTg1MTVhMjllMDVlZDVhZmZmMDJhYTViNmYyMTU2ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+AOCocW8GkGzxr2DaZraJyeunj/
nckyppjKpsICuXfzCXIOgpqSsDc5qNGA7jRY+ZG6wKTCBI2STPoz7BDfkM2CWOkL
eFgG9RB3QnfKpbOGUmkig6Vb+XjK7lM3YmvQjXetysifVkmMEz8hF2Ee44A0HwMA
gGnDiIoalWYpoFc2BYC3MebGdjwh0p27k0HVdLVfa6WQFjQnCuFbztPiL05rRmqP
Dtf5C+v6KsBUARinwI+OHATPXv9NyU/M2wZEZtI6ADoD5jIhOm+sS9x33WArphQ7
nVB9WXhC7ut/75k8SgKAwaSE7yxDlVPVT3czOwvO63AghjjoaYY5FB6jsQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFHockE6FFaKeBe1a//AqpbbyFW8LMB8GA1UdIwQY
MBaAFKaP+SKe/Y0StCc/NG+MZFTqWH7MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEt
MjI3ZTIxZTY5MWU3LzEvZWh5UVRvVVZvcDRGN1ZyXzhDcWx0dklWYndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEtMjI3ZTIxZTY5MWU3
LzEvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBLhCgMAwD
BAIuEKQDBAAuEKYDBAJbxYwDBAK5G5AwDQYJKoZIhvcNAQELBQADggEBAH1xTDNW
PRkCLP0uFzrtfBpz5rv09m2u8PKXFNnDUTjthwuY1abc8sGRzBufk1zWT8o9IBpa
4f6xHadfR4ZL6hhNYc2p75XUs1yet1Q3U0fKLXV7OnKjkkOC7CWTbRbKLKgZDMFJ
8hNBz1dnXDxFqI70AO7qWRE+sUFrxq6afzLJ1OFrR7MBJXt2p4roEGCOhQK9P2s9
cMQwZDC5d1VUtMkMHPXY+ie9k+sF9P6FBdZNmJRUdzlHWV2z5utIBNa4Z9dOpZeO
Ub41RqTvGgC654QLm97shas3NwfeQgIYlxaoTpex3gVp7S3g1qne3EbQHANp6Sx3
Eb/5WOo/mrNG6rY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:24 2024 by rpki-client on console-ams.rpki-client.org