Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/YGIwkIWLaj-Hy4GfEfeI0Bikbvo.roa
File:                     YGIwkIWLaj-Hy4GfEfeI0Bikbvo.roa (raw, json)
Hash identifier:          2APiG4zgG/fpqpBu4qPoj1uXZ1ie+VswHT1a5UodRyU=
Subject key identifier:   60:62:30:90:85:8B:6A:3F:87:CB:81:9F:11:F7:88:D0:18:A4:6E:FA
Certificate issuer:       /CN=e87cc680c85983e7bf74498d0e6be800f86451c3
Certificate serial:       0232A19B
Authority key identifier: E8:7C:C6:80:C8:59:83:E7:BF:74:49:8D:0E:6B:E8:00:F8:64:51:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/YGIwkIWLaj-Hy4GfEfeI0Bikbvo.roa
Signing time:             Sat 01 Jan 2022 03:58:03 +0000
ROA not before:           Sat 01 Jan 2022 03:58:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51048
IP address blocks:        185.2.196.0/22 maxlen: 24
                          31.210.24.0/21 maxlen: 24
                          64.253.32.0/19 maxlen: 24
                          185.136.244.0/22 maxlen: 24
                          2a03:4300::/29 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 36872603 (0x232a19b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e87cc680c85983e7bf74498d0e6be800f86451c3
        Validity
            Not Before: Jan  1 03:58:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=60623090858b6a3f87cb819f11f788d018a46efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:ae:76:77:fd:c4:8a:5a:98:df:fa:11:8b:
                    cd:3b:57:7f:9a:39:f7:08:8e:a2:eb:bb:7d:bb:9c:
                    eb:c8:1f:23:2d:b8:c9:4f:7c:9e:eb:ef:03:cc:38:
                    90:32:bb:82:c9:5e:da:32:4d:e2:20:8d:c5:17:89:
                    e0:aa:c9:6f:a9:0b:44:1d:cf:b8:28:59:13:ff:e2:
                    d0:02:13:ee:e9:e5:7e:9f:1c:1d:2f:4d:df:3b:b6:
                    12:09:1a:12:ec:5b:85:10:4d:e9:e8:49:c4:3d:e6:
                    90:d8:8f:4d:b3:d7:fb:01:bb:d7:58:8f:f2:dd:e9:
                    3b:bf:08:ef:0d:f9:89:3c:0f:9e:04:b9:73:92:1b:
                    14:21:e2:9e:c2:8a:b1:2c:38:99:1e:ec:39:9f:d2:
                    e8:f2:12:3b:c5:96:cb:db:37:e8:24:d4:9d:9c:ab:
                    46:ee:ca:ec:bc:2b:ce:78:ee:4a:2e:39:79:3a:a7:
                    d8:38:81:7e:3b:57:ac:ef:ec:db:4c:3b:4a:c0:f9:
                    81:de:9b:39:0b:59:9f:74:c4:24:18:ae:82:4c:29:
                    13:07:49:57:a5:3a:b3:21:65:94:cf:5e:6b:83:64:
                    bf:8b:c1:ed:4e:f8:62:fe:03:51:aa:b6:d2:ec:e0:
                    48:12:9e:60:79:50:db:50:4d:f4:81:0f:22:d9:94:
                    c5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:62:30:90:85:8B:6A:3F:87:CB:81:9F:11:F7:88:D0:18:A4:6E:FA
            X509v3 Authority Key Identifier:
                keyid:E8:7C:C6:80:C8:59:83:E7:BF:74:49:8D:0E:6B:E8:00:F8:64:51:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/YGIwkIWLaj-Hy4GfEfeI0Bikbvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6HzGgMhZg-e_dEmNDmvoAPhkUcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.24.0/21
                  64.253.32.0/19
                  185.2.196.0/22
                  185.136.244.0/22
                IPv6:
                  2a03:4300::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:e2:4b:bd:8c:9e:b1:39:e4:76:fa:0b:6d:c1:85:4e:07:b5:
         59:25:9d:ff:8a:e1:09:d3:89:a4:14:7d:bb:c9:98:6f:8d:ef:
         d4:5c:a6:13:2b:9b:25:0e:61:b9:46:b1:e5:fe:9c:b6:54:55:
         b3:1c:c1:65:89:e7:64:69:8c:41:8a:91:dd:96:0a:5a:f9:11:
         8e:9f:59:67:06:f0:ee:81:43:33:32:c6:fd:32:bc:dc:ee:dc:
         f4:9d:42:3c:33:c7:9c:f5:e0:a4:25:71:1a:1f:c6:39:53:17:
         63:83:f2:a0:e5:fa:c4:41:f2:41:cf:cc:bd:d9:dd:38:e7:95:
         c4:c3:0c:6a:76:af:44:b3:cc:57:a5:ac:13:63:6c:a7:7e:6a:
         16:37:96:d0:d5:5a:f2:4e:41:e4:40:8d:94:34:67:eb:aa:a6:
         2d:db:06:3e:e8:07:56:a4:9d:45:25:fc:31:9f:90:0e:ac:b5:
         36:16:80:64:09:a7:86:73:22:0b:20:c3:86:6c:2e:c2:07:d8:
         75:54:34:61:b6:06:c6:25:f3:dc:c8:38:de:15:7d:36:f3:db:
         6f:5f:74:38:bb:ec:be:e1:6f:12:7b:d0:88:71:08:fc:33:06:
         b3:92:6b:34:f1:99:4d:40:4a:5e:e6:e2:ad:94:32:4b:d3:45:
         1f:8e:b7:8f
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEAjKhmzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ODdjYzY4MGM4NTk4M2U3YmY3NDQ5OGQwZTZiZTgwMGY4NjQ1MWMzMB4XDTIyMDEw
MTAzNTgwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjA2MjMwOTA4NThi
NmEzZjg3Y2I4MTlmMTFmNzg4ZDAxOGE0NmVmYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALZurnZ3/cSKWpjf+hGLzTtXf5o59wiOouu7fbuc68gfIy24
yU98nuvvA8w4kDK7gsle2jJN4iCNxReJ4KrJb6kLRB3PuChZE//i0AIT7unlfp8c
HS9N3zu2EgkaEuxbhRBN6ehJxD3mkNiPTbPX+wG711iP8t3pO78I7w35iTwPngS5
c5IbFCHinsKKsSw4mR7sOZ/S6PISO8WWy9s36CTUnZyrRu7K7LwrznjuSi45eTqn
2DiBfjtXrO/s20w7SsD5gd6bOQtZn3TEJBiugkwpEwdJV6U6syFllM9ea4Nkv4vB
7U74Yv4DUaq20uzgSBKeYHlQ21BN9IEPItmUxYUCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBRgYjCQhYtqP4fLgZ8R94jQGKRu+jAfBgNVHSMEGDAWgBTofMaAyFmD5790
SY0Oa+gA+GRRwzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZIekdnTWhaZy1lX2RFbU5EbXZvQVBoa1VjTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGYvMjlhZjU5LTBiN2ItNGQ4MC04ZjlmLTE0ZDAyZTMwZDIyNy8x
L1lHSXdrSVdMYWotSHk0R2ZFZmVJMEJpa2J2by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYv
MjlhZjU5LTBiN2ItNGQ4MC04ZjlmLTE0ZDAyZTMwZDIyNy8xLzZIekdnTWhaZy1l
X2RFbU5EbXZvQVBoa1VjTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAx/SGAMEBUD9IAMEArkCxAMEArmI
9DANBAIAAjAHAwUDKgNDADANBgkqhkiG9w0BAQsFAAOCAQEAa+JLvYyesTnkdvoL
bcGFTge1WSWd/4rhCdOJpBR9u8mYb43v1FymEyubJQ5huUax5f6ctlRVsxzBZYnn
ZGmMQYqR3ZYKWvkRjp9ZZwbw7oFDMzLG/TK83O7c9J1CPDPHnPXgpCVxGh/GOVMX
Y4PyoOX6xEHyQc/MvdndOOeVxMMManavRLPMV6WsE2Nsp35qFjeW0NVa8k5B5ECN
lDRn66qmLdsGPugHVqSdRSX8MZ+QDqy1NhaAZAmnhnMiCyDDhmwuwgfYdVQ0YbYG
xiXz3Mg43hV9NvPbb190OLvsvuFvEnvQiHEI/DMGs5JrNPGZTUBKXubirZQyS9NF
H463jw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:39 2024 by rpki-client on console-fra.rpki-client.org