Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/IcU5GICDy8lxmZJuF-vcURNXzzg.roa
File:                     IcU5GICDy8lxmZJuF-vcURNXzzg.roa (raw, json)
Hash identifier:          kpS/MFauWEPWC7ST3C0g9bkIWjjOGcFnbpvO4+j1Nsw=
Subject key identifier:   21:C5:39:18:80:83:CB:C9:71:99:92:6E:17:EB:DC:51:13:57:CF:38
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       3490C079
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/IcU5GICDy8lxmZJuF-vcURNXzzg.roa
Signing time:             Sat 01 Jan 2022 05:04:39 +0000
ROA not before:           Sat 01 Jan 2022 05:04:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60175
IP address blocks:        195.4.128.0/19 maxlen: 19
                          195.4.160.0/20 maxlen: 20
                          195.4.184.0/21 maxlen: 21
                          195.4.192.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 881901689 (0x3490c079)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan  1 05:04:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=21c539188083cbc97199926e17ebdc511357cf38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:40:cf:01:f0:af:cf:16:30:5e:b8:1b:b9:ca:
                    a7:7f:c3:58:55:bc:92:8a:27:4a:65:c4:7c:78:2f:
                    dc:14:69:a0:69:2d:8e:72:a5:83:7e:19:7a:d9:13:
                    d6:cd:37:88:5e:3c:e1:3e:6b:92:0d:6d:ae:46:b1:
                    75:88:9a:53:92:16:e5:fa:a1:90:a6:c6:eb:52:7e:
                    e5:22:e3:f4:06:df:61:97:2c:c1:7a:21:83:8b:2a:
                    56:59:9f:47:1a:91:49:51:f4:1d:84:fd:2c:12:2f:
                    61:d1:67:a2:2f:92:86:1f:06:58:b5:4d:08:59:68:
                    35:0d:43:2d:1f:04:66:04:4e:de:70:63:8a:5d:6a:
                    2f:32:8e:47:48:39:a1:56:3c:ae:59:2f:1c:3c:a2:
                    46:f7:91:e0:45:15:a8:68:26:dc:cc:4c:e0:22:e2:
                    48:b3:09:a4:ec:11:bc:ee:45:46:b1:04:e9:67:6c:
                    15:96:73:87:e6:d2:56:4c:d1:41:aa:2a:3c:01:78:
                    b0:81:fb:cb:68:c5:02:b3:ce:da:34:97:80:ae:6b:
                    b1:23:78:79:d9:01:95:21:12:70:a3:93:08:74:a4:
                    5d:91:f3:90:1f:5a:e6:46:b3:83:0c:66:fa:f5:89:
                    04:1b:61:73:63:4c:f6:e8:65:c6:3b:40:f3:f1:f0:
                    5a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C5:39:18:80:83:CB:C9:71:99:92:6E:17:EB:DC:51:13:57:CF:38
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/IcU5GICDy8lxmZJuF-vcURNXzzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.4.128.0-195.4.175.255
                  195.4.184.0-195.4.207.255

    Signature Algorithm: sha256WithRSAEncryption
         a7:cd:75:72:86:9f:06:e6:a7:5f:71:6d:03:c6:fc:2a:36:8d:
         5a:2f:9d:1a:e7:ca:c6:75:14:6a:96:82:6d:d5:e4:fb:b1:9b:
         06:a5:a2:01:6a:31:76:b4:26:56:f2:df:f6:b0:56:e0:74:29:
         f6:db:a3:54:57:ef:8b:55:68:13:8d:54:1b:53:da:a5:8a:fe:
         1c:4d:45:2c:de:18:74:9e:79:bc:d8:5e:78:9b:f6:12:c8:e6:
         78:5d:aa:e8:59:d9:f6:7c:65:90:d8:f8:6a:88:29:53:d8:90:
         22:f1:8e:2a:15:ad:1d:b2:5f:d7:15:df:ce:1c:cc:18:a9:db:
         7c:95:46:56:d3:86:58:2b:8e:fc:22:2f:14:e3:5e:d8:09:97:
         64:29:95:a6:fa:b9:ca:92:99:99:c3:50:9c:ab:f8:37:ee:cd:
         26:8a:8b:13:95:66:81:b5:85:92:22:c3:6b:dd:ba:c3:9c:2c:
         fd:8f:18:cb:3f:c9:cd:84:6f:5d:29:07:83:51:1c:76:06:a3:
         fe:c5:72:0c:19:26:43:1b:5b:1b:6c:97:f2:4c:11:85:9e:99:
         69:df:38:f6:84:7f:5a:a6:f3:cd:5f:4c:e6:a7:0f:59:0a:49:
         bb:e3:42:cb:bd:e1:84:37:d3:cd:2a:a6:83:c1:f1:c5:1c:79:
         87:af:cb:bf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIENJDAeTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZjgwMTk4NGNjMzhmMGE0ZmM1YWZlMWFkZWFiNjgwYzFiODllOTViMB4XDTIyMDEw
MTA1MDQzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjFjNTM5MTg4MDgz
Y2JjOTcxOTk5MjZlMTdlYmRjNTExMzU3Y2YzODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKhAzwHwr88WMF64G7nKp3/DWFW8koonSmXEfHgv3BRpoGkt
jnKlg34ZetkT1s03iF484T5rkg1trkaxdYiaU5IW5fqhkKbG61J+5SLj9AbfYZcs
wXohg4sqVlmfRxqRSVH0HYT9LBIvYdFnoi+Shh8GWLVNCFloNQ1DLR8EZgRO3nBj
il1qLzKOR0g5oVY8rlkvHDyiRveR4EUVqGgm3MxM4CLiSLMJpOwRvO5FRrEE6Wds
FZZzh+bSVkzRQaoqPAF4sIH7y2jFArPO2jSXgK5rsSN4edkBlSEScKOTCHSkXZHz
kB9a5kazgwxm+vWJBBthc2NM9uhlxjtA8/HwWqUCAwEAAaOCAh8wggIbMB0GA1Ud
DgQWBBQhxTkYgIPLyXGZkm4X69xRE1fPODAfBgNVHSMEGDAWgBSvgBmEzDjwpPxa
/hreq2gMG4npWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3I0QVpoTXc0OEtUOFd2NGEzcXRvREJ1SjZWcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTYvYmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8x
L0ljVTVHSUNEeThseG1aSnVGLXZjVVJOWHp6Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYv
YmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8xL3I0QVpoTXc0OEtU
OFd2NGEzcXRvREJ1SjZWcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1
BggrBgEFBQcBBwEB/wQmMCQwIgQCAAEwHDAMAwQHwwSAAwQEwwSgMAwDBAPDBLgD
BATDBMAwDQYJKoZIhvcNAQELBQADggEBAKfNdXKGnwbmp19xbQPG/Co2jVovnRrn
ysZ1FGqWgm3V5PuxmwalogFqMXa0Jlby3/awVuB0Kfbbo1RX74tVaBONVBtT2qWK
/hxNRSzeGHSeebzYXnib9hLI5nhdquhZ2fZ8ZZDY+GqIKVPYkCLxjioVrR2yX9cV
384czBip23yVRlbThlgrjvwiLxTjXtgJl2Qplab6ucqSmZnDUJyr+DfuzSaKixOV
ZoG1hZIiw2vdusOcLP2PGMs/yc2Eb10pB4NRHHYGo/7FcgwZJkMbWxtsl/JMEYWe
mWnfOPaEf1qm881fTOanD1kKSbvjQsu94YQ3080qpoPB8cUceYevy78=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org