Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/U2XFYRhEHyrrNYMphDgASaA6gQ4.roa
File:                     U2XFYRhEHyrrNYMphDgASaA6gQ4.roa (raw, json)
Hash identifier:          kD/SEeBehEto3IZT2xxBamwAaWtaOIwc1PriviaTNRI=
Subject key identifier:   53:65:C5:61:18:44:1F:2A:EB:35:83:29:84:38:00:49:A0:3A:81:0E
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       06956738
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/U2XFYRhEHyrrNYMphDgASaA6gQ4.roa
Signing time:             Sat 01 Jan 2022 08:57:12 +0000
ROA not before:           Sat 01 Jan 2022 08:57:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16262
IP address blocks:        194.150.178.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 110454584 (0x6956738)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 08:57:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5365c56118441f2aeb35832984380049a03a810e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4e:18:59:04:20:a8:4a:f7:2e:e5:07:30:18:
                    9d:ae:1d:f2:95:ad:98:28:9a:7d:ed:1f:a4:2b:61:
                    f9:9e:f8:36:29:36:a1:e8:22:d6:2a:49:9f:1c:ec:
                    76:32:10:23:e2:50:40:55:43:e5:3b:c3:67:be:c0:
                    91:a9:59:2d:cd:e8:1f:12:a4:d7:fc:40:85:b1:f8:
                    c4:0e:8b:37:4a:63:98:07:39:de:91:00:94:a9:74:
                    c7:a0:89:38:ee:67:85:56:fb:27:8a:15:75:e0:d9:
                    eb:a9:df:5b:79:b4:0b:91:48:79:e1:7b:f4:fd:46:
                    7c:b6:bc:8a:4b:03:ef:8e:19:ec:14:5f:a5:af:05:
                    b9:38:25:d5:ae:f9:30:68:8e:17:9f:c1:a4:af:2a:
                    66:af:38:75:28:d9:fc:0b:04:54:44:8f:38:ad:9e:
                    f0:68:02:64:3b:01:af:47:71:ec:d6:71:0c:a3:ee:
                    2e:7e:d5:f0:25:0c:e3:0c:2e:f1:ff:ea:56:d5:6c:
                    ee:0f:68:ff:b5:ae:e1:ad:dd:4b:71:d9:dc:16:31:
                    20:87:99:a8:8a:8f:b2:a9:3c:b2:a1:8f:7b:64:e8:
                    48:fd:12:72:a8:ca:bc:1d:44:b9:0a:81:41:f8:c3:
                    ef:c2:e9:70:d5:a1:92:d1:6b:7d:87:a2:0d:6a:82:
                    ec:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:65:C5:61:18:44:1F:2A:EB:35:83:29:84:38:00:49:A0:3A:81:0E
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/U2XFYRhEHyrrNYMphDgASaA6gQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:6c:f0:a6:10:fd:e5:e5:e4:0d:59:64:36:8b:b4:bd:7c:41:
         7a:85:02:3f:d3:1a:95:3c:92:1f:36:35:56:25:8a:9f:86:82:
         74:59:f1:9e:ed:3d:b4:73:e6:39:70:16:a6:66:77:2e:6d:a1:
         30:f6:46:2d:0d:de:b8:d3:50:1d:4c:0c:53:b9:54:f0:87:34:
         06:56:4f:bd:ff:57:38:de:03:86:58:5e:d6:21:a5:5b:82:a1:
         53:fa:cc:b5:68:13:8f:93:2a:70:fe:bd:7f:85:b4:da:74:3c:
         32:d7:1a:41:28:a0:ce:d1:c7:42:24:75:11:7f:04:a3:e6:a0:
         86:1b:d2:51:ce:48:33:05:e6:b2:0b:1c:a2:5a:04:7c:52:d5:
         10:d1:4c:10:e8:ab:9d:42:bd:bf:12:5b:38:a9:95:55:f7:c8:
         c6:d4:03:be:11:d6:c0:17:67:40:02:5c:89:2f:c7:03:52:97:
         7d:e8:44:e8:c3:5f:40:8a:24:da:2b:4c:6d:9b:57:31:9f:dc:
         2a:9c:dc:33:20:80:29:fd:94:9e:d5:6c:aa:68:a9:3b:c2:a7:
         ca:89:1a:01:ca:e7:cb:7d:b0:1f:a9:51:54:e1:f9:02:11:36:
         d4:f3:f1:0d:ce:fc:6c:24:73:79:3f:c2:81:e3:4e:3f:48:39:
         2d:41:4c:51
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBpVnODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Nzk1NWIxYWExYzAyODRkMjg0M2I5NmYyNmM1ZmU3NTFlNjY5NDZmMB4XDTIyMDEw
MTA4NTcxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTM2NWM1NjExODQ0
MWYyYWViMzU4MzI5ODQzODAwNDlhMDNhODEwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM9OGFkEIKhK9y7lBzAYna4d8pWtmCiafe0fpCth+Z74Nik2
oegi1ipJnxzsdjIQI+JQQFVD5TvDZ77AkalZLc3oHxKk1/xAhbH4xA6LN0pjmAc5
3pEAlKl0x6CJOO5nhVb7J4oVdeDZ66nfW3m0C5FIeeF79P1GfLa8iksD744Z7BRf
pa8FuTgl1a75MGiOF5/BpK8qZq84dSjZ/AsEVESPOK2e8GgCZDsBr0dx7NZxDKPu
Ln7V8CUM4wwu8f/qVtVs7g9o/7Wu4a3dS3HZ3BYxIIeZqIqPsqk8sqGPe2ToSP0S
cqjKvB1EuQqBQfjD78LpcNWhktFrfYeiDWqC7O0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRTZcVhGEQfKus1gymEOABJoDqBDjAfBgNVHSMEGDAWgBRnlVsaocAoTShD
uW8mxf51HmaUbzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1o1VmJHcUhBS0Uwb1E3bHZKc1gtZFI1bWxHOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWIvNjMxOTI1LTZiMGUtNGVhNS05MWQ3LTA4YWQ5NDEwMWQ3ZS8x
L1UyWEZZUmhFSHlyck5ZTXBoRGdBU2FBNmdRNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIv
NjMxOTI1LTZiMGUtNGVhNS05MWQ3LTA4YWQ5NDEwMWQ3ZS8xL1o1VmJHcUhBS0Uw
b1E3bHZKc1gtZFI1bWxHOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMKWsjANBgkqhkiG9w0BAQsFAAOC
AQEAKmzwphD95eXkDVlkNou0vXxBeoUCP9MalTySHzY1ViWKn4aCdFnxnu09tHPm
OXAWpmZ3Lm2hMPZGLQ3euNNQHUwMU7lU8Ic0BlZPvf9XON4Dhlhe1iGlW4KhU/rM
tWgTj5MqcP69f4W02nQ8MtcaQSigztHHQiR1EX8Eo+aghhvSUc5IMwXmsgscoloE
fFLVENFMEOirnUK9vxJbOKmVVffIxtQDvhHWwBdnQAJciS/HA1KXfehE6MNfQIok
2itMbZtXMZ/cKpzcMyCAKf2UntVsqmipO8KnyokaAcrny32wH6lRVOH5AhE21PPx
Dc78bCRzeT/CgeNOP0g5LUFMUQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:52 2024 by rpki-client on console-ams.rpki-client.org