Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fBFh5UzdrlG82BEiwN32V6YA8qs.roa
File:                     fBFh5UzdrlG82BEiwN32V6YA8qs.roa (raw, json)
Hash identifier:          +DBREOfH45Z/wehlkK/oR7TRTuShAh/jCqO/CT2rYWM=
Subject key identifier:   7C:11:61:E5:4C:DD:AE:51:BC:D8:11:22:C0:DD:F6:57:A6:00:F2:AB
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       069793FA
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fBFh5UzdrlG82BEiwN32V6YA8qs.roa
Signing time:             Sat 01 Jan 2022 08:57:14 +0000
ROA not before:           Sat 01 Jan 2022 08:57:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213220
IP address blocks:        195.210.8.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 110597114 (0x69793fa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 08:57:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7c1161e54cddae51bcd81122c0ddf657a600f2ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:98:d9:b8:f5:92:e5:9e:81:2b:c4:a2:a4:9f:
                    d9:e6:2d:59:8d:eb:c7:97:c5:0b:75:f8:bc:e1:3b:
                    7a:84:5f:99:a3:b9:1a:40:7b:0a:87:72:07:7e:9a:
                    65:f5:4a:22:dc:72:4e:a5:c4:16:51:1e:d0:32:21:
                    99:0a:63:c8:24:b2:ae:b6:b5:2d:ea:32:20:66:59:
                    34:7e:91:5f:69:44:85:29:d6:fa:8d:85:ee:b1:00:
                    56:99:3c:ac:59:34:85:78:8b:18:9e:71:bb:64:59:
                    d2:d8:b0:02:90:4b:5c:3e:4d:dc:eb:a8:c0:38:a6:
                    03:a9:40:84:f9:ed:03:ae:5d:4a:2b:61:67:4d:8b:
                    13:d1:c9:7e:d8:b3:e5:cf:16:5c:3b:4b:f2:06:21:
                    7f:20:b0:33:5b:2e:f1:c9:d3:94:00:c3:bf:c9:f0:
                    af:ee:aa:8b:44:3e:f4:ee:ea:24:12:76:1c:c8:c7:
                    22:33:96:0e:f6:9d:45:a1:85:c7:af:a6:ab:47:3d:
                    ea:41:c5:2f:0e:84:dd:ce:44:dc:b4:29:3d:b2:7d:
                    4a:db:eb:f3:dc:22:7d:8f:c8:a7:48:d8:b2:9a:82:
                    50:ec:84:01:87:23:46:01:dd:1d:14:a6:e7:5c:49:
                    64:5e:11:9e:0a:ba:67:ff:cc:50:86:73:05:e2:b7:
                    38:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:11:61:E5:4C:DD:AE:51:BC:D8:11:22:C0:DD:F6:57:A6:00:F2:AB
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fBFh5UzdrlG82BEiwN32V6YA8qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:82:8d:ff:2b:07:30:b1:ae:ee:c5:70:57:8c:52:8e:a3:a9:
         47:c6:05:69:22:04:ce:f0:f1:e0:f7:52:cf:5b:92:09:5f:b5:
         e9:c1:cd:87:bb:79:81:6a:a7:12:bc:a4:68:cf:49:79:04:37:
         57:af:3b:2e:c0:44:6b:04:76:9a:c4:97:65:8f:f1:0e:30:1c:
         6c:db:fd:3b:5a:43:bc:bf:3f:91:ff:ae:36:55:dd:c4:02:5b:
         0f:1b:db:12:59:43:36:ba:21:78:53:1c:1c:2e:6b:2f:6e:ee:
         37:f5:17:de:0e:da:f4:b3:5a:0e:55:2e:e6:a3:25:91:8e:95:
         c1:1c:fe:87:d8:0f:33:63:ca:24:e1:2e:21:3b:c2:51:e6:a3:
         8c:8d:ba:39:a1:1c:e0:ca:f0:e8:df:bb:c1:cc:26:45:75:e1:
         32:45:38:ad:bd:f7:94:59:ff:99:4f:5a:21:cc:25:09:2e:e2:
         f8:b9:52:32:54:74:05:1d:8a:f5:39:d1:f4:75:4c:1c:14:75:
         f4:2b:70:6a:b3:e9:35:06:ac:14:ff:fc:b0:9d:29:70:6b:02:
         94:6e:1d:bb:05:6c:20:1d:ec:02:8e:c0:18:56:58:3d:a2:67:
         7e:32:f7:40:a4:18:f4:bd:ac:a4:4f:db:c8:14:9d:92:e4:50:
         49:04:b4:fa
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBpeT+jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Nzk1NWIxYWExYzAyODRkMjg0M2I5NmYyNmM1ZmU3NTFlNjY5NDZmMB4XDTIyMDEw
MTA4NTcxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2MxMTYxZTU0Y2Rk
YWU1MWJjZDgxMTIyYzBkZGY2NTdhNjAwZjJhYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMKY2bj1kuWegSvEoqSf2eYtWY3rx5fFC3X4vOE7eoRfmaO5
GkB7CodyB36aZfVKItxyTqXEFlEe0DIhmQpjyCSyrra1LeoyIGZZNH6RX2lEhSnW
+o2F7rEAVpk8rFk0hXiLGJ5xu2RZ0tiwApBLXD5N3OuowDimA6lAhPntA65dSith
Z02LE9HJftiz5c8WXDtL8gYhfyCwM1su8cnTlADDv8nwr+6qi0Q+9O7qJBJ2HMjH
IjOWDvadRaGFx6+mq0c96kHFLw6E3c5E3LQpPbJ9Stvr89wifY/Ip0jYspqCUOyE
AYcjRgHdHRSm51xJZF4Rngq6Z//MUIZzBeK3OLcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR8EWHlTN2uUbzYESLA3fZXpgDyqzAfBgNVHSMEGDAWgBRnlVsaocAoTShD
uW8mxf51HmaUbzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1o1VmJHcUhBS0Uwb1E3bHZKc1gtZFI1bWxHOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWIvNjMxOTI1LTZiMGUtNGVhNS05MWQ3LTA4YWQ5NDEwMWQ3ZS8x
L2ZCRmg1VXpkcmxHODJCRWl3TjMyVjZZQThxcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIv
NjMxOTI1LTZiMGUtNGVhNS05MWQ3LTA4YWQ5NDEwMWQ3ZS8xL1o1VmJHcUhBS0Uw
b1E3bHZKc1gtZFI1bWxHOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcPSCDANBgkqhkiG9w0BAQsFAAOC
AQEAAIKN/ysHMLGu7sVwV4xSjqOpR8YFaSIEzvDx4PdSz1uSCV+16cHNh7t5gWqn
ErykaM9JeQQ3V687LsBEawR2msSXZY/xDjAcbNv9O1pDvL8/kf+uNlXdxAJbDxvb
EllDNroheFMcHC5rL27uN/UX3g7a9LNaDlUu5qMlkY6VwRz+h9gPM2PKJOEuITvC
UeajjI26OaEc4Mrw6N+7wcwmRXXhMkU4rb33lFn/mU9aIcwlCS7i+LlSMlR0BR2K
9TnR9HVMHBR19CtwarPpNQasFP/8sJ0pcGsClG4duwVsIB3sAo7AGFZYPaJnfjL3
QKQY9L2spE/byBSdkuRQSQS0+g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:52 2024 by rpki-client on console-ams.rpki-client.org