Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/qI0QvWkFnpW9n-lSFIfz2Sh30Qk.roa
File:                     qI0QvWkFnpW9n-lSFIfz2Sh30Qk.roa (raw, json)
Hash identifier:          z/cqE6dn08I8bxFqJEgx3AXTBJDTSipda6LRp/J2L0w=
Subject key identifier:   A8:8D:10:BD:69:05:9E:95:BD:9F:E9:52:14:87:F3:D9:28:77:D1:09
Certificate issuer:       /CN=bfabf5a474afe7212331670e831e119da38f284f
Certificate serial:       09EF7A8A
Authority key identifier: BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/qI0QvWkFnpW9n-lSFIfz2Sh30Qk.roa
Signing time:             Sat 01 Jan 2022 05:57:39 +0000
ROA not before:           Sat 01 Jan 2022 05:57:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21232
IP address blocks:        185.11.168.0/22 maxlen: 22
                          82.192.224.0/19 maxlen: 19
                          185.45.236.0/22 maxlen: 22
                          93.184.16.0/20 maxlen: 20
                          213.160.32.0/19 maxlen: 19
                          2a02:5c0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 166689418 (0x9ef7a8a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfabf5a474afe7212331670e831e119da38f284f
        Validity
            Not Before: Jan  1 05:57:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a88d10bd69059e95bd9fe9521487f3d92877d109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:04:e8:7e:4f:ec:66:a9:45:61:79:d5:dc:5f:
                    f2:56:a7:03:47:cd:73:12:51:02:c7:8c:30:c7:9f:
                    87:22:30:f6:f9:5c:f9:d1:fc:4e:8e:bb:9f:d3:60:
                    8e:2e:01:bc:20:ff:22:f4:bc:28:5f:8c:c7:5f:2a:
                    03:15:d5:16:ca:91:6a:4b:cc:2f:f4:61:ba:30:83:
                    27:a0:c8:2d:62:2b:77:67:45:6f:08:ae:ef:d0:f2:
                    ae:09:13:ff:c5:9c:45:f2:bc:d0:41:db:f3:d7:1f:
                    f4:3a:34:82:e8:ee:78:af:14:12:79:43:3e:ee:49:
                    29:10:f9:75:a8:99:9a:57:32:5e:36:39:a0:5a:4b:
                    1d:53:73:09:fe:67:ee:c8:f6:e5:99:a8:90:fe:f4:
                    55:e8:a5:f4:c8:fc:b1:e5:83:aa:7e:f0:29:6b:42:
                    b8:fa:8e:93:2c:48:65:0d:1f:bd:8f:2c:91:97:c1:
                    9e:f3:77:e2:68:30:d0:ca:fc:16:3a:54:e4:61:e1:
                    7f:43:4e:f5:d1:a1:23:cb:cd:aa:85:99:db:32:19:
                    7a:9c:46:51:9d:1c:fe:46:c1:44:a1:9c:5f:3c:3f:
                    7d:55:3d:42:68:6d:7c:c5:5e:db:7e:d8:77:40:3a:
                    66:95:59:d2:55:77:3e:77:26:fc:0e:dd:61:61:1e:
                    fb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8D:10:BD:69:05:9E:95:BD:9F:E9:52:14:87:F3:D9:28:77:D1:09
            X509v3 Authority Key Identifier:
                keyid:BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/qI0QvWkFnpW9n-lSFIfz2Sh30Qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/v6v1pHSv5yEjMWcOgx4RnaOPKE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.192.224.0/19
                  93.184.16.0/20
                  185.11.168.0/22
                  185.45.236.0/22
                  213.160.32.0/19
                IPv6:
                  2a02:5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:bf:0a:79:8c:15:4e:96:c4:5f:ca:f7:39:ed:05:07:49:66:
         34:38:02:36:0b:89:95:a0:0a:e1:fc:8d:d5:e6:67:5a:eb:51:
         ed:eb:43:11:5b:b0:0b:53:66:7d:5b:cc:66:cd:e9:d8:6a:58:
         c7:6c:7a:aa:a3:9a:1f:d4:81:65:0a:20:71:bc:bb:b4:81:6c:
         e4:c0:09:3a:23:fd:fa:a7:72:3f:0b:99:12:1d:3b:25:4c:bc:
         81:4f:ad:9e:cb:5c:63:99:a0:d4:3c:7c:eb:82:d7:9a:61:7c:
         ee:07:13:39:b0:bc:04:28:b4:b2:cb:23:ed:27:dc:7c:32:be:
         44:45:96:4c:2d:26:65:cb:6d:a7:65:f3:6a:16:b8:44:39:df:
         89:fe:01:6d:67:3a:8f:fd:38:92:51:a1:8d:a4:8b:74:0f:f9:
         24:92:fd:3c:98:c8:68:c2:fe:26:f1:e2:b4:0d:ca:e6:ba:0e:
         c0:b2:29:47:fa:fb:5b:f9:3a:7e:e0:11:d4:5c:e9:17:74:c5:
         55:9e:eb:d1:bb:e8:f4:10:47:26:ce:3f:cf:4c:cc:88:6e:84:
         1d:6a:4b:5f:63:ac:2b:9c:d4:7d:e0:4d:e6:cd:be:df:56:18:
         76:88:a1:06:00:93:eb:2b:94:c3:d6:15:7f:c3:c2:ad:17:f5:
         6b:4f:7d:35
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIECe96ijANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZmFiZjVhNDc0YWZlNzIxMjMzMTY3MGU4MzFlMTE5ZGEzOGYyODRmMB4XDTIyMDEw
MTA1NTczOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTg4ZDEwYmQ2OTA1
OWU5NWJkOWZlOTUyMTQ4N2YzZDkyODc3ZDEwOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKME6H5P7GapRWF51dxf8lanA0fNcxJRAseMMMefhyIw9vlc
+dH8To67n9Ngji4BvCD/IvS8KF+Mx18qAxXVFsqRakvML/RhujCDJ6DILWIrd2dF
bwiu79DyrgkT/8WcRfK80EHb89cf9Do0gujueK8UEnlDPu5JKRD5daiZmlcyXjY5
oFpLHVNzCf5n7sj25ZmokP70Veil9Mj8seWDqn7wKWtCuPqOkyxIZQ0fvY8skZfB
nvN34mgw0Mr8FjpU5GHhf0NO9dGhI8vNqoWZ2zIZepxGUZ0c/kbBRKGcXzw/fVU9
QmhtfMVe237Yd0A6ZpVZ0lV3Pncm/A7dYWEe+wcCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBSojRC9aQWelb2f6VIUh/PZKHfRCTAfBgNVHSMEGDAWgBS/q/WkdK/nISMx
Zw6DHhGdo48oTzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Y2djFwSFN2NXlFak1XY09neDRSbmFPUEtFOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjEvMDE4OGRhLTM2NTUtNDgyZC04ODFiLWZlYmJjNGEzYjQ1Yi8x
L3FJMFF2V2tGbnBXOW4tbFNGSWZ6MlNoMzBRay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEv
MDE4OGRhLTM2NTUtNDgyZC04ODFiLWZlYmJjNGEzYjQ1Yi8xL3Y2djFwSFN2NXlF
ak1XY09neDRSbmFPUEtFOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEBVLA4AMEBF24EAMEArkLqAMEArkt
7AMEBdWgIDANBAIAAjAHAwUAKgIFwDANBgkqhkiG9w0BAQsFAAOCAQEAgL8KeYwV
TpbEX8r3Oe0FB0lmNDgCNguJlaAK4fyN1eZnWutR7etDEVuwC1NmfVvMZs3p2GpY
x2x6qqOaH9SBZQogcby7tIFs5MAJOiP9+qdyPwuZEh07JUy8gU+tnstcY5mg1Dx8
64LXmmF87gcTObC8BCi0sssj7SfcfDK+REWWTC0mZcttp2Xzaha4RDnfif4BbWc6
j/04klGhjaSLdA/5JJL9PJjIaML+JvHitA3K5roOwLIpR/r7W/k6fuAR1FzpF3TF
VZ7r0bvo9BBHJs4/z0zMiG6EHWpLX2OsK5zUfeBN5s2+31YYdoihBgCT6yuUw9YV
f8PCrRf1a099NQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org