Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/1-6Ig_i6skNF7uFri4801h-AAuLI.roa
File:                     1-6Ig_i6skNF7uFri4801h-AAuLI.roa (raw, json)
Hash identifier:          FWG5mbsRvKpk5TXmr/QfcBVwt9WEhBx3uxssmsroH1k=
Subject key identifier:   FB:A2:20:FE:2E:AC:90:D1:7B:B8:5A:E2:E3:CD:35:87:E0:00:B8:B2
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       03138249
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/1-6Ig_i6skNF7uFri4801h-AAuLI.roa
Signing time:             Thu 17 Feb 2022 23:12:59 +0000
ROA not before:           Thu 17 Feb 2022 23:12:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        94.177.27.0/24 maxlen: 24
                          89.42.213.0/24 maxlen: 24
                          89.37.106.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          94.177.65.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 51610185 (0x3138249)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Feb 17 23:12:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fba220fe2eac90d17bb85ae2e3cd3587e000b8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:46:b3:40:35:28:4a:57:99:1d:ba:d8:e5:cd:
                    4f:6f:9b:5a:ee:b0:38:cc:e9:cb:0f:83:c2:8f:60:
                    67:b2:a0:c5:d0:d7:0c:c4:9c:a1:09:4e:b4:63:2e:
                    ce:52:3c:b4:4a:56:b9:68:9e:d7:b1:14:7c:49:ae:
                    5f:46:e0:e0:e2:28:6a:ce:ee:0f:c6:f9:f9:89:1d:
                    2c:ea:e5:84:6f:a5:cc:0d:c1:5e:d5:b2:f8:00:f0:
                    03:f3:74:e4:ba:9f:36:f0:6f:c2:04:12:7c:b5:78:
                    f8:88:6c:7b:63:93:30:ba:f4:fb:34:ce:54:40:82:
                    5c:f7:39:b3:0e:42:7d:64:aa:e7:af:e7:b5:62:c5:
                    75:0e:69:02:21:6e:59:97:54:f6:b0:ff:de:43:dd:
                    52:40:09:db:48:3d:0b:a7:a7:fc:19:81:d6:a2:3e:
                    ca:33:d6:9d:ea:a1:be:d5:42:94:2b:b8:36:ca:87:
                    93:81:94:4a:79:ba:89:41:d6:8d:90:86:1b:9d:39:
                    3c:91:3d:65:73:a3:5d:ed:88:b8:65:8b:32:31:45:
                    56:2c:3c:8e:3a:37:ea:19:f7:1f:21:82:3d:1d:47:
                    a4:7b:74:2a:7e:8c:f7:40:dc:a6:1c:fc:0d:36:77:
                    ff:08:4a:38:c1:28:8b:13:76:da:b8:22:25:58:0c:
                    ec:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A2:20:FE:2E:AC:90:D1:7B:B8:5A:E2:E3:CD:35:87:E0:00:B8:B2
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/1-6Ig_i6skNF7uFri4801h-AAuLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.174.0/24
                  89.37.106.0/24
                  89.42.213.0/24
                  94.177.27.0/24
                  94.177.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:d7:21:b2:d1:12:26:51:3b:42:85:e8:94:c1:57:c2:52:8f:
         32:35:4e:53:38:ec:71:99:62:62:e8:f3:8b:18:27:d0:8a:62:
         80:3b:d8:0f:fd:e4:dc:3d:3e:25:dd:96:b6:70:fe:cf:7c:fc:
         01:2c:ff:9a:76:ce:94:60:c1:91:fb:8e:82:28:e7:9f:3b:38:
         ec:af:be:08:4f:ca:77:9f:c3:0b:e1:14:3d:0e:77:92:5f:25:
         f8:47:b2:d3:08:94:2b:46:b9:fa:b5:33:e7:28:c4:5e:d3:14:
         39:ca:92:1a:0e:5b:c6:d6:ca:3f:ea:1d:1f:f8:28:35:96:45:
         e6:b5:1d:67:a5:b6:4e:9b:5c:78:21:04:1f:9c:a4:a8:49:c7:
         c4:52:83:f0:aa:b3:e6:8e:24:ff:75:c9:43:68:65:af:eb:b5:
         37:87:20:bf:7d:af:de:a6:4c:96:13:86:be:32:cf:2d:f8:47:
         8f:7b:d3:1b:9c:f9:d0:6f:0a:fb:51:4f:e8:7e:4c:97:27:91:
         40:94:03:d2:9a:f0:d7:78:65:5c:f5:1d:0a:2f:d4:85:62:d9:
         60:f9:38:f9:e2:ab:0b:f8:bd:b2:3a:a1:32:c7:c2:89:56:1f:
         62:94:bc:c9:54:cc:23:f5:83:24:64:a3:b4:73:b3:8c:b0:d8:
         a5:ae:fe:c3
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIEAxOCSTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YTAwZTk4MTk1MzA2MTk3MmM4OTZiZDZkMjc3MzhkMDgzYWFkYjBlMB4XDTIyMDIx
NzIzMTI1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmJhMjIwZmUyZWFj
OTBkMTdiYjg1YWUyZTNjZDM1ODdlMDAwYjhiMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPFGs0A1KEpXmR262OXNT2+bWu6wOMzpyw+Dwo9gZ7KgxdDX
DMScoQlOtGMuzlI8tEpWuWie17EUfEmuX0bg4OIoas7uD8b5+YkdLOrlhG+lzA3B
XtWy+ADwA/N05LqfNvBvwgQSfLV4+Ihse2OTMLr0+zTOVECCXPc5sw5CfWSq56/n
tWLFdQ5pAiFuWZdU9rD/3kPdUkAJ20g9C6en/BmB1qI+yjPWneqhvtVClCu4NsqH
k4GUSnm6iUHWjZCGG505PJE9ZXOjXe2IuGWLMjFFViw8jjo36hn3HyGCPR1HpHt0
Kn6M90Dcphz8DTZ3/whKOMEoixN22rgiJVgM7E0CAwEAAaOCAiIwggIeMB0GA1Ud
DgQWBBT7oiD+LqyQ0Xu4WuLjzTWH4AC4sjAfBgNVHSMEGDAWgBTaAOmBlTBhlyyJ
a9bSdzjQg6rbDjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJnRHBnWlV3WVpjc2lXdlcwbmM0MElPcTJ3NC5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1ZS8x
LzEtNklnX2k2c2tORjd1RnJpNDgwMWgtQUF1TEkucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Zm
LzgyYTdkNi05MmE5LTQyMDQtOWFlMC05YTQ4ZWNmOWUxNWUvMS8yZ0RwZ1pVd1la
Y3NpV3ZXMG5jNDBJT3EydzQuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
NwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBAAuZq4DBABZJWoDBABZKtUDBABe
sRsDBABesUEwDQYJKoZIhvcNAQELBQADggEBAEfXIbLREiZRO0KF6JTBV8JSjzI1
TlM47HGZYmLo84sYJ9CKYoA72A/95Nw9PiXdlrZw/s98/AEs/5p2zpRgwZH7joIo
5587OOyvvghPynefwwvhFD0Od5JfJfhHstMIlCtGufq1M+coxF7TFDnKkhoOW8bW
yj/qHR/4KDWWRea1HWeltk6bXHghBB+cpKhJx8RSg/Cqs+aOJP91yUNoZa/rtTeH
IL99r96mTJYThr4yzy34R4970xuc+dBvCvtRT+h+TJcnkUCUA9Ka8Nd4ZVz1HQov
1IVi2WD5OPniqwv4vbI6oTLHwolWH2KUvMlUzCP1gyRko7Rzs4yw2KWu/sM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org