Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Sn66tNYQVy2WP2WVOJnXHB3CNbg.roa
File:                     Sn66tNYQVy2WP2WVOJnXHB3CNbg.roa (raw, json)
Hash identifier:          bhTofjSqnyxbNasUDbQMDb95pFqZPTZpDWrR1gYjH2g=
Subject key identifier:   4A:7E:BA:B4:D6:10:57:2D:96:3F:65:95:38:99:D7:1C:1D:C2:35:B8
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       0284B1E6
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Sn66tNYQVy2WP2WVOJnXHB3CNbg.roa
Signing time:             Sat 01 Jan 2022 13:02:57 +0000
ROA not before:           Sat 01 Jan 2022 13:02:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30823
IP address blocks:        93.115.111.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42250726 (0x284b1e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 13:02:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4a7ebab4d610572d963f65953899d71c1dc235b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4e:c4:b4:47:32:97:33:4b:2f:3c:55:eb:e3:
                    92:57:1e:b8:06:74:f3:2b:02:e8:a8:ff:71:16:dc:
                    bd:01:51:30:c5:d4:0e:6e:a3:7b:9d:34:8a:d2:2c:
                    f2:86:e3:5b:df:1c:ae:cd:a8:45:bf:25:44:d9:7e:
                    3c:86:6f:bf:a9:d3:c8:b8:28:5b:e8:4c:fb:e0:4a:
                    c2:79:7c:47:18:e7:f8:1f:24:ef:ba:0c:1c:b2:c2:
                    f3:4a:9f:89:62:a1:47:18:07:32:5b:f1:3c:52:9a:
                    27:dd:e9:fa:fc:d7:f8:c4:30:35:c0:f8:19:cd:73:
                    59:a4:3d:67:7f:dc:1c:5c:e4:ec:44:97:bb:4a:0f:
                    7a:52:7e:c3:6c:2a:e3:0c:a3:c0:5d:08:b6:76:64:
                    90:51:6a:63:68:75:f2:d9:0a:73:1d:eb:5f:1b:bb:
                    05:e7:5f:3a:91:e6:2d:a0:04:d2:1f:73:95:bc:8d:
                    9c:36:09:7a:d9:a1:8e:be:f8:45:e6:e4:7e:14:aa:
                    ce:f6:c6:04:9f:4b:50:dd:a1:c9:11:9c:dd:22:0a:
                    f0:52:d8:b2:12:e4:04:23:14:bc:1a:6e:18:8f:26:
                    4e:76:1c:61:59:d7:bf:51:c2:34:05:08:da:bd:6c:
                    c2:9e:b2:d4:99:30:81:d6:12:70:de:3f:21:35:a2:
                    54:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:7E:BA:B4:D6:10:57:2D:96:3F:65:95:38:99:D7:1C:1D:C2:35:B8
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Sn66tNYQVy2WP2WVOJnXHB3CNbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:43:26:35:0b:be:4d:37:03:cc:f6:ac:25:8b:9a:4f:52:8e:
         9b:1d:de:86:d0:4f:95:20:b2:77:18:9d:b0:0a:ac:32:72:2d:
         b9:d1:90:f9:39:2a:09:69:2b:f2:12:ed:cb:fc:de:da:aa:2a:
         41:39:6f:23:13:10:98:0c:3c:23:15:1b:9b:97:5b:fc:a6:43:
         35:88:ca:95:a7:a3:c6:06:2c:11:f6:5b:2e:df:0b:90:38:f1:
         b5:e2:2c:2c:17:b4:07:69:72:2b:03:85:c7:cd:27:0b:ad:87:
         2d:74:f9:1d:3d:13:9b:e2:32:41:f8:b7:b2:ea:54:f6:a3:7c:
         bf:a6:35:e6:51:80:40:72:6c:be:f0:5a:9b:6e:cd:11:4f:2b:
         28:cd:ae:ea:78:07:9b:79:92:0a:71:9d:f6:45:75:bb:2c:ed:
         9a:e6:9e:8e:49:c5:46:6e:1d:bd:39:71:99:e5:5f:dd:d6:d4:
         a6:b4:0e:15:c5:c6:81:46:c7:55:8b:95:cf:6c:28:a5:e7:72:
         d5:da:83:92:1f:f7:43:32:6b:a0:e4:40:ef:c1:ef:fd:b2:d4:
         8a:b3:6e:f3:2b:6a:61:26:ea:f6:90:07:63:38:35:23:44:cd:
         be:27:44:45:f2:cd:fd:1d:57:92:4a:07:34:49:9a:40:a9:6d:
         fb:cb:aa:e2
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAoSx5jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YTAwZTk4MTk1MzA2MTk3MmM4OTZiZDZkMjc3MzhkMDgzYWFkYjBlMB4XDTIyMDEw
MTEzMDI1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGE3ZWJhYjRkNjEw
NTcyZDk2M2Y2NTk1Mzg5OWQ3MWMxZGMyMzViODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL5OxLRHMpczSy88VevjklceuAZ08ysC6Kj/cRbcvQFRMMXU
Dm6je500itIs8objW98crs2oRb8lRNl+PIZvv6nTyLgoW+hM++BKwnl8Rxjn+B8k
77oMHLLC80qfiWKhRxgHMlvxPFKaJ93p+vzX+MQwNcD4Gc1zWaQ9Z3/cHFzk7ESX
u0oPelJ+w2wq4wyjwF0ItnZkkFFqY2h18tkKcx3rXxu7BedfOpHmLaAE0h9zlbyN
nDYJetmhjr74RebkfhSqzvbGBJ9LUN2hyRGc3SIK8FLYshLkBCMUvBpuGI8mTnYc
YVnXv1HCNAUI2r1swp6y1JkwgdYScN4/ITWiVO8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRKfrq01hBXLZY/ZZU4mdccHcI1uDAfBgNVHSMEGDAWgBTaAOmBlTBhlyyJ
a9bSdzjQg6rbDjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJnRHBnWlV3WVpjc2lXdlcwbmM0MElPcTJ3NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1ZS8x
L1NuNjZ0TllRVnkyV1AyV1ZPSm5YSEIzQ05iZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYv
ODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1ZS8xLzJnRHBnWlV3WVpj
c2lXdlcwbmM0MElPcTJ3NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF1zbzANBgkqhkiG9w0BAQsFAAOC
AQEATUMmNQu+TTcDzPasJYuaT1KOmx3ehtBPlSCydxidsAqsMnItudGQ+TkqCWkr
8hLty/ze2qoqQTlvIxMQmAw8IxUbm5db/KZDNYjKlaejxgYsEfZbLt8LkDjxteIs
LBe0B2lyKwOFx80nC62HLXT5HT0Tm+IyQfi3supU9qN8v6Y15lGAQHJsvvBam27N
EU8rKM2u6ngHm3mSCnGd9kV1uyztmuaejknFRm4dvTlxmeVf3dbUprQOFcXGgUbH
VYuVz2wopedy1dqDkh/3QzJroORA78Hv/bLUirNu8ytqYSbq9pAHYzg1I0TNvidE
RfLN/R1XkkoHNEmaQKlt+8uq4g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org