Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/t2642iJ0skzQi9E6AZEwytvf8m4.roa
File:                     t2642iJ0skzQi9E6AZEwytvf8m4.roa (raw, json)
Hash identifier:          gIPPWO03VKLt/46PvA70+sFAjblnHQu9s1qgU/4Hidk=
Subject key identifier:   B7:6E:B8:DA:22:74:B2:4C:D0:8B:D1:3A:01:91:30:CA:DB:DF:F2:6E
Certificate issuer:       /CN=6e1d8dd31ae9e03af4d26e9da6e2dd86a03039a4
Certificate serial:       01951E6FDE30199AF76D1CB73B6E023E7333
Authority key identifier: 6E:1D:8D:D3:1A:E9:E0:3A:F4:D2:6E:9D:A6:E2:DD:86:A0:30:39:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bh2N0xrp4Dr00m6dpuLdhqAwOaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/t2642iJ0skzQi9E6AZEwytvf8m4.roa
Signing time:             Wed 19 Feb 2025 13:40:02 +0000
ROA not before:           Wed 19 Feb 2025 13:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31319
IP address blocks:        193.43.106.0/24 maxlen: 24
                          193.43.107.0/24 maxlen: 24
                          193.43.108.0/24 maxlen: 24
                          193.238.84.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1e:6f:de:30:19:9a:f7:6d:1c:b7:3b:6e:02:3e:73:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e1d8dd31ae9e03af4d26e9da6e2dd86a03039a4
        Validity
            Not Before: Feb 19 13:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b76eb8da2274b24cd08bd13a019130cadbdff26e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:74:41:4a:1f:a8:2f:63:47:f7:18:b3:c6:c5:
                    72:33:73:c7:b5:eb:43:71:bd:03:5d:a9:6c:d1:b6:
                    45:10:72:bc:f6:67:4e:da:7b:e4:80:1a:06:4e:5c:
                    75:f0:45:40:8c:c4:05:12:4a:bd:fb:66:f7:6e:80:
                    d1:e2:50:64:35:47:a7:94:d1:c6:00:ae:82:c5:81:
                    98:3b:5d:a2:14:94:ee:8d:bf:15:be:7a:fb:1a:b3:
                    23:6b:2e:fa:89:c1:63:21:5b:a9:ca:f2:c6:f9:7b:
                    bf:a7:4e:75:84:5e:74:22:7b:66:19:50:f9:22:19:
                    50:35:70:a2:cb:70:aa:8d:00:fc:7b:83:dd:a7:d0:
                    1e:ac:1b:b2:d8:92:39:2b:79:5a:8a:47:41:1e:e4:
                    af:9d:2d:3a:a5:d7:ed:9d:5a:bc:7d:08:01:1c:34:
                    58:6f:f1:90:f5:11:b7:ed:e8:c1:7d:94:59:9b:26:
                    03:20:ea:5b:32:2d:24:5a:a4:f6:91:e3:1a:56:5e:
                    d3:c5:58:37:72:d2:5e:2e:dc:3e:48:7c:56:ff:f8:
                    c9:8f:cb:86:0b:b4:30:d8:d8:80:0c:28:43:db:a4:
                    e9:57:cd:84:a4:5f:b7:35:12:00:05:00:b4:e4:56:
                    91:d6:41:b4:34:b8:07:00:57:b8:24:a9:cb:18:f0:
                    63:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:6E:B8:DA:22:74:B2:4C:D0:8B:D1:3A:01:91:30:CA:DB:DF:F2:6E
            X509v3 Authority Key Identifier:
                keyid:6E:1D:8D:D3:1A:E9:E0:3A:F4:D2:6E:9D:A6:E2:DD:86:A0:30:39:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bh2N0xrp4Dr00m6dpuLdhqAwOaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/t2642iJ0skzQi9E6AZEwytvf8m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/bh2N0xrp4Dr00m6dpuLdhqAwOaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.106.0-193.43.108.255
                  193.238.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:7e:9b:08:c3:1d:84:fd:16:77:13:60:c6:dc:93:bb:9e:17:
         64:e2:34:47:8b:3d:50:78:e0:cf:65:a4:60:d3:54:d4:e1:b7:
         00:f0:eb:d5:48:75:5d:9c:90:fd:81:1a:61:f5:11:5d:50:ad:
         da:ce:6e:8a:3b:74:15:92:d5:dd:05:52:92:83:0a:08:9d:d2:
         c8:10:df:e6:7d:b4:97:aa:44:69:bd:1c:bb:0a:65:db:c3:c9:
         ed:1b:4b:17:26:c1:36:de:79:53:0f:43:1f:cd:4d:2f:9c:80:
         18:95:b1:d1:27:f1:95:3b:3a:a1:88:29:b2:9f:b0:5e:3d:68:
         18:19:17:90:83:d1:05:eb:e1:2b:04:18:f7:94:09:51:60:a5:
         b4:8d:ab:5d:34:c2:af:58:22:b6:b0:cf:cb:62:ec:a8:13:49:
         6f:d3:96:78:f3:00:51:e1:bc:3b:d5:f1:37:a8:7f:65:28:3a:
         29:8d:51:76:cd:66:a2:2d:de:9a:0b:8b:b1:4a:e3:3d:ff:92:
         db:b9:d6:81:ac:4b:fc:70:96:7e:d3:ce:5d:43:66:ca:fc:13:
         77:27:67:6c:a6:15:2a:18:e0:1c:c0:c7:ba:fd:a1:59:d6:cc:
         11:ad:91:82:4c:55:8a:1c:75:eb:9a:37:a9:36:b8:93:7c:93:
         88:fb:cf:d5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZUeb94wGZr3bRy3O24CPnMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlMWQ4ZGQzMWFlOWUwM2FmNGQyNmU5ZGE2ZTJkZDg2YTAz
MDM5YTQwHhcNMjUwMjE5MTM0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZlYjhkYTIyNzRiMjRjZDA4YmQxM2EwMTkxMzBjYWRiZGZmMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnRBSh+oL2NH9xizxsVyM3PHtetD
cb0DXals0bZFEHK89mdO2nvkgBoGTlx18EVAjMQFEkq9+2b3boDR4lBkNUenlNHG
AK6CxYGYO12iFJTujb8Vvnr7GrMjay76icFjIVupyvLG+Xu/p051hF50IntmGVD5
IhlQNXCiy3CqjQD8e4Pdp9AerBuy2JI5K3laikdBHuSvnS06pdftnVq8fQgBHDRY
b/GQ9RG37ejBfZRZmyYDIOpbMi0kWqT2keMaVl7TxVg3ctJeLtw+SHxW//jJj8uG
C7Qw2NiADChD26TpV82EpF+3NRIABQC05FaR1kG0NLgHAFe4JKnLGPBjTQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLduuNoidLJM0IvROgGRMMrb3/JuMB8GA1UdIwQY
MBaAFG4djdMa6eA69NJunabi3YagMDmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmgyTjB4cnA0RHIwMG02ZHB1TGRocUF3T2FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9hMjY5YWEtYzliZi00MmMxLWFkZTMt
ZWQ4NWNlMDk0YTg3LzEvdDI2NDJpSjBza3pRaTlFNkFaRXd5dHZmOG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9hMjY5YWEtYzliZi00MmMxLWFkZTMtZWQ4NWNlMDk0YTg3
LzEvYmgyTjB4cnA0RHIwMG02ZHB1TGRocUF3T2FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAHBK2oD
BADBK2wDBADB7lQwDQYJKoZIhvcNAQELBQADggEBAGN+mwjDHYT9FncTYMbck7ue
F2TiNEeLPVB44M9lpGDTVNThtwDw69VIdV2ckP2BGmH1EV1QrdrOboo7dBWS1d0F
UpKDCgid0sgQ3+Z9tJeqRGm9HLsKZdvDye0bSxcmwTbeeVMPQx/NTS+cgBiVsdEn
8ZU7OqGIKbKfsF49aBgZF5CD0QXr4SsEGPeUCVFgpbSNq100wq9YIrawz8ti7KgT
SW/TlnjzAFHhvDvV8Teof2UoOimNUXbNZqIt3poLi7FK4z3/ktu51oGsS/xwln7T
zl1DZsr8E3cnZ2ymFSoY4BzAx7r9oVnWzBGtkYJMVYocdeuaN6k2uJN8k4j7z9U=
-----END CERTIFICATE-----
Generated at Fri May 2 00:07:10 2025 by rpki-client