Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2hGeHyQY7RUnlICGVYk6Sz54Nfo.roa
File:                     2hGeHyQY7RUnlICGVYk6Sz54Nfo.roa (raw, json)
Hash identifier:          WQS7PG0yY07EwYg9SbfqZTKB45cHrjRndgx4HCXRvGM=
Subject key identifier:   DA:11:9E:1F:24:18:ED:15:27:94:80:86:55:89:3A:4B:3E:78:35:FA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01888FD3090818D01DD1163799F7102D02D1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2hGeHyQY7RUnlICGVYk6Sz54Nfo.roa
Signing time:             Tue 06 Jun 2023 08:29:12 +0000
ROA not before:           Tue 06 Jun 2023 08:29:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209371
IP address blocks:        45.128.96.0/24 maxlen: 24
                          45.128.97.0/24 maxlen: 24
                          45.139.107.0/24 maxlen: 24
                          45.84.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8f:d3:09:08:18:d0:1d:d1:16:37:99:f7:10:2d:02:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  6 08:29:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da119e1f2418ed152794808655893a4b3e7835fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:00:4d:50:91:3e:1a:59:65:21:fd:b8:39:e7:
                    8f:ea:57:67:5d:2a:f4:30:b3:3b:80:98:8b:f1:bf:
                    d6:cf:71:d9:95:dc:d5:59:24:86:1a:47:85:e9:c2:
                    8b:9f:70:15:18:e2:51:0f:f7:d7:11:fe:9c:90:b8:
                    73:08:22:b2:23:87:70:f2:b6:b0:0a:8a:93:6b:16:
                    84:d6:5f:04:c6:02:12:5e:4c:45:4f:2d:1c:48:18:
                    b8:92:ee:87:20:5e:05:6d:92:80:55:91:13:47:f5:
                    e3:d4:aa:06:ed:8c:8d:f4:b6:84:67:f2:1e:06:33:
                    b5:d0:79:93:6f:a8:77:90:77:1f:97:f1:91:89:93:
                    45:db:d4:e7:60:1f:76:3c:3a:f1:67:2c:32:ef:58:
                    f2:aa:b0:1a:b6:0b:53:8d:89:57:6d:90:a5:1d:87:
                    f8:9c:bb:74:54:3d:0f:75:42:22:32:39:79:68:59:
                    c1:0b:45:4f:82:7d:d3:19:e2:dd:cb:27:6a:87:88:
                    07:8b:40:4d:0c:b2:69:46:d3:d3:91:a2:24:28:49:
                    c7:21:4c:4d:2b:e7:94:31:48:27:48:86:32:be:af:
                    46:02:8a:7e:1f:77:e5:1a:c8:74:f1:6b:72:be:cd:
                    39:7d:66:52:5a:7b:04:1e:c1:44:d6:44:73:9a:11:
                    75:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:11:9E:1F:24:18:ED:15:27:94:80:86:55:89:3A:4B:3E:78:35:FA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2hGeHyQY7RUnlICGVYk6Sz54Nfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.89.0/24
                  45.128.96.0/23
                  45.139.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:f9:7d:03:7f:01:03:cc:e3:04:8b:a3:92:81:72:60:be:90:
         a1:7b:6a:f4:04:30:21:39:08:0c:c7:53:4e:a8:f9:a4:fa:71:
         19:2a:9b:a3:f8:9e:42:e3:34:b0:24:8f:a6:f2:8d:2f:e8:20:
         cd:7c:5d:51:4c:10:0b:33:98:17:58:44:12:ef:14:d0:9e:a0:
         6a:57:f9:61:96:84:33:ed:0f:ff:85:64:e5:33:8f:ad:e7:9c:
         8c:c2:57:68:b4:47:3e:89:28:a4:48:13:cd:ed:0e:e1:9a:33:
         64:3a:95:7f:c6:0b:89:a5:96:22:ef:6b:96:8c:22:04:47:db:
         73:95:1b:0c:d0:9f:fe:88:49:7a:2b:df:cc:dc:e4:43:80:7b:
         af:95:51:26:0b:5a:26:c7:8a:05:6e:a2:11:e3:77:0b:77:47:
         1b:fa:44:19:f7:a2:9e:43:18:a5:db:f0:2b:56:f5:2c:aa:be:
         f3:ff:59:e8:f5:a2:9f:84:14:45:1f:fb:02:34:b8:e8:a3:bd:
         3e:c7:f0:0d:4f:85:b5:83:4c:49:c3:35:bd:5e:53:18:29:f4:
         ac:73:78:fa:d8:c9:12:9d:af:c6:17:d7:96:c1:32:35:81:92:
         41:fb:f0:20:02:b5:a5:36:da:ba:69:2e:7b:77:95:40:6b:5c:
         30:e7:47:09
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYiP0wkIGNAd0RY3mfcQLQLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjA2MDgyOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTExOWUxZjI0MThlZDE1Mjc5NDgwODY1NTg5M2E0YjNlNzgzNWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQBNUJE+GlllIf24OeeP6ldnXSr0
MLM7gJiL8b/Wz3HZldzVWSSGGkeF6cKLn3AVGOJRD/fXEf6ckLhzCCKyI4dw8raw
CoqTaxaE1l8ExgISXkxFTy0cSBi4ku6HIF4FbZKAVZETR/Xj1KoG7YyN9LaEZ/Ie
BjO10HmTb6h3kHcfl/GRiZNF29TnYB92PDrxZywy71jyqrAatgtTjYlXbZClHYf4
nLt0VD0PdUIiMjl5aFnBC0VPgn3TGeLdyydqh4gHi0BNDLJpRtPTkaIkKEnHIUxN
K+eUMUgnSIYyvq9GAop+H3flGsh08Wtyvs05fWZSWnsEHsFE1kRzmhF1TwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNoRnh8kGO0VJ5SAhlWJOks+eDX6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMmhHZUh5UVk3UlVubElDR1ZZazZTejU0TmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVRZAwQB
LYBgAwQALYtrMA0GCSqGSIb3DQEBCwUAA4IBAQCN+X0DfwEDzOMEi6OSgXJgvpCh
e2r0BDAhOQgMx1NOqPmk+nEZKpuj+J5C4zSwJI+m8o0v6CDNfF1RTBALM5gXWEQS
7xTQnqBqV/lhloQz7Q//hWTlM4+t55yMwldotEc+iSikSBPN7Q7hmjNkOpV/xguJ
pZYi72uWjCIER9tzlRsM0J/+iEl6K9/M3ORDgHuvlVEmC1omx4oFbqIR43cLd0cb
+kQZ96KeQxil2/ArVvUsqr7z/1no9aKfhBRFH/sCNLjoo70+x/ANT4W1g0xJwzW9
XlMYKfSsc3j62MkSna/GF9eWwTI1gZJB+/AgArWlNtq6aS57d5VAa1ww50cJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:57 2024 by rpki-client on console-fra.rpki-client.org