Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C3OD-y2uHBFqI41-ByzVHbhKhCc.roa
File:                     C3OD-y2uHBFqI41-ByzVHbhKhCc.roa (raw, json)
Hash identifier:          o0tJC4FrKFZeCldtWz5BV8oLw123XK3Nwv4unKdU8g8=
Subject key identifier:   0B:73:83:FB:2D:AE:1C:11:6A:23:8D:7E:07:2C:D5:1D:B8:4A:84:27
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DC1CF917EFAEC5C577564B0E2DD370A51
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C3OD-y2uHBFqI41-ByzVHbhKhCc.roa
Signing time:             Mon 19 Feb 2024 14:40:22 +0000
ROA not before:           Mon 19 Feb 2024 14:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47757
IP address blocks:        45.129.86.0/23 maxlen: 24
                          94.156.72.0/23 maxlen: 24
                          194.48.248.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:cf:91:7e:fa:ec:5c:57:75:64:b0:e2:dd:37:0a:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 19 14:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b7383fb2dae1c116a238d7e072cd51db84a8427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:65:da:8d:61:47:0a:7d:7c:71:7c:d5:d6:de:
                    8a:dc:91:c5:2c:3c:69:28:11:23:82:4a:51:ac:16:
                    e0:44:e8:24:dd:8d:f3:ac:ec:0b:c7:86:99:0e:5c:
                    23:cf:83:4f:ad:e9:95:e0:55:4a:45:ff:0c:30:6a:
                    38:9c:ef:7c:5f:7d:70:9b:3c:e9:a3:fa:af:e6:44:
                    15:50:d7:87:9f:0a:18:2c:30:42:85:bf:f6:39:e9:
                    dc:9e:c0:18:fc:6c:4b:52:e0:63:c9:87:35:e8:b0:
                    84:6c:f6:34:ca:fe:48:fa:b3:89:81:96:1f:5d:7c:
                    a6:d3:88:a2:62:73:79:c2:e6:e7:2e:e2:cb:c8:eb:
                    f5:72:26:5b:d2:e4:36:18:28:a9:ce:e8:10:fb:b8:
                    c9:f9:3c:73:a4:b0:23:5c:4e:97:62:98:f4:5c:94:
                    d2:d5:93:cb:ce:bf:c9:d5:4a:f4:d7:0a:9c:8d:d2:
                    46:c1:9e:05:c0:09:87:68:d0:33:b0:82:32:c8:cf:
                    df:45:6d:84:c6:8d:ef:cb:c9:aa:97:44:64:9c:9d:
                    d9:2a:e8:9a:dd:2a:c1:7d:8d:92:8e:e8:13:71:49:
                    cb:0d:3f:2d:23:57:1b:66:64:f1:10:c5:87:27:38:
                    de:d8:65:2f:96:9d:be:cf:46:bc:63:4e:08:90:b2:
                    8b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:73:83:FB:2D:AE:1C:11:6A:23:8D:7E:07:2C:D5:1D:B8:4A:84:27
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C3OD-y2uHBFqI41-ByzVHbhKhCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.86.0/23
                  94.156.72.0/23
                  194.48.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:a2:68:1b:55:86:31:05:25:a4:af:9a:65:61:69:8f:e8:62:
         d0:41:82:5a:c6:5e:01:99:96:f9:8f:6a:1a:1d:29:67:49:f1:
         86:ac:f5:cc:1b:87:9b:87:3d:a9:68:af:b1:2a:19:c1:4b:66:
         ec:b0:8b:45:0f:5a:be:23:c5:c6:16:f7:90:ea:5a:9a:00:34:
         88:51:ab:65:1a:06:92:2d:47:8f:1c:7e:73:ba:88:4b:91:ad:
         fd:ad:79:95:4a:39:6e:0c:86:ab:bc:3a:42:d1:1b:ee:0c:10:
         0c:21:e3:1d:30:6f:c6:d0:e8:a8:67:8c:60:31:5e:01:3a:ab:
         3e:06:1d:61:b6:05:9e:19:d3:25:05:43:c6:95:30:a1:77:94:
         23:55:34:2a:3d:0f:7b:1c:97:2a:0f:24:38:97:5b:e5:f6:97:
         44:30:9b:f5:29:0c:37:31:ff:38:d4:51:ce:ac:42:8a:ce:6a:
         a8:eb:eb:58:23:1a:07:1f:11:f1:f6:4a:91:85:a9:1b:26:0d:
         53:f9:f6:4d:ee:1a:52:ec:3b:eb:c8:8f:81:fe:ac:b7:20:59:
         c7:ea:00:cd:e9:0a:b4:7f:4f:2b:1c:fc:6f:01:8b:f4:1e:c7:
         d8:89:2c:70:df:15:68:7b:03:05:b6:7f:c2:be:66:84:f6:58:
         60:b3:bc:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY3Bz5F++uxcV3VksOLdNwpRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjE5MTQ0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjczODNmYjJkYWUxYzExNmEyMzhkN2UwNzJjZDUxZGI4NGE4NDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mXajWFHCn18cXzV1t6K3JHFLDxp
KBEjgkpRrBbgROgk3Y3zrOwLx4aZDlwjz4NPremV4FVKRf8MMGo4nO98X31wmzzp
o/qv5kQVUNeHnwoYLDBChb/2OencnsAY/GxLUuBjyYc16LCEbPY0yv5I+rOJgZYf
XXym04iiYnN5wubnLuLLyOv1ciZb0uQ2GCipzugQ+7jJ+TxzpLAjXE6XYpj0XJTS
1ZPLzr/J1Ur01wqcjdJGwZ4FwAmHaNAzsIIyyM/fRW2Exo3vy8mql0RknJ3ZKuia
3SrBfY2SjugTcUnLDT8tI1cbZmTxEMWHJzje2GUvlp2+z0a8Y04IkLKLjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAtzg/strhwRaiONfgcs1R24SoQnMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQzNPRC15MnVIQkZxSTQxLUJ5elZIYmhLaENjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLYFWAwQB
XpxIAwQAwjD4MA0GCSqGSIb3DQEBCwUAA4IBAQCOomgbVYYxBSWkr5plYWmP6GLQ
QYJaxl4BmZb5j2oaHSlnSfGGrPXMG4ebhz2paK+xKhnBS2bssItFD1q+I8XGFveQ
6lqaADSIUatlGgaSLUePHH5zuohLka39rXmVSjluDIarvDpC0RvuDBAMIeMdMG/G
0OioZ4xgMV4BOqs+Bh1htgWeGdMlBUPGlTChd5QjVTQqPQ97HJcqDyQ4l1vl9pdE
MJv1KQw3Mf841FHOrEKKzmqo6+tYIxoHHxHx9kqRhakbJg1T+fZN7hpS7DvryI+B
/qy3IFnH6gDN6Qq0f08rHPxvAYv0HsfYiSxw3xVoewMFtn/CvmaE9lhgs7wc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:01 2024 by rpki-client on console-fra.rpki-client.org