Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N8UBxXU84a_nFF2T04Xmogv2tnM.roa
File:                     N8UBxXU84a_nFF2T04Xmogv2tnM.roa (raw, json)
Hash identifier:          agY83MsBFoGd3ts2gIEfh+1G7/TWp6kQeYdKwT76F0Y=
Subject key identifier:   37:C5:01:C5:75:3C:E1:AF:E7:14:5D:93:D3:85:E6:A2:0B:F6:B6:73
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A4F6440FED8FB0C47799D4CB482050285
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N8UBxXU84a_nFF2T04Xmogv2tnM.roa
Signing time:             Fri 01 Sep 2023 06:18:04 +0000
ROA not before:           Fri 01 Sep 2023 06:18:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3214
IP address blocks:        45.88.88.0/23 maxlen: 24
                          87.120.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4f:64:40:fe:d8:fb:0c:47:79:9d:4c:b4:82:05:02:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  1 06:18:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=37c501c5753ce1afe7145d93d385e6a20bf6b673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5c:34:5c:f1:56:d2:02:4a:a2:ee:ad:c2:d7:
                    1e:76:1f:b5:97:05:5c:32:56:20:be:44:75:4f:1c:
                    42:3f:6f:e7:86:4e:39:1f:3c:2b:16:7d:57:3e:fe:
                    a7:8b:a2:e1:3c:1e:8c:68:a8:c8:24:17:04:13:56:
                    cb:d2:79:32:d0:f8:4c:c4:28:2b:5a:09:91:59:22:
                    8b:28:ca:f5:d3:25:ad:3e:f8:4f:88:55:f0:4f:fb:
                    0b:da:f7:32:af:1e:96:09:ae:c5:bd:63:be:12:f7:
                    17:55:ac:6c:a5:ae:a4:7c:34:21:b1:64:dd:f2:9c:
                    3d:ee:c5:df:47:6b:37:20:38:9b:32:71:58:27:cb:
                    74:57:a5:ee:d1:97:82:18:4e:70:d6:7f:9a:70:d2:
                    70:35:59:f7:d1:6e:c3:cc:92:84:71:26:75:d8:4f:
                    d2:1d:6a:33:0a:b8:56:02:34:03:20:61:f7:4b:29:
                    d7:3a:52:4f:6c:65:06:48:a9:5b:5c:e1:a5:fd:cb:
                    ea:6e:1f:29:f0:a7:b9:3a:fd:48:c1:67:56:59:1d:
                    3c:a5:e6:f7:c0:e7:18:aa:2c:69:22:28:b5:b4:0e:
                    d4:13:45:25:46:98:6c:14:2b:d0:55:ce:a8:29:3c:
                    eb:c0:8b:95:c2:19:b9:68:1a:c8:36:53:1c:0d:63:
                    f8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C5:01:C5:75:3C:E1:AF:E7:14:5D:93:D3:85:E6:A2:0B:F6:B6:73
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/N8UBxXU84a_nFF2T04Xmogv2tnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.88.0/23
                  87.120.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:ff:d8:38:96:cd:25:f2:ff:66:ca:21:6c:bc:29:94:90:72:
         87:8b:41:68:05:29:93:63:87:00:a2:d0:12:c1:0c:63:41:dd:
         06:96:bb:e1:5a:d4:50:28:e9:67:a8:bf:5f:fc:1e:22:a0:44:
         df:cd:82:e6:76:9b:5b:82:1b:86:9b:09:73:20:7f:3a:a0:fe:
         69:a4:3d:8e:73:4f:3a:7d:2b:e4:4d:58:fa:a9:8f:bd:bd:18:
         52:2c:53:c5:c9:a3:04:2d:57:c6:c3:f1:cb:ee:14:ca:99:f4:
         f2:e0:b0:cb:45:89:03:30:27:a9:3f:77:0d:1b:6c:f9:5a:27:
         70:24:01:76:82:c1:3b:f3:07:87:f6:6b:ee:24:4f:fb:dc:2e:
         8e:6a:d2:5d:f5:76:83:5d:a1:02:c6:47:6d:a6:f4:7c:33:20:
         16:83:7f:b9:ed:92:20:57:71:d1:d6:a7:fe:3d:b8:17:6a:9f:
         cf:9e:72:01:21:89:72:52:cf:29:2a:64:d1:14:de:3d:64:1e:
         ba:a7:36:47:ec:08:bb:0a:fe:97:0f:31:7e:83:d4:c4:5a:e5:
         9f:84:57:46:f9:70:a2:d1:d6:3a:79:8f:78:dd:cd:45:c7:58:
         42:60:59:62:b1:b9:e8:bd:aa:53:fb:cc:53:a5:83:9a:a4:7f:
         a6:1f:5b:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYpPZED+2PsMR3mdTLSCBQKFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTAxMDYxODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2M1MDFjNTc1M2NlMWFmZTcxNDVkOTNkMzg1ZTZhMjBiZjZiNjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFw0XPFW0gJKou6twtcedh+1lwVc
MlYgvkR1TxxCP2/nhk45HzwrFn1XPv6ni6LhPB6MaKjIJBcEE1bL0nky0PhMxCgr
WgmRWSKLKMr10yWtPvhPiFXwT/sL2vcyrx6WCa7FvWO+EvcXVaxspa6kfDQhsWTd
8pw97sXfR2s3IDibMnFYJ8t0V6Xu0ZeCGE5w1n+acNJwNVn30W7DzJKEcSZ12E/S
HWozCrhWAjQDIGH3SynXOlJPbGUGSKlbXOGl/cvqbh8p8Ke5Ov1IwWdWWR08peb3
wOcYqixpIii1tA7UE0UlRphsFCvQVc6oKTzrwIuVwhm5aBrINlMcDWP4MQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDfFAcV1POGv5xRdk9OF5qIL9rZzMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTjhVQnhYVTg0YV9uRkYyVDA0WG1vZ3YydG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVhYAwQA
V3jaMA0GCSqGSIb3DQEBCwUAA4IBAQCw/9g4ls0l8v9myiFsvCmUkHKHi0FoBSmT
Y4cAotASwQxjQd0GlrvhWtRQKOlnqL9f/B4ioETfzYLmdptbghuGmwlzIH86oP5p
pD2Oc086fSvkTVj6qY+9vRhSLFPFyaMELVfGw/HL7hTKmfTy4LDLRYkDMCepP3cN
G2z5WidwJAF2gsE78weH9mvuJE/73C6OatJd9XaDXaECxkdtpvR8MyAWg3+57ZIg
V3HR1qf+PbgXap/PnnIBIYlyUs8pKmTRFN49ZB66pzZH7Ai7Cv6XDzF+g9TEWuWf
hFdG+XCi0dY6eY943c1Fx1hCYFlisbnovapT+8xTpYOapH+mH1vS
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org