Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sV-qfe7l68MgaloZpM0J6dbR34w.roa
File:                     sV-qfe7l68MgaloZpM0J6dbR34w.roa (raw, json)
Hash identifier:          Ru5CqQtTcMsHUoG5BcvF3IhTcIWBbDDNwXqwaILgaoA=
Subject key identifier:   B1:5F:AA:7D:EE:E5:EB:C3:20:6A:5A:19:A4:CD:09:E9:D6:D1:DF:8C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01875666AF004DFCD3229BE741304E07098F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sV-qfe7l68MgaloZpM0J6dbR34w.roa
Signing time:             Thu 06 Apr 2023 11:49:42 +0000
ROA not before:           Thu 06 Apr 2023 11:49:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1
IP address blocks:        81.161.236.0/24 maxlen: 24
                          45.139.100.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:56:66:af:00:4d:fc:d3:22:9b:e7:41:30:4e:07:09:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  6 11:49:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b15faa7deee5ebc3206a5a19a4cd09e9d6d1df8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:98:da:b2:aa:ce:5b:da:ae:99:6a:c7:73:87:
                    7e:b1:b5:1f:c9:1c:42:0b:a2:bd:22:fd:0d:68:f7:
                    53:c7:6d:40:fc:25:82:af:90:c3:e8:ae:48:a4:cd:
                    e3:97:17:a6:40:47:e7:77:b8:59:f2:6a:02:e5:d9:
                    4b:ab:44:cd:5d:a2:a3:f3:68:6f:2b:79:85:4b:a2:
                    82:54:33:7a:e6:0d:87:cb:36:0e:5c:7e:e5:2f:a8:
                    1a:d4:3b:2a:24:c3:96:8f:3b:02:7f:06:d0:51:25:
                    1d:54:05:d5:80:9b:86:2a:d4:99:f6:22:9f:c5:9e:
                    34:60:9a:65:6c:e0:73:4a:ab:40:1d:c2:fc:7f:30:
                    fe:ca:f4:1a:90:98:14:f2:9f:7c:45:c8:f4:94:8e:
                    b5:ff:ba:50:7b:a6:3b:ad:a9:3f:2a:9c:3f:a5:da:
                    a6:9e:eb:f1:c1:84:4a:b7:38:8a:1b:77:29:96:6e:
                    8c:60:cb:d0:c6:07:eb:7d:36:43:7c:29:9f:7e:39:
                    d2:5e:ec:68:64:19:14:fd:dd:7b:80:db:58:56:03:
                    63:97:ad:59:23:31:e3:d0:18:50:bc:ba:f1:a8:99:
                    69:c0:54:cf:09:ce:ac:ad:07:02:ac:75:4e:99:8b:
                    aa:fd:14:d4:fb:61:60:fc:41:5b:dc:18:a6:50:63:
                    b3:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:5F:AA:7D:EE:E5:EB:C3:20:6A:5A:19:A4:CD:09:E9:D6:D1:DF:8C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sV-qfe7l68MgaloZpM0J6dbR34w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.100.0/22
                  81.161.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:89:cd:fe:d6:7c:9b:97:9b:58:7e:82:e5:ea:f2:36:f1:83:
         5c:73:51:c4:93:bb:86:da:11:88:3d:91:74:7a:fb:95:7c:9a:
         6a:55:2d:45:64:74:f5:ad:b6:c8:36:d9:f1:19:2b:8c:db:a1:
         f5:fe:a9:b1:fc:a4:cc:b8:da:3f:e5:85:30:9f:c3:35:20:38:
         ae:cf:32:28:61:5b:5a:42:42:f2:c5:00:e8:68:3c:ac:16:15:
         a8:d9:8c:cb:ed:c2:f1:4d:13:be:4b:2b:b7:26:d9:70:71:c5:
         60:33:ca:67:fc:dd:cf:1a:79:cd:e8:f6:55:31:be:82:7b:64:
         e6:97:5d:49:d5:fe:d3:f7:32:2b:7c:31:8e:0b:08:6c:b3:16:
         1a:45:f3:08:72:76:0e:47:94:b0:8f:ee:71:59:6c:83:ae:28:
         55:7f:d0:17:56:ef:4f:7c:96:4c:b3:9e:47:47:4e:e6:36:dd:
         f0:56:40:f4:41:74:24:cf:4b:cc:88:8a:e6:46:8a:fa:bb:25:
         dc:d7:ad:58:c3:80:8f:b4:b5:11:47:1d:40:c1:a9:ed:85:93:
         4f:09:fd:7a:1e:5a:a4:55:ac:0b:85:fd:80:61:90:36:9a:4c:
         46:95:6e:7b:b6:a5:37:80:af:48:e5:ad:0f:b6:c4:a2:15:4c:
         54:44:ad:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYdWZq8ATfzTIpvnQTBOBwmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDA2MTE0OTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTVmYWE3ZGVlZTVlYmMzMjA2YTVhMTlhNGNkMDllOWQ2ZDFkZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpjasqrOW9qumWrHc4d+sbUfyRxC
C6K9Iv0NaPdTx21A/CWCr5DD6K5IpM3jlxemQEfnd7hZ8moC5dlLq0TNXaKj82hv
K3mFS6KCVDN65g2HyzYOXH7lL6ga1DsqJMOWjzsCfwbQUSUdVAXVgJuGKtSZ9iKf
xZ40YJplbOBzSqtAHcL8fzD+yvQakJgU8p98Rcj0lI61/7pQe6Y7rak/Kpw/pdqm
nuvxwYRKtziKG3cplm6MYMvQxgfrfTZDfCmffjnSXuxoZBkU/d17gNtYVgNjl61Z
IzHj0BhQvLrxqJlpwFTPCc6srQcCrHVOmYuq/RTU+2Fg/EFb3BimUGOzTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLFfqn3u5evDIGpaGaTNCenW0d+MMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvc1YtcWZlN2w2OE1nYWxvWnBNMEo2ZGJSMzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYtkAwQA
UaHsMA0GCSqGSIb3DQEBCwUAA4IBAQBtic3+1nybl5tYfoLl6vI28YNcc1HEk7uG
2hGIPZF0evuVfJpqVS1FZHT1rbbINtnxGSuM26H1/qmx/KTMuNo/5YUwn8M1IDiu
zzIoYVtaQkLyxQDoaDysFhWo2YzL7cLxTRO+Syu3JtlwccVgM8pn/N3PGnnN6PZV
Mb6Ce2Tml11J1f7T9zIrfDGOCwhssxYaRfMIcnYOR5Swj+5xWWyDrihVf9AXVu9P
fJZMs55HR07mNt3wVkD0QXQkz0vMiIrmRor6uyXc161Yw4CPtLURRx1AwanthZNP
Cf16HlqkVawLhf2AYZA2mkxGlW57tqU3gK9I5a0PtsSiFUxURK1E
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:20 2024 by rpki-client on console-fra.rpki-client.org