Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zTSk-W43m--b9B-NU9770-deTQM.roa
File:                     zTSk-W43m--b9B-NU9770-deTQM.roa (raw, json)
Hash identifier:          fZaZAhWsPfS7ClMUKSXSVbe1Yn1AtAGyJxzHW31lwec=
Subject key identifier:   CD:34:A4:F9:6E:37:9B:EF:9B:F4:1F:8D:53:DE:FB:D3:E7:5E:4D:03
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0185A098B2A05E134CA027529D4DF3DFE7EB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zTSk-W43m--b9B-NU9770-deTQM.roa
Signing time:             Wed 11 Jan 2023 11:30:39 +0000
ROA not before:           Wed 11 Jan 2023 11:30:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43197
IP address blocks:        45.81.37.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a0:98:b2:a0:5e:13:4c:a0:27:52:9d:4d:f3:df:e7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 11 11:30:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cd34a4f96e379bef9bf41f8d53defbd3e75e4d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b1:34:82:43:3e:87:57:30:c1:18:83:ac:4a:
                    8b:9c:7c:2b:07:73:61:d9:4a:ce:09:f8:7a:55:f3:
                    35:27:d1:63:d1:bc:cb:22:4e:70:89:e9:a5:47:ec:
                    9b:ee:f7:9d:5a:b8:c1:2f:15:61:23:6c:42:43:b1:
                    e8:ca:d2:c2:86:2b:0e:94:60:6a:3c:a0:78:7b:7c:
                    8a:f1:b6:41:11:c2:42:a9:1a:64:a5:27:1e:6f:51:
                    fa:b8:bf:55:8d:c0:af:ee:0b:05:f3:23:df:22:d9:
                    2f:1e:3b:4b:86:25:61:f1:ee:00:9f:69:ca:c4:d1:
                    e5:40:d0:8c:91:b4:19:2a:21:95:69:cc:09:4c:e5:
                    97:0e:05:2a:53:9a:96:9a:8a:be:7f:4b:c5:48:66:
                    93:77:bc:b5:df:9c:d5:61:76:c0:e4:15:4f:23:f1:
                    d1:4e:e6:35:17:b0:c5:e9:1d:81:cc:31:55:44:4b:
                    9c:02:fa:f4:cb:3b:e4:80:58:c2:87:92:b7:9d:3f:
                    a6:2c:80:03:82:d4:c3:cc:fe:6e:bc:44:61:f9:72:
                    f6:ac:15:6c:f2:ce:cb:fd:f3:54:e9:c3:61:2b:9b:
                    25:e0:8f:12:de:ac:21:ed:fb:24:65:a3:c7:fb:ba:
                    3d:a1:70:49:13:77:24:cf:8d:56:83:35:c5:eb:d5:
                    54:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:34:A4:F9:6E:37:9B:EF:9B:F4:1F:8D:53:DE:FB:D3:E7:5E:4D:03
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zTSk-W43m--b9B-NU9770-deTQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:0c:bd:02:95:d2:cb:63:56:96:bc:b6:0c:df:44:d6:3f:a8:
         47:72:72:8d:08:1a:d3:4e:61:80:60:81:cc:ef:79:2d:e0:d5:
         d8:64:32:df:2c:13:37:a3:cc:08:2b:96:80:1e:b1:01:63:b9:
         be:ec:1b:9e:bd:1d:86:70:d5:bd:f2:7d:2c:af:37:bc:5d:e2:
         09:9d:fd:ef:8d:9f:6f:0a:90:4e:a6:cf:71:db:f0:2b:ad:0d:
         05:45:90:36:00:c0:4a:94:23:b9:ec:c4:25:48:59:4e:fa:f6:
         fe:a7:92:63:5b:77:5d:55:24:8b:a5:e5:d7:0c:9e:fc:6b:9a:
         79:69:24:18:99:2c:54:20:c4:0d:8f:62:48:0c:6a:38:c9:f8:
         ac:5a:2f:db:d5:75:48:1f:02:a0:14:fa:c4:eb:bb:68:c7:80:
         42:4f:2e:f8:70:48:e3:97:f4:e5:f6:22:ad:9c:21:4a:66:1e:
         9d:00:92:32:fb:bd:26:37:27:b4:91:80:12:a6:ab:ab:b5:c6:
         e3:db:fd:c0:16:6d:50:dc:b7:fa:6f:b2:92:bf:31:c9:4d:b9:
         bd:df:a9:71:1e:6b:35:1a:52:a7:87:41:23:d4:7e:7f:72:22:
         49:37:d0:eb:87:81:96:59:68:50:1e:0c:1d:7b:72:84:d3:b7:
         f1:3e:b4:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWgmLKgXhNMoCdSnU3z3+frMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTExMTEzMDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDM0YTRmOTZlMzc5YmVmOWJmNDFmOGQ1M2RlZmJkM2U3NWU0ZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbE0gkM+h1cwwRiDrEqLnHwrB3Nh
2UrOCfh6VfM1J9Fj0bzLIk5wiemlR+yb7vedWrjBLxVhI2xCQ7HoytLChisOlGBq
PKB4e3yK8bZBEcJCqRpkpSceb1H6uL9VjcCv7gsF8yPfItkvHjtLhiVh8e4An2nK
xNHlQNCMkbQZKiGVacwJTOWXDgUqU5qWmoq+f0vFSGaTd7y135zVYXbA5BVPI/HR
TuY1F7DF6R2BzDFVREucAvr0yzvkgFjCh5K3nT+mLIADgtTDzP5uvERh+XL2rBVs
8s7L/fNU6cNhK5sl4I8S3qwh7fskZaPH+7o9oXBJE3ckz41WgzXF69VUuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM00pPluN5vvm/QfjVPe+9PnXk0DMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvelRTay1XNDNtLS1iOUItTlU5NzcwLWRlVFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVElMA0G
CSqGSIb3DQEBCwUAA4IBAQCSDL0CldLLY1aWvLYM30TWP6hHcnKNCBrTTmGAYIHM
73kt4NXYZDLfLBM3o8wIK5aAHrEBY7m+7BuevR2GcNW98n0srze8XeIJnf3vjZ9v
CpBOps9x2/ArrQ0FRZA2AMBKlCO57MQlSFlO+vb+p5JjW3ddVSSLpeXXDJ78a5p5
aSQYmSxUIMQNj2JIDGo4yfisWi/b1XVIHwKgFPrE67tox4BCTy74cEjjl/Tl9iKt
nCFKZh6dAJIy+70mNye0kYASpqurtcbj2/3AFm1Q3Lf6b7KSvzHJTbm936lxHms1
GlKnh0Ej1H5/ciJJN9Drh4GWWWhQHgwde3KE07fxPrSG
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:47 2024 by rpki-client on console-ams.rpki-client.org