Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/px0yxpuwwpiQ0f_tgRLTBVqnRlw.roa
File:                     px0yxpuwwpiQ0f_tgRLTBVqnRlw.roa (raw, json)
Hash identifier:          eU6tgLKWwhs8nu33lJte2zjfmRdDoLNlTDB8qiaFL0U=
Subject key identifier:   A7:1D:32:C6:9B:B0:C2:98:90:D1:FF:ED:81:12:D3:05:5A:A7:46:5C
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       018CD16FB644500FBF1DCE11B4DB6A9E3149
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/px0yxpuwwpiQ0f_tgRLTBVqnRlw.roa
Signing time:             Wed 03 Jan 2024 22:26:48 +0000
ROA not before:           Wed 03 Jan 2024 22:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203377
IP address blocks:        45.80.175.0/24 maxlen: 24
                          185.136.205.0/24 maxlen: 24
                          185.207.39.0/24 maxlen: 24
                          194.147.216.0/24 maxlen: 24
                          2a0a:37c0::/48 maxlen: 48
                          2a0a:37c0:1::/48 maxlen: 48
                          2a0a:37c0:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d1:6f:b6:44:50:0f:bf:1d:ce:11:b4:db:6a:9e:31:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  3 22:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a71d32c69bb0c29890d1ffed8112d3055aa7465c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:08:49:68:4c:fc:e6:d6:fe:3d:ef:cb:2e:31:
                    04:eb:9e:51:f7:14:4a:24:2b:4b:f8:5f:f7:be:b1:
                    1d:bf:fc:b6:63:66:5a:4b:15:86:41:59:bb:bf:71:
                    c5:2e:3d:bf:83:0f:32:83:09:cf:2f:88:cd:07:25:
                    da:d6:17:56:9e:87:9f:ba:9a:cf:55:a5:31:fc:85:
                    10:6d:7e:54:0b:79:11:6b:c1:2d:84:87:f3:ed:a6:
                    75:a1:48:00:81:26:63:d0:a6:2f:74:e8:29:5b:0b:
                    14:9a:56:1e:d7:d6:94:b0:e6:08:28:ea:15:b4:2b:
                    7f:db:92:10:20:0b:00:b6:29:32:be:79:4b:4c:a8:
                    e9:a1:ee:00:c1:ef:d5:a0:85:da:39:31:04:5e:41:
                    e3:a5:ba:ef:cc:a2:50:f6:eb:ac:dc:15:de:0b:a7:
                    14:68:cb:da:40:93:0d:02:c1:06:26:52:57:3b:44:
                    c7:e7:e9:2e:36:46:fc:57:ed:41:db:2f:d7:30:24:
                    2c:53:5d:71:e4:70:f5:d2:25:9a:ec:ac:d5:fe:5b:
                    3c:54:60:a2:b5:a4:73:f4:e5:95:33:2c:22:db:74:
                    9a:4a:f8:6e:c2:55:72:ab:7f:fb:87:3a:55:d3:ea:
                    19:8e:55:bd:d0:48:be:48:72:bc:e6:4a:9a:6c:6e:
                    ee:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:1D:32:C6:9B:B0:C2:98:90:D1:FF:ED:81:12:D3:05:5A:A7:46:5C
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/px0yxpuwwpiQ0f_tgRLTBVqnRlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.175.0/24
                  185.136.205.0/24
                  185.207.39.0/24
                  194.147.216.0/24
                IPv6:
                  2a0a:37c0::-2a0a:37c0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         90:46:8c:75:3b:b2:21:fa:7d:f8:ff:37:93:b5:54:72:c8:4d:
         47:eb:2d:54:60:5c:cd:5a:74:6a:ec:ac:a5:1d:04:29:11:d7:
         40:27:be:b5:42:aa:3c:8c:f4:02:da:e8:b6:da:e1:c9:e5:49:
         f0:de:8d:9f:67:c4:5c:9e:5e:a8:02:f9:94:34:65:81:ce:a6:
         53:7d:d3:fc:1f:bb:2f:62:0d:cb:c2:9b:21:67:cf:31:10:8f:
         51:34:5a:20:a4:ed:61:a2:46:f3:32:26:ce:50:20:df:eb:5b:
         0a:aa:99:b7:f5:21:24:91:13:25:54:8c:ab:62:84:44:79:6e:
         0b:42:4f:fe:f3:a1:7d:2e:4b:21:6f:a2:3d:e1:d2:77:c2:a6:
         be:ad:3c:4b:a1:95:40:b3:00:0c:32:11:b6:19:30:8f:cd:95:
         d6:8f:ec:60:69:7b:13:d8:bf:89:7f:e0:a9:58:f9:4a:c4:6c:
         e0:f0:6d:09:98:90:23:50:42:f7:3e:be:9e:52:ae:e1:eb:43:
         4d:c4:d2:cf:d2:4b:f7:43:4e:00:90:06:30:24:c9:32:3b:d7:
         9b:81:74:72:93:11:6f:16:47:d3:62:d6:40:eb:c0:bb:9d:36:
         f9:30:ea:24:52:0f:76:2b:7b:b2:6d:cd:aa:b1:c3:42:43:bd:
         68:85:60:f6
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzRb7ZEUA+/Hc4RtNtqnjFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjQwMTAzMjIyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzFkMzJjNjliYjBjMjk4OTBkMWZmZWQ4MTEyZDMwNTVhYTc0NjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAhJaEz85tb+Pe/LLjEE655R9xRK
JCtL+F/3vrEdv/y2Y2ZaSxWGQVm7v3HFLj2/gw8ygwnPL4jNByXa1hdWnoefuprP
VaUx/IUQbX5UC3kRa8EthIfz7aZ1oUgAgSZj0KYvdOgpWwsUmlYe19aUsOYIKOoV
tCt/25IQIAsAtikyvnlLTKjpoe4Awe/VoIXaOTEEXkHjpbrvzKJQ9uus3BXeC6cU
aMvaQJMNAsEGJlJXO0TH5+kuNkb8V+1B2y/XMCQsU11x5HD10iWa7KzV/ls8VGCi
taRz9OWVMywi23SaSvhuwlVyq3/7hzpV0+oZjlW90Ei+SHK85kqabG7uSQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKcdMsabsMKYkNH/7YES0wVap0ZcMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvcHgweXhwdXd3cGlRMGZfdGdSTFRCVnFuUmx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAeBAIAATAYAwQALVCvAwQA
uYjNAwQAuc8nAwQAwpPYMBgEAgACMBIwEAMFBioKN8ADBwAqCjfAAAIwDQYJKoZI
hvcNAQELBQADggEBAJBGjHU7siH6ffj/N5O1VHLITUfrLVRgXM1adGrsrKUdBCkR
10AnvrVCqjyM9ALa6Lba4cnlSfDejZ9nxFyeXqgC+ZQ0ZYHOplN90/wfuy9iDcvC
myFnzzEQj1E0WiCk7WGiRvMyJs5QIN/rWwqqmbf1ISSREyVUjKtihER5bgtCT/7z
oX0uSyFvoj3h0nfCpr6tPEuhlUCzAAwyEbYZMI/NldaP7GBpexPYv4l/4KlY+UrE
bODwbQmYkCNQQvc+vp5SruHrQ03E0s/SS/dDTgCQBjAkyTI715uBdHKTEW8WR9Ni
1kDrwLudNvkw6iRSD3Yre7Jtzaqxw0JDvWiFYPY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:02 2024 by rpki-client on console-ams.rpki-client.org