Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/EpJfobaOzQao3re5W6N6YxoK3nk.roa
File:                     EpJfobaOzQao3re5W6N6YxoK3nk.roa (raw, json)
Hash identifier:          434IDXFGKKubf48zckf8lel9IdR7iiS6DaTwhH7i72I=
Subject key identifier:   12:92:5F:A1:B6:8E:CD:06:A8:DE:B7:B9:5B:A3:7A:63:1A:0A:DE:79
Certificate issuer:       /CN=e378a94b9964ea5e9f8b05938702ba58316b500f
Certificate serial:       01856DCAF3B4B38E1E4CCFED8F97C977F4C6
Authority key identifier: E3:78:A9:4B:99:64:EA:5E:9F:8B:05:93:87:02:BA:58:31:6B:50:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/43ipS5lk6l6fiwWThwK6WDFrUA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/EpJfobaOzQao3re5W6N6YxoK3nk.roa
Signing time:             Sun 01 Jan 2023 14:44:55 +0000
ROA not before:           Sun 01 Jan 2023 14:44:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208268
IP address blocks:        45.147.76.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:ca:f3:b4:b3:8e:1e:4c:cf:ed:8f:97:c9:77:f4:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e378a94b9964ea5e9f8b05938702ba58316b500f
        Validity
            Not Before: Jan  1 14:44:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=12925fa1b68ecd06a8deb7b95ba37a631a0ade79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f4:8a:92:c3:00:02:03:1b:d2:95:d5:44:00:
                    7a:17:0e:9d:4c:3d:2d:49:19:41:bf:76:78:cf:f5:
                    e3:56:d7:6c:40:79:7f:61:3f:ae:cc:c4:96:39:b2:
                    a6:d4:22:6e:24:47:fb:b6:51:8a:9c:c2:6e:9d:cb:
                    12:5d:19:7a:66:94:8f:f6:ab:a0:84:5f:47:ce:c0:
                    a7:95:81:3e:46:e8:89:bf:f5:9b:dd:9f:b5:1b:26:
                    fd:87:a7:65:52:1f:54:46:e7:8c:9c:02:5b:91:54:
                    22:d8:05:66:dd:ed:7f:44:09:5e:51:7e:09:5a:2d:
                    99:64:56:30:8a:bb:4b:58:79:9f:b3:dc:6b:15:a5:
                    34:fd:23:02:86:ea:6f:9b:eb:17:6c:34:28:90:55:
                    ce:2e:e5:b2:ec:27:fb:a7:91:d1:12:ac:43:78:d6:
                    12:c2:a8:19:0f:1e:ef:b6:b4:8a:48:3c:9d:d2:db:
                    ec:38:dc:cb:a9:16:25:41:98:1f:3c:49:3a:0b:eb:
                    71:ef:ba:c2:df:3f:cc:31:9b:6e:b3:19:3a:8f:cc:
                    17:3a:b6:d6:b4:82:02:93:48:13:50:e9:56:df:b3:
                    34:01:7f:15:0c:05:fa:e5:1e:77:f3:46:0e:3d:93:
                    8c:b1:f6:f9:b7:e4:29:b6:9c:51:20:54:1a:69:c8:
                    9d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:92:5F:A1:B6:8E:CD:06:A8:DE:B7:B9:5B:A3:7A:63:1A:0A:DE:79
            X509v3 Authority Key Identifier:
                keyid:E3:78:A9:4B:99:64:EA:5E:9F:8B:05:93:87:02:BA:58:31:6B:50:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/43ipS5lk6l6fiwWThwK6WDFrUA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/EpJfobaOzQao3re5W6N6YxoK3nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/43ipS5lk6l6fiwWThwK6WDFrUA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:6b:29:2e:37:af:c2:5b:d9:6f:1f:a8:ab:bf:dc:32:da:12:
         63:6f:6d:df:9d:d7:b4:31:87:fd:d2:0a:8f:95:dd:99:7c:14:
         1c:16:11:30:08:50:c2:15:ef:d1:73:c4:fa:ad:af:a2:4c:3b:
         dc:20:c4:5a:44:bd:b7:0d:81:24:8b:3a:4b:2c:5f:cb:b7:29:
         26:3a:bd:a4:54:7d:e7:34:d2:ab:88:d4:3f:2c:b4:a3:54:8a:
         22:05:0c:60:a3:f1:3f:a9:97:db:fb:b6:d3:97:06:26:f6:f6:
         ac:4e:fd:cb:6e:c6:20:e7:cc:ce:c6:40:5e:15:07:e5:ed:ff:
         8c:c7:f0:09:9a:0c:34:9b:9f:7d:82:d8:a7:40:8b:e2:11:0a:
         1f:3e:ed:6e:3b:f3:b5:cb:1a:63:14:81:1d:b6:86:4d:ee:42:
         ee:bd:24:5f:9c:65:11:e8:18:c4:1b:3b:54:87:b1:21:da:16:
         2b:e7:1e:80:e9:b5:68:a0:3b:99:88:71:a7:0c:ea:80:23:96:
         9e:3f:c8:73:ae:84:e0:50:d6:ef:bf:bc:f6:45:0f:84:57:c3:
         ae:2f:99:7b:ea:b2:60:ad:3c:2d:82:6f:6b:d9:2c:6b:f4:7c:
         50:10:e7:41:5d:ea:c4:cd:6d:d7:a5:f7:47:66:f8:86:7c:67:
         cd:5d:1b:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtyvO0s44eTM/tj5fJd/TGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNzhhOTRiOTk2NGVhNWU5ZjhiMDU5Mzg3MDJiYTU4MzE2
YjUwMGYwHhcNMjMwMTAxMTQ0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkyNWZhMWI2OGVjZDA2YThkZWI3Yjk1YmEzN2E2MzFhMGFkZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivSKksMAAgMb0pXVRAB6Fw6dTD0t
SRlBv3Z4z/XjVtdsQHl/YT+uzMSWObKm1CJuJEf7tlGKnMJuncsSXRl6ZpSP9qug
hF9HzsCnlYE+RuiJv/Wb3Z+1Gyb9h6dlUh9URueMnAJbkVQi2AVm3e1/RAleUX4J
Wi2ZZFYwirtLWHmfs9xrFaU0/SMChupvm+sXbDQokFXOLuWy7Cf7p5HREqxDeNYS
wqgZDx7vtrSKSDyd0tvsONzLqRYlQZgfPEk6C+tx77rC3z/MMZtusxk6j8wXOrbW
tIICk0gTUOlW37M0AX8VDAX65R5380YOPZOMsfb5t+QptpxRIFQaacidVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKSX6G2js0GqN63uVujemMaCt55MB8GA1UdIwQY
MBaAFON4qUuZZOpen4sFk4cCulgxa1APMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDNpcFM1bGs2bDZmaXdXVGh3SzZXREZyVUE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy82YTVlOGMtZDgzMS00MWUzLTg0ZTUt
ZjQyMTc2Y2QwNDQ1LzEvRXBKZm9iYU96UWFvM3JlNVc2TjZZeG9LM25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy82YTVlOGMtZDgzMS00MWUzLTg0ZTUtZjQyMTc2Y2QwNDQ1
LzEvNDNpcFM1bGs2bDZmaXdXVGh3SzZXREZyVUE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZNMMA0G
CSqGSIb3DQEBCwUAA4IBAQANaykuN6/CW9lvH6irv9wy2hJjb23fnde0MYf90gqP
ld2ZfBQcFhEwCFDCFe/Rc8T6ra+iTDvcIMRaRL23DYEkizpLLF/LtykmOr2kVH3n
NNKriNQ/LLSjVIoiBQxgo/E/qZfb+7bTlwYm9vasTv3LbsYg58zOxkBeFQfl7f+M
x/AJmgw0m599gtinQIviEQofPu1uO/O1yxpjFIEdtoZN7kLuvSRfnGUR6BjEGztU
h7Eh2hYr5x6A6bVooDuZiHGnDOqAI5aeP8hzroTgUNbvv7z2RQ+EV8OuL5l76rJg
rTwtgm9r2Sxr9HxQEOdBXerEzW3XpfdHZviGfGfNXRst
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:25 2024 by rpki-client on console-fra.rpki-client.org