Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/5pA8YZ6PE6AJ0wN-WtbW6PEwStI.roa
File:                     5pA8YZ6PE6AJ0wN-WtbW6PEwStI.roa (raw, json)
Hash identifier:          3BHBNPtFwBxghCNZJSotL5UnIxtyeZjxzAma/fIraVA=
Subject key identifier:   E6:90:3C:61:9E:8F:13:A0:09:D3:03:7E:5A:D6:D6:E8:F1:30:4A:D2
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0183B7FAACFB776F7CC81B45549B4D22F0AF
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/5pA8YZ6PE6AJ0wN-WtbW6PEwStI.roa
Signing time:             Sat 08 Oct 2022 14:23:21 +0000
ROA not before:           Sat 08 Oct 2022 14:23:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209396
IP address blocks:        2.58.60.0/22 maxlen: 22
                          45.151.196.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b7:fa:ac:fb:77:6f:7c:c8:1b:45:54:9b:4d:22:f0:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Oct  8 14:23:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e6903c619e8f13a009d3037e5ad6d6e8f1304ad2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:db:f7:46:ac:89:6e:a1:cd:a7:44:87:b3:ec:
                    2f:4c:80:b1:70:8c:e1:70:97:f6:73:93:89:45:87:
                    1b:75:de:58:3a:73:89:2d:d2:c2:fa:63:a4:6f:db:
                    6c:f3:49:25:f7:63:4b:41:6e:c9:02:c6:18:95:c6:
                    fa:dc:a3:f7:91:ba:28:3e:e3:68:28:58:f5:d7:6f:
                    80:12:bd:29:53:00:00:b6:2a:34:5a:7a:ad:a4:cc:
                    a9:e2:cc:12:33:38:9e:5f:13:46:26:dc:6a:89:83:
                    ef:bf:53:e2:83:39:2c:58:e3:c0:93:f0:7b:54:88:
                    8c:47:e6:2e:94:20:92:40:50:47:24:33:c9:ae:33:
                    36:d8:d4:a4:aa:ad:71:93:f8:c4:7b:3d:d7:4b:4f:
                    12:3c:ed:c8:ad:85:35:3a:38:60:0e:60:39:8f:86:
                    36:80:ea:97:c5:e7:c0:6e:19:61:f8:da:a6:17:84:
                    85:c3:c0:37:31:e0:01:d5:fd:76:e8:2a:f4:b3:cc:
                    c5:9b:e0:77:0d:47:f6:de:62:56:ba:ef:74:34:f0:
                    50:78:64:fb:28:d0:de:80:13:0a:43:fd:f7:73:1c:
                    63:f2:bd:36:2a:7d:1a:37:f9:19:59:2d:3c:50:d6:
                    dd:82:c6:b8:44:12:eb:ac:f9:f9:67:87:d0:a5:7d:
                    84:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:90:3C:61:9E:8F:13:A0:09:D3:03:7E:5A:D6:D6:E8:F1:30:4A:D2
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/5pA8YZ6PE6AJ0wN-WtbW6PEwStI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.60.0/22
                  45.151.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:b8:07:55:ec:1e:c6:2d:c3:40:fa:c5:bc:00:14:54:55:8f:
         62:c8:1d:da:04:07:e4:b7:b0:d7:4d:2d:97:7a:da:90:99:b0:
         d5:1d:ce:3c:d4:90:a1:af:26:ec:5d:75:d3:9f:83:a6:a1:f0:
         25:eb:34:54:70:bf:5e:ed:ac:26:73:a3:a7:56:6a:c7:a7:fd:
         d2:43:ee:be:44:7f:51:34:fc:63:33:bf:ea:3f:95:d5:6d:a4:
         d9:fb:e9:ff:a6:4e:47:7e:40:dc:bc:45:18:a9:e9:19:d0:1a:
         17:6a:64:b2:77:c0:f6:1b:df:08:ec:37:1d:28:44:6f:ba:93:
         d8:1a:85:2c:7e:27:8b:87:02:eb:ef:02:38:85:bb:68:30:86:
         96:41:fe:c6:99:35:31:7a:90:1c:a4:a6:78:4b:22:7a:f9:50:
         ff:b4:59:01:b5:d5:d7:b4:cc:fe:7f:e3:a1:5f:b4:9b:1a:9b:
         80:e9:12:98:7f:77:78:a7:c2:2a:62:3b:01:f6:be:e8:a0:7b:
         29:80:a6:90:a8:8b:cb:b9:dc:44:40:b6:87:e8:b4:1c:34:47:
         31:ec:8f:42:32:aa:5c:36:74:2b:95:94:f8:d2:f4:8c:2e:07:
         af:87:f2:25:b4:c3:aa:60:91:48:ae:86:16:63:19:ed:14:73:
         ad:fb:a8:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYO3+qz7d298yBtFVJtNIvCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMDA4MTQyMzIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjkwM2M2MTllOGYxM2EwMDlkMzAzN2U1YWQ2ZDZlOGYxMzA0YWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNv3RqyJbqHNp0SHs+wvTICxcIzh
cJf2c5OJRYcbdd5YOnOJLdLC+mOkb9ts80kl92NLQW7JAsYYlcb63KP3kbooPuNo
KFj112+AEr0pUwAAtio0WnqtpMyp4swSMzieXxNGJtxqiYPvv1PigzksWOPAk/B7
VIiMR+YulCCSQFBHJDPJrjM22NSkqq1xk/jEez3XS08SPO3IrYU1OjhgDmA5j4Y2
gOqXxefAbhlh+NqmF4SFw8A3MeAB1f126Cr0s8zFm+B3DUf23mJWuu90NPBQeGT7
KNDegBMKQ/33cxxj8r02Kn0aN/kZWS08UNbdgsa4RBLrrPn5Z4fQpX2EewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOaQPGGejxOgCdMDflrW1ujxMErSMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvNXBBOFlaNlBFNkFKMHdOLVd0Ylc2UEV3U3RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjo8AwQC
LZfEMA0GCSqGSIb3DQEBCwUAA4IBAQBVuAdV7B7GLcNA+sW8ABRUVY9iyB3aBAfk
t7DXTS2XetqQmbDVHc481JChrybsXXXTn4OmofAl6zRUcL9e7awmc6OnVmrHp/3S
Q+6+RH9RNPxjM7/qP5XVbaTZ++n/pk5HfkDcvEUYqekZ0BoXamSyd8D2G98I7Dcd
KERvupPYGoUsfieLhwLr7wI4hbtoMIaWQf7GmTUxepAcpKZ4SyJ6+VD/tFkBtdXX
tMz+f+OhX7SbGpuA6RKYf3d4p8IqYjsB9r7ooHspgKaQqIvLudxEQLaH6LQcNEcx
7I9CMqpcNnQrlZT40vSMLgevh/IltMOqYJFIroYWYxntFHOt+6gQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org