Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/B69O5R2ruKuCmv3l6QQ4JUlWT2o.roa
File:                     B69O5R2ruKuCmv3l6QQ4JUlWT2o.roa (raw, json)
Hash identifier:          8gLQ30v58PONxBb+q4HYiAZ1r/dGeV/nMOuifOs+Yoc=
Subject key identifier:   07:AF:4E:E5:1D:AB:B8:AB:82:9A:FD:E5:E9:04:38:25:49:56:4F:6A
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB2BCED92CD4A114BC9ECD5FEB1BAA
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/B69O5R2ruKuCmv3l6QQ4JUlWT2o.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49443
IP address blocks:        80.94.80.0/23 maxlen: 23
                          62.182.100.0/23 maxlen: 23
                          45.86.19.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2b:ce:d9:2c:d4:a1:14:bc:9e:cd:5f:eb:1b:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07af4ee51dabb8ab829afde5e904382549564f6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4c:0a:80:2b:32:52:ed:18:36:bb:b4:bb:2f:
                    fa:0e:de:4b:81:dd:88:db:1c:cb:ab:ba:2b:34:4e:
                    b7:06:00:c7:dd:ac:6d:0c:09:5f:78:bc:ce:69:93:
                    44:62:81:7a:c8:d2:7e:7f:f8:88:be:31:6e:4f:1c:
                    f4:14:70:cd:30:92:de:f0:cd:f9:73:8f:de:de:b8:
                    3e:54:1d:31:56:5a:f3:31:e2:93:20:0a:62:5f:fa:
                    f1:91:68:a0:e9:8c:dc:d1:d6:5c:31:a7:1b:68:37:
                    42:cb:f1:02:d9:27:b1:36:41:64:f4:58:08:3d:d9:
                    59:24:65:63:3f:e8:c4:54:f5:01:c2:b1:87:e1:39:
                    ca:36:28:c2:a2:16:dd:09:62:41:10:5a:aa:87:ce:
                    a4:6f:31:c2:47:e4:11:14:77:ec:da:3a:8a:02:a4:
                    3a:1d:96:52:4c:b2:04:2e:3e:c8:16:f4:10:cb:e0:
                    ee:5f:64:9a:58:37:9e:b5:26:b4:cc:8a:7e:f0:17:
                    35:a3:91:fe:29:50:f3:94:b5:1b:c4:44:57:66:c0:
                    01:6a:43:cf:d1:48:eb:44:96:e5:b0:de:93:9f:6c:
                    1c:e9:dc:d6:73:ac:38:4e:92:fc:da:e5:c2:b9:6c:
                    16:8c:33:6b:3a:c0:bc:88:a2:8e:a5:87:01:ef:3c:
                    c7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:AF:4E:E5:1D:AB:B8:AB:82:9A:FD:E5:E9:04:38:25:49:56:4F:6A
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/B69O5R2ruKuCmv3l6QQ4JUlWT2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.19.0/24
                  62.182.100.0/23
                  80.94.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:34:92:a4:d5:9c:2b:5b:8b:66:9b:c4:7d:c8:9b:21:f4:4c:
         bc:a4:8b:bc:db:0c:2b:20:b1:4f:68:69:d5:17:9a:5f:97:fd:
         60:a5:a6:a2:f6:74:21:2d:2d:2e:a7:b3:de:75:08:7f:33:10:
         a6:c2:70:9d:69:01:f5:7f:12:1c:0d:3a:9e:1e:c6:ec:ba:63:
         8a:46:1f:4d:c1:33:4e:3e:bc:d6:77:b0:41:18:fc:47:f9:64:
         d2:19:ea:9a:df:7b:3a:80:3d:e2:40:68:7c:02:c2:55:b2:3f:
         ff:14:b6:3a:6f:43:f8:49:d0:07:e1:3b:03:e1:7e:46:1b:bd:
         a6:e2:8e:04:7d:ba:f8:a2:6d:1e:ec:04:86:61:09:57:a7:dd:
         aa:23:5c:bc:9f:eb:f1:7a:06:22:1a:8d:6c:d0:44:e0:70:b4:
         bb:9c:af:36:8b:ee:3b:39:03:ea:90:14:c1:bb:b5:de:cc:2e:
         48:11:36:f5:a0:1b:4e:6e:54:bc:30:51:cc:dc:59:58:0e:68:
         01:5c:3e:c3:30:17:bf:2b:13:c9:16:6e:23:a5:c7:b8:d6:55:
         4d:94:b8:80:28:f4:2a:a5:d0:55:90:f8:44:bf:f2:1d:06:69:
         fc:ce:39:3b:e5:26:18:d8:08:8f:20:52:70:70:79:47:a9:85:
         35:c7:e5:f0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2yvO2SzUoRS8ns1f6xuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2FmNGVlNTFkYWJiOGFiODI5YWZkZTVlOTA0MzgyNTQ5NTY0ZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0wKgCsyUu0YNru0uy/6Dt5Lgd2I
2xzLq7orNE63BgDH3axtDAlfeLzOaZNEYoF6yNJ+f/iIvjFuTxz0FHDNMJLe8M35
c4/e3rg+VB0xVlrzMeKTIApiX/rxkWig6Yzc0dZcMacbaDdCy/EC2SexNkFk9FgI
PdlZJGVjP+jEVPUBwrGH4TnKNijCohbdCWJBEFqqh86kbzHCR+QRFHfs2jqKAqQ6
HZZSTLIELj7IFvQQy+DuX2SaWDeetSa0zIp+8Bc1o5H+KVDzlLUbxERXZsABakPP
0UjrRJblsN6Tn2wc6dzWc6w4TpL82uXCuWwWjDNrOsC8iKKOpYcB7zzHuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAevTuUdq7irgpr95ekEOCVJVk9qMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvQjY5TzVSMnJ1S3VDbXYzbDZRUTRKVWxXVDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVYTAwQB
PrZkAwQBUF5QMA0GCSqGSIb3DQEBCwUAA4IBAQAnNJKk1ZwrW4tmm8R9yJsh9Ey8
pIu82wwrILFPaGnVF5pfl/1gpaai9nQhLS0up7PedQh/MxCmwnCdaQH1fxIcDTqe
HsbsumOKRh9NwTNOPrzWd7BBGPxH+WTSGeqa33s6gD3iQGh8AsJVsj//FLY6b0P4
SdAH4TsD4X5GG72m4o4Efbr4om0e7ASGYQlXp92qI1y8n+vxegYiGo1s0ETgcLS7
nK82i+47OQPqkBTBu7XezC5IETb1oBtOblS8MFHM3FlYDmgBXD7DMBe/KxPJFm4j
pce41lVNlLiAKPQqpdBVkPhEv/IdBmn8zjk75SYY2AiPIFJwcHlHqYU1x+Xw
-----END CERTIFICATE-----
Generated at Tue Jul 9 13:32:04 2024 by rpki-client on console-fra.rpki-client.org