Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CGmgcQAUE3Fcwb8skP5wmMja0is.roa
File:                     CGmgcQAUE3Fcwb8skP5wmMja0is.roa (raw, json)
Hash identifier:          o9MAMTpaRHCpFeKtYBeajnTxZ4elue58skktUU/gQQk=
Subject key identifier:   08:69:A0:71:00:14:13:71:5C:C1:BF:2C:90:FE:70:98:C8:DA:D2:2B
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018571A79E115E9472C5542550809507AB92
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CGmgcQAUE3Fcwb8skP5wmMja0is.roa
Signing time:             Mon 02 Jan 2023 08:44:48 +0000
ROA not before:           Mon 02 Jan 2023 08:44:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3561
IP address blocks:        45.10.12.0/22 maxlen: 22
                          45.95.88.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:a7:9e:11:5e:94:72:c5:54:25:50:80:95:07:ab:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  2 08:44:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0869a071001413715cc1bf2c90fe7098c8dad22b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e0:dd:ff:43:d4:ee:8d:c2:58:e6:ea:e0:d2:
                    3b:ef:53:05:4a:ad:12:f6:ca:2f:a0:e5:7f:17:39:
                    b4:f9:8e:0b:14:91:d5:75:1e:95:1b:3c:5a:b2:4f:
                    59:92:3f:bd:b7:69:5a:8c:88:e0:cd:50:44:0d:ae:
                    17:6f:4f:7e:0e:ea:ba:30:37:31:70:14:10:b2:45:
                    16:3e:ad:5e:c1:3a:54:4d:54:bc:4e:19:b6:52:d7:
                    51:0d:9f:f9:76:8e:e0:15:ee:95:6e:ee:65:b0:3a:
                    f2:a7:78:90:00:3d:91:9f:9d:fd:10:88:61:19:e7:
                    2a:1e:ae:f7:91:9b:51:4f:df:89:60:a7:2f:38:16:
                    be:4c:75:71:00:41:5e:63:ad:52:55:52:1b:72:91:
                    01:a8:ce:6b:8d:cb:1b:01:de:c5:55:b9:1d:ed:4c:
                    f6:28:7c:60:b4:d0:d8:7e:6d:d6:2d:c2:61:2a:d2:
                    f8:3b:f3:a2:94:36:ad:8a:13:4a:b9:3c:da:8b:ed:
                    25:0d:db:f1:08:50:f8:4e:55:84:fe:28:b4:ab:7a:
                    b6:42:37:ea:9d:d7:c7:a2:39:78:2a:f9:e1:f0:f2:
                    f5:ef:f4:c0:59:6e:90:20:8b:bb:d5:ee:06:8d:7f:
                    cf:61:fe:66:de:01:ac:4a:10:6c:53:fb:da:a7:7a:
                    3c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:69:A0:71:00:14:13:71:5C:C1:BF:2C:90:FE:70:98:C8:DA:D2:2B
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CGmgcQAUE3Fcwb8skP5wmMja0is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.12.0/22
                  45.95.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:a1:45:47:0c:c4:a5:fb:9a:9a:76:14:9b:20:83:1f:33:be:
         9e:31:f8:44:79:1c:7c:21:1e:ee:20:ef:13:50:80:97:23:34:
         25:1d:54:18:92:71:c9:5c:90:a7:ce:e7:49:52:85:54:1d:5d:
         20:57:18:29:2d:c6:87:e4:1f:f7:29:3d:de:4f:d1:ad:12:f4:
         6e:aa:8c:dd:2f:fa:eb:66:fc:ff:00:2b:2e:b2:ca:36:ca:9d:
         56:02:01:f5:9d:c2:e7:07:c3:b5:e7:63:59:ac:24:93:5f:83:
         fb:47:f5:44:b8:38:a9:0f:54:ff:ae:99:68:3a:77:dc:75:53:
         20:2f:f5:f1:19:fe:82:bf:87:bc:5b:20:44:55:02:9d:9f:56:
         47:58:f5:ed:db:64:c1:3c:5a:72:47:92:01:45:f0:d7:64:e0:
         83:ae:95:f2:c3:94:51:f9:e2:4b:1f:42:0f:48:ad:86:1c:5d:
         40:67:8a:70:eb:9a:a3:9d:45:5e:3e:2e:bc:e3:20:e2:d5:26:
         9d:1e:4f:39:c7:2d:7e:68:31:17:14:53:a0:d0:a5:1f:cc:84:
         39:69:b9:47:76:8d:1d:3b:94:52:4c:90:03:10:c1:72:b8:a2:
         a4:2c:ae:d3:18:9c:03:88:e9:a6:c1:66:9f:8e:84:97:61:be:
         45:ee:85:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxp54RXpRyxVQlUICVB6uSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwMTAyMDg0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODY5YTA3MTAwMTQxMzcxNWNjMWJmMmM5MGZlNzA5OGM4ZGFkMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+Dd/0PU7o3CWObq4NI771MFSq0S
9sovoOV/Fzm0+Y4LFJHVdR6VGzxask9Zkj+9t2lajIjgzVBEDa4Xb09+Duq6MDcx
cBQQskUWPq1ewTpUTVS8Thm2UtdRDZ/5do7gFe6Vbu5lsDryp3iQAD2Rn539EIhh
GecqHq73kZtRT9+JYKcvOBa+THVxAEFeY61SVVIbcpEBqM5rjcsbAd7FVbkd7Uz2
KHxgtNDYfm3WLcJhKtL4O/OilDatihNKuTzai+0lDdvxCFD4TlWE/ii0q3q2Qjfq
ndfHojl4Kvnh8PL17/TAWW6QIIu71e4GjX/PYf5m3gGsShBsU/vap3o8fQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAhpoHEAFBNxXMG/LJD+cJjI2tIrMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvQ0dtZ2NRQVVFM0Zjd2I4c2tQNXdtTWphMGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLQoMAwQC
LV9YMA0GCSqGSIb3DQEBCwUAA4IBAQAMoUVHDMSl+5qadhSbIIMfM76eMfhEeRx8
IR7uIO8TUICXIzQlHVQYknHJXJCnzudJUoVUHV0gVxgpLcaH5B/3KT3eT9GtEvRu
qozdL/rrZvz/ACsusso2yp1WAgH1ncLnB8O152NZrCSTX4P7R/VEuDipD1T/rplo
OnfcdVMgL/XxGf6Cv4e8WyBEVQKdn1ZHWPXt22TBPFpyR5IBRfDXZOCDrpXyw5RR
+eJLH0IPSK2GHF1AZ4pw65qjnUVePi684yDi1SadHk85xy1+aDEXFFOg0KUfzIQ5
ablHdo0dO5RSTJADEMFyuKKkLK7TGJwDiOmmwWafjoSXYb5F7oVi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org