Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CQ9fNXO0MLuBtd3cg5Ztfmt5SZs.roa
File:                     CQ9fNXO0MLuBtd3cg5Ztfmt5SZs.roa (raw, json)
Hash identifier:          HVUVzm3deSRn7HmOA2NZ9jwigjAKVLkWx9Hr9kDUcVI=
Subject key identifier:   09:0F:5F:35:73:B4:30:BB:81:B5:DD:DC:83:96:6D:7E:6B:79:49:9B
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       1575E2E0
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CQ9fNXO0MLuBtd3cg5Ztfmt5SZs.roa
Signing time:             Tue 21 Jun 2022 17:05:05 +0000
ROA not before:           Tue 21 Jun 2022 17:05:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     19120
IP address blocks:        5.180.4.0/22 maxlen: 22
                          45.145.40.0/22 maxlen: 22
                          185.115.92.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 360047328 (0x1575e2e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jun 21 17:05:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=090f5f3573b430bb81b5dddc83966d7e6b79499b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:30:93:92:a5:f4:b0:bf:37:0e:55:a3:a5:a3:
                    4e:f5:ef:4d:49:5b:03:e1:de:11:57:4d:6e:b2:2b:
                    80:e6:2f:25:83:f8:21:19:f2:d5:34:1c:4f:14:7b:
                    64:9c:df:20:13:eb:b9:23:9c:48:7b:4f:80:db:7a:
                    d3:ea:55:34:20:89:01:c0:b0:fb:e9:87:bd:2e:7a:
                    29:55:06:34:e1:8e:3a:cd:7a:4f:bb:94:c5:0a:0f:
                    e4:5c:3d:7a:12:38:6f:97:56:48:44:1a:3e:d0:cc:
                    46:fe:f7:33:4d:0d:a7:6a:91:c8:d0:01:c9:92:0b:
                    cd:d5:62:aa:6a:df:3c:2a:0f:20:c5:42:f5:80:f4:
                    ef:b5:f4:bf:b7:a6:c1:67:0b:7e:6d:af:ca:44:bb:
                    13:bd:be:c9:6e:1d:fd:84:25:f5:b7:b0:81:e2:fa:
                    8b:1c:fd:c0:de:fb:cd:63:a6:80:c0:63:48:e2:29:
                    7d:10:3a:33:b0:3c:7b:77:db:f9:93:90:3e:a8:b0:
                    45:4d:95:1c:2a:98:85:e4:fd:08:b9:b8:08:06:84:
                    d9:b8:df:ac:5e:dc:e6:f4:30:f2:8e:df:0d:c4:88:
                    b1:13:5c:a7:a1:00:32:2e:fd:3d:2d:20:c9:5f:99:
                    05:2b:3b:db:20:89:cf:17:28:58:fd:e2:cc:84:d8:
                    8d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0F:5F:35:73:B4:30:BB:81:B5:DD:DC:83:96:6D:7E:6B:79:49:9B
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CQ9fNXO0MLuBtd3cg5Ztfmt5SZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.4.0/22
                  45.145.40.0/22
                  185.115.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:18:21:0a:89:4e:73:a8:c9:b1:d6:e0:ef:10:34:5f:19:a9:
         6a:a9:b8:53:0d:48:de:c5:46:60:41:8d:99:31:2b:67:f2:1c:
         07:61:b0:a6:d8:1a:4e:f4:99:ac:41:72:7e:14:54:03:74:f9:
         a2:55:10:e7:bc:80:ed:cc:25:4e:a1:4a:2c:43:5c:d7:f2:fc:
         36:a4:84:ac:b6:49:b7:b0:c8:10:f6:11:a4:a5:30:42:7f:4c:
         58:25:ae:40:3c:f0:55:09:3d:e2:ed:93:af:1d:b2:7d:0b:cc:
         2f:70:81:e9:c7:09:78:29:c0:43:dd:cf:6d:37:30:d8:45:3d:
         2e:78:dc:96:93:aa:ee:a5:3e:65:84:8b:09:69:25:90:b5:aa:
         20:ab:61:60:83:99:dd:be:41:93:ee:de:5e:f9:2c:9d:03:3a:
         1b:d1:41:6e:e4:c7:eb:7f:c8:ac:79:07:dc:60:fc:3f:82:62:
         c8:a3:8a:0b:b6:0f:82:08:27:5f:ca:63:e2:42:b3:dd:d2:cb:
         13:7d:8f:4b:16:07:e9:fe:5f:23:3f:2d:77:68:1a:1b:18:e5:
         e9:59:5d:0f:5e:42:3e:54:7e:70:6f:3c:fd:e3:46:d1:3f:64:
         72:06:ef:83:f3:93:55:e8:8f:d7:e0:9e:a1:b8:0a:af:fe:93:
         78:b2:de:69
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEFXXi4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YmFiMzA2ODM4NTllYzdlMDIwNmZlOTI2NTM2M2U4ZTM5NzFhOWE4MB4XDTIyMDYy
MTE3MDUwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDkwZjVmMzU3M2I0
MzBiYjgxYjVkZGRjODM5NjZkN2U2Yjc5NDk5YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANgwk5Kl9LC/Nw5Vo6WjTvXvTUlbA+HeEVdNbrIrgOYvJYP4
IRny1TQcTxR7ZJzfIBPruSOcSHtPgNt60+pVNCCJAcCw++mHvS56KVUGNOGOOs16
T7uUxQoP5Fw9ehI4b5dWSEQaPtDMRv73M00Np2qRyNAByZILzdViqmrfPCoPIMVC
9YD077X0v7emwWcLfm2vykS7E72+yW4d/YQl9bewgeL6ixz9wN77zWOmgMBjSOIp
fRA6M7A8e3fb+ZOQPqiwRU2VHCqYheT9CLm4CAaE2bjfrF7c5vQw8o7fDcSIsRNc
p6EAMi79PS0gyV+ZBSs72yCJzxcoWP3izITYjYECAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBQJD181c7Qwu4G13dyDlm1+a3lJmzAfBgNVHSMEGDAWgBSLqzBoOFnsfgIG
/pJlNj6OOXGpqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8x
L0NROWZOWE8wTUx1QnRkM2NnNVp0Zm10NVNacy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
ODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8xL2k2c3dhRGhaN0g0
Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAgW0BAMEAi2RKAMEArlzXDANBgkq
hkiG9w0BAQsFAAOCAQEAohghColOc6jJsdbg7xA0Xxmpaqm4Uw1I3sVGYEGNmTEr
Z/IcB2GwptgaTvSZrEFyfhRUA3T5olUQ57yA7cwlTqFKLENc1/L8NqSErLZJt7DI
EPYRpKUwQn9MWCWuQDzwVQk94u2Trx2yfQvML3CB6ccJeCnAQ93PbTcw2EU9Lnjc
lpOq7qU+ZYSLCWklkLWqIKthYIOZ3b5Bk+7eXvksnQM6G9FBbuTH63/IrHkH3GD8
P4JiyKOKC7YPgggnX8pj4kKz3dLLE32PSxYH6f5fIz8td2gaGxjl6VldD15CPlR+
cG88/eNG0T9kcgbvg/OTVeiP1+CeobgKr/6TeLLeaQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org