Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_RWge2GVc9Zr4QzvH7Sa9TWhD4M.roa
File:                     _RWge2GVc9Zr4QzvH7Sa9TWhD4M.roa (raw, json)
Hash identifier:          vPbexKwewX9wUBjOvGfdJoH5gJXFNy879fROKqGQLm8=
Subject key identifier:   FD:15:A0:7B:61:95:73:D6:6B:E1:0C:EF:1F:B4:9A:F5:35:A1:0F:83
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3AC54309CBF62D4047EEFE597C8D
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_RWge2GVc9Zr4QzvH7Sa9TWhD4M.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209396
IP address blocks:        2.58.60.0/22 maxlen: 22
                          45.151.196.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3a:c5:43:09:cb:f6:2d:40:47:ee:fe:59:7c:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd15a07b619573d66be10cef1fb49af535a10f83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:58:07:09:fb:37:21:86:fa:7b:27:0e:76:b8:
                    ce:d2:d8:04:90:b8:65:21:4a:69:07:e7:c5:f8:e1:
                    63:b3:f5:a0:4c:fc:1b:14:53:0a:01:33:cb:22:60:
                    e5:7d:bc:ad:14:fc:1c:4f:0d:3e:87:56:31:aa:40:
                    a9:90:f7:e2:c6:20:f6:5e:c9:13:43:4d:be:d0:83:
                    48:4c:f5:7b:86:62:4f:e2:a5:a6:4c:34:c9:3a:8a:
                    3b:82:1f:44:0a:6f:c9:a8:29:8e:8c:24:3e:86:ad:
                    16:13:05:c3:4f:24:a3:cc:0b:a1:69:cd:be:a1:25:
                    0f:87:a4:b3:db:e7:cc:52:a3:3d:2d:f1:6a:63:73:
                    a8:15:94:f9:95:61:4e:37:35:5d:0e:9b:ea:e7:a1:
                    46:62:e2:bd:1f:d5:4d:45:b7:46:b5:7d:f4:e4:78:
                    7e:48:1b:98:ac:85:12:35:24:31:93:3d:9a:31:ce:
                    8c:0f:44:0e:82:07:41:88:60:97:db:6e:21:26:5a:
                    d7:72:53:30:83:f8:7e:41:15:a0:41:b5:e8:44:5a:
                    3c:d9:4c:88:3e:41:9c:c7:d1:3b:bf:0f:e4:78:d9:
                    d2:14:89:03:de:d3:3c:d1:3a:c9:24:49:6d:33:fa:
                    30:d2:3a:91:86:49:b3:db:32:c0:ae:59:e3:2b:6e:
                    25:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:15:A0:7B:61:95:73:D6:6B:E1:0C:EF:1F:B4:9A:F5:35:A1:0F:83
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_RWge2GVc9Zr4QzvH7Sa9TWhD4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.60.0/22
                  45.151.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:02:ad:a5:df:7b:54:55:0f:3e:50:8b:bf:c9:96:ca:b0:a0:
         9d:b6:66:8d:e4:1e:4b:ee:6e:8d:84:96:f6:5d:d2:ef:97:5b:
         f1:1d:c3:24:ad:15:71:d6:83:a1:6e:2e:c5:7c:3a:dc:23:9c:
         1c:14:90:3c:38:31:01:4f:81:80:ed:36:cc:9c:13:0a:89:d2:
         4e:62:9b:fb:47:48:df:a7:d9:57:bc:49:51:64:06:2c:7e:3e:
         e8:b3:1d:f4:ac:88:e6:33:09:19:32:66:b2:97:37:62:9c:ce:
         49:b8:2d:1a:85:ea:4b:6c:93:f9:8d:61:fd:07:91:5c:4f:bb:
         c9:44:3a:ce:47:63:c7:c9:27:02:a9:5e:cc:b3:b8:93:17:4c:
         e7:68:a5:1f:d9:8d:c3:15:17:b1:ae:04:6b:20:14:27:de:d2:
         2b:6c:f5:e1:f8:0f:b6:6a:7d:42:25:e2:04:43:df:37:a3:b2:
         b4:a4:04:ac:38:f1:83:22:51:32:38:13:9f:fa:83:15:b1:00:
         d6:a7:31:2b:eb:77:d4:c7:c4:50:6c:d2:e1:84:e2:6e:ad:3f:
         28:c8:60:b4:8b:87:7a:ec:2e:bc:61:2e:8f:b3:a9:e6:ce:d7:
         8c:e3:bc:9a:f0:81:32:32:cf:8e:bf:7b:98:f9:87:b6:d2:fe:
         ad:d0:6f:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2zrFQwnL9i1AR+7+WXyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDE1YTA3YjYxOTU3M2Q2NmJlMTBjZWYxZmI0OWFmNTM1YTEwZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFgHCfs3IYb6eycOdrjO0tgEkLhl
IUppB+fF+OFjs/WgTPwbFFMKATPLImDlfbytFPwcTw0+h1YxqkCpkPfixiD2XskT
Q02+0INITPV7hmJP4qWmTDTJOoo7gh9ECm/JqCmOjCQ+hq0WEwXDTySjzAuhac2+
oSUPh6Sz2+fMUqM9LfFqY3OoFZT5lWFONzVdDpvq56FGYuK9H9VNRbdGtX305Hh+
SBuYrIUSNSQxkz2aMc6MD0QOggdBiGCX224hJlrXclMwg/h+QRWgQbXoRFo82UyI
PkGcx9E7vw/keNnSFIkD3tM80TrJJEltM/ow0jqRhkmz2zLArlnjK24lfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP0VoHthlXPWa+EM7x+0mvU1oQ+DMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvX1JXZ2UyR1ZjOVpyNFF6dkg3U2E5VFdoRDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjo8AwQC
LZfEMA0GCSqGSIb3DQEBCwUAA4IBAQBqAq2l33tUVQ8+UIu/yZbKsKCdtmaN5B5L
7m6NhJb2XdLvl1vxHcMkrRVx1oOhbi7FfDrcI5wcFJA8ODEBT4GA7TbMnBMKidJO
Ypv7R0jfp9lXvElRZAYsfj7osx30rIjmMwkZMmaylzdinM5JuC0ahepLbJP5jWH9
B5FcT7vJRDrOR2PHyScCqV7Ms7iTF0znaKUf2Y3DFRexrgRrIBQn3tIrbPXh+A+2
an1CJeIEQ983o7K0pASsOPGDIlEyOBOf+oMVsQDWpzEr63fUx8RQbNLhhOJurT8o
yGC0i4d67C68YS6Ps6nmzteM47ya8IEyMs+Ov3uY+Ye20v6t0G+n
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org