Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uJGgY17ORrPhEqboabXwT3Df9TQ.roa
File:                     uJGgY17ORrPhEqboabXwT3Df9TQ.roa (raw, json)
Hash identifier:          3KPiRcBFdrz4P9zNrLuvffBrede3zwbvmjBpMJ87RIE=
Subject key identifier:   B8:91:A0:63:5E:CE:46:B3:E1:12:A6:E8:69:B5:F0:4F:70:DF:F5:34
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018216660E9543CDF55C3E88747924A30D08
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uJGgY17ORrPhEqboabXwT3Df9TQ.roa
Signing time:             Tue 19 Jul 2022 12:19:23 +0000
ROA not before:           Tue 19 Jul 2022 12:19:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     996
IP address blocks:        45.145.40.0/22 maxlen: 22
                          45.15.244.0/22 maxlen: 22
                          2.59.204.0/22 maxlen: 22
                          185.115.92.0/22 maxlen: 22
                          45.86.20.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:16:66:0e:95:43:cd:f5:5c:3e:88:74:79:24:a3:0d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul 19 12:19:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b891a0635ece46b3e112a6e869b5f04f70dff534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4e:d1:de:c5:f3:74:89:60:dd:bc:61:c0:02:
                    76:10:d5:27:5b:2f:05:a1:b1:3a:29:95:59:69:55:
                    07:81:ab:9e:b9:1f:de:19:09:78:7c:ac:6a:bc:b7:
                    f5:8e:bb:47:cc:62:32:77:c6:fd:72:e1:e7:af:02:
                    10:b5:55:e0:e8:51:e9:5a:26:30:82:ff:90:6d:9a:
                    97:e5:d9:b8:1d:01:70:08:da:9d:6c:59:1b:15:3d:
                    e7:10:b4:f6:e6:e0:d1:84:35:10:46:51:34:ba:09:
                    d6:5b:03:fd:62:07:c9:e1:3a:0f:5b:a3:eb:86:99:
                    4b:f6:cb:cb:3e:72:70:f8:4a:75:a2:b6:f3:5a:6c:
                    2b:d4:34:c4:02:76:a8:9b:3a:16:15:23:f9:2c:cf:
                    55:7b:2d:5e:23:5f:fe:f5:fa:f9:26:9f:99:39:43:
                    81:31:47:a7:00:2d:47:7f:b4:ed:ee:f9:2b:4a:39:
                    c1:80:21:1c:e6:57:a4:11:78:b4:90:6b:e4:a4:51:
                    d4:f5:e0:7b:0e:1b:e2:4a:b4:21:54:f1:2a:0d:f8:
                    a1:17:4d:41:40:a8:ff:5f:44:10:4c:ec:70:97:5c:
                    12:0a:b1:a4:fa:28:87:6a:55:b2:ed:f7:c0:63:29:
                    3b:57:31:ab:12:45:8b:a1:dc:71:b8:4d:c9:ef:97:
                    23:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:91:A0:63:5E:CE:46:B3:E1:12:A6:E8:69:B5:F0:4F:70:DF:F5:34
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/uJGgY17ORrPhEqboabXwT3Df9TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.204.0/22
                  45.15.244.0/22
                  45.86.20.0/22
                  45.145.40.0/22
                  185.115.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:ee:94:34:fb:ba:ed:c8:1e:ec:45:d7:75:b7:d8:73:61:d7:
         6e:74:3d:85:aa:b8:ca:cd:17:6c:66:44:e5:85:e0:87:e7:39:
         60:02:fc:6f:b5:3d:71:55:0c:65:69:f3:56:48:ef:c8:98:7a:
         d2:af:22:44:22:a6:86:c9:db:24:8a:41:71:09:d3:58:0d:72:
         18:4a:b1:41:44:39:02:c9:2d:32:0f:c4:87:fd:55:2a:da:dd:
         c6:a4:04:21:6c:67:8a:3e:72:66:10:2b:f9:9c:4b:fd:c3:ae:
         f6:d7:61:68:3d:39:6a:52:f2:1a:dc:c0:2f:30:95:30:09:4a:
         dc:c5:38:13:76:c0:c5:51:29:2a:75:7b:db:6d:f8:06:bf:48:
         8d:b7:43:ba:4b:28:3a:2c:95:92:e3:46:28:1a:56:8e:c3:b2:
         44:90:21:d9:f7:fa:04:6c:1c:20:a0:6c:02:fe:57:db:f8:51:
         13:ed:13:20:02:87:74:38:91:74:e2:41:a0:33:ae:8f:cf:65:
         71:07:95:d8:04:21:12:aa:bc:9e:07:7e:d5:d4:b4:7e:96:19:
         87:1c:da:d6:e4:55:ff:c3:7f:6f:3c:0d:54:cb:d2:91:4d:dd:
         de:e2:4e:09:7a:f9:69:92:a4:e7:94:fc:ab:2b:3d:4e:33:4e:
         65:f9:74:f7
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYIWZg6VQ831XD6IdHkkow0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIwNzE5MTIxOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODkxYTA2MzVlY2U0NmIzZTExMmE2ZTg2OWI1ZjA0ZjcwZGZmNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhU7R3sXzdIlg3bxhwAJ2ENUnWy8F
obE6KZVZaVUHgaueuR/eGQl4fKxqvLf1jrtHzGIyd8b9cuHnrwIQtVXg6FHpWiYw
gv+QbZqX5dm4HQFwCNqdbFkbFT3nELT25uDRhDUQRlE0ugnWWwP9YgfJ4ToPW6Pr
hplL9svLPnJw+Ep1orbzWmwr1DTEAnaomzoWFSP5LM9Vey1eI1/+9fr5Jp+ZOUOB
MUenAC1Hf7Tt7vkrSjnBgCEc5lekEXi0kGvkpFHU9eB7DhviSrQhVPEqDfihF01B
QKj/X0QQTOxwl1wSCrGk+iiHalWy7ffAYyk7VzGrEkWLodxxuE3J75cj2wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLiRoGNezkaz4RKm6Gm18E9w3/U0MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvdUpHZ1kxN09SclBoRXFib2FiWHdUM0RmOVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCAjvMAwQC
LQ/0AwQCLVYUAwQCLZEoAwQCuXNcMA0GCSqGSIb3DQEBCwUAA4IBAQAd7pQ0+7rt
yB7sRdd1t9hzYddudD2FqrjKzRdsZkTlheCH5zlgAvxvtT1xVQxlafNWSO/ImHrS
ryJEIqaGydskikFxCdNYDXIYSrFBRDkCyS0yD8SH/VUq2t3GpAQhbGeKPnJmECv5
nEv9w67212FoPTlqUvIa3MAvMJUwCUrcxTgTdsDFUSkqdXvbbfgGv0iNt0O6Syg6
LJWS40YoGlaOw7JEkCHZ9/oEbBwgoGwC/lfb+FET7RMgAod0OJF04kGgM66Pz2Vx
B5XYBCESqryeB37V1LR+lhmHHNrW5FX/w39vPA1Uy9KRTd3e4k4JevlpkqTnlPyr
Kz1OM05l+XT3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:27 2024 by rpki-client on console-ams.rpki-client.org