Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/NETzx2f78_yEviA4INfiLiRcvy4.roa
File:                     NETzx2f78_yEviA4INfiLiRcvy4.roa (raw, json)
Hash identifier:          JLiF8JdyrX6pYWIbS1t6WJmcseQfwNOqKfTacOQptHs=
Subject key identifier:   34:44:F3:C7:67:FB:F3:FC:84:BE:20:38:20:D7:E2:2E:24:5C:BF:2E
Certificate issuer:       /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial:       018CCA2B57CB9501A8DF98BAB5DE57C0D525
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/NETzx2f78_yEviA4INfiLiRcvy4.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        45.93.14.0/24 maxlen: 24
                          45.93.15.0/24 maxlen: 24
                          45.93.12.0/24 maxlen: 24
                          193.187.97.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:57:cb:95:01:a8:df:98:ba:b5:de:57:c0:d5:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3444f3c767fbf3fc84be203820d7e22e245cbf2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:43:7c:10:11:da:97:7a:af:74:0e:b9:23:de:
                    48:fd:bc:7c:e8:47:b9:01:6a:5e:47:c4:8a:5c:ea:
                    18:db:6e:7e:ab:32:9f:20:42:4c:2e:6f:b0:e3:4b:
                    b3:9c:b3:18:2f:53:41:1a:c0:30:09:1e:86:c8:1f:
                    60:3b:f1:bd:d8:f1:27:35:91:ef:d8:28:76:d9:d3:
                    4b:6e:b9:a3:91:3d:75:12:05:ef:e4:ba:23:6a:fe:
                    56:88:66:3c:fa:60:59:6d:90:98:04:ad:fe:c8:dd:
                    2c:7e:97:f0:49:4b:cd:59:90:9a:b3:df:c1:b2:31:
                    45:6a:49:8e:75:d3:0a:5c:6b:ab:f7:68:55:ad:d7:
                    70:0b:8a:cf:75:9f:0d:25:03:ff:eb:a3:ac:4b:36:
                    d4:f7:e0:18:04:9f:73:3d:b9:59:7f:ce:08:cf:5f:
                    24:e2:8d:e5:2b:8e:46:c7:6b:d3:64:7a:51:e9:4f:
                    e8:29:98:54:fc:53:b8:58:fb:0f:4a:07:ac:9d:49:
                    62:07:de:4c:c3:fc:4d:ae:82:a6:13:8f:31:bc:b7:
                    ad:77:e8:60:6a:a5:da:e7:e8:0b:48:2d:8b:e1:4a:
                    7a:0c:9b:00:a2:c8:66:14:5d:d8:84:dd:ae:c1:1b:
                    0a:d4:0e:65:32:4a:4e:11:8c:27:5c:04:6f:37:84:
                    ed:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:44:F3:C7:67:FB:F3:FC:84:BE:20:38:20:D7:E2:2E:24:5C:BF:2E
            X509v3 Authority Key Identifier:
                keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/NETzx2f78_yEviA4INfiLiRcvy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.12.0/24
                  45.93.14.0/23
                  193.187.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:37:02:af:49:55:5c:6c:9f:32:33:75:da:7f:cb:57:60:d6:
         16:ef:53:b2:32:d9:21:a1:8d:ab:dc:5a:39:cd:fe:8c:ab:c9:
         07:c6:39:57:0d:01:38:87:ec:8b:8b:52:b2:d7:99:ba:9a:4e:
         d2:1b:f2:9b:c6:4c:a2:92:dd:01:79:c3:91:ea:15:07:3a:d1:
         9f:2b:3c:d1:f2:06:f9:e6:71:31:20:0f:09:21:c8:34:35:6b:
         6d:7f:cd:46:8c:fa:98:f3:04:de:1f:5e:38:5c:9c:55:68:af:
         33:11:87:82:cc:99:2d:e1:56:e5:da:55:09:02:c6:f0:90:73:
         3f:26:76:23:e3:f6:b8:a3:a7:d5:e3:c4:0b:5d:3a:ca:b7:4a:
         57:4c:36:24:02:f3:87:5f:de:67:4c:99:37:5a:72:da:21:a4:
         2d:9f:76:b4:96:a8:58:98:2d:97:3a:9f:b0:b1:6e:ce:51:2e:
         eb:40:75:2e:36:20:9e:6b:38:57:80:df:e2:7e:a2:71:6e:e0:
         20:1f:5d:cf:6a:92:77:88:4a:08:09:38:21:17:6c:a1:39:b2:
         67:5b:fb:6a:e6:a4:fe:2b:ff:b9:3d:9b:84:2d:89:95:34:c0:
         b7:2d:56:4f:39:89:46:73:f7:60:60:f5:cd:f6:47:e7:e9:d1:
         d9:94:67:04
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKK1fLlQGo35i6td5XwNUlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ0ZjNjNzY3ZmJmM2ZjODRiZTIwMzgyMGQ3ZTIyZTI0NWNiZjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0N8EBHal3qvdA65I95I/bx86Ee5
AWpeR8SKXOoY225+qzKfIEJMLm+w40uznLMYL1NBGsAwCR6GyB9gO/G92PEnNZHv
2Ch22dNLbrmjkT11EgXv5Lojav5WiGY8+mBZbZCYBK3+yN0sfpfwSUvNWZCas9/B
sjFFakmOddMKXGur92hVrddwC4rPdZ8NJQP/66OsSzbU9+AYBJ9zPblZf84Iz18k
4o3lK45Gx2vTZHpR6U/oKZhU/FO4WPsPSgesnUliB95Mw/xNroKmE48xvLetd+hg
aqXa5+gLSC2L4Up6DJsAoshmFF3YhN2uwRsK1A5lMkpOEYwnXARvN4TtCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDRE88dn+/P8hL4gOCDX4i4kXL8uMB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEvTkVUengyZjc4X3lFdmlBNElOZmlMaVJjdnk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALV0MAwQB
LV0OAwQAwbthMA0GCSqGSIb3DQEBCwUAA4IBAQBnNwKvSVVcbJ8yM3Xaf8tXYNYW
71OyMtkhoY2r3Fo5zf6Mq8kHxjlXDQE4h+yLi1Ky15m6mk7SG/Kbxkyikt0BecOR
6hUHOtGfKzzR8gb55nExIA8JIcg0NWttf81GjPqY8wTeH144XJxVaK8zEYeCzJkt
4Vbl2lUJAsbwkHM/JnYj4/a4o6fV48QLXTrKt0pXTDYkAvOHX95nTJk3WnLaIaQt
n3a0lqhYmC2XOp+wsW7OUS7rQHUuNiCeazhXgN/ifqJxbuAgH13PapJ3iEoICTgh
F2yhObJnW/tq5qT+K/+5PZuELYmVNMC3LVZPOYlGc/dgYPXN9kfn6dHZlGcE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:03 2024 by rpki-client on console-fra.rpki-client.org