Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/GIGKjziDt5Ytv_SU5u1TragKmOQ.roa
File:                     GIGKjziDt5Ytv_SU5u1TragKmOQ.roa (raw, json)
Hash identifier:          Q7r9Ul0/tod3d8o6oYcAD2tFYpdhCooqiRHS6AQATw8=
Subject key identifier:   18:81:8A:8F:38:83:B7:96:2D:BF:F4:94:E6:ED:53:AD:A8:0A:98:E4
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       0183130E8BDC841F6EEB0EF6BF77ED1528A2
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/GIGKjziDt5Ytv_SU5u1TragKmOQ.roa
Signing time:             Tue 06 Sep 2022 13:47:43 +0000
ROA not before:           Tue 06 Sep 2022 13:47:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22773
IP address blocks:        45.144.56.0/22 maxlen: 22
                          45.146.8.0/22 maxlen: 22
                          45.144.160.0/22 maxlen: 22
                          45.150.128.0/22 maxlen: 22
                          2a11:6980::/29 maxlen: 29
                          2a12:5780::/29 maxlen: 29
                          2a11:f980::/29 maxlen: 29
                          2a11:9080::/29 maxlen: 29
                          2a11:df80::/29 maxlen: 29
                          2a11:fa80::/29 maxlen: 29
                          2a11:9180::/29 maxlen: 29
                          2a11:6780::/29 maxlen: 29
                          2a11:6880::/29 maxlen: 29
                          2a11:9280::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:13:0e:8b:dc:84:1f:6e:eb:0e:f6:bf:77:ed:15:28:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Sep  6 13:47:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=18818a8f3883b7962dbff494e6ed53ada80a98e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5f:a1:20:3a:af:86:26:ab:4d:85:86:5e:d3:
                    08:b2:b9:73:95:be:79:c3:2a:c1:f1:f7:74:87:bb:
                    07:4c:de:df:5f:84:e4:31:67:1f:74:ac:c0:53:75:
                    e7:9f:c4:80:71:46:4e:c2:30:3a:74:3f:c4:3c:d2:
                    7d:0c:52:75:2f:cb:30:08:8c:1c:1b:09:bd:eb:3a:
                    04:35:6d:6a:ac:42:64:3e:4f:c1:96:27:ec:fe:a8:
                    aa:f1:49:e0:07:2d:c2:7a:57:2f:16:3a:4b:2b:3f:
                    fa:1c:ba:dc:a2:d4:d9:b2:76:f9:04:16:be:ca:7e:
                    17:70:df:3e:d6:d0:bb:cb:42:e9:41:25:d7:80:62:
                    7a:5f:da:34:db:a9:7b:e7:70:63:3c:fd:69:85:70:
                    e9:89:a4:c0:4e:dd:7b:29:1d:50:c1:f9:74:b5:63:
                    6f:69:9d:ca:4b:38:5a:77:ff:f9:a7:70:2a:d0:8b:
                    e4:a5:1b:00:c8:c1:68:8e:6c:ea:79:40:a2:67:30:
                    47:b7:e9:f2:2c:fc:f7:25:08:6c:8f:e9:00:2c:c2:
                    91:70:89:d3:1d:5e:e9:34:d2:80:26:60:47:19:91:
                    43:ee:69:a7:44:a2:44:0b:81:d5:e7:eb:84:d8:ea:
                    fa:7a:d0:2f:f5:bc:ce:ff:32:0d:4b:e8:d8:a3:ba:
                    96:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:81:8A:8F:38:83:B7:96:2D:BF:F4:94:E6:ED:53:AD:A8:0A:98:E4
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/GIGKjziDt5Ytv_SU5u1TragKmOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.56.0/22
                  45.144.160.0/22
                  45.146.8.0/22
                  45.150.128.0/22
                IPv6:
                  2a11:6780::/29
                  2a11:6880::/29
                  2a11:6980::/29
                  2a11:9080::/29
                  2a11:9180::/29
                  2a11:9280::/29
                  2a11:df80::/29
                  2a11:f980::/29
                  2a11:fa80::/29
                  2a12:5780::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:a7:ce:88:53:3d:66:b2:e3:ed:99:06:eb:cf:bd:cb:c3:4e:
         f9:ab:35:0b:4d:91:3e:c3:09:22:50:89:b9:76:35:2f:f1:c3:
         dc:97:dc:9e:48:f2:d4:6f:a2:6d:1a:5b:9c:c6:dc:d3:73:c4:
         53:2b:ef:f3:ee:de:a4:d3:58:42:d9:b0:11:4f:fb:26:25:f4:
         53:e6:b3:6b:d5:8d:d0:f1:9f:a7:22:bd:f2:c2:1a:7c:6e:5d:
         9a:c9:d1:ad:57:05:39:ed:3c:7c:96:12:ed:07:d6:a9:05:97:
         f1:9e:52:f0:98:d6:a5:a3:02:51:2f:e6:f0:ed:7f:a4:34:5e:
         e4:8e:d0:c3:89:3d:7e:3a:b6:c1:cf:9d:80:9a:6b:d4:1e:f2:
         03:10:6c:c0:53:9f:74:69:b7:55:0b:88:0d:39:68:80:9b:51:
         43:70:69:f0:ca:4f:65:23:a8:ba:cc:af:65:ec:71:a0:44:d1:
         af:f2:8a:d1:f7:da:05:5b:0a:0b:93:b6:50:16:ca:51:70:4c:
         fc:70:7b:c7:78:0f:94:45:3d:32:40:6a:93:90:16:40:f6:27:
         cd:c2:cf:b7:12:ed:e0:e1:6b:44:6d:f4:1a:a6:2a:23:bc:ea:
         1c:53:f2:92:38:5d:81:d3:9e:71:70:38:d1:d0:6a:cd:fe:b9:
         50:fb:5e:bf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYMTDovchB9u6w72v3ftFSiiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjIwOTA2MTM0NzQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODgxOGE4ZjM4ODNiNzk2MmRiZmY0OTRlNmVkNTNhZGE4MGE5OGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF+hIDqvhiarTYWGXtMIsrlzlb55
wyrB8fd0h7sHTN7fX4TkMWcfdKzAU3Xnn8SAcUZOwjA6dD/EPNJ9DFJ1L8swCIwc
Gwm96zoENW1qrEJkPk/Blifs/qiq8UngBy3CelcvFjpLKz/6HLrcotTZsnb5BBa+
yn4XcN8+1tC7y0LpQSXXgGJ6X9o026l753BjPP1phXDpiaTATt17KR1Qwfl0tWNv
aZ3KSzhad//5p3Aq0IvkpRsAyMFojmzqeUCiZzBHt+nyLPz3JQhsj+kALMKRcInT
HV7pNNKAJmBHGZFD7mmnRKJEC4HV5+uE2Or6etAv9bzO/zINS+jYo7qWpwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFBiBio84g7eWLb/0lObtU62oCpjkMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvR0lHS2p6aUR0NVl0dl9TVTV1MVRyYWdLbU9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjAeBAIAATAYAwQCLZA4AwQC
LZCgAwQCLZIIAwQCLZaAMEwEAgACMEYDBQMqEWeAAwUDKhFogAMFAyoRaYADBQMq
EZCAAwUDKhGRgAMFAyoRkoADBQMqEd+AAwUDKhH5gAMFAyoR+oADBQMqEleAMA0G
CSqGSIb3DQEBCwUAA4IBAQA4p86IUz1msuPtmQbrz73Lw075qzULTZE+wwkiUIm5
djUv8cPcl9yeSPLUb6JtGlucxtzTc8RTK+/z7t6k01hC2bART/smJfRT5rNr1Y3Q
8Z+nIr3ywhp8bl2aydGtVwU57Tx8lhLtB9apBZfxnlLwmNalowJRL+bw7X+kNF7k
jtDDiT1+OrbBz52AmmvUHvIDEGzAU590abdVC4gNOWiAm1FDcGnwyk9lI6i6zK9l
7HGgRNGv8orR99oFWwoLk7ZQFspRcEz8cHvHeA+URT0yQGqTkBZA9ifNws+3Eu3g
4WtEbfQapiojvOocU/KSOF2B055xcDjR0GrN/rlQ+16/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org