Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/OoG1VphgxnAw8YYA1kTGoB3hwjM.roa
File:                     OoG1VphgxnAw8YYA1kTGoB3hwjM.roa (raw, json)
Hash identifier:          Hm93IgQ7RRdEixj704K5+2xRNab84aB5YFkL+8aH6BI=
Subject key identifier:   3A:81:B5:56:98:60:C6:70:30:F1:86:00:D6:44:C6:A0:1D:E1:C2:33
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       517C49
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/OoG1VphgxnAw8YYA1kTGoB3hwjM.roa
Signing time:             Sat 01 Jan 2022 02:52:01 +0000
ROA not before:           Sat 01 Jan 2022 02:52:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7922
IP address blocks:        45.90.116.0/22 maxlen: 22
                          45.90.12.0/22 maxlen: 22
                          45.148.56.0/22 maxlen: 22
                          45.93.172.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5340233 (0x517c49)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 02:52:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3a81b5569860c67030f18600d644c6a01de1c233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3b:d1:45:f6:13:e9:16:8d:65:37:eb:88:92:
                    6c:82:e7:c9:08:bc:98:37:49:87:4f:ca:f1:40:63:
                    2b:31:bf:23:bb:a2:5b:6d:00:51:d7:84:a5:82:3b:
                    b6:1d:b6:51:03:eb:2e:2f:d9:6c:61:d4:b1:06:d2:
                    a3:72:9c:12:a3:16:dd:8d:14:46:99:bd:46:95:dd:
                    3d:34:2c:2f:1c:ac:c3:9b:bc:96:36:26:da:90:65:
                    cf:a6:03:c6:d3:08:d5:f0:40:2f:a7:1c:1b:26:15:
                    98:42:6e:41:aa:f7:9e:f0:b5:5b:5a:70:5b:41:5b:
                    95:c0:83:9f:05:49:1e:31:a0:b8:a0:4b:d9:dc:8d:
                    fe:48:ff:ca:d0:55:bd:65:a1:83:ea:f6:66:2f:2e:
                    88:04:cc:bb:20:8e:45:97:9d:50:b1:8d:c6:92:33:
                    f2:00:82:27:71:0d:b0:f2:9d:bd:56:0d:22:0e:51:
                    af:73:6d:a6:af:f7:64:df:a0:d2:45:14:fc:80:83:
                    3f:5e:59:9c:26:fc:bd:70:68:87:a5:5c:ce:6c:ae:
                    9a:ea:f1:16:ff:56:84:c1:12:85:65:f7:fc:ab:c9:
                    70:e8:91:b5:66:8d:98:3a:9b:28:cf:f5:6e:e6:ec:
                    02:69:3c:ff:18:a4:45:9f:51:82:41:85:4d:08:31:
                    08:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:81:B5:56:98:60:C6:70:30:F1:86:00:D6:44:C6:A0:1D:E1:C2:33
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/OoG1VphgxnAw8YYA1kTGoB3hwjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.12.0/22
                  45.90.116.0/22
                  45.93.172.0/22
                  45.148.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:73:42:72:1e:d1:e3:ab:ae:3d:75:29:7c:83:44:13:5b:45:
         68:75:a4:9c:87:e0:21:fc:9a:d6:a8:8f:c6:e5:9a:ff:59:a2:
         97:99:c8:21:8c:ae:50:c7:d2:33:30:31:42:b0:5a:d3:a3:c7:
         ca:a1:e9:69:26:69:4d:9d:5f:10:f3:c2:f8:88:33:de:a9:f7:
         b4:2a:58:55:2a:73:a3:bc:fa:2b:ae:57:2b:1e:ca:b1:c7:b0:
         d0:36:ed:cd:56:83:1a:9f:32:70:29:91:66:2c:a6:64:89:55:
         9d:a0:23:57:ac:d3:f1:b4:1e:88:b9:4a:4c:f5:59:c3:41:42:
         39:c5:be:52:80:3f:e2:4c:50:a5:d7:91:d0:cc:fe:b5:74:63:
         f3:4b:02:22:9c:dc:89:c3:7b:06:90:6d:99:30:0e:7b:21:07:
         54:73:27:42:b8:ee:62:b9:78:01:fd:2b:34:24:a6:9a:83:35:
         9a:50:c0:d1:c0:23:3c:60:cc:f4:1c:fe:29:6d:d4:ac:4b:ed:
         bd:74:9a:b5:5e:0b:59:6a:5f:1e:c9:e6:93:56:01:eb:dc:61:
         20:56:49:23:3d:f1:d4:e4:77:03:f1:f3:bb:76:e9:fd:e3:6f:
         60:c8:74:de:d5:7e:23:02:44:cf:08:39:92:8b:e7:ca:30:72:
         1a:e9:31:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDUXxJMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDBk
Mjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVlNzM2NjQwHhcNMjIwMTAx
MDI1MjAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzYTgxYjU1Njk4NjBj
NjcwMzBmMTg2MDBkNjQ0YzZhMDFkZTFjMjMzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1jvRRfYT6RaNZTfriJJsgufJCLyYN0mHT8rxQGMrMb8ju6Jb
bQBR14Slgju2HbZRA+suL9lsYdSxBtKjcpwSoxbdjRRGmb1Gld09NCwvHKzDm7yW
NibakGXPpgPG0wjV8EAvpxwbJhWYQm5Bqvee8LVbWnBbQVuVwIOfBUkeMaC4oEvZ
3I3+SP/K0FW9ZaGD6vZmLy6IBMy7II5Fl51QsY3GkjPyAIIncQ2w8p29Vg0iDlGv
c22mr/dk36DSRRT8gIM/XlmcJvy9cGiHpVzObK6a6vEW/1aEwRKFZff8q8lw6JG1
Zo2YOpsoz/Vu5uwCaTz/GKRFn1GCQYVNCDEIZwIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFDqBtVaYYMZwMPGGANZExqAd4cIzMB8GA1UdIwQYMBaAFA0pmQQsXiAGvVrr
egXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
RFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5LzEv
T29HMVZwaGd4bkF3OFlZQTFrVEdvQjNod2pNLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8y
YzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5LzEvRFNtWkJDeGVJQWE5
V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLVoMAwQCLVp0AwQCLV2sAwQCLZQ4
MA0GCSqGSIb3DQEBCwUAA4IBAQCUc0JyHtHjq649dSl8g0QTW0VodaSch+Ah/JrW
qI/G5Zr/WaKXmcghjK5Qx9IzMDFCsFrTo8fKoelpJmlNnV8Q88L4iDPeqfe0KlhV
KnOjvPorrlcrHsqxx7DQNu3NVoManzJwKZFmLKZkiVWdoCNXrNPxtB6IuUpM9VnD
QUI5xb5SgD/iTFCl15HQzP61dGPzSwIinNyJw3sGkG2ZMA57IQdUcydCuO5iuXgB
/Ss0JKaagzWaUMDRwCM8YMz0HP4pbdSsS+29dJq1XgtZal8eyeaTVgHr3GEgVkkj
PfHU5HcD8fO7dun9429gyHTe1X4jAkTPCDmSi+fKMHIa6TGx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:24 2024 by rpki-client on console-ams.rpki-client.org