Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/unnpseQVTOMx8v2MKYXMaJ380sg.roa
File:                     unnpseQVTOMx8v2MKYXMaJ380sg.roa (raw, json)
Hash identifier:          DhH2xpyxokber7VRvgX9gHnZyTuHiYnVRnl2y4pB6Ww=
Subject key identifier:   BA:79:E9:B1:E4:15:4C:E3:31:F2:FD:8C:29:85:CC:68:9D:FC:D2:C8
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       0183FE2E02BBBF9E6D2267C0E74DBABCEBEE
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/unnpseQVTOMx8v2MKYXMaJ380sg.roa
Signing time:             Sat 22 Oct 2022 05:32:51 +0000
ROA not before:           Sat 22 Oct 2022 05:32:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35913
IP address blocks:        45.145.184.0/22 maxlen: 24
                          45.86.8.0/22 maxlen: 24
                          45.153.220.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:fe:2e:02:bb:bf:9e:6d:22:67:c0:e7:4d:ba:bc:eb:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Oct 22 05:32:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ba79e9b1e4154ce331f2fd8c2985cc689dfcd2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:79:87:93:f8:1a:1a:12:76:76:38:2c:bd:63:
                    e1:3d:58:07:06:21:52:78:6b:fb:df:1c:b0:41:56:
                    94:27:c9:ba:63:dc:b9:b8:ce:c8:e9:63:22:0b:d7:
                    ad:09:da:65:5f:c7:48:a3:38:1e:eb:6c:19:78:da:
                    50:03:cd:83:1b:72:10:47:98:1b:ab:f7:25:17:35:
                    26:cd:03:c7:1f:23:ed:ac:e0:79:c7:19:7d:69:fe:
                    fc:f0:c3:ad:73:3b:4e:32:a8:4d:d9:3d:38:f8:29:
                    dc:a2:29:87:d7:4f:f1:99:da:8a:ce:f8:d0:3c:75:
                    9c:49:13:0c:c9:a3:1d:d5:a8:7e:ec:02:44:27:53:
                    7c:7a:76:c3:6c:87:cb:18:c1:e9:8a:57:99:29:71:
                    da:90:75:97:72:e1:e1:8e:5d:33:1f:0b:a2:af:47:
                    24:42:0a:68:41:26:6a:3b:06:a1:b3:c7:b8:d7:a7:
                    52:47:4f:c1:2d:d5:bf:fa:c4:03:19:5a:03:24:5c:
                    7c:69:e9:86:b1:eb:a6:cd:ab:61:60:c4:5d:53:12:
                    5c:7e:63:de:dd:5c:76:a7:e6:56:42:14:2a:d2:fb:
                    75:0f:f4:f2:52:38:70:23:cb:d9:8c:ee:56:b4:2b:
                    b3:97:80:1b:23:aa:f9:11:0e:1e:55:0d:65:b2:b8:
                    50:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:79:E9:B1:E4:15:4C:E3:31:F2:FD:8C:29:85:CC:68:9D:FC:D2:C8
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/unnpseQVTOMx8v2MKYXMaJ380sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.8.0/22
                  45.145.184.0/22
                  45.153.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:d9:ff:a7:e4:42:80:c3:02:81:28:2a:81:96:97:ec:1a:f1:
         22:54:84:8d:1e:c3:24:65:13:bf:1f:89:29:97:81:bf:e6:e8:
         f3:0f:1b:9e:73:09:55:f4:63:72:79:01:6c:cc:8f:33:4a:0c:
         8d:8d:b1:d8:5a:e9:d0:37:41:dd:52:dd:1d:f1:23:93:a8:a4:
         17:90:2d:66:92:a0:ec:d3:e2:49:4a:4b:2e:c7:e8:14:f0:27:
         37:62:6e:13:11:50:25:e7:2b:58:fa:56:3e:e5:79:b4:61:e7:
         a7:f6:ac:ce:d6:c2:2a:03:b1:0a:4c:59:76:aa:bf:d1:93:0a:
         23:b7:ec:84:72:bb:41:3c:d3:79:43:21:2a:8e:8f:fd:45:bd:
         98:fd:02:2c:eb:b1:00:a4:93:d4:0f:28:62:78:4b:76:6b:68:
         da:ca:2b:4b:a2:ca:4d:07:a8:a7:bf:6e:a7:e9:c1:e2:c3:78:
         03:03:fc:3a:2c:b3:63:53:b2:50:cc:f6:57:03:df:e8:45:c6:
         62:12:a4:57:58:98:5f:1b:2d:35:0b:0e:c6:c4:88:c7:d0:34:
         84:64:95:d8:88:e3:31:39:c6:f0:14:28:ef:c5:1a:7b:97:89:
         4e:48:87:7e:4c:b4:95:0f:19:69:3b:8e:65:9e:75:3d:58:68:
         66:2e:39:79
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYP+LgK7v55tImfA5026vOvuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjIxMDIyMDUzMjUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTc5ZTliMWU0MTU0Y2UzMzFmMmZkOGMyOTg1Y2M2ODlkZmNkMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHmHk/gaGhJ2djgsvWPhPVgHBiFS
eGv73xywQVaUJ8m6Y9y5uM7I6WMiC9etCdplX8dIozge62wZeNpQA82DG3IQR5gb
q/clFzUmzQPHHyPtrOB5xxl9af788MOtcztOMqhN2T04+CncoimH10/xmdqKzvjQ
PHWcSRMMyaMd1ah+7AJEJ1N8enbDbIfLGMHpileZKXHakHWXcuHhjl0zHwuir0ck
QgpoQSZqOwahs8e416dSR0/BLdW/+sQDGVoDJFx8aemGseumzathYMRdUxJcfmPe
3Vx2p+ZWQhQq0vt1D/TyUjhwI8vZjO5WtCuzl4AbI6r5EQ4eVQ1lsrhQlwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLp56bHkFUzjMfL9jCmFzGid/NLIMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvdW5ucHNlUVZUT014OHYyTUtZWE1hSjM4MHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVYIAwQC
LZG4AwQCLZncMA0GCSqGSIb3DQEBCwUAA4IBAQBj2f+n5EKAwwKBKCqBlpfsGvEi
VISNHsMkZRO/H4kpl4G/5ujzDxuecwlV9GNyeQFszI8zSgyNjbHYWunQN0HdUt0d
8SOTqKQXkC1mkqDs0+JJSksux+gU8Cc3Ym4TEVAl5ytY+lY+5Xm0Yeen9qzO1sIq
A7EKTFl2qr/Rkwojt+yEcrtBPNN5QyEqjo/9Rb2Y/QIs67EApJPUDyhieEt2a2ja
yitLospNB6inv26n6cHiw3gDA/w6LLNjU7JQzPZXA9/oRcZiEqRXWJhfGy01Cw7G
xIjH0DSEZJXYiOMxOcbwFCjvxRp7l4lOSId+TLSVDxlpO45lnnU9WGhmLjl5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org