Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/FGdmsfuLweMCfF8Gt8J3wz_EXsY.roa
File:                     FGdmsfuLweMCfF8Gt8J3wz_EXsY.roa (raw, json)
Hash identifier:          J3Zxzc09K9mV+F4m1PIQwb4dHrlpD4wBmC727gXp08c=
Subject key identifier:   14:67:66:B1:FB:8B:C1:E3:02:7C:5F:06:B7:C2:77:C3:3F:C4:5E:C6
Certificate issuer:       /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial:       018BB8B179A62E769B3F766F1226673B5F4E
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/FGdmsfuLweMCfF8Gt8J3wz_EXsY.roa
Signing time:             Fri 10 Nov 2023 10:05:20 +0000
ROA not before:           Fri 10 Nov 2023 10:05:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        45.11.68.0/22 maxlen: 22
                          2.58.144.0/22 maxlen: 22
                          45.137.4.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b8:b1:79:a6:2e:76:9b:3f:76:6f:12:26:67:3b:5f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
        Validity
            Not Before: Nov 10 10:05:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=146766b1fb8bc1e3027c5f06b7c277c33fc45ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e2:6c:70:a1:fb:cd:9a:22:46:97:a3:eb:f9:
                    ac:92:e4:51:10:02:31:95:38:c0:68:6c:8f:d0:29:
                    de:ea:f4:b3:b4:99:4e:4b:c0:b5:29:84:f0:87:23:
                    2b:1c:c1:6b:6c:61:c5:38:8b:c1:cf:02:0a:ae:f7:
                    dd:c6:2f:29:54:67:8f:15:77:38:a7:ea:f1:87:83:
                    9f:f2:d9:ec:2f:32:5d:ea:1f:16:5f:64:06:13:d5:
                    59:6e:36:46:fa:ce:05:b0:77:42:60:4a:94:ef:e4:
                    63:e7:d7:56:05:0e:ba:d7:4a:27:a9:56:4f:c4:88:
                    90:f0:f3:40:f9:8c:0e:7f:80:9b:b6:32:5e:7c:25:
                    c1:cd:f0:5d:d7:09:8b:64:54:46:dd:1c:b4:f2:27:
                    bb:ac:07:a5:39:db:3a:b4:bf:4d:4a:96:9c:76:c3:
                    36:31:b0:cf:03:0b:8d:48:8f:b7:36:40:c5:7b:f2:
                    2d:e1:eb:f9:c6:cf:97:03:c9:84:ab:3b:67:ef:3c:
                    30:02:ae:04:8b:81:4e:15:c7:28:ad:f9:f8:e2:39:
                    f0:6a:59:64:b7:bc:50:ac:0a:0d:0a:92:9d:1a:98:
                    65:06:77:bb:84:41:80:39:76:0e:8b:ca:e1:0f:60:
                    32:41:58:1a:92:42:5a:8a:18:29:29:f8:66:5a:bb:
                    b4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:67:66:B1:FB:8B:C1:E3:02:7C:5F:06:B7:C2:77:C3:3F:C4:5E:C6
            X509v3 Authority Key Identifier:
                keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/FGdmsfuLweMCfF8Gt8J3wz_EXsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.144.0/22
                  45.11.68.0/22
                  45.137.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:8c:b9:66:0d:0d:55:1e:7e:89:6f:a3:8b:b6:17:b2:44:e8:
         29:8e:28:7d:d7:d1:4f:59:71:ef:eb:9c:b7:51:9a:bf:40:11:
         35:71:c9:44:1a:7a:ae:46:73:ee:3b:0c:50:ac:a3:2a:50:9a:
         ce:54:4c:2a:81:e5:d3:65:b5:53:02:85:f7:2f:20:9a:21:30:
         f2:72:33:98:29:65:8b:d4:fd:f3:0d:03:9c:8e:56:f1:e4:76:
         0c:5f:0c:78:26:a8:a9:9f:32:5d:c7:d3:01:fa:6d:1b:ee:a0:
         11:eb:99:aa:1d:20:0b:96:30:00:75:a7:7c:a1:0d:58:5f:ba:
         db:14:8d:7e:65:64:af:64:5c:c5:82:8f:67:23:15:1a:e0:af:
         a2:e4:a9:c4:5a:92:b0:2d:3f:f2:90:70:f8:db:d1:9a:cf:a3:
         59:86:58:73:1d:de:16:6b:de:db:46:cb:1b:2f:ba:92:0c:39:
         5c:2d:b7:8e:9e:de:14:67:23:85:44:31:0b:1e:31:25:e9:a1:
         a7:1e:5d:10:9d:c2:21:ed:27:07:fd:9e:63:ee:66:f8:3d:41:
         32:3a:83:73:02:6a:8f:ce:5e:6e:f9:eb:fa:2b:b0:72:60:14:
         6b:0e:18:00:ac:74:2c:a4:ce:39:a5:98:aa:98:f4:33:9a:5e:
         0f:9c:79:21
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYu4sXmmLnabP3ZvEiZnO19OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjMxMTEwMTAwNTIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDY3NjZiMWZiOGJjMWUzMDI3YzVmMDZiN2MyNzdjMzNmYzQ1ZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruJscKH7zZoiRpej6/mskuRREAIx
lTjAaGyP0Cne6vSztJlOS8C1KYTwhyMrHMFrbGHFOIvBzwIKrvfdxi8pVGePFXc4
p+rxh4Of8tnsLzJd6h8WX2QGE9VZbjZG+s4FsHdCYEqU7+Rj59dWBQ6610onqVZP
xIiQ8PNA+YwOf4CbtjJefCXBzfBd1wmLZFRG3Ry08ie7rAelOds6tL9NSpacdsM2
MbDPAwuNSI+3NkDFe/It4ev5xs+XA8mEqztn7zwwAq4Ei4FOFccorfn44jnwallk
t7xQrAoNCpKdGphlBne7hEGAOXYOi8rhD2AyQVgakkJaihgpKfhmWru0lwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBRnZrH7i8HjAnxfBrfCd8M/xF7GMB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEvRkdkbXNmdUx3ZU1DZkY4R3Q4SjN3el9FWHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjqQAwQC
LQtEAwQCLYkEMA0GCSqGSIb3DQEBCwUAA4IBAQCFjLlmDQ1VHn6Jb6OLtheyROgp
jih919FPWXHv65y3UZq/QBE1cclEGnquRnPuOwxQrKMqUJrOVEwqgeXTZbVTAoX3
LyCaITDycjOYKWWL1P3zDQOcjlbx5HYMXwx4JqipnzJdx9MB+m0b7qAR65mqHSAL
ljAAdad8oQ1YX7rbFI1+ZWSvZFzFgo9nIxUa4K+i5KnEWpKwLT/ykHD429Gaz6NZ
hlhzHd4Wa97bRssbL7qSDDlcLbeOnt4UZyOFRDELHjEl6aGnHl0QncIh7ScH/Z5j
7mb4PUEyOoNzAmqPzl5u+ev6K7ByYBRrDhgArHQspM45pZiqmPQzml4PnHkh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:50 2024 by rpki-client on console-fra.rpki-client.org