Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/ggTA83HDaXyVX2MrXmAxA0F-c2I.roa
File:                     ggTA83HDaXyVX2MrXmAxA0F-c2I.roa (raw, json)
Hash identifier:          RUk2QWPGAtGxS9mQddXtJI0SYh2tt/6WlXud0k8nwcs=
Subject key identifier:   82:04:C0:F3:71:C3:69:7C:95:5F:63:2B:5E:60:31:03:41:7E:73:62
Certificate issuer:       /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial:       067AB7CC
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/ggTA83HDaXyVX2MrXmAxA0F-c2I.roa
Signing time:             Tue 03 May 2022 19:36:50 +0000
ROA not before:           Tue 03 May 2022 19:36:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        45.11.68.0/24 maxlen: 24
                          45.11.68.0/22 maxlen: 22
                          45.131.16.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 108705740 (0x67ab7cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
        Validity
            Not Before: May  3 19:36:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8204c0f371c3697c955f632b5e603103417e7362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ff:9d:2a:a3:42:38:3d:f6:71:81:e7:db:24:
                    99:0c:ed:a2:df:26:22:4e:34:9d:50:c2:69:4b:a4:
                    50:0c:12:17:64:b5:7d:f4:dd:05:59:bc:fb:91:9e:
                    7d:4c:ee:c8:ab:73:e5:8a:1a:47:ce:5d:92:62:86:
                    55:16:10:98:0a:eb:2d:40:74:d9:f6:53:8f:b9:01:
                    80:b4:8c:fc:4e:38:82:4a:0d:86:65:1f:92:9b:1b:
                    68:3f:b5:97:49:8f:41:59:ce:f9:ac:ab:5d:d5:f1:
                    57:13:8e:3a:7e:4c:b0:04:76:6b:b2:1a:68:63:b7:
                    b0:0d:25:54:3d:54:2a:7b:a0:51:03:1f:cb:25:b9:
                    da:64:3b:00:16:f2:e1:e6:d6:d0:e1:32:27:f8:1c:
                    c5:ee:6e:1a:07:9b:e3:07:4a:09:b4:f6:e1:7e:00:
                    0b:0c:22:15:8e:21:32:a4:3c:3f:9e:84:35:9e:a9:
                    c4:0c:90:26:da:b9:07:e5:17:1e:08:8e:d9:c2:b3:
                    b2:c3:33:01:09:47:a3:ac:fd:8d:bb:21:00:e2:8e:
                    f7:30:9c:e4:14:b6:e4:44:e7:fe:ea:e2:d9:6f:be:
                    1a:72:23:df:f6:c1:ac:81:de:d0:df:bd:35:ec:da:
                    41:3b:de:38:3c:f0:2a:0d:b0:9f:49:76:2a:01:8d:
                    9e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:04:C0:F3:71:C3:69:7C:95:5F:63:2B:5E:60:31:03:41:7E:73:62
            X509v3 Authority Key Identifier:
                keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/ggTA83HDaXyVX2MrXmAxA0F-c2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.68.0/22
                  45.131.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:29:7f:56:a7:b5:c8:ac:75:bc:a4:17:9d:e7:d2:a2:7c:55:
         df:de:d1:13:3e:8d:59:61:74:ed:24:ec:1a:a2:2b:01:c9:03:
         fb:68:c8:8b:04:5f:72:5d:a9:65:76:3b:ad:d9:c7:4c:d8:a0:
         d5:9c:49:e8:ea:94:29:7c:49:d3:64:8a:2a:d8:e5:3f:77:28:
         de:1b:30:93:21:98:8f:a8:fb:39:04:8d:91:e6:6a:a6:d6:5f:
         d1:05:d5:5a:16:a6:71:19:3f:03:da:4b:85:17:36:4d:2d:37:
         c8:81:90:b0:0e:61:81:20:d7:61:99:09:51:df:ae:62:aa:bb:
         50:5c:e4:2f:1e:9d:d9:68:3f:99:30:03:42:f1:05:33:ec:d1:
         ec:6f:a4:56:50:b9:a1:5c:fe:3d:1b:2c:b5:9b:ff:57:b8:c7:
         15:45:77:d4:5c:ca:6b:93:b5:b1:d7:62:ee:a8:20:23:92:a8:
         a4:bd:20:f5:c8:3d:0e:de:27:39:82:8a:f2:cd:e1:be:77:13:
         2e:b3:9b:ef:f2:33:c8:5c:79:c5:87:8f:4b:58:fa:7c:30:19:
         47:01:e3:5c:fb:0d:e3:99:11:cb:eb:ef:7d:12:7e:ee:be:15:
         cd:5b:77:8c:31:6d:4d:d1:15:da:df:d1:b5:75:b0:69:1b:74:
         3a:e5:27:e9
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBnq3zDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ODY0YmIzNGZiNWQxNmNhOWQxZmEzZjk3OTRjYjQ4ZDRiZWQ4NDczMB4XDTIyMDUw
MzE5MzY1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODIwNGMwZjM3MWMz
Njk3Yzk1NWY2MzJiNWU2MDMxMDM0MTdlNzM2MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANf/nSqjQjg99nGB59skmQztot8mIk40nVDCaUukUAwSF2S1
ffTdBVm8+5GefUzuyKtz5YoaR85dkmKGVRYQmArrLUB02fZTj7kBgLSM/E44gkoN
hmUfkpsbaD+1l0mPQVnO+ayrXdXxVxOOOn5MsAR2a7IaaGO3sA0lVD1UKnugUQMf
yyW52mQ7ABby4ebW0OEyJ/gcxe5uGgeb4wdKCbT24X4ACwwiFY4hMqQ8P56ENZ6p
xAyQJtq5B+UXHgiO2cKzssMzAQlHo6z9jbshAOKO9zCc5BS25ETn/uri2W++GnIj
3/bBrIHe0N+9NezaQTveODzwKg2wn0l2KgGNnjkCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSCBMDzccNpfJVfYyteYDEDQX5zYjAfBgNVHSMEGDAWgBQoZLs0+10Wyp0f
o/l5TLSNS+2EczAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tHUzdOUHRkRnNxZEg2UDVlVXkwalV2dGhITS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzMvNDdmNDQ1LTVlYTktNDM3ZC1hNTlhLTU5MDBhNTk0N2I4ZC8x
L2dnVEE4M0hEYVh5VlgyTXJYbUF4QTBGLWMySS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMv
NDdmNDQ1LTVlYTktNDM3ZC1hNTlhLTU5MDBhNTk0N2I4ZC8xL0tHUzdOUHRkRnNx
ZEg2UDVlVXkwalV2dGhITS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAi0LRAMEAi2DEDANBgkqhkiG9w0B
AQsFAAOCAQEAZyl/Vqe1yKx1vKQXnefSonxV397REz6NWWF07STsGqIrAckD+2jI
iwRfcl2pZXY7rdnHTNig1ZxJ6OqUKXxJ02SKKtjlP3co3hswkyGYj6j7OQSNkeZq
ptZf0QXVWhamcRk/A9pLhRc2TS03yIGQsA5hgSDXYZkJUd+uYqq7UFzkLx6d2Wg/
mTADQvEFM+zR7G+kVlC5oVz+PRsstZv/V7jHFUV31FzKa5O1sddi7qggI5KopL0g
9cg9Dt4nOYKK8s3hvncTLrOb7/IzyFx5xYePS1j6fDAZRwHjXPsN45kRy+vvfRJ+
7r4VzVt3jDFtTdEV2t/RtXWwaRt0OuUn6Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:50 2024 by rpki-client on console-fra.rpki-client.org