Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/rwOnjbReAyO1yD7TC7x0Alh-aDU.roa
File:                     rwOnjbReAyO1yD7TC7x0Alh-aDU.roa (raw, json)
Hash identifier:          u0m31rgkfpXQ/znv6er4bLvctS65r85M9Q1nHwqjObc=
Subject key identifier:   AF:03:A7:8D:B4:5E:03:23:B5:C8:3E:D3:0B:BC:74:02:58:7E:68:35
Certificate issuer:       /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial:       06C69441
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/rwOnjbReAyO1yD7TC7x0Alh-aDU.roa
Signing time:             Tue 07 Jun 2022 07:18:22 +0000
ROA not before:           Tue 07 Jun 2022 07:18:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        45.11.70.0/24 maxlen: 24
                          2.58.144.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 113677377 (0x6c69441)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
        Validity
            Not Before: Jun  7 07:18:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af03a78db45e0323b5c83ed30bbc7402587e6835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:86:01:71:6c:e5:64:84:78:e1:24:53:2d:fe:
                    9c:12:c7:d2:f8:27:2d:46:52:0f:a2:71:a6:50:73:
                    8f:af:d9:6d:49:cf:09:5c:28:fe:89:82:89:1f:c4:
                    01:80:1c:3d:a5:61:85:32:65:0b:d4:e2:03:d4:00:
                    64:b0:66:0b:aa:2b:1c:26:2b:02:01:68:b3:97:80:
                    b3:33:71:b7:27:37:8f:a7:39:42:90:7d:da:3d:8c:
                    f8:1e:0f:ea:2f:34:9e:58:7a:ce:0a:64:c4:21:92:
                    bb:60:66:ce:6f:91:ea:3d:d8:35:48:18:05:1d:79:
                    7e:29:09:51:75:f6:c7:77:d8:86:36:26:ad:fd:67:
                    04:ae:d4:28:71:7b:7e:f6:71:4d:93:fc:d0:74:b3:
                    de:05:a4:fa:f0:70:d7:57:a6:40:5d:c5:0e:f1:d6:
                    fa:7d:07:08:aa:b8:3e:c0:97:1c:e1:83:36:3f:36:
                    ab:18:42:f3:1d:9c:e6:c6:11:a7:fd:a2:84:d1:82:
                    fd:25:1d:9f:ce:10:7c:2b:66:2d:6c:52:b0:3d:c7:
                    4b:04:4a:81:fe:89:17:72:d8:e6:01:b0:d1:75:82:
                    76:01:8b:fa:19:b2:21:3e:12:d5:7b:56:a7:8d:6a:
                    24:07:7d:7c:38:59:28:06:df:e7:f7:92:73:ea:db:
                    df:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:03:A7:8D:B4:5E:03:23:B5:C8:3E:D3:0B:BC:74:02:58:7E:68:35
            X509v3 Authority Key Identifier:
                keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/rwOnjbReAyO1yD7TC7x0Alh-aDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.144.0/22
                  45.11.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:82:96:f6:1c:2d:be:b7:cf:53:26:a1:8b:90:e1:bd:d1:11:
         af:f6:f3:18:0f:90:32:ff:ab:6f:d7:17:cd:9e:a4:d2:fa:27:
         d7:92:14:9e:6b:2f:82:5f:df:d6:a0:d5:fb:f9:1f:2a:d5:98:
         e9:30:2e:dd:39:0f:f7:b8:cc:00:88:9f:5a:02:98:68:35:64:
         2b:61:3d:bf:61:c9:e5:a3:06:7d:69:e2:79:bc:9e:72:78:cc:
         2d:62:10:ec:65:18:b5:3b:fe:c2:8a:45:2f:fd:e5:15:da:b4:
         b8:70:9c:7d:1d:34:a2:97:dd:5b:06:6a:5b:e7:55:9d:51:cf:
         f9:51:14:8a:dc:e1:89:00:a2:0b:88:93:ff:11:23:e8:f3:95:
         be:64:39:8f:c2:4d:d2:58:4c:4b:11:d6:c6:7d:81:a4:84:c1:
         34:c6:a6:95:f1:4e:66:b6:16:ab:9a:7e:54:3b:61:5e:50:9f:
         69:ad:7a:ee:ab:a2:e4:ad:ed:b8:8d:84:09:cc:fb:c0:70:81:
         3c:c9:64:8c:bc:fe:68:67:7c:b6:c4:4f:80:bb:87:cd:d0:4f:
         81:5b:bd:a1:e4:f6:8f:64:9d:dc:7f:21:0e:9f:8b:cd:29:ae:
         fc:33:8d:ee:d2:20:86:cd:97:60:b8:70:25:03:fa:e0:68:93:
         79:8b:8f:45
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBsaUQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ODY0YmIzNGZiNWQxNmNhOWQxZmEzZjk3OTRjYjQ4ZDRiZWQ4NDczMB4XDTIyMDYw
NzA3MTgyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWYwM2E3OGRiNDVl
MDMyM2I1YzgzZWQzMGJiYzc0MDI1ODdlNjgzNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMSGAXFs5WSEeOEkUy3+nBLH0vgnLUZSD6JxplBzj6/ZbUnP
CVwo/omCiR/EAYAcPaVhhTJlC9TiA9QAZLBmC6orHCYrAgFos5eAszNxtyc3j6c5
QpB92j2M+B4P6i80nlh6zgpkxCGSu2Bmzm+R6j3YNUgYBR15fikJUXX2x3fYhjYm
rf1nBK7UKHF7fvZxTZP80HSz3gWk+vBw11emQF3FDvHW+n0HCKq4PsCXHOGDNj82
qxhC8x2c5sYRp/2ihNGC/SUdn84QfCtmLWxSsD3HSwRKgf6JF3LY5gGw0XWCdgGL
+hmyIT4S1XtWp41qJAd9fDhZKAbf5/eSc+rb39kCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSvA6eNtF4DI7XIPtMLvHQCWH5oNTAfBgNVHSMEGDAWgBQoZLs0+10Wyp0f
o/l5TLSNS+2EczAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tHUzdOUHRkRnNxZEg2UDVlVXkwalV2dGhITS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzMvNDdmNDQ1LTVlYTktNDM3ZC1hNTlhLTU5MDBhNTk0N2I4ZC8x
L3J3T25qYlJlQXlPMXlEN1RDN3gwQWxoLWFEVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMv
NDdmNDQ1LTVlYTktNDM3ZC1hNTlhLTU5MDBhNTk0N2I4ZC8xL0tHUzdOUHRkRnNx
ZEg2UDVlVXkwalV2dGhITS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAgI6kAMEAC0LRjANBgkqhkiG9w0B
AQsFAAOCAQEADYKW9hwtvrfPUyahi5DhvdERr/bzGA+QMv+rb9cXzZ6k0von15IU
nmsvgl/f1qDV+/kfKtWY6TAu3TkP97jMAIifWgKYaDVkK2E9v2HJ5aMGfWniebye
cnjMLWIQ7GUYtTv+wopFL/3lFdq0uHCcfR00opfdWwZqW+dVnVHP+VEUitzhiQCi
C4iT/xEj6POVvmQ5j8JN0lhMSxHWxn2BpITBNMamlfFOZrYWq5p+VDthXlCfaa16
7qui5K3tuI2ECcz7wHCBPMlkjLz+aGd8tsRPgLuHzdBPgVu9oeT2j2Sd3H8hDp+L
zSmu/DON7tIghs2XYLhwJQP64GiTeYuPRQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:50 2024 by rpki-client on console-fra.rpki-client.org