Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/3pkRb9mV39fRsLN7ReYfK2wXF4c.roa
File:                     3pkRb9mV39fRsLN7ReYfK2wXF4c.roa (raw, json)
Hash identifier:          G8L7Q9iiPt2HFUovV5qJdXOr1bMzOmNzGk6WAq1dxtY=
Subject key identifier:   DE:99:11:6F:D9:95:DF:D7:D1:B0:B3:7B:45:E6:1F:2B:6C:17:17:87
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       018CC56ECEBD364AEE348B813008D5DCF510
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/3pkRb9mV39fRsLN7ReYfK2wXF4c.roa
Signing time:             Mon 01 Jan 2024 14:30:22 +0000
ROA not before:           Mon 01 Jan 2024 14:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        45.11.182.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ce:bd:36:4a:ee:34:8b:81:30:08:d5:dc:f5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  1 14:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de99116fd995dfd7d1b0b37b45e61f2b6c171787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4f:a2:76:15:6a:1f:52:29:be:c8:64:23:23:
                    f7:4a:c6:59:de:63:7b:a8:88:1b:00:3c:59:6d:a7:
                    19:f7:76:a4:d3:95:62:50:91:69:ed:82:6d:e8:f7:
                    95:3c:91:42:83:7a:9c:20:42:a3:55:73:8f:f7:2b:
                    5b:13:2d:b9:52:d0:4c:66:ab:7f:b6:75:cc:41:f0:
                    26:c2:e5:31:83:55:dd:b2:76:f0:3a:b4:94:f4:a5:
                    0d:89:e4:be:72:bf:f4:40:fd:46:20:10:e5:6e:70:
                    9f:90:bf:98:d5:ff:71:19:45:1c:49:06:b7:47:bd:
                    53:c9:37:10:64:15:5f:6d:c5:99:98:84:c7:df:3c:
                    34:be:1f:17:e7:a6:bf:1f:b3:f3:f7:22:93:1f:ca:
                    d0:ca:08:be:cc:5e:28:41:a8:58:d2:6e:29:1a:e2:
                    61:e9:42:f6:af:41:1e:bb:86:80:b6:fe:da:01:d5:
                    f3:b8:9d:32:47:6e:85:eb:fa:ea:b6:1c:3a:e4:55:
                    1d:35:18:cc:28:e3:4c:ed:be:74:a8:29:a4:90:83:
                    61:13:ba:44:9c:20:81:9e:82:69:aa:d3:63:45:13:
                    7c:36:34:de:35:dc:f4:cc:50:a3:1a:44:7f:8a:32:
                    13:22:72:4d:3b:c3:b6:43:68:50:95:4c:45:f5:8e:
                    cc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:99:11:6F:D9:95:DF:D7:D1:B0:B3:7B:45:E6:1F:2B:6C:17:17:87
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/3pkRb9mV39fRsLN7ReYfK2wXF4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:2d:0e:08:6c:70:fd:63:2d:db:f2:48:b0:53:2b:4a:c7:e4:
         a8:e5:01:cb:26:f0:30:42:fe:25:91:63:a1:d7:e0:79:3c:84:
         04:5b:df:cc:04:51:44:45:11:c8:5e:06:e3:3d:47:6a:84:65:
         1d:ca:bd:8b:83:b7:86:ff:b8:a2:1a:2b:71:ea:cb:9a:cd:5b:
         a7:d0:5c:a9:35:db:9e:e7:c9:ea:40:c8:60:31:dd:64:a0:3f:
         62:41:72:00:f7:6b:f8:2f:19:e3:cb:72:1a:38:1a:ee:a3:52:
         b1:6f:7e:da:5d:af:de:98:0d:59:a0:dc:f3:27:a7:6b:90:f8:
         89:85:a1:21:a3:dc:ce:e1:7a:37:94:2b:20:3e:a6:f5:c0:3a:
         0c:91:75:fe:9a:c5:54:cb:8c:0c:2a:c6:aa:b3:f3:00:23:92:
         8b:63:02:6e:d6:88:bb:e8:7e:be:ba:9a:15:c0:fa:23:94:e6:
         79:be:f4:72:2e:a2:da:37:32:77:ff:cd:90:b1:4a:49:f6:94:
         d2:4f:ba:ee:0e:c0:a1:0a:89:22:0a:8b:6f:f7:76:7b:f5:1d:
         87:a5:6a:8a:4b:68:b4:0f:d1:47:48:89:a4:b6:af:b1:7f:26:
         64:1b:1f:a3:e0:fb:99:b5:dd:85:54:a2:99:9a:ad:ef:87:0b:
         05:62:e4:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbs69NkruNIuBMAjV3PUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjQwMTAxMTQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTk5MTE2ZmQ5OTVkZmQ3ZDFiMGIzN2I0NWU2MWYyYjZjMTcxNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmE+idhVqH1IpvshkIyP3SsZZ3mN7
qIgbADxZbacZ93ak05ViUJFp7YJt6PeVPJFCg3qcIEKjVXOP9ytbEy25UtBMZqt/
tnXMQfAmwuUxg1XdsnbwOrSU9KUNieS+cr/0QP1GIBDlbnCfkL+Y1f9xGUUcSQa3
R71TyTcQZBVfbcWZmITH3zw0vh8X56a/H7Pz9yKTH8rQygi+zF4oQahY0m4pGuJh
6UL2r0Eeu4aAtv7aAdXzuJ0yR26F6/rqthw65FUdNRjMKONM7b50qCmkkINhE7pE
nCCBnoJpqtNjRRN8NjTeNdz0zFCjGkR/ijITInJNO8O2Q2hQlUxF9Y7MRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6ZEW/Zld/X0bCze0XmHytsFxeHMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvM3BrUmI5bVYzOWZSc0xON1JlWWZLMndYRjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu2MA0G
CSqGSIb3DQEBCwUAA4IBAQASLQ4IbHD9Yy3b8kiwUytKx+So5QHLJvAwQv4lkWOh
1+B5PIQEW9/MBFFERRHIXgbjPUdqhGUdyr2Lg7eG/7iiGitx6suazVun0FypNdue
58nqQMhgMd1koD9iQXIA92v4Lxnjy3IaOBruo1Kxb37aXa/emA1ZoNzzJ6drkPiJ
haEho9zO4Xo3lCsgPqb1wDoMkXX+msVUy4wMKsaqs/MAI5KLYwJu1oi76H6+upoV
wPojlOZ5vvRyLqLaNzJ3/82QsUpJ9pTST7ruDsChCokiCotv93Z79R2HpWqKS2i0
D9FHSImktq+xfyZkGx+j4PuZtd2FVKKZmq3vhwsFYuR6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:21 2024 by rpki-client on console-fra.rpki-client.org