Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/EbEFteDRu0oHO6cDOT_RUVTxgMk.roa
File:                     EbEFteDRu0oHO6cDOT_RUVTxgMk.roa (raw, json)
Hash identifier:          Ky8iLa7Y5fDfaDwJ4J0BDYUSo3ZSavbXUJkFWHmL9SY=
Subject key identifier:   11:B1:05:B5:E0:D1:BB:4A:07:3B:A7:03:39:3F:D1:51:54:F1:80:C9
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       01856CE6135B381662E24BFC15FE58C50A61
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/EbEFteDRu0oHO6cDOT_RUVTxgMk.roa
Signing time:             Sun 01 Jan 2023 10:34:55 +0000
ROA not before:           Sun 01 Jan 2023 10:34:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207408
IP address blocks:        45.11.183.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:e6:13:5b:38:16:62:e2:4b:fc:15:fe:58:c5:0a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  1 10:34:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=11b105b5e0d1bb4a073ba703393fd15154f180c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bf:31:e4:3a:9f:0d:63:4c:ff:f9:a5:63:78:
                    5f:1f:74:56:b6:d4:20:ba:39:6a:00:9f:04:06:2e:
                    ef:bc:f3:86:86:5f:fb:1b:11:22:9c:94:8d:5c:0f:
                    08:6f:e7:aa:2a:7b:80:43:c5:a3:58:d1:fb:ac:0f:
                    28:7f:a0:3e:7d:da:d9:fb:f4:69:75:4b:92:2a:5e:
                    c8:af:12:94:57:47:a2:db:47:b3:83:14:bc:40:03:
                    1e:76:a9:ae:ce:a5:8f:67:e6:73:4d:a8:ae:4c:98:
                    8f:fe:16:5f:22:f4:3e:50:a9:46:af:ca:c5:14:6b:
                    d1:dc:9f:62:78:61:07:3a:4a:73:6e:06:66:2c:26:
                    c4:43:b6:fa:47:45:0a:4f:43:4e:48:c3:b1:47:39:
                    f2:21:9c:8c:23:fe:e6:b0:5c:09:76:2f:77:72:4a:
                    10:f9:54:59:a2:f3:9e:aa:c7:6e:de:83:c7:e3:fe:
                    23:5e:a3:b1:d7:56:84:8b:ac:fc:aa:33:ce:f8:7e:
                    be:a9:0c:79:92:8b:72:f8:33:ea:af:cf:19:74:59:
                    c3:37:90:b0:e2:29:0a:0d:0d:b7:9c:f0:d7:18:53:
                    e6:d8:0d:fa:05:93:9c:44:d4:0b:cf:bd:61:a7:27:
                    22:75:a5:6a:4c:73:05:46:eb:d2:f8:f1:a1:52:76:
                    75:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B1:05:B5:E0:D1:BB:4A:07:3B:A7:03:39:3F:D1:51:54:F1:80:C9
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/EbEFteDRu0oHO6cDOT_RUVTxgMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:f4:76:66:5e:8f:bd:72:fe:26:67:fc:1d:db:d0:aa:d4:2f:
         24:38:f9:21:ef:1e:c8:29:4a:d0:39:12:85:51:85:0f:e5:0c:
         d9:43:20:9d:8b:d8:10:ae:25:d2:47:be:bc:e7:d5:77:f2:12:
         94:58:20:35:8d:b0:c3:bb:64:64:16:91:9c:28:78:04:5a:2a:
         d1:b7:1a:12:5e:ec:d9:e2:98:34:38:e2:4b:10:42:b2:34:c1:
         6a:5d:99:18:22:7d:53:a5:47:b8:22:03:c8:a1:b1:3c:77:30:
         be:b9:85:b5:c1:34:4a:97:dc:3f:5b:60:76:88:44:85:17:8d:
         d5:fa:be:fa:27:9f:f3:06:67:03:5b:c2:c1:57:df:a1:50:38:
         36:4b:c0:2d:29:cb:2b:5b:e8:11:17:a8:8f:ca:e5:2d:22:e8:
         28:f0:78:6d:67:e7:39:f1:69:36:6d:d7:26:a6:47:18:b7:aa:
         e1:af:9b:32:87:a6:50:f7:08:3f:93:3e:1a:aa:e5:59:a0:03:
         b4:79:03:58:e5:d0:66:3c:60:ba:41:9a:3b:ed:98:a3:a9:97:
         be:ba:46:17:fb:9b:3b:69:47:b5:98:4a:ff:5b:e7:f7:74:75:
         f3:07:87:2c:42:d2:1c:c7:29:f5:e2:1b:95:d0:b1:15:ba:73:
         89:88:3b:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs5hNbOBZi4kv8Ff5YxQphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjMwMTAxMTAzNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWIxMDViNWUwZDFiYjRhMDczYmE3MDMzOTNmZDE1MTU0ZjE4MGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvL8x5DqfDWNM//mlY3hfH3RWttQg
ujlqAJ8EBi7vvPOGhl/7GxEinJSNXA8Ib+eqKnuAQ8WjWNH7rA8of6A+fdrZ+/Rp
dUuSKl7IrxKUV0ei20ezgxS8QAMedqmuzqWPZ+ZzTaiuTJiP/hZfIvQ+UKlGr8rF
FGvR3J9ieGEHOkpzbgZmLCbEQ7b6R0UKT0NOSMOxRznyIZyMI/7msFwJdi93ckoQ
+VRZovOeqsdu3oPH4/4jXqOx11aEi6z8qjPO+H6+qQx5koty+DPqr88ZdFnDN5Cw
4ikKDQ23nPDXGFPm2A36BZOcRNQLz71hpycidaVqTHMFRuvS+PGhUnZ1YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGxBbXg0btKBzunAzk/0VFU8YDJMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvRWJFRnRlRFJ1MG9ITzZjRE9UX1JVVlR4Z01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu3MA0G
CSqGSIb3DQEBCwUAA4IBAQAp9HZmXo+9cv4mZ/wd29Cq1C8kOPkh7x7IKUrQORKF
UYUP5QzZQyCdi9gQriXSR76859V38hKUWCA1jbDDu2RkFpGcKHgEWirRtxoSXuzZ
4pg0OOJLEEKyNMFqXZkYIn1TpUe4IgPIobE8dzC+uYW1wTRKl9w/W2B2iESFF43V
+r76J5/zBmcDW8LBV9+hUDg2S8AtKcsrW+gRF6iPyuUtIugo8HhtZ+c58Wk2bdcm
pkcYt6rhr5syh6ZQ9wg/kz4aquVZoAO0eQNY5dBmPGC6QZo77ZijqZe+ukYX+5s7
aUe1mEr/W+f3dHXzB4csQtIcxyn14huV0LEVunOJiDu/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:21 2024 by rpki-client on console-fra.rpki-client.org