Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/aE5TfWQatD0T-BdVHqO5gvRhXf0.roa
File:                     aE5TfWQatD0T-BdVHqO5gvRhXf0.roa (raw, json)
Hash identifier:          r1QsgvIwTdU2LnnMFGsG8fHsnGeArs52+GbVbL+L9kc=
Subject key identifier:   68:4E:53:7D:64:1A:B4:3D:13:F8:17:55:1E:A3:B9:82:F4:61:5D:FD
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       061B2DB9
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/aE5TfWQatD0T-BdVHqO5gvRhXf0.roa
Signing time:             Sat 01 Jan 2022 02:55:53 +0000
ROA not before:           Sat 01 Jan 2022 02:55:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207408
IP address blocks:        45.11.183.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 102444473 (0x61b2db9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  1 02:55:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=684e537d641ab43d13f817551ea3b982f4615dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d6:86:75:aa:78:17:6e:9c:4c:56:c2:43:d3:
                    8a:e0:e9:d8:8c:9d:48:c3:0d:7e:be:e4:6d:35:a9:
                    0a:d8:c6:b1:17:0c:69:68:d2:14:a2:d2:f6:5c:9b:
                    12:da:3c:45:c6:15:7c:7c:bf:df:31:66:1e:92:e2:
                    26:8c:22:55:96:a9:43:a1:c1:f1:02:1e:62:27:7e:
                    9e:ca:be:c9:01:41:fe:0c:9b:f6:77:ff:ca:f8:fa:
                    b3:08:e2:ab:90:e6:b7:fa:9a:80:94:0f:f1:3a:43:
                    67:56:a3:21:41:5d:22:88:8b:5b:28:de:40:6d:d9:
                    fc:4f:92:11:fc:10:12:7d:bc:f7:e0:d2:48:83:db:
                    17:5b:1d:e1:e9:16:f9:01:24:32:7f:b4:e0:e1:1b:
                    2a:62:63:77:49:35:0f:20:43:84:72:75:da:c1:f4:
                    f5:0c:90:95:bf:06:ff:06:ab:10:09:56:a8:21:73:
                    bd:bc:27:cb:85:3f:3d:80:57:0a:a8:0b:61:f7:38:
                    57:17:49:e0:2b:f6:86:97:22:12:c7:53:89:72:7f:
                    c6:f5:1a:99:d9:48:f9:bb:8a:0e:40:de:2b:cf:59:
                    80:84:b0:de:76:b4:91:86:e6:20:45:1d:c5:87:a2:
                    d9:f5:01:bb:76:be:05:f0:39:38:ff:65:46:74:73:
                    9a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:4E:53:7D:64:1A:B4:3D:13:F8:17:55:1E:A3:B9:82:F4:61:5D:FD
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/aE5TfWQatD0T-BdVHqO5gvRhXf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:8c:c1:30:47:e2:d9:e8:0a:f5:95:de:36:2e:e1:c8:e7:14:
         40:4b:c4:f3:0a:15:5a:8d:f6:70:dc:3b:a3:57:6e:a3:7b:07:
         c2:85:2a:87:a8:f0:af:4b:bc:0c:a2:2f:11:9f:00:4f:a4:00:
         61:d3:25:ea:da:fe:21:62:29:b2:d5:84:d4:af:fc:51:10:86:
         b3:3e:12:30:74:e2:a0:31:e6:d5:d5:9a:f2:7b:ca:78:0a:48:
         79:3a:51:c4:45:74:0d:21:ad:c8:5a:73:35:88:a4:cf:72:4c:
         eb:54:1b:b3:88:6d:5b:60:72:df:27:4a:cb:ab:78:52:f6:72:
         bf:8c:c6:56:36:c7:30:45:0b:d9:21:25:d6:4b:60:dc:35:f8:
         63:da:de:ac:e9:0f:6b:a1:5a:89:06:e7:20:7c:0e:77:d9:77:
         29:68:13:eb:12:ea:46:67:67:e5:5d:d0:2f:0e:45:ad:29:e6:
         ad:7b:99:f9:d4:23:4d:05:18:87:d2:3c:04:bb:5f:cc:ea:ad:
         ad:a5:aa:77:8c:0d:71:d3:7b:0b:78:dc:81:b2:e8:d6:6d:ad:
         0a:f1:2f:8d:f6:a1:05:c3:26:2f:d7:c2:19:43:3d:f0:9d:41:
         67:a5:d4:a0:e0:a8:bf:30:7d:92:96:52:98:bd:9e:97:e5:97:
         3c:44:1a:ac
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBhstuTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MmU0YmFmOTlhYjg0MDEyOTEzMzI4NWZlOWFkN2I4M2ZkMTMwYzM5MB4XDTIyMDEw
MTAyNTU1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjg0ZTUzN2Q2NDFh
YjQzZDEzZjgxNzU1MWVhM2I5ODJmNDYxNWRmZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKnWhnWqeBdunExWwkPTiuDp2IydSMMNfr7kbTWpCtjGsRcM
aWjSFKLS9lybEto8RcYVfHy/3zFmHpLiJowiVZapQ6HB8QIeYid+nsq+yQFB/gyb
9nf/yvj6swjiq5Dmt/qagJQP8TpDZ1ajIUFdIoiLWyjeQG3Z/E+SEfwQEn289+DS
SIPbF1sd4ekW+QEkMn+04OEbKmJjd0k1DyBDhHJ12sH09QyQlb8G/warEAlWqCFz
vbwny4U/PYBXCqgLYfc4VxdJ4Cv2hpciEsdTiXJ/xvUamdlI+buKDkDeK89ZgISw
3na0kYbmIEUdxYei2fUBu3a+BfA5OP9lRnRzmucCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRoTlN9ZBq0PRP4F1Ueo7mC9GFd/TAfBgNVHSMEGDAWgBRy5Lr5mrhAEpEz
KF/prXuD/RMMOTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2N1UzYtWnE0UUJLUk15aGY2YTE3Z18wVEREay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvNjZiNzRjLTgxYzEtNDEwZS05NTdkLWE4ZDY1ZGNjYjk2Yi8x
L2FFNVRmV1FhdEQwVC1CZFZIcU81Z3ZSaFhmMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
NjZiNzRjLTgxYzEtNDEwZS05NTdkLWE4ZDY1ZGNjYjk2Yi8xL2N1UzYtWnE0UUJL
Uk15aGY2YTE3Z18wVEREay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0LtzANBgkqhkiG9w0BAQsFAAOC
AQEArYzBMEfi2egK9ZXeNi7hyOcUQEvE8woVWo32cNw7o1duo3sHwoUqh6jwr0u8
DKIvEZ8AT6QAYdMl6tr+IWIpstWE1K/8URCGsz4SMHTioDHm1dWa8nvKeApIeTpR
xEV0DSGtyFpzNYikz3JM61Qbs4htW2By3ydKy6t4UvZyv4zGVjbHMEUL2SEl1ktg
3DX4Y9rerOkPa6FaiQbnIHwOd9l3KWgT6xLqRmdn5V3QLw5FrSnmrXuZ+dQjTQUY
h9I8BLtfzOqtraWqd4wNcdN7C3jcgbLo1m2tCvEvjfahBcMmL9fCGUM98J1BZ6XU
oOCovzB9kpZSmL2el+WXPEQarA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:21 2024 by rpki-client on console-fra.rpki-client.org