Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/7GxnM6YiZoTrvQhsPFHD8qfO-y4.roa
File:                     7GxnM6YiZoTrvQhsPFHD8qfO-y4.roa (raw, json)
Hash identifier:          flDX092ooheoi4WNr3H57lSkBqcecpLLbEvnb0ygmtw=
Subject key identifier:   EC:6C:67:33:A6:22:66:84:EB:BD:08:6C:3C:51:C3:F2:A7:CE:FB:2E
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0189654A8D83DC05B1A2F0044827D911D062
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/7GxnM6YiZoTrvQhsPFHD8qfO-y4.roa
Signing time:             Mon 17 Jul 2023 19:18:51 +0000
ROA not before:           Mon 17 Jul 2023 19:18:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62240
IP address blocks:        45.128.128.0/24 maxlen: 24
                          91.210.69.0/24 maxlen: 24
                          2a09:9447::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:65:4a:8d:83:dc:05:b1:a2:f0:04:48:27:d9:11:d0:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Jul 17 19:18:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec6c6733a6226684ebbd086c3c51c3f2a7cefb2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:28:3b:32:61:e7:f5:cc:f4:f1:33:3b:f8:4e:
                    56:14:50:df:87:a8:6c:0b:57:ed:40:ba:2c:61:40:
                    cc:86:a2:dc:69:a9:6a:40:ae:bc:e1:7b:99:21:69:
                    ba:cd:c2:7d:78:c0:16:d4:9a:de:32:d7:87:c6:9e:
                    12:67:86:2a:31:43:eb:94:ea:64:74:60:a2:fc:a5:
                    56:cf:3d:16:5a:09:a5:06:7b:b6:9d:69:f7:86:e0:
                    44:a4:ac:8c:e0:55:9a:7d:4e:39:12:fe:ae:b5:fe:
                    cf:f3:0c:17:96:2d:3f:36:55:93:40:9d:9a:ef:cf:
                    60:bf:3a:41:57:a0:a7:4c:32:b8:f6:2a:85:ad:3e:
                    77:29:e0:4f:17:c7:f2:99:3d:bd:d3:98:45:93:d8:
                    ba:69:7a:17:6d:40:31:eb:93:36:91:25:26:22:54:
                    6c:44:6c:51:13:ae:1f:6b:eb:77:90:89:bc:bd:ed:
                    de:65:08:ab:cb:0b:a1:ac:9f:e5:03:f9:e1:b0:fb:
                    e5:2a:03:20:ce:4f:a7:37:ea:fd:12:b9:3d:62:10:
                    60:27:59:2a:2d:d1:81:68:92:cc:98:0d:8b:15:1c:
                    8e:33:17:36:b3:b8:6d:e7:de:07:9b:f1:d4:06:48:
                    45:5a:da:87:3b:95:27:05:38:78:84:ee:cb:d3:65:
                    dc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:6C:67:33:A6:22:66:84:EB:BD:08:6C:3C:51:C3:F2:A7:CE:FB:2E
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/7GxnM6YiZoTrvQhsPFHD8qfO-y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.128.0/24
                  91.210.69.0/24
                IPv6:
                  2a09:9447::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:fa:34:7e:0a:80:c2:28:20:2b:0d:e9:9e:6d:50:af:09:77:
         c2:e3:6e:b7:0a:18:34:91:60:b6:67:8e:0f:9f:8f:bc:1e:ed:
         b1:4d:27:ec:a1:39:bc:54:dc:7d:00:be:15:12:a2:2b:45:18:
         5e:89:5f:3b:ec:a2:f8:b9:ef:46:26:c7:f8:97:57:ca:28:03:
         31:5f:80:19:a8:1d:33:73:dc:25:2b:37:40:88:7b:43:ae:2f:
         93:16:eb:10:51:ed:43:69:3d:4c:e2:c4:8b:82:3a:ce:d4:99:
         b5:53:a8:0b:6f:51:bc:2e:0e:4b:8e:4d:c7:97:10:a0:62:1d:
         5c:1a:87:80:bb:df:6c:f2:40:f1:ad:38:67:a2:16:aa:97:86:
         a7:b0:e3:31:af:ab:10:60:91:8c:83:c1:91:db:70:9f:57:ff:
         af:2c:f4:dc:60:be:a7:f4:7c:8c:bf:51:0e:a2:ea:60:90:6a:
         c7:f2:ed:17:46:95:cd:f2:fc:05:9c:11:8f:3a:09:ea:02:f5:
         56:c7:c2:af:62:d1:c1:51:36:d2:04:20:cb:3e:b8:d7:6d:83:
         7d:59:6d:88:07:b1:e9:ce:86:98:ac:a6:b5:86:35:20:b2:bb:
         35:48:74:89:b3:1a:e7:1c:db:7d:73:25:9b:3c:c9:7c:55:2a:
         5c:fa:06:4d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYllSo2D3AWxovAESCfZEdBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjMwNzE3MTkxODUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzZjNjczM2E2MjI2Njg0ZWJiZDA4NmMzYzUxYzNmMmE3Y2VmYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCg7MmHn9cz08TM7+E5WFFDfh6hs
C1ftQLosYUDMhqLcaalqQK684XuZIWm6zcJ9eMAW1JreMteHxp4SZ4YqMUPrlOpk
dGCi/KVWzz0WWgmlBnu2nWn3huBEpKyM4FWafU45Ev6utf7P8wwXli0/NlWTQJ2a
789gvzpBV6CnTDK49iqFrT53KeBPF8fymT2905hFk9i6aXoXbUAx65M2kSUmIlRs
RGxRE64fa+t3kIm8ve3eZQirywuhrJ/lA/nhsPvlKgMgzk+nN+r9Erk9YhBgJ1kq
LdGBaJLMmA2LFRyOMxc2s7ht594Hm/HUBkhFWtqHO5UnBTh4hO7L02Xc/wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOxsZzOmImaE670IbDxRw/KnzvsuMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvN0d4bk02WWlab1RydlFoc1BGSEQ4cWZPLXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYCAAwQA
W9JFMA0EAgACMAcDBQAqCZRHMA0GCSqGSIb3DQEBCwUAA4IBAQA6+jR+CoDCKCAr
DemebVCvCXfC4263Chg0kWC2Z44Pn4+8Hu2xTSfsoTm8VNx9AL4VEqIrRRheiV87
7KL4ue9GJsf4l1fKKAMxX4AZqB0zc9wlKzdAiHtDri+TFusQUe1DaT1M4sSLgjrO
1Jm1U6gLb1G8Lg5Ljk3HlxCgYh1cGoeAu99s8kDxrThnohaql4ansOMxr6sQYJGM
g8GR23CfV/+vLPTcYL6n9HyMv1EOoupgkGrH8u0XRpXN8vwFnBGPOgnqAvVWx8Kv
YtHBUTbSBCDLPrjXbYN9WW2IB7HpzoaYrKa1hjUgsrs1SHSJsxrnHNt9cyWbPMl8
VSpc+gZN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org