Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8PuZbztr_XLcI8ZHNHVtuA2DH5o.roa
File:                     8PuZbztr_XLcI8ZHNHVtuA2DH5o.roa (raw, json)
Hash identifier:          5ZQlfLa89/g5XoA77irYeAuyrrqe7KfESnPYsa8HX28=
Subject key identifier:   F0:FB:99:6F:3B:6B:FD:72:DC:23:C6:47:34:75:6D:B8:0D:83:1F:9A
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       018CC26D07B3D6094D05FFBFC7355FDF1034
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8PuZbztr_XLcI8ZHNHVtuA2DH5o.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        45.128.128.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:07:b3:d6:09:4d:05:ff:bf:c7:35:5f:df:10:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0fb996f3b6bfd72dc23c64734756db80d831f9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d4:9a:35:f7:34:87:73:70:29:cf:cc:e0:b1:
                    53:91:b7:b8:d7:d9:2b:5d:76:b5:24:d5:08:36:c5:
                    40:25:56:89:ac:b3:69:b5:ec:59:04:b4:a6:00:b9:
                    f3:1e:4a:8b:97:94:83:41:ef:b4:95:45:a7:bb:37:
                    21:3c:55:9c:a3:7b:2f:81:69:3a:ea:68:cc:ef:a3:
                    fb:6c:c2:de:1c:fa:34:3c:ff:62:18:96:f0:b4:5d:
                    59:ab:1a:bd:47:e1:98:f8:c9:fa:ac:80:16:5c:db:
                    69:a7:c8:a3:9a:63:49:b2:3c:b4:42:fa:56:1f:8c:
                    6f:29:86:d5:02:7d:f8:1c:a1:46:57:c7:a6:b1:02:
                    ce:6d:d9:1d:1e:67:27:f6:64:b1:25:8a:2c:fd:45:
                    8c:f7:d8:0b:a9:e9:65:07:b6:04:c8:62:2b:19:11:
                    23:4b:02:eb:d5:56:c9:f3:3d:86:a1:8f:c7:1f:ab:
                    54:7c:30:26:9c:05:80:31:cf:23:1a:56:47:b5:93:
                    e1:d1:c3:32:55:ce:78:73:51:4d:6b:95:dd:99:fe:
                    51:83:a4:79:d3:8f:dc:d1:f5:7b:43:4c:87:33:e4:
                    30:98:96:c3:ac:81:b5:a0:b3:fa:51:1c:f5:a7:6b:
                    e7:40:00:d4:a4:e7:1b:ab:78:99:3f:2d:cc:e5:26:
                    0a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:FB:99:6F:3B:6B:FD:72:DC:23:C6:47:34:75:6D:B8:0D:83:1F:9A
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8PuZbztr_XLcI8ZHNHVtuA2DH5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:30:11:30:04:be:8e:85:d8:31:34:8b:58:5b:d5:1f:bb:e2:
         12:7b:8f:3d:ed:a2:cc:0b:8e:3d:c9:bf:ee:52:25:b5:3f:76:
         a6:74:bd:53:0a:ba:35:f2:a2:0c:fe:38:be:c9:c0:d0:ea:f4:
         3c:36:64:12:45:00:9f:bf:7e:cb:b4:a3:38:45:dd:ed:10:98:
         dd:4b:f4:09:07:25:e3:70:ea:ac:a6:81:32:be:44:e3:de:30:
         5a:34:5d:5f:20:32:fa:19:ee:49:79:88:06:e5:42:59:e0:8e:
         e5:d9:04:4c:32:88:47:bd:1d:9f:bd:2d:27:30:d3:df:8e:85:
         b0:51:8e:eb:13:27:36:e1:1a:a6:ba:6e:8e:c6:0e:15:50:f8:
         b1:ca:fb:4e:ca:9c:94:39:93:1c:89:cf:c0:8b:4d:27:fb:61:
         0d:58:62:6a:e1:7e:65:d3:61:7a:61:e5:43:a4:76:62:31:be:
         14:a3:6c:02:da:96:35:d8:50:fb:c4:19:7e:7b:5f:52:17:31:
         9d:10:75:fb:79:21:07:9b:2c:67:30:c4:ba:0a:1b:aa:b5:19:
         79:8c:be:4b:f0:06:74:43:e3:f2:c9:9b:df:f1:99:f5:91:17:
         16:7e:c6:c6:ca:20:2e:d7:21:7b:a3:72:4e:bf:42:0e:8f:b3:
         ee:26:56:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQez1glNBf+/xzVf3xA0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGZiOTk2ZjNiNmJmZDcyZGMyM2M2NDczNDc1NmRiODBkODMxZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tSaNfc0h3NwKc/M4LFTkbe419kr
XXa1JNUINsVAJVaJrLNptexZBLSmALnzHkqLl5SDQe+0lUWnuzchPFWco3svgWk6
6mjM76P7bMLeHPo0PP9iGJbwtF1Zqxq9R+GY+Mn6rIAWXNtpp8ijmmNJsjy0QvpW
H4xvKYbVAn34HKFGV8emsQLObdkdHmcn9mSxJYos/UWM99gLqellB7YEyGIrGREj
SwLr1VbJ8z2GoY/HH6tUfDAmnAWAMc8jGlZHtZPh0cMyVc54c1FNa5Xdmf5Rg6R5
04/c0fV7Q0yHM+QwmJbDrIG1oLP6URz1p2vnQADUpOcbq3iZPy3M5SYKPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPD7mW87a/1y3CPGRzR1bbgNgx+aMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvOFB1WmJ6dHJfWExjSThaSE5IVnR1QTJESDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYCAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCMBEwBL6OhdgxNItYW9Ufu+ISe4897aLMC449yb/u
UiW1P3amdL1TCro18qIM/ji+ycDQ6vQ8NmQSRQCfv37LtKM4Rd3tEJjdS/QJByXj
cOqspoEyvkTj3jBaNF1fIDL6Ge5JeYgG5UJZ4I7l2QRMMohHvR2fvS0nMNPfjoWw
UY7rEyc24Rqmum6Oxg4VUPixyvtOypyUOZMcic/Ai00n+2ENWGJq4X5l02F6YeVD
pHZiMb4Uo2wC2pY12FD7xBl+e19SFzGdEHX7eSEHmyxnMMS6ChuqtRl5jL5L8AZ0
Q+PyyZvf8Zn1kRcWfsbGyiAu1yF7o3JOv0IOj7PuJlZZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org