Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/ir_5RKa0uc4aYUual04MEfLT0_c.roa
File:                     ir_5RKa0uc4aYUual04MEfLT0_c.roa (raw, json)
Hash identifier:          k8ZlKRN3SO6VfBS0hyskxsgtMQiANGH3scY14UqVLt8=
Subject key identifier:   8A:BF:F9:44:A6:B4:B9:CE:1A:61:4B:9A:97:4E:0C:11:F2:D3:D3:F7
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       018E9EDFD4374EB66C522492BA574D3A5F8A
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/ir_5RKa0uc4aYUual04MEfLT0_c.roa
Signing time:             Tue 02 Apr 2024 12:54:12 +0000
ROA not before:           Tue 02 Apr 2024 12:54:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        45.90.44.0/24 maxlen: 24
                          45.90.47.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:df:d4:37:4e:b6:6c:52:24:92:ba:57:4d:3a:5f:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Apr  2 12:54:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8abff944a6b4b9ce1a614b9a974e0c11f2d3d3f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b7:aa:7d:9a:f8:cb:dc:a3:43:0e:2e:5c:fe:
                    01:72:44:7a:c8:69:fb:2e:fe:7b:52:e0:03:36:0b:
                    37:c3:74:5a:01:6e:c9:d7:12:f0:6a:f8:c9:76:64:
                    af:fc:35:b3:8c:2c:48:46:68:0e:ca:00:1f:c9:95:
                    81:ba:58:65:2f:13:cd:cd:65:9c:25:17:1a:63:b7:
                    5b:63:ad:bc:db:35:07:b6:71:3d:15:f6:02:16:e8:
                    70:03:09:b7:4d:c3:a2:65:0b:35:a3:d2:91:40:e7:
                    98:48:a6:85:bb:8c:6c:e9:94:44:61:b1:50:26:d8:
                    e1:33:8f:b9:12:91:d7:ed:a8:8b:a4:f7:b9:94:72:
                    20:8b:da:f2:97:70:b3:aa:5f:c2:90:eb:e7:be:15:
                    e2:cd:3d:ba:b2:61:6b:88:63:f6:fd:f5:ef:ca:44:
                    e4:ae:21:a3:b1:49:c6:47:64:29:32:7d:d4:0d:03:
                    0a:ec:90:e6:28:cb:be:e5:c2:64:a6:f5:0e:69:93:
                    79:97:84:49:dd:5f:27:cd:1f:51:ce:2a:ec:4b:e0:
                    e4:b3:e9:ea:37:67:31:5e:5a:4f:21:d5:28:cc:3c:
                    eb:51:ba:0e:40:3d:f1:04:4a:aa:76:72:df:c7:29:
                    88:b8:81:b3:7b:79:50:a7:e0:e0:cf:5a:4a:11:f7:
                    ef:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:BF:F9:44:A6:B4:B9:CE:1A:61:4B:9A:97:4E:0C:11:F2:D3:D3:F7
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/ir_5RKa0uc4aYUual04MEfLT0_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.44.0/24
                  45.90.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:38:0a:39:92:2d:b4:04:99:fd:c5:c8:31:21:ec:ed:9c:b4:
         27:5f:e5:f4:ae:c3:0d:50:ae:7a:26:00:0c:8f:75:cf:5f:78:
         c5:c5:f0:70:76:db:c2:e2:86:9a:02:ad:d9:d0:ef:a1:29:15:
         7e:c6:4f:80:8f:9c:30:6d:f4:2a:70:54:b5:69:c5:97:bd:34:
         8e:11:f2:f6:81:71:1c:b0:fe:c6:a3:80:18:b5:1e:32:27:50:
         67:4b:94:96:90:5a:e9:ae:08:80:24:63:36:4b:25:a6:80:8f:
         9a:87:36:fa:db:d3:75:25:83:c8:90:35:63:96:38:9f:f3:02:
         ab:2f:21:6e:3e:15:0b:bb:9c:1d:38:0f:20:b8:bf:9d:c3:80:
         7b:bf:4e:67:d0:7f:ca:7e:91:f4:36:69:22:31:21:fe:83:b8:
         cd:2a:40:39:4d:f8:94:a3:52:47:29:6f:80:e6:d9:3e:c5:b9:
         d2:52:26:d4:7e:e7:cd:b9:83:96:0f:3b:75:c7:e9:9a:16:0f:
         c8:d2:7d:bb:28:d9:47:12:ca:8b:73:29:13:1a:be:42:ac:c4:
         28:e6:68:3a:8f:51:93:cf:13:3c:ad:c3:55:f2:e3:3e:49:52:
         9d:72:92:5e:02:78:83:fe:2a:e6:7f:e4:af:1d:51:2d:90:0b:
         4c:df:64:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6e39Q3TrZsUiSSuldNOl+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwNDAyMTI1NDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWJmZjk0NGE2YjRiOWNlMWE2MTRiOWE5NzRlMGMxMWYyZDNkM2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLeqfZr4y9yjQw4uXP4BckR6yGn7
Lv57UuADNgs3w3RaAW7J1xLwavjJdmSv/DWzjCxIRmgOygAfyZWBulhlLxPNzWWc
JRcaY7dbY6282zUHtnE9FfYCFuhwAwm3TcOiZQs1o9KRQOeYSKaFu4xs6ZREYbFQ
JtjhM4+5EpHX7aiLpPe5lHIgi9ryl3Czql/CkOvnvhXizT26smFriGP2/fXvykTk
riGjsUnGR2QpMn3UDQMK7JDmKMu+5cJkpvUOaZN5l4RJ3V8nzR9RzirsS+Dks+nq
N2cxXlpPIdUozDzrUboOQD3xBEqqdnLfxymIuIGze3lQp+Dgz1pKEffvgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIq/+USmtLnOGmFLmpdODBHy09P3MB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvaXJfNVJLYTB1YzRhWVV1YWwwNE1FZkxUMF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVosAwQA
LVovMA0GCSqGSIb3DQEBCwUAA4IBAQA+OAo5ki20BJn9xcgxIeztnLQnX+X0rsMN
UK56JgAMj3XPX3jFxfBwdtvC4oaaAq3Z0O+hKRV+xk+Aj5wwbfQqcFS1acWXvTSO
EfL2gXEcsP7Go4AYtR4yJ1BnS5SWkFrprgiAJGM2SyWmgI+ahzb629N1JYPIkDVj
ljif8wKrLyFuPhULu5wdOA8guL+dw4B7v05n0H/KfpH0NmkiMSH+g7jNKkA5TfiU
o1JHKW+A5tk+xbnSUibUfufNuYOWDzt1x+maFg/I0n27KNlHEsqLcykTGr5CrMQo
5mg6j1GTzxM8rcNV8uM+SVKdcpJeAniD/irmf+SvHVEtkAtM32Si
-----END CERTIFICATE-----
Generated at Fri Aug 30 07:31:20 2024 by rpki-client on console-fra.rpki-client.org