Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/o-WA152dwWGqiq5fIRGQX5583gA.roa
File:                     o-WA152dwWGqiq5fIRGQX5583gA.roa (raw, json)
Hash identifier:          ss8o/6KAA9P6X96ztKAiQqKmGffov0zglpSU8CcmLMc=
Subject key identifier:   A3:E5:80:D7:9D:9D:C1:61:AA:8A:AE:5F:21:11:90:5F:9E:7C:DE:00
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0187B799C7C8F040C6B05101CDD0C49EE83B
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/o-WA152dwWGqiq5fIRGQX5583gA.roa
Signing time:             Tue 25 Apr 2023 08:48:41 +0000
ROA not before:           Tue 25 Apr 2023 08:48:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202656
IP address blocks:        45.128.128.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b7:99:c7:c8:f0:40:c6:b0:51:01:cd:d0:c4:9e:e8:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Apr 25 08:48:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3e580d79d9dc161aa8aae5f2111905f9e7cde00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:12:0a:66:c0:bb:55:83:bd:19:de:59:ed:8e:
                    52:74:0f:e1:88:d3:be:f1:5a:16:69:d5:be:3a:42:
                    40:9a:21:86:94:60:bc:68:8d:ee:e5:0a:11:21:16:
                    86:a7:32:a7:ad:eb:e5:08:0a:f8:72:12:dc:bb:1a:
                    a2:79:cb:e7:e6:a5:81:a5:32:08:d7:af:06:d3:6f:
                    54:6d:ca:19:4d:3a:64:12:84:7b:8c:93:ae:20:21:
                    36:ba:43:f5:88:0f:c2:3d:66:02:74:a0:75:51:52:
                    41:60:c3:e9:32:33:11:dd:31:5c:66:43:12:26:60:
                    a7:d6:20:7b:c1:0a:00:54:4a:67:56:0d:20:bd:19:
                    b3:92:f0:e9:7e:29:5a:88:13:02:c9:4f:9c:f4:ef:
                    d2:b2:3d:f5:20:9e:54:51:0f:84:ba:4f:9d:c7:1e:
                    0d:7c:5e:b7:5b:4c:36:2e:4b:96:77:90:fe:40:d1:
                    96:0b:05:8e:9f:ea:db:11:6f:6d:11:e1:ea:32:0e:
                    9a:d8:07:78:9b:fb:85:06:93:96:fd:ec:25:e2:80:
                    f6:d9:b7:10:27:9e:42:b1:b1:65:4a:46:6c:53:48:
                    69:69:44:21:88:4c:bb:9c:11:03:39:62:d4:1f:33:
                    c5:0e:15:82:4c:fb:3a:11:6c:9c:f0:4e:df:9c:f6:
                    28:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E5:80:D7:9D:9D:C1:61:AA:8A:AE:5F:21:11:90:5F:9E:7C:DE:00
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/o-WA152dwWGqiq5fIRGQX5583gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:a1:49:db:2d:78:fc:d9:ec:ff:7f:c4:48:c3:ce:fc:0d:bf:
         ba:5e:a5:26:43:24:dc:f9:71:5a:02:7d:18:b7:62:46:6e:98:
         7e:81:43:12:0e:95:7b:d8:4e:c2:a6:03:d1:b2:04:ec:2f:b5:
         8f:f0:a0:66:9f:a9:7d:62:60:3c:e2:ac:8b:ee:79:14:78:77:
         ad:45:8e:ec:c8:85:bc:54:14:0a:9b:ed:f7:35:05:93:b9:55:
         c3:b7:25:6f:d7:3e:ef:0e:4c:75:ee:4d:55:ab:ea:c5:00:75:
         37:40:29:b4:05:3a:8c:14:f6:f4:d2:f5:68:64:95:ea:bc:74:
         d2:33:3f:c3:b0:f1:72:46:d7:00:30:d0:00:f9:78:e8:b4:00:
         d2:f1:87:52:34:47:fa:87:91:9e:ad:13:36:d3:30:ef:70:02:
         55:ce:57:a8:7a:f7:96:2b:69:1c:7e:f0:0f:38:d0:c8:8e:d4:
         5a:1a:5f:c8:ce:60:74:fc:eb:bc:5e:5d:da:17:67:9b:18:3f:
         1b:0d:5d:0f:58:fb:cd:65:ef:09:03:f4:c9:16:6d:f4:e4:1d:
         0e:5a:10:ab:99:ab:e3:38:9c:e0:dd:f6:07:78:59:7a:d6:ff:
         5f:94:4e:8a:2a:07:5d:e1:81:ce:c9:51:29:3f:d6:b4:4a:c8:
         06:e0:38:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYe3mcfI8EDGsFEBzdDEnug7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjMwNDI1MDg0ODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2U1ODBkNzlkOWRjMTYxYWE4YWFlNWYyMTExOTA1ZjllN2NkZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxIKZsC7VYO9Gd5Z7Y5SdA/hiNO+
8VoWadW+OkJAmiGGlGC8aI3u5QoRIRaGpzKnrevlCAr4chLcuxqiecvn5qWBpTII
168G029UbcoZTTpkEoR7jJOuICE2ukP1iA/CPWYCdKB1UVJBYMPpMjMR3TFcZkMS
JmCn1iB7wQoAVEpnVg0gvRmzkvDpfilaiBMCyU+c9O/Ssj31IJ5UUQ+Euk+dxx4N
fF63W0w2LkuWd5D+QNGWCwWOn+rbEW9tEeHqMg6a2Ad4m/uFBpOW/ewl4oD22bcQ
J55CsbFlSkZsU0hpaUQhiEy7nBEDOWLUHzPFDhWCTPs6EWyc8E7fnPYo9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPlgNedncFhqoquXyERkF+efN4AMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvby1XQTE1MmR3V0dxaXE1ZklSR1FYNTU4M2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYCAMA0G
CSqGSIb3DQEBCwUAA4IBAQBqoUnbLXj82ez/f8RIw878Db+6XqUmQyTc+XFaAn0Y
t2JGbph+gUMSDpV72E7CpgPRsgTsL7WP8KBmn6l9YmA84qyL7nkUeHetRY7syIW8
VBQKm+33NQWTuVXDtyVv1z7vDkx17k1Vq+rFAHU3QCm0BTqMFPb00vVoZJXqvHTS
Mz/DsPFyRtcAMNAA+XjotADS8YdSNEf6h5GerRM20zDvcAJVzleoeveWK2kcfvAP
ONDIjtRaGl/IzmB0/Ou8Xl3aF2ebGD8bDV0PWPvNZe8JA/TJFm305B0OWhCrmavj
OJzg3fYHeFl61v9flE6KKgdd4YHOyVEpP9a0SsgG4Dis
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org