Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/9iJ0jHkE8HxidQ4rJBFDTDQ_h-0.roa
File:                     9iJ0jHkE8HxidQ4rJBFDTDQ_h-0.roa (raw, json)
Hash identifier:          rntBdLuAKGxXe0GhlXJ6uAB5PCGnvOgUj1vJK7kIiJ8=
Subject key identifier:   F6:22:74:8C:79:04:F0:7C:62:75:0E:2B:24:11:43:4C:34:3F:87:ED
Certificate issuer:       /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial:       0189DEA3DFEA744B621D4FB566DC478FF199
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/9iJ0jHkE8HxidQ4rJBFDTDQ_h-0.roa
Signing time:             Thu 10 Aug 2023 08:50:28 +0000
ROA not before:           Thu 10 Aug 2023 08:50:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49289
IP address blocks:        185.63.132.0/23 maxlen: 23
                          159.255.136.0/22 maxlen: 22
                          185.63.135.0/24 maxlen: 24
                          185.63.134.0/24 maxlen: 24
                          159.255.144.0/24 maxlen: 24
                          188.94.120.0/21 maxlen: 21
                          171.22.233.0/24 maxlen: 24
                          171.22.232.0/24 maxlen: 24
                          171.22.235.0/24 maxlen: 24
                          171.22.234.0/24 maxlen: 24
                          93.185.112.0/20 maxlen: 20
                          178.239.32.0/20 maxlen: 20
                          159.255.147.0/24 maxlen: 24
                          2a00:c50::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:de:a3:df:ea:74:4b:62:1d:4f:b5:66:dc:47:8f:f1:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
        Validity
            Not Before: Aug 10 08:50:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f622748c7904f07c62750e2b2411434c343f87ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:62:db:cb:50:2a:58:b9:6b:9a:c0:87:d3:1c:
                    9f:49:c1:e7:d2:84:8a:3a:b7:ed:fb:50:3d:34:f5:
                    0f:b2:73:ad:e0:57:58:4d:23:92:38:37:3c:73:19:
                    4c:58:26:89:7e:d7:38:70:b9:87:69:af:83:1e:97:
                    93:a5:bd:17:6c:c6:55:fb:3e:dc:14:ce:72:c8:04:
                    89:14:e7:d0:e6:d0:2d:a1:26:fc:28:25:f6:1a:b7:
                    76:4b:60:d2:66:c0:45:70:d1:6e:e5:bf:66:75:03:
                    4d:d5:22:83:19:3c:5e:5a:87:6e:d1:a6:26:84:40:
                    37:fc:99:09:bd:7d:4a:95:f9:94:3c:a4:da:a2:4d:
                    22:ab:c8:c1:02:1b:ed:df:4d:95:44:42:09:a5:6b:
                    c1:c2:ef:2c:9a:c3:75:31:90:69:cf:99:d6:df:0f:
                    44:81:3d:f1:81:14:53:42:92:89:e4:c7:e8:3f:cd:
                    07:de:9d:0a:33:c8:7e:b3:9c:8d:ad:3b:42:03:5c:
                    6a:7e:f4:17:0a:a1:d9:55:34:10:25:48:77:c1:a8:
                    01:1f:f5:82:f7:63:51:03:13:33:73:d3:d6:6d:21:
                    f1:e9:8f:31:d8:7b:9a:40:71:43:06:ea:3a:b9:06:
                    c1:c1:45:51:a2:fa:32:f1:fb:65:7d:8b:6a:f7:6a:
                    16:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:22:74:8C:79:04:F0:7C:62:75:0E:2B:24:11:43:4C:34:3F:87:ED
            X509v3 Authority Key Identifier:
                keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/9iJ0jHkE8HxidQ4rJBFDTDQ_h-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.112.0/20
                  159.255.136.0/22
                  159.255.144.0/24
                  159.255.147.0/24
                  171.22.232.0/22
                  178.239.32.0/20
                  185.63.132.0/22
                  188.94.120.0/21
                IPv6:
                  2a00:c50::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:ca:1f:47:af:44:d2:41:62:d7:a7:e4:70:2f:34:f1:1c:84:
         25:45:9d:a9:bc:bb:8f:fc:53:df:7d:e1:3c:df:87:1f:9e:60:
         d5:61:ca:15:5b:ba:cd:e3:68:3b:89:18:0d:b9:77:df:a1:a0:
         ae:ce:1d:79:bd:fa:a6:da:c5:3d:33:24:ae:11:fa:10:37:4c:
         6d:bc:3d:42:87:e7:97:b2:53:03:35:a2:c2:21:62:21:d4:cb:
         c0:a0:df:18:e2:f0:c3:ca:80:b5:94:91:25:29:87:5e:95:79:
         c0:97:b4:38:26:c2:80:f0:f8:fe:bc:5b:50:ea:48:99:aa:8e:
         8f:7f:34:39:25:e7:c8:a7:f8:d0:52:cd:24:a6:d3:69:9f:ce:
         25:35:4c:a6:3c:70:1f:fe:cb:ee:2a:d1:5c:c1:9a:75:8b:2a:
         5a:cf:50:cf:f4:95:57:99:90:f1:1b:2e:c9:7b:7e:34:01:e5:
         97:5a:e5:e7:57:5f:aa:72:e3:c3:37:4b:bd:6c:89:2c:f0:a7:
         f8:45:00:be:77:19:63:22:08:ba:5d:64:26:e7:ec:6c:91:8b:
         f1:c3:5d:b9:cc:44:ed:e9:c5:40:5d:99:53:18:c2:07:df:dc:
         09:24:93:73:06:b0:1d:6d:64:f2:7c:97:93:dd:a1:9d:7f:57:
         45:90:3a:3e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYneo9/qdEtiHU+1ZtxHj/GZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjMwODEwMDg1MDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjIyNzQ4Yzc5MDRmMDdjNjI3NTBlMmIyNDExNDM0YzM0M2Y4N2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmLby1AqWLlrmsCH0xyfScHn0oSK
Orft+1A9NPUPsnOt4FdYTSOSODc8cxlMWCaJftc4cLmHaa+DHpeTpb0XbMZV+z7c
FM5yyASJFOfQ5tAtoSb8KCX2Grd2S2DSZsBFcNFu5b9mdQNN1SKDGTxeWodu0aYm
hEA3/JkJvX1KlfmUPKTaok0iq8jBAhvt302VREIJpWvBwu8smsN1MZBpz5nW3w9E
gT3xgRRTQpKJ5MfoP80H3p0KM8h+s5yNrTtCA1xqfvQXCqHZVTQQJUh3wagBH/WC
92NRAxMzc9PWbSHx6Y8x2HuaQHFDBuo6uQbBwUVRovoy8ftlfYtq92oWgwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFPYidIx5BPB8YnUOKyQRQ0w0P4ftMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvOWlKMGpIa0U4SHhpZFE0ckpCRkRURFFfaC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEXblwAwQC
n/+IAwQAn/+QAwQAn/+TAwQCqxboAwQEsu8gAwQCuT+EAwQDvF54MA0EAgACMAcD
BQMqAAxQMA0GCSqGSIb3DQEBCwUAA4IBAQBxyh9Hr0TSQWLXp+RwLzTxHIQlRZ2p
vLuP/FPffeE834cfnmDVYcoVW7rN42g7iRgNuXffoaCuzh15vfqm2sU9MySuEfoQ
N0xtvD1Ch+eXslMDNaLCIWIh1MvAoN8Y4vDDyoC1lJElKYdelXnAl7Q4JsKA8Pj+
vFtQ6kiZqo6PfzQ5JefIp/jQUs0kptNpn84lNUymPHAf/svuKtFcwZp1iypaz1DP
9JVXmZDxGy7Je340AeWXWuXnV1+qcuPDN0u9bIks8Kf4RQC+dxljIgi6XWQm5+xs
kYvxw125zETt6cVAXZlTGMIH39wJJJNzBrAdbWTyfJeT3aGdf1dFkDo+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:51 2024 by rpki-client on console-fra.rpki-client.org