Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/raA9axEiozHK-T6xUKqNRtTBc9M.roa
File:                     raA9axEiozHK-T6xUKqNRtTBc9M.roa (raw, json)
Hash identifier:          B84vW9ZhkEK71xsSeQXbBpfkf1jPkQFuGPrxDCOv4rQ=
Subject key identifier:   AD:A0:3D:6B:11:22:A3:31:CA:F9:3E:B1:50:AA:8D:46:D4:C1:73:D3
Certificate issuer:       /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial:       018CC2DB631F1FD43D45DA398D6528FF9B0E
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/raA9axEiozHK-T6xUKqNRtTBc9M.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49289
IP address blocks:        185.63.132.0/23 maxlen: 23
                          159.255.136.0/22 maxlen: 22
                          185.63.135.0/24 maxlen: 24
                          185.63.134.0/24 maxlen: 24
                          159.255.144.0/24 maxlen: 24
                          188.94.120.0/21 maxlen: 21
                          171.22.233.0/24 maxlen: 24
                          171.22.232.0/24 maxlen: 24
                          171.22.235.0/24 maxlen: 24
                          171.22.234.0/24 maxlen: 24
                          93.185.112.0/20 maxlen: 20
                          178.239.32.0/20 maxlen: 20
                          2a00:c50::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:63:1f:1f:d4:3d:45:da:39:8d:65:28:ff:9b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ada03d6b1122a331caf93eb150aa8d46d4c173d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:84:5f:a6:a4:b7:0a:3a:70:a0:2d:7c:4f:4a:
                    18:89:bd:32:f2:ac:ce:38:e5:0f:5e:7e:83:fa:26:
                    be:e4:11:1b:fe:d9:bd:cf:cf:0e:de:28:1b:4b:b5:
                    3b:a2:bb:da:b2:20:d1:82:c6:0c:d0:0c:66:27:10:
                    c3:35:fb:da:b1:8d:d6:2c:e1:7c:9d:8b:72:46:9d:
                    8a:ba:f9:ac:da:7f:c6:bb:ef:ca:8d:ec:94:c7:ce:
                    32:4c:0d:09:4f:d1:56:41:3b:b6:3f:d0:90:fc:4d:
                    2d:db:76:8b:83:5e:55:46:9c:39:85:78:40:40:f1:
                    80:c0:2c:d7:de:6b:dd:0f:ac:bf:80:65:bf:c9:dd:
                    1a:df:30:47:73:93:42:1f:a1:e8:0d:b3:91:34:98:
                    e9:70:e1:30:fc:ee:7f:3c:32:56:15:77:cb:4e:54:
                    fa:db:21:25:4b:a8:fd:64:82:ca:c4:7b:19:59:dc:
                    95:bd:7b:27:a2:4f:58:63:ba:5c:c9:39:63:0f:7a:
                    c0:1f:05:cd:7c:9b:5c:df:a8:bb:6d:48:d8:3d:58:
                    71:5c:1c:13:bc:34:83:b6:75:ef:d5:d8:da:54:32:
                    54:28:2a:b5:c8:54:f9:8c:7a:4b:ba:05:f0:31:49:
                    fc:46:b1:be:75:2f:66:14:0b:12:ad:49:0f:ef:1f:
                    74:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:A0:3D:6B:11:22:A3:31:CA:F9:3E:B1:50:AA:8D:46:D4:C1:73:D3
            X509v3 Authority Key Identifier:
                keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/raA9axEiozHK-T6xUKqNRtTBc9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.112.0/20
                  159.255.136.0/22
                  159.255.144.0/24
                  171.22.232.0/22
                  178.239.32.0/20
                  185.63.132.0/22
                  188.94.120.0/21
                IPv6:
                  2a00:c50::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:f1:b6:81:aa:7a:10:d2:2a:fa:48:04:11:7c:f2:10:2c:44:
         80:f9:2e:b5:88:c8:29:b2:4d:5b:64:47:f6:34:ab:6d:0d:98:
         7f:e3:66:a6:f9:8f:eb:33:8f:4c:82:ae:fe:76:5f:9f:d3:b3:
         69:0c:49:29:15:de:c4:f1:02:f2:b2:f6:40:81:80:14:c3:0d:
         3e:03:88:26:d0:af:00:fb:16:ee:f7:57:1a:23:c1:50:de:f6:
         91:c5:de:a3:01:a0:64:3a:0d:9f:4f:4d:e8:59:d3:24:a2:d1:
         bb:94:91:76:69:d5:fb:3c:e3:1a:ce:0f:16:10:e1:65:1f:fa:
         4c:70:f5:55:d5:30:0d:a5:31:8a:44:f6:49:d5:75:09:12:f1:
         02:f3:c7:71:0d:04:c4:34:14:09:2f:b3:16:28:10:c7:38:0d:
         3a:94:a1:61:eb:35:85:9f:a2:65:ea:16:1e:2d:26:e1:fc:68:
         ac:0d:e9:7e:47:24:b3:32:09:33:01:dc:17:70:a7:73:e9:ba:
         8b:1f:a1:f2:99:c5:f2:f6:4a:40:ff:66:90:70:ba:dd:d9:ec:
         e4:74:09:55:f1:fd:66:06:53:8e:1f:9c:94:e5:ab:ce:b4:d8:
         c8:02:45:60:c1:50:fd:bb:39:1f:90:38:d8:d6:92:ab:1b:06:
         61:ab:77:a7
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzC22MfH9Q9Rdo5jWUo/5sOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGEwM2Q2YjExMjJhMzMxY2FmOTNlYjE1MGFhOGQ0NmQ0YzE3M2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IRfpqS3CjpwoC18T0oYib0y8qzO
OOUPXn6D+ia+5BEb/tm9z88O3igbS7U7orvasiDRgsYM0AxmJxDDNfvasY3WLOF8
nYtyRp2Kuvms2n/Gu+/KjeyUx84yTA0JT9FWQTu2P9CQ/E0t23aLg15VRpw5hXhA
QPGAwCzX3mvdD6y/gGW/yd0a3zBHc5NCH6HoDbORNJjpcOEw/O5/PDJWFXfLTlT6
2yElS6j9ZILKxHsZWdyVvXsnok9YY7pcyTljD3rAHwXNfJtc36i7bUjYPVhxXBwT
vDSDtnXv1djaVDJUKCq1yFT5jHpLugXwMUn8RrG+dS9mFAsSrUkP7x903QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFK2gPWsRIqMxyvk+sVCqjUbUwXPTMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvcmFBOWF4RWlvekhLLVQ2eFVLcU5SdFRCYzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEXblwAwQC
n/+IAwQAn/+QAwQCqxboAwQEsu8gAwQCuT+EAwQDvF54MA0EAgACMAcDBQMqAAxQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAU8baBqnoQ0ir6SAQRfPIQLESA+S61iMgpsk1b
ZEf2NKttDZh/42am+Y/rM49Mgq7+dl+f07NpDEkpFd7E8QLysvZAgYAUww0+A4gm
0K8A+xbu91caI8FQ3vaRxd6jAaBkOg2fT03oWdMkotG7lJF2adX7POMazg8WEOFl
H/pMcPVV1TANpTGKRPZJ1XUJEvEC88dxDQTENBQJL7MWKBDHOA06lKFh6zWFn6Jl
6hYeLSbh/GisDel+RySzMgkzAdwXcKdz6bqLH6HymcXy9kpA/2aQcLrd2ezkdAlV
8f1mBlOOH5yU5avOtNjIAkVgwVD9uzkfkDjY1pKrGwZhq3en
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:51 2024 by rpki-client on console-fra.rpki-client.org