Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/sVofDDhYrJaOldgUmzTVpQL2CgA.roa
File:                     sVofDDhYrJaOldgUmzTVpQL2CgA.roa (raw, json)
Hash identifier:          lam/8EE9XollI6KsrtFeVh62u3annEtrJY8lGUpQ1/U=
Subject key identifier:   B1:5A:1F:0C:38:58:AC:96:8E:95:D8:14:9B:34:D5:A5:02:F6:0A:00
Certificate issuer:       /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial:       018CC3B6A4191461339B7CED95001067D30F
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/sVofDDhYrJaOldgUmzTVpQL2CgA.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        45.139.126.0/24 maxlen: 24
                          45.139.127.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a4:19:14:61:33:9b:7c:ed:95:00:10:67:d3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b15a1f0c3858ac968e95d8149b34d5a502f60a00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:60:f9:de:b8:27:2e:9e:3a:29:29:c3:46:f9:
                    ca:2a:e9:21:a0:45:a3:bd:9c:be:86:d2:e9:18:94:
                    c9:ca:af:12:d7:cd:48:23:c4:b2:e0:36:a9:e5:10:
                    f0:2f:c0:50:f2:19:08:cc:e9:81:6a:dd:cc:16:9d:
                    37:db:b6:26:a1:93:ec:63:ac:51:16:14:79:fa:e1:
                    c5:03:5f:8b:c3:0a:02:ea:f6:72:38:8d:63:0f:06:
                    29:6d:1c:15:7f:18:fc:e9:95:cb:ce:ea:1d:66:85:
                    53:cc:3b:b0:b1:12:4e:ac:fa:b2:88:93:fe:b8:f3:
                    1d:ad:73:7b:b6:17:07:0b:9d:49:d5:0b:9a:c6:2c:
                    45:db:ec:55:63:6a:24:16:81:de:6c:a6:5a:36:dc:
                    1a:46:11:7d:aa:ac:6b:b6:8b:2c:9a:96:f6:1a:bc:
                    03:e2:4e:fc:b5:30:82:26:52:b0:5a:24:d1:f5:15:
                    a2:c5:c7:72:fe:55:38:0e:d4:ae:ce:4e:3f:95:9a:
                    63:8b:c9:0e:84:84:7a:31:1c:7d:8c:9f:20:55:e7:
                    48:9f:be:8e:99:6e:a3:21:0d:49:d5:08:59:df:75:
                    d5:91:51:88:7f:b8:1f:e0:02:f5:56:fe:f7:2f:e5:
                    43:69:de:2e:78:9f:84:fa:21:60:f8:a1:c9:92:94:
                    ed:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:5A:1F:0C:38:58:AC:96:8E:95:D8:14:9B:34:D5:A5:02:F6:0A:00
            X509v3 Authority Key Identifier:
                keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/sVofDDhYrJaOldgUmzTVpQL2CgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:a0:96:bf:22:1d:47:7a:48:d0:49:a3:c4:40:38:6f:d0:af:
         4c:d6:35:c4:52:61:5f:6b:83:78:f9:f3:e9:51:be:91:13:86:
         5b:51:b9:92:2e:56:27:75:7f:01:b2:9f:48:8c:66:d5:0f:01:
         b2:24:11:d7:0b:b9:4b:35:4d:3c:14:9a:bb:ee:c3:ba:53:dd:
         29:c8:a4:f4:05:f1:0c:e4:80:13:8b:aa:9d:53:4a:f5:39:3c:
         42:3c:c1:df:ee:57:b6:8e:40:81:9d:ce:28:c6:8f:57:63:9f:
         8e:06:62:81:05:d0:81:97:6a:c2:ab:d5:60:ff:74:aa:36:bd:
         7c:0f:ca:ca:95:47:f1:71:40:46:6f:ab:ea:93:3e:77:8f:67:
         e3:e5:12:74:37:f8:25:a7:b7:a3:33:cb:e8:9d:86:18:e6:5e:
         3c:a5:ee:e0:26:fa:92:14:87:f8:2c:a4:60:01:b5:24:ac:10:
         41:29:c9:80:84:e9:c7:33:af:2d:13:12:f5:c5:6d:4e:83:f9:
         8c:05:4c:54:ce:d4:0a:b4:be:9e:a0:4e:f0:7e:a9:f5:f0:49:
         e7:25:27:be:51:ca:fb:a3:dc:42:88:1a:7b:56:04:05:d3:33:
         ca:ed:8b:30:68:e5:ed:2a:a2:35:b0:c2:69:b0:aa:86:ec:be:
         78:a0:32:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqQZFGEzm3ztlQAQZ9MPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTVhMWYwYzM4NThhYzk2OGU5NWQ4MTQ5YjM0ZDVhNTAyZjYwYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mD53rgnLp46KSnDRvnKKukhoEWj
vZy+htLpGJTJyq8S181II8Sy4Dap5RDwL8BQ8hkIzOmBat3MFp0327YmoZPsY6xR
FhR5+uHFA1+LwwoC6vZyOI1jDwYpbRwVfxj86ZXLzuodZoVTzDuwsRJOrPqyiJP+
uPMdrXN7thcHC51J1QuaxixF2+xVY2okFoHebKZaNtwaRhF9qqxrtossmpb2GrwD
4k78tTCCJlKwWiTR9RWixcdy/lU4DtSuzk4/lZpji8kOhIR6MRx9jJ8gVedIn76O
mW6jIQ1J1QhZ33XVkVGIf7gf4AL1Vv73L+VDad4ueJ+E+iFg+KHJkpTt6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFaHww4WKyWjpXYFJs01aUC9goAMB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvc1ZvZkREaFlySmFPbGRnVW16VFZwUUwyQ2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYt+MA0G
CSqGSIb3DQEBCwUAA4IBAQB8oJa/Ih1HekjQSaPEQDhv0K9M1jXEUmFfa4N4+fPp
Ub6RE4ZbUbmSLlYndX8Bsp9IjGbVDwGyJBHXC7lLNU08FJq77sO6U90pyKT0BfEM
5IATi6qdU0r1OTxCPMHf7le2jkCBnc4oxo9XY5+OBmKBBdCBl2rCq9Vg/3SqNr18
D8rKlUfxcUBGb6vqkz53j2fj5RJ0N/glp7ejM8vonYYY5l48pe7gJvqSFIf4LKRg
AbUkrBBBKcmAhOnHM68tExL1xW1Og/mMBUxUztQKtL6eoE7wfqn18EnnJSe+Ucr7
o9xCiBp7VgQF0zPK7YswaOXtKqI1sMJpsKqG7L54oDI1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:54 2024 by rpki-client on console-fra.rpki-client.org