Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/AGk0UlsuoQ0dh2mPFAM9qKd7HhU.roa
File:                     AGk0UlsuoQ0dh2mPFAM9qKd7HhU.roa (raw, json)
Hash identifier:          EltktFukuDga7u8CBkVTOD8pWcfzCRvIQkXkIWFz7EY=
Subject key identifier:   00:69:34:52:5B:2E:A1:0D:1D:87:69:8F:14:03:3D:A8:A7:7B:1E:15
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       05C14C9C
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/AGk0UlsuoQ0dh2mPFAM9qKd7HhU.roa
Signing time:             Fri 10 Jun 2022 11:08:02 +0000
ROA not before:           Fri 10 Jun 2022 11:08:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51327
IP address blocks:        139.45.246.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96554140 (0x5c14c9c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jun 10 11:08:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=006934525b2ea10d1d87698f14033da8a77b1e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:8f:09:7b:8c:4c:4f:54:d6:7e:d9:a9:3a:7e:
                    60:5f:e5:20:0a:53:41:f3:9a:4c:ef:bc:3b:d4:92:
                    b2:25:0c:8a:68:c0:00:cb:22:ea:36:f3:9a:28:da:
                    b8:12:61:08:85:35:74:32:39:3b:c8:c0:be:41:fd:
                    fa:b8:ab:71:d1:f6:9f:ec:a7:d3:29:da:40:79:5d:
                    3b:80:95:c9:9c:02:67:b3:72:71:e8:19:d5:e1:1c:
                    91:3f:61:3e:a1:95:0f:5a:d9:d4:21:d7:60:d9:e4:
                    45:26:de:e4:4b:51:69:9f:a5:d0:23:26:8b:ca:05:
                    0e:b1:bc:41:64:f1:54:0e:60:ad:b0:38:6b:7a:18:
                    56:68:64:ef:85:02:3d:2f:01:ed:bb:4b:5c:86:76:
                    7f:c9:a2:e1:5b:f5:e1:6f:fc:6e:00:9b:3e:0d:5e:
                    22:4e:33:c5:37:d7:e0:6c:4a:3c:05:77:79:05:65:
                    ec:93:fd:85:23:92:72:4a:ee:00:b7:5b:e8:b8:cb:
                    d4:90:32:fb:29:57:22:f8:13:f2:ef:ce:46:07:ff:
                    ee:50:9a:4f:4d:87:0c:d3:5c:fb:32:42:d4:f2:f2:
                    56:24:5e:4c:98:16:19:c9:92:72:98:e5:a3:61:28:
                    00:f5:aa:ef:80:f1:db:57:e7:03:52:7e:e5:23:37:
                    7d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:69:34:52:5B:2E:A1:0D:1D:87:69:8F:14:03:3D:A8:A7:7B:1E:15
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/AGk0UlsuoQ0dh2mPFAM9qKd7HhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:5d:2e:7e:75:d2:68:74:e6:25:b5:94:1d:a1:7b:ec:a5:8d:
         dd:b0:8f:00:8c:62:15:24:18:c4:22:64:f1:45:4a:f5:23:1c:
         f9:b0:de:25:f0:4b:a0:10:3d:13:7d:82:2a:78:f4:66:fb:15:
         89:f4:c2:08:3b:2d:b7:f1:ca:d1:41:61:0a:af:97:90:2d:4b:
         2f:04:c6:dd:85:1c:dc:68:3d:8f:ec:ae:92:22:e3:f2:ce:25:
         ba:78:7d:e8:ee:c8:52:c4:3c:25:9b:b7:a5:37:2f:e9:7e:2e:
         fc:93:15:77:fa:60:09:16:1a:80:9a:4a:d3:f8:69:44:30:5a:
         a7:f5:f5:f8:4a:49:c4:98:93:64:26:9c:53:81:39:7d:d9:f3:
         64:99:8c:8e:88:af:5b:dd:6e:d7:f1:af:2e:a3:4d:28:09:ac:
         ef:99:d3:ba:47:2b:59:76:37:2f:38:9c:33:44:9c:aa:9f:1e:
         ed:b1:dc:90:a3:e0:73:d6:8c:79:f4:2b:76:5d:0e:03:13:64:
         89:6a:3e:70:50:7d:ff:a6:a2:9e:8b:ff:42:d7:fa:88:9c:c6:
         0f:d9:4c:a2:08:93:a1:5c:2c:ff:b9:b2:b1:1b:a7:97:46:c4:
         37:00:cb:43:65:1e:fd:28:5d:30:77:77:4e:c0:84:ae:53:c2:
         44:e8:e0:43
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBcFMnDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
OWJlMDJkZWEwYTA4NmU5ODgwZjU2NGM4Njg3MmJiYzU5N2NjNjcyMB4XDTIyMDYx
MDExMDgwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDA2OTM0NTI1YjJl
YTEwZDFkODc2OThmMTQwMzNkYThhNzdiMWUxNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO2PCXuMTE9U1n7ZqTp+YF/lIApTQfOaTO+8O9SSsiUMimjA
AMsi6jbzmijauBJhCIU1dDI5O8jAvkH9+rircdH2n+yn0ynaQHldO4CVyZwCZ7Ny
cegZ1eEckT9hPqGVD1rZ1CHXYNnkRSbe5EtRaZ+l0CMmi8oFDrG8QWTxVA5grbA4
a3oYVmhk74UCPS8B7btLXIZ2f8mi4Vv14W/8bgCbPg1eIk4zxTfX4GxKPAV3eQVl
7JP9hSOSckruALdb6LjL1JAy+ylXIvgT8u/ORgf/7lCaT02HDNNc+zJC1PLyViRe
TJgWGcmScpjlo2EoAPWq74Dx21fnA1J+5SM3fesCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQAaTRSWy6hDR2HaY8UAz2op3seFTAfBgNVHSMEGDAWgBQpvgLeoKCG6YgP
VkyGhyu8WXzGcjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tiNEMzcUNnaHVtSUQxWk1ob2NydkZsOHhuSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGEvZWExY2ZmLWFlOGYtNDcxOS04OWIzLTAwM2ExNTY4YmYzZi8x
L0FHazBVbHN1b1EwZGgybVBGQU05cUtkN0hoVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEv
ZWExY2ZmLWFlOGYtNDcxOS04OWIzLTAwM2ExNTY4YmYzZi8xL0tiNEMzcUNnaHVt
SUQxWk1ob2NydkZsOHhuSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAYst9jANBgkqhkiG9w0BAQsFAAOC
AQEAE10ufnXSaHTmJbWUHaF77KWN3bCPAIxiFSQYxCJk8UVK9SMc+bDeJfBLoBA9
E32CKnj0ZvsVifTCCDstt/HK0UFhCq+XkC1LLwTG3YUc3Gg9j+yukiLj8s4lunh9
6O7IUsQ8JZu3pTcv6X4u/JMVd/pgCRYagJpK0/hpRDBap/X1+EpJxJiTZCacU4E5
fdnzZJmMjoivW91u1/GvLqNNKAms75nTukcrWXY3LzicM0Scqp8e7bHckKPgc9aM
efQrdl0OAxNkiWo+cFB9/6ainov/Qtf6iJzGD9lMogiToVws/7mysRunl0bENwDL
Q2Ue/ShdMHd3TsCErlPCROjgQw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:17 2024 by rpki-client on console-fra.rpki-client.org