Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/bX-RHJtT6RAUJPCf9bJfVycybU4.roa
File:                     bX-RHJtT6RAUJPCf9bJfVycybU4.roa (raw, json)
Hash identifier:          fJnxVe+OrnKyyz70Sepv67O2fMPlB28bHPAmUmORJ0A=
Subject key identifier:   6D:7F:91:1C:9B:53:E9:10:14:24:F0:9F:F5:B2:5F:57:27:32:6D:4E
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0182AFCFAC6BAEAE2E65DC05D572785AF13D
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/bX-RHJtT6RAUJPCf9bJfVycybU4.roa
Signing time:             Thu 18 Aug 2022 07:16:39 +0000
ROA not before:           Thu 18 Aug 2022 07:16:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     134518
IP address blocks:        139.45.242.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:af:cf:ac:6b:ae:ae:2e:65:dc:05:d5:72:78:5a:f1:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Aug 18 07:16:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6d7f911c9b53e9101424f09ff5b25f5727326d4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e6:c5:74:0f:93:79:25:2e:4e:f9:7e:3e:4e:
                    da:83:84:14:25:44:8a:23:4a:db:01:68:ce:16:06:
                    6b:40:cf:67:a5:80:b8:74:e8:ae:b7:bb:3f:be:25:
                    d0:e8:e5:d0:67:61:7f:dd:d7:41:5e:de:f6:b9:06:
                    41:1c:13:db:0b:97:e0:c0:01:1b:bf:e3:1a:17:69:
                    96:be:92:3e:5a:68:34:f3:49:28:13:ac:60:c4:58:
                    0b:29:8e:7b:9a:c9:51:99:0d:52:bc:61:9c:79:ac:
                    53:dd:d4:73:6d:a0:68:de:07:ae:ed:cb:3f:14:45:
                    a3:1f:fa:4c:44:a7:21:65:2b:5a:83:a3:a4:39:d1:
                    46:51:ee:b2:cf:9f:38:97:3a:72:7c:99:92:fe:6f:
                    da:e2:b2:ff:3c:5c:37:49:7e:67:39:26:ec:67:6d:
                    51:7f:7b:10:27:8c:6c:c0:3e:1c:97:90:df:ec:8b:
                    f9:93:c7:7e:22:09:a8:9c:43:80:8a:f5:54:83:1d:
                    ce:34:61:12:cb:58:55:c4:c6:de:5c:ae:58:e8:10:
                    47:36:04:ee:92:a9:f4:b4:27:af:08:39:7a:f4:cd:
                    4f:fd:2f:ae:d2:a0:0e:8b:24:f2:00:fb:db:0b:72:
                    19:1b:6c:bd:8b:1b:e1:4f:35:c4:94:04:51:34:38:
                    01:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7F:91:1C:9B:53:E9:10:14:24:F0:9F:F5:B2:5F:57:27:32:6D:4E
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/bX-RHJtT6RAUJPCf9bJfVycybU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:08:4e:61:7d:af:93:4e:6a:fc:15:29:50:4a:51:a9:7d:a5:
         07:c1:54:31:9d:58:6c:66:9e:c8:e8:1b:9e:c3:d3:df:49:95:
         55:f0:11:3d:c7:8e:10:a7:88:0a:24:b9:37:7f:24:92:0d:0b:
         c0:68:e8:3c:82:12:86:10:10:e4:f8:10:57:81:eb:20:1d:c1:
         c6:5c:26:84:6c:79:3d:1c:0f:4d:73:3e:6a:0f:bd:1b:85:67:
         e2:81:7b:19:5e:ab:fc:b3:9b:91:03:56:11:02:ca:87:ff:cb:
         47:48:b7:a9:d5:7c:ee:09:c5:cf:c9:06:73:4f:51:91:90:31:
         11:d9:fb:34:64:85:11:fe:29:f7:73:10:2b:86:b7:c4:94:a9:
         45:32:fd:c4:1b:9e:d8:62:fc:c6:b4:af:c7:1c:57:97:fa:55:
         1d:8a:93:70:52:f7:42:68:7a:55:0b:56:d5:8f:a1:ff:f8:40:
         ee:9c:05:61:04:f4:5c:57:0b:93:08:b9:b8:26:8a:7c:6d:4d:
         ac:87:60:3c:3c:8a:ea:b8:21:51:bb:ff:ab:b6:6b:43:da:51:
         86:7e:f0:a6:90:90:be:fe:02:f8:fb:46:48:42:27:20:6e:17:
         e8:f6:df:c9:c7:50:42:c9:cd:27:8a:b5:cd:38:9c:85:7b:ba:
         40:39:78:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYKvz6xrrq4uZdwF1XJ4WvE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjIwODE4MDcxNjM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdmOTExYzliNTNlOTEwMTQyNGYwOWZmNWIyNWY1NzI3MzI2ZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhubFdA+TeSUuTvl+Pk7ag4QUJUSK
I0rbAWjOFgZrQM9npYC4dOiut7s/viXQ6OXQZ2F/3ddBXt72uQZBHBPbC5fgwAEb
v+MaF2mWvpI+Wmg080koE6xgxFgLKY57mslRmQ1SvGGceaxT3dRzbaBo3geu7cs/
FEWjH/pMRKchZStag6OkOdFGUe6yz584lzpyfJmS/m/a4rL/PFw3SX5nOSbsZ21R
f3sQJ4xswD4cl5Df7Iv5k8d+IgmonEOAivVUgx3ONGESy1hVxMbeXK5Y6BBHNgTu
kqn0tCevCDl69M1P/S+u0qAOiyTyAPvbC3IZG2y9ixvhTzXElARRNDgBvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1/kRybU+kQFCTwn/WyX1cnMm1OMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvYlgtUkhKdFQ2UkFVSlBDZjliSmZWeWN5YlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy3yMA0G
CSqGSIb3DQEBCwUAA4IBAQBsCE5hfa+TTmr8FSlQSlGpfaUHwVQxnVhsZp7I6Bue
w9PfSZVV8BE9x44Qp4gKJLk3fySSDQvAaOg8ghKGEBDk+BBXgesgHcHGXCaEbHk9
HA9Ncz5qD70bhWfigXsZXqv8s5uRA1YRAsqH/8tHSLep1XzuCcXPyQZzT1GRkDER
2fs0ZIUR/in3cxArhrfElKlFMv3EG57YYvzGtK/HHFeX+lUdipNwUvdCaHpVC1bV
j6H/+EDunAVhBPRcVwuTCLm4Jop8bU2sh2A8PIrquCFRu/+rtmtD2lGGfvCmkJC+
/gL4+0ZIQicgbhfo9t/Jx1BCyc0nirXNOJyFe7pAOXhd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:17 2024 by rpki-client on console-fra.rpki-client.org