Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/i6Y2Rsal4PoaaRj3iCcSXFlJqk0.roa
File:                     i6Y2Rsal4PoaaRj3iCcSXFlJqk0.roa (raw, json)
Hash identifier:          vvzIQdSCtq6s/Cxe8O2wZzdal2pqfcfLadqr7ey2Bao=
Subject key identifier:   8B:A6:36:46:C6:A5:E0:FA:1A:69:18:F7:88:27:12:5C:59:49:AA:4D
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0519F4CA
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/i6Y2Rsal4PoaaRj3iCcSXFlJqk0.roa
Signing time:             Thu 24 Mar 2022 10:30:25 +0000
ROA not before:           Thu 24 Mar 2022 10:30:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29470
IP address blocks:        87.245.192.0/20 maxlen: 20
                          139.45.216.0/21 maxlen: 21
                          139.45.224.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 85587146 (0x519f4ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Mar 24 10:30:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8ba63646c6a5e0fa1a6918f78827125c5949aa4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b1:d1:7c:8a:4b:aa:a9:3a:06:43:f8:95:e4:
                    dd:14:69:cf:10:7d:2c:56:ea:e6:b7:bb:83:65:df:
                    e2:c4:1e:3c:84:8f:3d:77:b3:ad:5d:2f:56:d9:1d:
                    d2:7e:74:68:3b:a2:68:a0:ff:35:63:9b:91:94:6e:
                    da:37:39:cc:1e:91:c3:f1:78:91:40:bc:ba:50:9f:
                    53:8e:e1:d4:84:86:03:8a:43:35:6e:e3:c5:46:69:
                    0c:3a:e5:67:1a:f0:4e:be:89:e4:cb:e1:de:d3:e7:
                    83:4a:ae:3e:87:41:df:2b:d5:51:3a:30:f3:14:32:
                    e0:8d:d4:ab:8c:be:b3:25:19:81:78:fc:28:95:bd:
                    c6:13:2a:e8:2e:b5:71:d0:9a:08:70:e4:0b:b2:74:
                    ef:1c:a3:cb:b9:2d:30:cf:3e:0d:76:56:97:3d:fa:
                    82:ff:be:2f:ef:94:59:0c:4b:8a:50:77:8c:76:0e:
                    5e:d5:77:63:6a:b4:bf:dd:ae:56:f3:84:62:96:77:
                    2a:d8:f5:6c:67:12:fa:e3:28:63:54:66:8c:1c:89:
                    c5:66:92:6b:dc:46:e6:e9:dc:1e:46:f2:1a:d9:b5:
                    31:4a:e5:9e:26:66:2d:85:29:13:b3:81:2d:3e:1d:
                    2d:fb:2d:97:a9:a1:8f:12:3b:b9:12:ee:3f:27:65:
                    ac:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A6:36:46:C6:A5:E0:FA:1A:69:18:F7:88:27:12:5C:59:49:AA:4D
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/i6Y2Rsal4PoaaRj3iCcSXFlJqk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.245.192.0/20
                  139.45.216.0-139.45.239.255

    Signature Algorithm: sha256WithRSAEncryption
         0d:79:d8:c9:73:eb:5a:f9:5e:57:58:84:d7:19:ea:01:91:f8:
         60:ad:1c:44:a3:82:bb:bf:f6:10:30:c0:0c:ad:0f:22:68:68:
         9a:65:b1:eb:22:17:02:f3:01:f1:ca:69:e6:b6:2a:a1:03:78:
         dd:3d:f0:30:2c:41:a9:ba:a1:e0:2a:10:9f:e1:c6:45:78:11:
         79:56:3d:17:4b:1b:4d:ee:0b:3f:8f:34:f2:dd:45:02:3c:1f:
         ed:d4:0f:cd:5f:85:55:bc:a7:f9:bb:a8:a8:51:19:53:d5:2b:
         39:86:c3:89:52:bb:64:91:b4:be:57:c5:ab:c0:af:e9:70:a2:
         2e:78:d5:b4:48:23:fa:30:68:6e:bf:cd:71:7e:81:66:49:0b:
         3c:00:97:d7:e1:78:4f:60:34:19:be:26:6c:29:49:fc:56:a4:
         9b:4a:42:ff:53:75:bc:55:75:68:d9:60:7d:f3:af:96:00:5f:
         8d:8b:48:c0:a7:8b:c2:66:65:3e:50:92:be:5b:8e:ec:79:19:
         f7:31:bb:12:19:60:dc:b9:e7:e2:4c:65:e3:f8:32:af:ce:c1:
         62:17:10:de:c7:fa:e3:e1:2e:19:b6:7c:eb:5c:bf:98:53:2d:
         ca:75:d0:fa:73:34:0f:14:af:88:0b:1e:8d:ea:d5:4e:79:55:
         9e:6e:9f:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIEBRn0yjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
OWJlMDJkZWEwYTA4NmU5ODgwZjU2NGM4Njg3MmJiYzU5N2NjNjcyMB4XDTIyMDMy
NDEwMzAyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGJhNjM2NDZjNmE1
ZTBmYTFhNjkxOGY3ODgyNzEyNWM1OTQ5YWE0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMKx0XyKS6qpOgZD+JXk3RRpzxB9LFbq5re7g2Xf4sQePISP
PXezrV0vVtkd0n50aDuiaKD/NWObkZRu2jc5zB6Rw/F4kUC8ulCfU47h1ISGA4pD
NW7jxUZpDDrlZxrwTr6J5Mvh3tPng0quPodB3yvVUTow8xQy4I3Uq4y+syUZgXj8
KJW9xhMq6C61cdCaCHDkC7J07xyjy7ktMM8+DXZWlz36gv++L++UWQxLilB3jHYO
XtV3Y2q0v92uVvOEYpZ3Ktj1bGcS+uMoY1RmjByJxWaSa9xG5uncHkbyGtm1MUrl
niZmLYUpE7OBLT4dLfstl6mhjxI7uRLuPydlrLkCAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBSLpjZGxqXg+hppGPeIJxJcWUmqTTAfBgNVHSMEGDAWgBQpvgLeoKCG6YgP
VkyGhyu8WXzGcjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tiNEMzcUNnaHVtSUQxWk1ob2NydkZsOHhuSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGEvZWExY2ZmLWFlOGYtNDcxOS04OWIzLTAwM2ExNTY4YmYzZi8x
L2k2WTJSc2FsNFBvYWFSajNpQ2NTWEZsSnFrMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEv
ZWExY2ZmLWFlOGYtNDcxOS04OWIzLTAwM2ExNTY4YmYzZi8xL0tiNEMzcUNnaHVt
SUQxWk1ob2NydkZsOHhuSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEBFf1wDAMAwQDiy3YAwQEiy3gMA0G
CSqGSIb3DQEBCwUAA4IBAQANedjJc+ta+V5XWITXGeoBkfhgrRxEo4K7v/YQMMAM
rQ8iaGiaZbHrIhcC8wHxymnmtiqhA3jdPfAwLEGpuqHgKhCf4cZFeBF5Vj0XSxtN
7gs/jzTy3UUCPB/t1A/NX4VVvKf5u6ioURlT1Ss5hsOJUrtkkbS+V8WrwK/pcKIu
eNW0SCP6MGhuv81xfoFmSQs8AJfX4XhPYDQZviZsKUn8VqSbSkL/U3W8VXVo2WB9
86+WAF+Ni0jAp4vCZmU+UJK+W47seRn3MbsSGWDcuefiTGXj+DKvzsFiFxDex/rj
4S4ZtnzrXL+YUy3KddD6czQPFK+ICx6N6tVOeVWebp+v
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:09 2024 by rpki-client on console-ams.rpki-client.org