Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/lAXCY9kUNuMwW1gkwPfjUBLKW18.roa
File:                     lAXCY9kUNuMwW1gkwPfjUBLKW18.roa (raw, json)
Hash identifier:          8xLMfKAysPGktTXUcCdgBmdNmw1MlFKtPJRCEJDqtbc=
Subject key identifier:   94:05:C2:63:D9:14:36:E3:30:5B:58:24:C0:F7:E3:50:12:CA:5B:5F
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0184AA1540B7780E459137C3D1D7B1164BE7
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/lAXCY9kUNuMwW1gkwPfjUBLKW18.roa
Signing time:             Thu 24 Nov 2022 14:40:30 +0000
ROA not before:           Thu 24 Nov 2022 14:40:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60392
IP address blocks:        139.45.244.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:aa:15:40:b7:78:0e:45:91:37:c3:d1:d7:b1:16:4b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Nov 24 14:40:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9405c263d91436e3305b5824c0f7e35012ca5b5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1f:cc:83:57:43:42:1f:c7:6a:b2:f4:ea:ab:
                    10:0f:65:3e:8d:7d:f3:87:79:85:33:b5:c2:85:9c:
                    ff:18:d0:d8:28:61:f0:8c:8b:52:3b:8f:13:8d:5a:
                    f9:c2:a3:fd:c8:13:cf:eb:d4:56:e8:43:e1:93:d5:
                    0d:c3:05:8e:ef:0d:d1:b9:03:c3:b8:d9:c2:1c:23:
                    d8:6e:45:e7:60:68:8a:43:d2:64:10:3d:d8:89:d5:
                    18:23:60:fb:ff:a2:7b:20:b1:12:61:07:f3:76:ba:
                    e6:d7:b6:2a:8c:ac:fd:d8:76:e5:31:b4:8e:1d:ec:
                    c5:65:13:3e:f3:a7:cb:6d:46:f2:7d:dd:67:08:f6:
                    0a:27:59:60:51:e1:18:0b:a7:67:54:9b:a7:10:26:
                    42:05:1a:62:ec:90:db:df:38:cd:39:61:5a:08:1f:
                    de:18:91:e0:51:df:e5:07:a8:85:59:35:a8:77:03:
                    61:2d:b1:61:68:95:ce:55:0f:ac:5a:26:f3:e0:33:
                    c9:60:d9:dc:b3:fb:84:ac:06:da:ea:01:29:17:37:
                    67:f8:2d:dc:fd:cf:28:41:53:9b:5c:ff:c8:4d:79:
                    c9:e1:24:c9:41:0f:78:1f:bc:cf:14:74:e7:a6:62:
                    42:7a:62:67:e9:95:e9:a1:36:4b:12:79:a4:dc:12:
                    28:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:05:C2:63:D9:14:36:E3:30:5B:58:24:C0:F7:E3:50:12:CA:5B:5F
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/lAXCY9kUNuMwW1gkwPfjUBLKW18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:db:d4:89:d3:c9:e6:98:f1:24:f7:c2:dd:a7:b9:0e:ef:5b:
         90:54:8c:b8:25:81:2c:de:3f:40:8a:6b:f7:25:15:75:b7:81:
         f2:a2:b7:2a:36:47:5e:a7:f4:12:fa:62:e9:1d:fd:47:02:2e:
         5b:10:d7:c1:04:e9:61:53:3a:3d:f4:16:de:43:8d:d1:aa:94:
         e8:5b:77:ae:83:3c:d2:c4:a7:04:d8:37:9a:74:4e:fd:25:a8:
         b8:bc:74:30:e1:b6:0c:86:c2:30:ba:75:d0:79:f4:81:4b:15:
         5b:da:c8:39:4f:b9:04:cc:0a:fa:09:f5:b3:62:8a:da:c7:e2:
         b9:c0:1c:23:99:8d:8c:21:c9:47:e8:b0:9d:5e:91:cb:6a:66:
         6e:60:3b:0c:f2:5f:f8:69:20:54:eb:cb:ad:14:e2:c1:1b:81:
         89:42:ba:bf:d7:a7:ba:57:47:ba:5b:0a:c9:6e:a8:74:9c:13:
         95:f6:43:8f:73:fe:9b:71:62:40:74:59:24:36:4e:69:de:bd:
         e5:30:c4:53:a3:7d:d5:58:92:33:17:d0:70:cf:cb:3d:67:9f:
         31:8d:2a:91:75:5d:9d:92:03:ab:79:fe:ae:4a:24:38:a0:43:
         6c:0a:40:ef:86:d1:c4:17:0a:f4:8b:76:0e:88:51:3f:0f:44:
         51:8e:49:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSqFUC3eA5FkTfD0dexFkvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjIxMTI0MTQ0MDMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDA1YzI2M2Q5MTQzNmUzMzA1YjU4MjRjMGY3ZTM1MDEyY2E1YjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlR/Mg1dDQh/HarL06qsQD2U+jX3z
h3mFM7XChZz/GNDYKGHwjItSO48TjVr5wqP9yBPP69RW6EPhk9UNwwWO7w3RuQPD
uNnCHCPYbkXnYGiKQ9JkED3YidUYI2D7/6J7ILESYQfzdrrm17YqjKz92HblMbSO
HezFZRM+86fLbUbyfd1nCPYKJ1lgUeEYC6dnVJunECZCBRpi7JDb3zjNOWFaCB/e
GJHgUd/lB6iFWTWodwNhLbFhaJXOVQ+sWibz4DPJYNncs/uErAba6gEpFzdn+C3c
/c8oQVObXP/ITXnJ4STJQQ94H7zPFHTnpmJCemJn6ZXpoTZLEnmk3BIolwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQFwmPZFDbjMFtYJMD341ASyltfMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvbEFYQ1k5a1VOdU13VzFna3dQZmpVQkxLVzE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy30MA0G
CSqGSIb3DQEBCwUAA4IBAQB929SJ08nmmPEk98Ldp7kO71uQVIy4JYEs3j9Aimv3
JRV1t4HyorcqNkdep/QS+mLpHf1HAi5bENfBBOlhUzo99BbeQ43RqpToW3eugzzS
xKcE2DeadE79Jai4vHQw4bYMhsIwunXQefSBSxVb2sg5T7kEzAr6CfWzYorax+K5
wBwjmY2MIclH6LCdXpHLamZuYDsM8l/4aSBU68utFOLBG4GJQrq/16e6V0e6WwrJ
bqh0nBOV9kOPc/6bcWJAdFkkNk5p3r3lMMRTo33VWJIzF9Bwz8s9Z58xjSqRdV2d
kgOref6uSiQ4oENsCkDvhtHEFwr0i3YOiFE/D0RRjkml
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:09 2024 by rpki-client on console-ams.rpki-client.org