Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/lOtD5lTt4vyDu3cc5zal9IxYC3M.roa
File:                     lOtD5lTt4vyDu3cc5zal9IxYC3M.roa (raw, json)
Hash identifier:          Fv+hkIy1KbeojdBg9I7UFmILIwa0t88+uD11RCvEg4o=
Subject key identifier:   94:EB:43:E6:54:ED:E2:FC:83:BB:77:1C:E7:36:A5:F4:8C:58:0B:73
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0184AA15411331A6A7268F4E433BFF53C123
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/lOtD5lTt4vyDu3cc5zal9IxYC3M.roa
Signing time:             Thu 24 Nov 2022 14:40:30 +0000
ROA not before:           Thu 24 Nov 2022 14:40:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198947
IP address blocks:        139.45.248.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:aa:15:41:13:31:a6:a7:26:8f:4e:43:3b:ff:53:c1:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Nov 24 14:40:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=94eb43e654ede2fc83bb771ce736a5f48c580b73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:20:17:ce:60:93:ee:1e:14:b4:62:ef:62:a3:
                    70:eb:17:1a:06:41:92:a1:52:a0:9b:f7:d4:3d:de:
                    19:c5:16:73:25:69:09:29:db:91:9a:b4:6b:95:39:
                    7e:01:00:37:5f:3e:55:bf:34:bb:8c:f1:12:84:70:
                    d1:06:5d:df:2c:96:83:b8:ae:23:78:3b:df:7a:69:
                    e5:9d:ab:d8:81:87:ff:b6:66:cc:ee:f0:87:fa:48:
                    03:9d:9b:43:51:39:08:db:f5:df:42:2b:8a:a2:56:
                    e0:10:35:4c:6a:53:02:d4:f8:ca:5d:02:77:6f:f0:
                    71:e6:d9:eb:d0:89:6e:89:42:fe:eb:fc:da:56:17:
                    82:b7:0c:9c:5c:a5:d6:e9:84:ac:e0:8c:ba:a0:22:
                    86:51:3d:a3:98:ea:73:df:c5:c7:42:dc:aa:de:60:
                    2d:54:00:1d:75:8a:49:89:d3:9d:2b:53:6b:4b:dc:
                    95:d4:08:cd:1d:a7:3e:4c:59:16:2b:3b:05:61:ff:
                    37:20:5f:96:d9:1c:b6:07:7b:23:e7:6c:c5:6e:2d:
                    8d:63:6d:9d:b2:1b:8e:a0:01:3c:6d:2d:08:14:b4:
                    d5:90:d6:2a:b0:6d:32:84:0f:5a:d1:2c:25:a9:22:
                    b1:f5:19:f8:ac:1b:80:00:fe:35:10:80:e3:d2:df:
                    fa:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:EB:43:E6:54:ED:E2:FC:83:BB:77:1C:E7:36:A5:F4:8C:58:0B:73
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/lOtD5lTt4vyDu3cc5zal9IxYC3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:ae:d4:12:53:f3:c8:9c:1f:ac:1b:a1:bb:f1:d8:79:bb:64:
         f8:c3:da:40:39:c1:f3:9f:11:b4:93:3a:a9:40:96:5e:ef:cd:
         5c:ee:00:69:7e:a6:bb:b8:c6:24:e0:f6:52:2f:25:a8:b7:96:
         37:42:5d:83:b9:0b:3f:4b:81:f4:c1:ca:59:1b:bf:8d:8f:5e:
         11:98:df:e2:71:98:8e:9a:b6:ff:07:e7:15:cf:03:e1:81:12:
         f2:7d:bb:46:a5:3f:3c:4e:1b:e5:3f:b2:9a:f6:e5:cb:3d:66:
         86:02:ea:d4:03:67:eb:48:96:d0:7b:94:21:28:e2:af:f0:ec:
         ad:3d:95:b4:da:a2:39:fe:d3:99:28:5d:f4:41:3b:38:a6:d5:
         9c:e5:8c:30:72:cb:29:9c:35:f2:5b:01:e9:7b:34:45:b8:87:
         3b:61:2a:1d:ab:77:e0:bb:f9:89:a2:0c:d2:76:a0:5c:5f:0b:
         63:af:a4:ef:db:1f:7d:8f:d3:37:d8:a5:7b:fe:01:f8:4f:69:
         41:cc:55:aa:fc:29:a9:47:95:d8:4e:3a:79:91:22:82:c0:f6:
         0d:0b:42:83:6b:49:40:1c:19:de:a9:d2:b6:1d:dd:85:a5:d6:
         f0:30:93:0a:df:c2:67:3d:32:10:38:27:ab:96:32:58:60:5b:
         85:19:09:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSqFUETMaanJo9OQzv/U8EjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjIxMTI0MTQ0MDMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGViNDNlNjU0ZWRlMmZjODNiYjc3MWNlNzM2YTVmNDhjNTgwYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyAXzmCT7h4UtGLvYqNw6xcaBkGS
oVKgm/fUPd4ZxRZzJWkJKduRmrRrlTl+AQA3Xz5VvzS7jPEShHDRBl3fLJaDuK4j
eDvfemnlnavYgYf/tmbM7vCH+kgDnZtDUTkI2/XfQiuKolbgEDVMalMC1PjKXQJ3
b/Bx5tnr0IluiUL+6/zaVheCtwycXKXW6YSs4Iy6oCKGUT2jmOpz38XHQtyq3mAt
VAAddYpJidOdK1NrS9yV1AjNHac+TFkWKzsFYf83IF+W2Ry2B3sj52zFbi2NY22d
shuOoAE8bS0IFLTVkNYqsG0yhA9a0SwlqSKx9Rn4rBuAAP41EIDj0t/6YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTrQ+ZU7eL8g7t3HOc2pfSMWAtzMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvbE90RDVsVHQ0dnlEdTNjYzV6YWw5SXhZQzNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDiy34MA0G
CSqGSIb3DQEBCwUAA4IBAQA8rtQSU/PInB+sG6G78dh5u2T4w9pAOcHznxG0kzqp
QJZe781c7gBpfqa7uMYk4PZSLyWot5Y3Ql2DuQs/S4H0wcpZG7+Nj14RmN/icZiO
mrb/B+cVzwPhgRLyfbtGpT88ThvlP7Ka9uXLPWaGAurUA2frSJbQe5QhKOKv8Oyt
PZW02qI5/tOZKF30QTs4ptWc5YwwcsspnDXyWwHpezRFuIc7YSodq3fgu/mJogzS
dqBcXwtjr6Tv2x99j9M32KV7/gH4T2lBzFWq/CmpR5XYTjp5kSKCwPYNC0KDa0lA
HBneqdK2Hd2FpdbwMJMK38JnPTIQOCerljJYYFuFGQnC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:09 2024 by rpki-client on console-ams.rpki-client.org