Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/vVtuiK-OEZsH4iHmtGtjfwb-H4E.roa
File:                     vVtuiK-OEZsH4iHmtGtjfwb-H4E.roa (raw, json)
Hash identifier:          zlEhdof4cJav0ObVT9m/hqc3JZk+DA9mY+ESXBPwko0=
Subject key identifier:   BD:5B:6E:88:AF:8E:11:9B:07:E2:21:E6:B4:6B:63:7F:06:FE:1F:81
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0184AA15405D7F14F6EC4349E4B137929625
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/vVtuiK-OEZsH4iHmtGtjfwb-H4E.roa
Signing time:             Thu 24 Nov 2022 14:40:30 +0000
ROA not before:           Thu 24 Nov 2022 14:40:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51327
IP address blocks:        139.45.246.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:aa:15:40:5d:7f:14:f6:ec:43:49:e4:b1:37:92:96:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Nov 24 14:40:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bd5b6e88af8e119b07e221e6b46b637f06fe1f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2e:06:b0:ce:88:62:63:e4:a4:53:91:84:c1:
                    f0:a3:d6:07:7f:dd:6a:5c:5c:29:1c:bf:cd:f1:07:
                    a1:17:77:14:15:2e:78:5e:24:ef:f0:4a:1a:ed:5e:
                    0d:66:c1:c5:06:46:73:dd:20:2f:93:ad:01:c6:21:
                    46:a0:eb:12:ae:f6:48:50:7a:f6:e5:70:ff:aa:70:
                    78:8b:b9:27:bc:60:5e:11:34:bf:0a:e9:15:14:35:
                    a0:e5:62:73:a9:1f:d5:d9:e5:0c:5a:68:3d:ff:5f:
                    2e:a0:3e:56:71:7b:20:bf:b9:49:aa:61:3a:4b:63:
                    0a:75:23:7b:59:56:61:e4:dd:bb:9b:66:f1:68:3b:
                    41:b4:9e:a0:4b:d2:fe:26:e7:67:9e:61:4d:dc:67:
                    b4:3f:54:84:62:68:81:3b:2d:13:a0:7f:65:0f:85:
                    21:b8:c1:25:3a:f1:63:18:14:9f:5d:35:01:48:3e:
                    1c:90:28:f8:f9:a7:bc:cc:65:56:b5:11:eb:ea:3b:
                    a2:3d:ce:d3:d6:fd:53:d9:22:40:fd:68:f2:b3:55:
                    cf:20:6b:55:46:cb:a6:5e:ab:5b:0b:a6:4b:21:f1:
                    74:af:ff:bf:09:d2:46:83:86:c9:19:44:50:09:50:
                    3c:77:01:34:5c:62:ba:c0:45:b7:28:aa:91:33:12:
                    bd:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:5B:6E:88:AF:8E:11:9B:07:E2:21:E6:B4:6B:63:7F:06:FE:1F:81
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/vVtuiK-OEZsH4iHmtGtjfwb-H4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:7e:f6:da:7e:43:ed:4b:95:cd:52:01:7d:74:b3:fb:00:59:
         59:d0:cb:a1:34:93:53:8f:30:18:7e:55:71:a2:c6:28:55:51:
         3b:dc:61:97:65:b7:06:84:f2:67:0c:e5:30:52:22:9d:f1:64:
         ef:41:c3:80:2f:6f:61:ab:c9:2f:a1:03:55:b0:4c:38:91:29:
         05:e1:7e:39:f0:f4:1f:cd:4e:cd:28:7c:fb:fb:53:67:87:30:
         48:e4:a2:8d:76:75:91:0d:9b:9d:30:4d:41:a6:d6:3b:ea:84:
         bc:04:a5:f4:8f:d9:ed:5e:9f:bf:d4:7a:b7:51:c9:32:ef:91:
         0d:45:a5:fd:66:d1:ac:41:fc:27:06:97:ab:ce:46:95:88:0c:
         2f:da:a5:16:a6:0c:66:32:ad:6f:e0:f3:da:04:ae:98:88:b7:
         4f:c4:7c:c6:3e:f1:ab:24:b7:b4:ab:46:00:59:d9:98:c0:a2:
         26:fc:ad:4c:23:f6:e9:5f:59:83:a2:a0:df:51:c1:0a:da:63:
         e4:5a:2b:e6:2f:5b:e4:f9:81:e3:b9:6a:4a:b9:3f:b2:e9:16:
         8f:1c:7b:64:55:a3:77:c9:a9:42:61:46:b8:38:9a:20:ad:f5:
         c7:68:12:dc:56:7d:69:72:72:81:11:63:67:11:ef:0c:75:8d:
         27:70:1f:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSqFUBdfxT27ENJ5LE3kpYlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjIxMTI0MTQ0MDMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDViNmU4OGFmOGUxMTliMDdlMjIxZTZiNDZiNjM3ZjA2ZmUxZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjS4GsM6IYmPkpFORhMHwo9YHf91q
XFwpHL/N8QehF3cUFS54XiTv8Eoa7V4NZsHFBkZz3SAvk60BxiFGoOsSrvZIUHr2
5XD/qnB4i7knvGBeETS/CukVFDWg5WJzqR/V2eUMWmg9/18uoD5WcXsgv7lJqmE6
S2MKdSN7WVZh5N27m2bxaDtBtJ6gS9L+JudnnmFN3Ge0P1SEYmiBOy0ToH9lD4Uh
uMElOvFjGBSfXTUBSD4ckCj4+ae8zGVWtRHr6juiPc7T1v1T2SJA/Wjys1XPIGtV
RsumXqtbC6ZLIfF0r/+/CdJGg4bJGURQCVA8dwE0XGK6wEW3KKqRMxK9hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1bboivjhGbB+Ih5rRrY38G/h+BMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvdlZ0dWlLLU9FWnNINGlIbXRHdGpmd2ItSDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy32MA0G
CSqGSIb3DQEBCwUAA4IBAQBXfvbafkPtS5XNUgF9dLP7AFlZ0MuhNJNTjzAYflVx
osYoVVE73GGXZbcGhPJnDOUwUiKd8WTvQcOAL29hq8kvoQNVsEw4kSkF4X458PQf
zU7NKHz7+1NnhzBI5KKNdnWRDZudME1BptY76oS8BKX0j9ntXp+/1Hq3Ucky75EN
RaX9ZtGsQfwnBperzkaViAwv2qUWpgxmMq1v4PPaBK6YiLdPxHzGPvGrJLe0q0YA
WdmYwKIm/K1MI/bpX1mDoqDfUcEK2mPkWivmL1vk+YHjuWpKuT+y6RaPHHtkVaN3
yalCYUa4OJogrfXHaBLcVn1pcnKBEWNnEe8MdY0ncB/I
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:09 2024 by rpki-client on console-ams.rpki-client.org