Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/xMqWXLwJ4Tb7FKSetgp2650YeIU.roa
File:                     xMqWXLwJ4Tb7FKSetgp2650YeIU.roa (raw, json)
Hash identifier:          DC+zSqsAeQWOtx7KvHR9rfQ5ueCCDEvvaBEflVx2Ez8=
Subject key identifier:   C4:CA:96:5C:BC:09:E1:36:FB:14:A4:9E:B6:0A:76:EB:9D:18:78:85
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       045D0F47
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/xMqWXLwJ4Tb7FKSetgp2650YeIU.roa
Signing time:             Sat 01 Jan 2022 00:54:01 +0000
ROA not before:           Sat 01 Jan 2022 00:54:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198947
IP address blocks:        139.45.248.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 73207623 (0x45d0f47)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 00:54:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c4ca965cbc09e136fb14a49eb60a76eb9d187885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:65:17:31:fb:8e:f3:c8:bf:9b:86:06:b7:c5:
                    97:2f:98:4b:1c:b5:c2:bf:84:00:f6:6e:d5:2b:31:
                    03:2b:30:e9:50:c1:b3:ea:41:52:c9:54:c4:8e:4d:
                    74:12:65:87:30:62:d7:fa:51:85:b8:1b:9a:e0:35:
                    7c:78:80:ff:1c:5c:cd:bc:dd:67:8b:f4:d5:38:d4:
                    30:31:63:61:10:2b:8e:76:e7:ff:e3:e0:7d:46:22:
                    80:3f:e1:52:f5:59:10:f7:8d:22:e6:1b:7f:6a:90:
                    7b:e5:c4:ca:9d:4b:0e:12:d6:6d:bb:6b:e6:21:60:
                    6b:94:e3:71:ca:35:5a:8a:5b:a8:85:c1:2c:38:df:
                    86:50:7d:ce:b4:44:6e:c0:2d:9f:ec:58:b1:d1:78:
                    1c:fa:80:15:e7:a5:34:f4:d0:47:43:00:c7:aa:de:
                    d1:b7:88:e9:65:90:f2:b0:b8:59:e7:de:91:a4:16:
                    78:c1:06:52:69:7c:8a:dd:cc:29:bb:fc:23:ad:a8:
                    fb:94:ba:e2:ff:f5:d0:a2:ed:bf:47:4e:13:87:45:
                    d2:da:23:20:c4:27:fc:18:70:46:bc:e1:62:44:e0:
                    15:ad:ca:16:b9:ea:af:1f:5b:b2:72:56:ad:b3:02:
                    5d:05:5a:11:4e:e3:6c:8b:69:f1:b3:be:ab:84:b0:
                    53:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CA:96:5C:BC:09:E1:36:FB:14:A4:9E:B6:0A:76:EB:9D:18:78:85
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/xMqWXLwJ4Tb7FKSetgp2650YeIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         47:de:25:ae:d4:7b:ff:5c:c6:14:3e:8a:cd:4c:1f:92:93:e8:
         6e:74:1c:b0:d4:bd:58:6a:de:69:9c:d8:29:8c:29:ae:52:a8:
         65:41:3b:6a:ff:e3:0b:33:a7:c0:52:11:f7:d4:3d:35:23:d5:
         f3:cf:67:71:8a:de:37:c6:b4:3b:13:f0:f0:c7:3d:ef:fd:61:
         90:ae:2e:86:71:81:cc:eb:3e:d7:fe:81:63:17:f9:86:a8:92:
         5c:1a:d6:69:a1:72:49:91:5e:ab:d8:5d:1e:e1:aa:6b:d9:59:
         4b:d6:3f:64:e9:c5:f4:09:9e:94:0d:e1:1b:91:7c:84:a3:e0:
         80:1b:b1:90:22:6f:fb:35:94:2b:ec:eb:b7:88:17:7a:85:ca:
         5e:ad:bc:95:dc:4a:42:e1:a8:9e:41:c7:1f:a7:7c:58:3b:d4:
         33:34:0f:81:0e:0b:9e:92:cf:90:e5:7a:4d:50:80:be:e5:41:
         ad:2f:0e:49:8f:bc:19:1b:23:bb:61:9b:bd:ff:52:07:f0:a6:
         8f:46:45:b5:02:21:77:b8:69:95:98:86:64:b9:2f:f2:3b:ae:
         14:ef:e5:87:dc:67:f3:90:dd:4b:89:84:44:69:1c:04:90:d5:
         9f:54:73:75:93:34:41:4f:0b:53:a5:45:8f:f4:b3:14:89:7a:
         4a:10:f4:46
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBF0PRzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
OWJlMDJkZWEwYTA4NmU5ODgwZjU2NGM4Njg3MmJiYzU5N2NjNjcyMB4XDTIyMDEw
MTAwNTQwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzRjYTk2NWNiYzA5
ZTEzNmZiMTRhNDllYjYwYTc2ZWI5ZDE4Nzg4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVlFzH7jvPIv5uGBrfFly+YSxy1wr+EAPZu1SsxAysw6VDB
s+pBUslUxI5NdBJlhzBi1/pRhbgbmuA1fHiA/xxczbzdZ4v01TjUMDFjYRArjnbn
/+PgfUYigD/hUvVZEPeNIuYbf2qQe+XEyp1LDhLWbbtr5iFga5Tjcco1WopbqIXB
LDjfhlB9zrREbsAtn+xYsdF4HPqAFeelNPTQR0MAx6re0beI6WWQ8rC4WefekaQW
eMEGUml8it3MKbv8I62o+5S64v/10KLtv0dOE4dF0tojIMQn/BhwRrzhYkTgFa3K
Frnqrx9bsnJWrbMCXQVaEU7jbItp8bO+q4SwU4cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTEypZcvAnhNvsUpJ62CnbrnRh4hTAfBgNVHSMEGDAWgBQpvgLeoKCG6YgP
VkyGhyu8WXzGcjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tiNEMzcUNnaHVtSUQxWk1ob2NydkZsOHhuSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGEvZWExY2ZmLWFlOGYtNDcxOS04OWIzLTAwM2ExNTY4YmYzZi8x
L3hNcVdYTHdKNFRiN0ZLU2V0Z3AyNjUwWWVJVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEv
ZWExY2ZmLWFlOGYtNDcxOS04OWIzLTAwM2ExNTY4YmYzZi8xL0tiNEMzcUNnaHVt
SUQxWk1ob2NydkZsOHhuSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA4st+DANBgkqhkiG9w0BAQsFAAOC
AQEAR94lrtR7/1zGFD6KzUwfkpPobnQcsNS9WGreaZzYKYwprlKoZUE7av/jCzOn
wFIR99Q9NSPV889ncYreN8a0OxPw8Mc97/1hkK4uhnGBzOs+1/6BYxf5hqiSXBrW
aaFySZFeq9hdHuGqa9lZS9Y/ZOnF9AmelA3hG5F8hKPggBuxkCJv+zWUK+zrt4gX
eoXKXq28ldxKQuGonkHHH6d8WDvUMzQPgQ4LnpLPkOV6TVCAvuVBrS8OSY+8GRsj
u2Gbvf9SB/Cmj0ZFtQIhd7hplZiGZLkv8juuFO/lh9xn85DdS4mERGkcBJDVn1Rz
dZM0QU8LU6VFj/SzFIl6ShD0Rg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:17 2024 by rpki-client on console-fra.rpki-client.org