Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/C-aitnuveQ6uGhSR9fEu3xW6EpE.roa
File:                     C-aitnuveQ6uGhSR9fEu3xW6EpE.roa (raw, json)
Hash identifier:          QDdt7EfejjKPOFHDzyY02HiXJ8k6krli4e7XhxZgPBo=
Subject key identifier:   0B:E6:A2:B6:7B:AF:79:0E:AE:1A:14:91:F5:F1:2E:DF:15:BA:12:91
Certificate issuer:       /CN=51618df006d548d1d87ed6419550662db6fc0606
Certificate serial:       0185BF747997A96D025118515C567F00AF76
Authority key identifier: 51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/C-aitnuveQ6uGhSR9fEu3xW6EpE.roa
Signing time:             Tue 17 Jan 2023 11:19:19 +0000
ROA not before:           Tue 17 Jan 2023 11:19:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50022
IP address blocks:        213.110.240.0/20 maxlen: 20
                          213.110.224.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:bf:74:79:97:a9:6d:02:51:18:51:5c:56:7f:00:af:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51618df006d548d1d87ed6419550662db6fc0606
        Validity
            Not Before: Jan 17 11:19:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0be6a2b67baf790eae1a1491f5f12edf15ba1291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cc:b5:b9:89:f4:96:fb:d9:14:32:06:83:86:
                    9c:13:6f:2e:5e:95:3f:14:f8:22:f4:ad:35:a2:d4:
                    e7:41:e0:a1:38:67:42:5c:06:87:d2:02:88:a3:d4:
                    2b:8a:6b:7e:f8:f6:51:f7:c9:3c:40:e4:a3:25:ed:
                    69:fa:4d:1a:09:29:57:b1:48:58:cb:1c:7f:7a:b8:
                    1d:8f:08:b9:cd:96:aa:cd:cd:bb:7d:a6:5c:3a:04:
                    ed:13:0e:87:18:61:48:93:f4:04:67:1e:63:8d:2f:
                    60:59:af:b3:30:61:d7:5e:e3:72:81:99:bb:a4:e5:
                    4d:bf:85:79:ef:fb:61:2f:07:fb:a8:03:d0:8e:94:
                    d2:40:c1:e3:12:11:ab:8b:e9:a1:81:ff:c9:aa:54:
                    b2:4f:64:49:35:8c:d8:6e:b9:9a:6f:57:36:71:6c:
                    13:8d:84:e6:af:fc:9a:8b:51:7d:9a:63:6d:b6:81:
                    c0:38:21:9a:a6:bd:f1:51:7d:da:24:35:2a:7f:5c:
                    70:86:6a:34:58:d9:4a:70:66:f3:e0:ab:27:90:3a:
                    5b:f7:86:3e:b5:e8:8f:b3:ac:d4:3a:7a:c3:42:44:
                    df:e4:1b:51:68:89:61:97:ba:b3:28:b8:1a:8e:6f:
                    4f:01:f2:4f:9c:52:f6:a1:fd:5b:4e:de:84:0b:51:
                    96:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E6:A2:B6:7B:AF:79:0E:AE:1A:14:91:F5:F1:2E:DF:15:BA:12:91
            X509v3 Authority Key Identifier:
                keyid:51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/C-aitnuveQ6uGhSR9fEu3xW6EpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         70:40:d2:22:38:48:b9:7a:64:81:5b:b5:aa:39:bc:b9:cf:ca:
         6f:f0:dc:18:9c:2a:0d:e3:72:7f:71:0b:0d:c0:34:b9:ec:23:
         59:c2:df:4d:d6:fe:f7:b8:8f:7a:dd:cd:29:f5:a1:0e:5f:cb:
         f4:ed:1b:63:e6:99:b5:56:94:b9:89:d3:1f:c6:e4:9b:57:c3:
         9b:84:a8:24:aa:86:c9:a3:fc:62:4a:a3:2a:31:5c:22:63:9c:
         f1:39:71:50:41:30:4e:0a:0e:48:82:7c:53:a8:69:f6:97:b1:
         f1:de:8f:40:fc:5f:34:50:67:2d:10:c4:22:1b:98:f1:64:fe:
         3d:03:36:9b:52:27:08:65:41:cd:71:58:c7:39:78:27:fb:6d:
         0c:c7:29:c3:26:0f:92:a9:5e:87:aa:49:4f:66:52:28:5c:cc:
         85:98:43:ad:4f:62:8a:ac:95:81:87:30:26:06:07:dd:93:fc:
         e0:28:96:d7:12:38:5d:df:f5:13:0e:40:a1:c5:be:81:fc:9c:
         ef:3e:92:4f:70:a4:aa:4f:1a:31:08:b0:cd:87:ac:f6:15:90:
         e7:13:d5:7f:42:87:92:57:b5:f7:a4:5a:7f:e2:8f:1e:9a:14:
         b6:9c:83:12:c2:3d:bb:77:e6:89:40:5b:92:af:d6:b0:6e:95:
         e1:b0:cc:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYW/dHmXqW0CURhRXFZ/AK92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNjE4ZGYwMDZkNTQ4ZDFkODdlZDY0MTk1NTA2NjJkYjZm
YzA2MDYwHhcNMjMwMTE3MTExOTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmU2YTJiNjdiYWY3OTBlYWUxYTE0OTFmNWYxMmVkZjE1YmExMjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8y1uYn0lvvZFDIGg4acE28uXpU/
FPgi9K01otTnQeChOGdCXAaH0gKIo9Qrimt++PZR98k8QOSjJe1p+k0aCSlXsUhY
yxx/ergdjwi5zZaqzc27faZcOgTtEw6HGGFIk/QEZx5jjS9gWa+zMGHXXuNygZm7
pOVNv4V57/thLwf7qAPQjpTSQMHjEhGri+mhgf/JqlSyT2RJNYzYbrmab1c2cWwT
jYTmr/yai1F9mmNttoHAOCGapr3xUX3aJDUqf1xwhmo0WNlKcGbz4KsnkDpb94Y+
teiPs6zUOnrDQkTf5BtRaIlhl7qzKLgajm9PAfJPnFL2of1bTt6EC1GWGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvmorZ7r3kOrhoUkfXxLt8VuhKRMB8GA1UdIwQY
MBaAFFFhjfAG1UjR2H7WQZVQZi22/AYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEt
MzE3YzJmYjBhMzViLzEvQy1haXRudXZlUTZ1R2hTUjlmRXUzeFc2RXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEtMzE3YzJmYjBhMzVi
LzEvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1W7gMA0G
CSqGSIb3DQEBCwUAA4IBAQBwQNIiOEi5emSBW7WqOby5z8pv8NwYnCoN43J/cQsN
wDS57CNZwt9N1v73uI963c0p9aEOX8v07Rtj5pm1VpS5idMfxuSbV8ObhKgkqobJ
o/xiSqMqMVwiY5zxOXFQQTBOCg5IgnxTqGn2l7Hx3o9A/F80UGctEMQiG5jxZP49
AzabUicIZUHNcVjHOXgn+20MxynDJg+SqV6HqklPZlIoXMyFmEOtT2KKrJWBhzAm
Bgfdk/zgKJbXEjhd3/UTDkChxb6B/JzvPpJPcKSqTxoxCLDNh6z2FZDnE9V/QoeS
V7X3pFp/4o8emhS2nIMSwj27d+aJQFuSr9awbpXhsMxi
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:19 2024 by rpki-client on console-ams.rpki-client.org