Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Kh5RjxsdeZg5RTkWthPGD0JzwC4.roa
File:                     Kh5RjxsdeZg5RTkWthPGD0JzwC4.roa (raw, json)
Hash identifier:          TNfznAWXJ0XFfwviRs9hwDKoKei2ph0FQh9Dzf/fMkg=
Subject key identifier:   2A:1E:51:8F:1B:1D:79:98:39:45:39:16:B6:13:C6:0F:42:73:C0:2E
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0189784DABB14C1AF82FCFE132AD9FB2F925
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Kh5RjxsdeZg5RTkWthPGD0JzwC4.roa
Signing time:             Fri 21 Jul 2023 11:55:03 +0000
ROA not before:           Fri 21 Jul 2023 11:55:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34665
IP address blocks:        45.81.138.0/24 maxlen: 24
                          91.188.245.0/24 maxlen: 24
                          45.95.31.0/24 maxlen: 24
                          176.119.143.0/24 maxlen: 24
                          193.187.104.0/24 maxlen: 24
                          193.187.107.0/24 maxlen: 24
                          84.252.70.0/23 maxlen: 23
                          45.91.239.0/24 maxlen: 24
                          78.142.239.0/24 maxlen: 24
                          176.53.172.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:78:4d:ab:b1:4c:1a:f8:2f:cf:e1:32:ad:9f:b2:f9:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jul 21 11:55:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a1e518f1b1d799839453916b613c60f4273c02e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:37:8a:d8:17:87:95:38:ef:2f:8a:d2:1f:52:
                    9c:83:7b:ee:24:82:03:cc:64:7b:d9:b9:27:e1:d3:
                    93:59:cf:d7:66:ab:68:d1:8f:eb:a9:a3:48:b5:f7:
                    76:4f:c6:ee:d2:a7:e6:dd:dd:8e:06:0a:a8:94:6d:
                    db:f0:ee:0a:59:2e:51:08:57:4b:6a:be:b5:fa:f8:
                    42:60:d6:55:6e:19:1a:6e:4a:dd:36:28:12:36:b5:
                    91:e3:40:90:c6:9e:4f:64:0a:51:ce:36:56:b5:75:
                    da:67:a1:ff:1e:76:56:2a:95:1b:db:71:0a:d2:04:
                    81:59:12:5f:e7:b1:b2:f4:6d:dd:ce:9f:57:2f:f9:
                    39:34:9f:cf:09:30:60:e3:e1:5c:70:e9:fd:2e:4a:
                    11:04:aa:a4:f3:3d:d0:54:0d:24:a2:bc:15:e4:22:
                    b1:af:70:68:9d:36:57:97:3b:fc:d8:e7:b7:6a:bb:
                    fd:e8:92:59:de:66:a6:7c:4d:6b:f4:a6:7a:8c:e6:
                    83:00:28:5d:ef:a2:72:93:36:5a:62:4f:6b:cf:25:
                    f6:8a:87:9d:1d:a0:d9:f2:f0:44:39:e2:4d:69:25:
                    d4:5d:ff:d3:ff:76:97:6c:3a:06:4f:92:ea:73:dd:
                    75:fb:be:a9:71:78:31:7a:56:50:c2:bc:b4:4b:7f:
                    55:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:1E:51:8F:1B:1D:79:98:39:45:39:16:B6:13:C6:0F:42:73:C0:2E
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Kh5RjxsdeZg5RTkWthPGD0JzwC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.138.0/24
                  45.91.239.0/24
                  45.95.31.0/24
                  78.142.239.0/24
                  84.252.70.0/23
                  91.188.245.0/24
                  176.53.172.0/22
                  176.119.143.0/24
                  193.187.104.0/24
                  193.187.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:91:95:33:64:5b:f8:a7:97:2b:58:e1:ac:27:14:b8:24:c1:
         33:44:4d:dd:76:8d:64:a9:d6:55:cd:40:a0:3b:20:9e:1a:5d:
         c3:fa:1d:73:cd:fb:9f:fc:c0:ad:55:b2:2e:87:aa:c5:02:8e:
         30:8f:8f:42:70:01:66:2b:4b:35:3f:20:5d:f6:9b:a5:63:b5:
         9b:d1:5e:37:3b:0e:3d:a1:99:c7:db:32:c6:86:fe:9a:f9:54:
         22:07:15:cc:63:90:d4:42:40:65:c9:c9:08:2d:29:16:5d:7a:
         75:0b:26:d2:b7:0c:99:80:8a:b1:dd:2a:83:3f:1c:64:27:d0:
         a0:90:8c:45:9f:1a:66:49:d8:59:c2:e2:89:a6:62:04:32:bd:
         56:19:2f:2a:e7:1a:21:d6:7b:54:7c:6c:f3:18:f6:7a:c4:30:
         3c:b5:5f:c7:82:e6:43:96:18:2d:dc:ce:b6:75:78:f7:b7:46:
         dd:94:fb:7e:a5:3e:a6:70:65:48:12:e5:ea:b7:97:c0:c3:19:
         cc:9f:dc:ea:d0:8e:13:6e:e8:52:28:65:b0:0e:e7:e4:6d:70:
         77:38:f8:70:62:7e:99:e9:8e:09:fe:7e:c4:36:5c:93:5a:10:
         26:a4:1a:bf:d5:95:86:7e:6b:db:96:91:06:3d:92:98:be:11:
         33:63:71:de
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYl4TauxTBr4L8/hMq2fsvklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzIxMTE1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFlNTE4ZjFiMWQ3OTk4Mzk0NTM5MTZiNjEzYzYwZjQyNzNjMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zeK2BeHlTjvL4rSH1Kcg3vuJIID
zGR72bkn4dOTWc/XZqto0Y/rqaNItfd2T8bu0qfm3d2OBgqolG3b8O4KWS5RCFdL
ar61+vhCYNZVbhkabkrdNigSNrWR40CQxp5PZApRzjZWtXXaZ6H/HnZWKpUb23EK
0gSBWRJf57Gy9G3dzp9XL/k5NJ/PCTBg4+FccOn9LkoRBKqk8z3QVA0korwV5CKx
r3BonTZXlzv82Oe3arv96JJZ3mamfE1r9KZ6jOaDAChd76JykzZaYk9rzyX2ioed
HaDZ8vBEOeJNaSXUXf/T/3aXbDoGT5Lqc911+76pcXgxelZQwry0S39VzQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCoeUY8bHXmYOUU5FrYTxg9Cc8AuMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvS2g1Ump4c2RlWmc1UlRrV3RoUEdEMEp6d0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVGKAwQA
LVvvAwQALV8fAwQATo7vAwQBVPxGAwQAW7z1AwQCsDWsAwQAsHePAwQAwbtoAwQA
wbtrMA0GCSqGSIb3DQEBCwUAA4IBAQAlkZUzZFv4p5crWOGsJxS4JMEzRE3ddo1k
qdZVzUCgOyCeGl3D+h1zzfuf/MCtVbIuh6rFAo4wj49CcAFmK0s1PyBd9pulY7Wb
0V43Ow49oZnH2zLGhv6a+VQiBxXMY5DUQkBlyckILSkWXXp1CybStwyZgIqx3SqD
PxxkJ9CgkIxFnxpmSdhZwuKJpmIEMr1WGS8q5xoh1ntUfGzzGPZ6xDA8tV/HguZD
lhgt3M62dXj3t0bdlPt+pT6mcGVIEuXqt5fAwxnMn9zq0I4TbuhSKGWwDufkbXB3
OPhwYn6Z6Y4J/n7ENlyTWhAmpBq/1ZWGfmvblpEGPZKYvhEzY3He
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org