Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8keuw7UjTY8iyWVdxkZGUjoTR8E.roa
File:                     8keuw7UjTY8iyWVdxkZGUjoTR8E.roa (raw, json)
Hash identifier:          UbWCeIBUHTQiibjzzsPh9gw7aGR8qq1rEqWWiBM19yo=
Subject key identifier:   F2:47:AE:C3:B5:23:4D:8F:22:C9:65:5D:C6:46:46:52:3A:13:47:C1
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018D2D6E2F619FADDA8A1872549E0908C489
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8keuw7UjTY8iyWVdxkZGUjoTR8E.roa
Signing time:             Sun 21 Jan 2024 19:10:12 +0000
ROA not before:           Sun 21 Jan 2024 19:10:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        45.89.68.0/24 maxlen: 24
                          45.89.71.0/24 maxlen: 24
                          212.115.48.0/24 maxlen: 24
                          212.115.50.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2d:6e:2f:61:9f:ad:da:8a:18:72:54:9e:09:08:c4:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jan 21 19:10:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f247aec3b5234d8f22c9655dc64646523a1347c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:31:c8:69:02:63:95:1e:0d:fe:08:63:fe:83:
                    d2:c6:e2:8f:a4:4b:cb:b5:2c:5c:84:be:23:07:b9:
                    17:ad:07:1e:41:14:3f:db:ae:3d:33:47:7e:fc:d5:
                    28:bd:61:e5:58:10:b2:36:43:65:de:f5:b9:24:89:
                    49:35:a2:a4:58:b3:04:a6:35:6a:e6:cf:7b:dc:8f:
                    c9:d4:f6:1d:28:c5:40:f3:92:c8:1f:70:a5:8e:3c:
                    7b:7b:0a:e6:9b:b7:5c:0d:e3:00:ac:b9:29:75:4d:
                    33:48:40:62:fb:43:e9:05:9c:86:8a:28:7f:0f:41:
                    57:d3:cf:8f:fa:73:30:77:96:28:ad:4a:5c:15:11:
                    ea:cd:69:53:55:66:05:fd:b0:fc:14:71:7c:f4:ee:
                    b2:08:c8:dd:1f:87:70:45:bc:a7:82:cd:73:ab:d2:
                    63:0b:cb:1d:65:16:a2:05:55:1e:3e:b8:6f:86:d6:
                    c6:f4:5e:65:fd:8b:9d:67:80:75:a2:7f:d0:34:c4:
                    ed:9e:ca:bd:8b:34:68:6b:c5:df:91:b9:70:ed:dd:
                    f5:bf:47:34:22:81:78:f7:75:ed:da:8a:3f:b3:90:
                    4b:7e:54:bb:6b:af:05:a8:06:0b:2d:ce:a7:83:6f:
                    34:db:70:ed:3c:49:5d:b4:60:41:f5:8f:f4:a3:3b:
                    da:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:47:AE:C3:B5:23:4D:8F:22:C9:65:5D:C6:46:46:52:3A:13:47:C1
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8keuw7UjTY8iyWVdxkZGUjoTR8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.68.0/24
                  45.89.71.0/24
                  212.115.48.0/24
                  212.115.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:5e:76:9b:ec:8d:91:4c:7f:e6:3c:20:eb:ab:7c:08:c6:07:
         d3:5e:00:bf:e0:f7:95:a1:cd:f9:11:f3:6c:e0:33:3c:7d:a0:
         77:3e:f2:77:1f:c4:87:81:ac:36:99:5e:31:7e:4f:b1:21:b2:
         bf:51:0a:db:28:b6:2b:4e:3f:c1:fa:03:51:7b:72:a7:e9:68:
         4b:3f:0a:a8:89:89:1f:b5:26:7d:f7:87:c9:44:75:9c:33:a3:
         fb:b0:77:52:b4:5d:71:08:8a:a9:21:f0:f7:d8:df:48:a7:5a:
         3b:0c:d9:ba:4b:c9:a5:aa:d8:3b:cf:2e:07:44:16:8c:52:a9:
         88:95:c4:19:1d:e0:96:11:b5:4d:33:57:66:05:87:0e:9a:13:
         e1:1e:99:5b:c5:3a:8f:19:30:54:00:cb:d6:70:ad:96:45:2c:
         51:3b:bf:e6:2f:3d:b6:35:0e:24:ec:30:28:c0:1c:65:f7:90:
         90:24:a3:f0:53:b5:41:70:d7:8e:2f:48:d1:e5:16:f2:ee:60:
         e6:c2:33:ae:b1:4f:85:e9:51:90:12:4b:f3:99:a3:d8:11:19:
         64:41:da:f8:a3:96:20:a8:ab:84:72:42:e7:6d:bc:ba:ab:d4:
         d9:75:46:22:0e:14:6a:92:01:10:e3:ff:5b:59:24:01:d2:89:
         43:42:f2:6f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY0tbi9hn63aihhyVJ4JCMSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwMTIxMTkxMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ3YWVjM2I1MjM0ZDhmMjJjOTY1NWRjNjQ2NDY1MjNhMTM0N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDHIaQJjlR4N/ghj/oPSxuKPpEvL
tSxchL4jB7kXrQceQRQ/2649M0d+/NUovWHlWBCyNkNl3vW5JIlJNaKkWLMEpjVq
5s973I/J1PYdKMVA85LIH3Cljjx7ewrmm7dcDeMArLkpdU0zSEBi+0PpBZyGiih/
D0FX08+P+nMwd5YorUpcFRHqzWlTVWYF/bD8FHF89O6yCMjdH4dwRbyngs1zq9Jj
C8sdZRaiBVUePrhvhtbG9F5l/YudZ4B1on/QNMTtnsq9izRoa8Xfkblw7d31v0c0
IoF493Xt2oo/s5BLflS7a68FqAYLLc6ng28023DtPEldtGBB9Y/0ozvacwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPJHrsO1I02PIsllXcZGRlI6E0fBMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvOGtldXc3VWpUWThpeVdWZHhrWkdVam9UUjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALVlEAwQA
LVlHAwQA1HMwAwQA1HMyMA0GCSqGSIb3DQEBCwUAA4IBAQBEXnab7I2RTH/mPCDr
q3wIxgfTXgC/4PeVoc35EfNs4DM8faB3PvJ3H8SHgaw2mV4xfk+xIbK/UQrbKLYr
Tj/B+gNRe3Kn6WhLPwqoiYkftSZ994fJRHWcM6P7sHdStF1xCIqpIfD32N9Ip1o7
DNm6S8mlqtg7zy4HRBaMUqmIlcQZHeCWEbVNM1dmBYcOmhPhHplbxTqPGTBUAMvW
cK2WRSxRO7/mLz22NQ4k7DAowBxl95CQJKPwU7VBcNeOL0jR5Rby7mDmwjOusU+F
6VGQEkvzmaPYERlkQdr4o5YgqKuEckLnbby6q9TZdUYiDhRqkgEQ4/9bWSQB0olD
QvJv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:17 2024 by rpki-client on console-fra.rpki-client.org