Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/saN4wjMbtj70cEMxhWLIhiQ0-ss.roa
File:                     saN4wjMbtj70cEMxhWLIhiQ0-ss.roa (raw, json)
Hash identifier:          SdHTgXae5ALi+1+cgDT+uibfQk5+pF6rpF1COUXX3Dc=
Subject key identifier:   B1:A3:78:C2:33:1B:B6:3E:F4:70:43:31:85:62:C8:86:24:34:FA:CB
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       0182F0547311B09138EF6888A0E448531CBF
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/saN4wjMbtj70cEMxhWLIhiQ0-ss.roa
Signing time:             Tue 30 Aug 2022 19:57:22 +0000
ROA not before:           Tue 30 Aug 2022 19:57:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201364
IP address blocks:        185.77.3.0/24 maxlen: 24
                          45.10.56.0/24 maxlen: 24
                          2a11:1806::/32 maxlen: 32
                          2a11:1804::/32 maxlen: 32
                          2a11:1802::/32 maxlen: 32
                          2a11:1800::/32 maxlen: 32
                          2a11:1803::/32 maxlen: 32
                          2a11:1805::/32 maxlen: 32
                          2a11:1807::/32 maxlen: 32
                          2a11:1801::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f0:54:73:11:b0:91:38:ef:68:88:a0:e4:48:53:1c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Aug 30 19:57:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1a378c2331bb63ef47043318562c8862434facb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7e:ae:a0:bd:7f:d5:23:2b:3b:b2:3f:4b:a6:
                    ff:6d:59:a6:28:88:01:34:a3:a7:f1:6e:f9:6d:60:
                    c4:fd:b3:64:da:5b:01:53:98:99:a1:f1:d2:10:22:
                    23:8d:d6:f3:f2:29:33:c0:4c:3e:fb:a7:68:aa:36:
                    97:d7:9e:ba:6c:ca:bc:c5:31:1d:59:7c:0c:a0:0a:
                    3c:27:5e:d1:99:62:a6:9f:18:7c:3a:a4:dd:b6:54:
                    4c:c2:ce:c1:79:c5:e2:86:05:84:dd:e7:bc:2d:c1:
                    1a:92:84:e7:89:65:c3:e4:0f:f9:51:68:63:e2:e0:
                    d0:28:05:b8:60:c1:f4:ac:bf:e4:94:51:9c:66:6e:
                    30:0c:92:a2:57:7d:68:58:c2:97:c8:04:08:82:43:
                    7d:47:c2:30:c7:21:3f:47:a2:39:b2:38:8c:b8:91:
                    b9:42:7a:a9:24:6c:d3:da:4d:93:74:98:91:68:10:
                    44:8c:ea:42:86:13:4a:e9:b0:82:a2:1b:96:7a:36:
                    71:b4:fd:a8:ae:7a:78:86:17:97:da:66:35:16:9f:
                    b7:09:9c:c7:18:53:ae:c6:fd:a2:ad:c4:52:37:f4:
                    c5:e1:b8:09:86:6d:ba:09:6b:f6:2e:c9:43:2f:35:
                    0d:d5:d4:d5:bd:8e:e7:35:23:20:0d:f9:3b:86:54:
                    b4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A3:78:C2:33:1B:B6:3E:F4:70:43:31:85:62:C8:86:24:34:FA:CB
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/saN4wjMbtj70cEMxhWLIhiQ0-ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.56.0/24
                  185.77.3.0/24
                IPv6:
                  2a11:1800::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:02:b4:84:b9:0a:eb:d4:6d:37:1d:a8:f8:0d:82:bc:97:90:
         3a:65:ff:fc:85:ce:5d:cd:8b:c4:c8:4b:73:5a:f1:bd:3a:8a:
         1f:fb:67:83:b0:84:0e:b0:a1:63:38:96:7b:5f:cd:09:13:bc:
         dd:d4:e8:f3:cc:fc:83:21:f8:38:62:b3:59:5c:0d:9c:98:2a:
         85:b0:ee:96:58:78:d7:e8:5d:92:65:81:5d:1c:46:d9:8f:f1:
         05:f1:2f:bb:a9:82:64:ce:97:91:66:bf:65:9f:b6:43:c6:cd:
         69:51:ec:a0:4e:88:26:9b:5e:31:5e:aa:13:55:23:0d:18:a1:
         f7:6a:7f:b6:cf:46:3c:6a:6a:e0:bc:06:db:00:d2:4e:27:26:
         9e:cb:bd:6b:8a:0d:92:a8:ce:e7:00:2c:66:52:5b:b8:90:ab:
         ba:16:2f:1a:96:f9:d1:66:ab:3e:3a:36:05:bd:e5:0f:a4:31:
         c3:1a:60:04:c3:11:76:89:77:4a:71:1f:f2:0e:54:b5:00:22:
         23:c7:ab:59:68:4f:e8:bd:a2:6e:6f:85:fc:13:c1:13:26:c8:
         94:87:4e:d9:5f:85:71:0d:09:3b:84:6a:e2:dc:f1:4d:cf:e4:
         52:cc:67:b5:72:ed:66:35:da:52:3f:4f:d3:e8:93:e5:73:dd:
         4b:46:2f:c1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYLwVHMRsJE472iIoORIUxy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjIwODMwMTk1NzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWEzNzhjMjMzMWJiNjNlZjQ3MDQzMzE4NTYyYzg4NjI0MzRmYWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln6uoL1/1SMrO7I/S6b/bVmmKIgB
NKOn8W75bWDE/bNk2lsBU5iZofHSECIjjdbz8ikzwEw++6doqjaX1566bMq8xTEd
WXwMoAo8J17RmWKmnxh8OqTdtlRMws7BecXihgWE3ee8LcEakoTniWXD5A/5UWhj
4uDQKAW4YMH0rL/klFGcZm4wDJKiV31oWMKXyAQIgkN9R8IwxyE/R6I5sjiMuJG5
QnqpJGzT2k2TdJiRaBBEjOpChhNK6bCCohuWejZxtP2ornp4hheX2mY1Fp+3CZzH
GFOuxv2ircRSN/TF4bgJhm26CWv2LslDLzUN1dTVvY7nNSMgDfk7hlS0YQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLGjeMIzG7Y+9HBDMYViyIYkNPrLMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvc2FONHdqTWJ0ajcwY0VNeGhXTEloaVEwLXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALQo4AwQA
uU0DMA0EAgACMAcDBQMqERgAMA0GCSqGSIb3DQEBCwUAA4IBAQA2ArSEuQrr1G03
Haj4DYK8l5A6Zf/8hc5dzYvEyEtzWvG9Ooof+2eDsIQOsKFjOJZ7X80JE7zd1Ojz
zPyDIfg4YrNZXA2cmCqFsO6WWHjX6F2SZYFdHEbZj/EF8S+7qYJkzpeRZr9ln7ZD
xs1pUeygTogmm14xXqoTVSMNGKH3an+2z0Y8amrgvAbbANJOJyaey71rig2SqM7n
ACxmUlu4kKu6Fi8alvnRZqs+OjYFveUPpDHDGmAEwxF2iXdKcR/yDlS1ACIjx6tZ
aE/ovaJub4X8E8ETJsiUh07ZX4VxDQk7hGri3PFNz+RSzGe1cu1mNdpSP0/T6JPl
c91LRi/B
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:24 2024 by rpki-client on console-ams.rpki-client.org