Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1M49xqQEZ6o7EyUTjBe0Llfxhf0.roa
File:                     1M49xqQEZ6o7EyUTjBe0Llfxhf0.roa (raw, json)
Hash identifier:          rJDdT/joSfpnpvi8CtRY5QhoQb7qx54UgvuMEWzRPgg=
Subject key identifier:   D4:CE:3D:C6:A4:04:67:AA:3B:13:25:13:8C:17:B4:2E:57:F1:85:FD
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       03CB2647
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1M49xqQEZ6o7EyUTjBe0Llfxhf0.roa
Signing time:             Sat 01 Jan 2022 02:56:35 +0000
ROA not before:           Sat 01 Jan 2022 02:56:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        91.213.186.0/24 maxlen: 24
                          91.213.189.0/24 maxlen: 24
                          91.208.69.0/24 maxlen: 24
                          91.208.73.0/24 maxlen: 24
                          91.213.200.0/24 maxlen: 24
                          194.156.151.0/24 maxlen: 24
                          194.156.150.0/24 maxlen: 24
                          194.156.150.0/23 maxlen: 24
                          91.208.104.0/24 maxlen: 24
                          91.208.109.0/24 maxlen: 24
                          45.150.196.0/22 maxlen: 24
                          45.83.238.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63645255 (0x3cb2647)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 02:56:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d4ce3dc6a40467aa3b1325138c17b42e57f185fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fe:df:6e:82:02:83:71:c6:dc:8c:f3:1d:39:
                    91:57:29:3d:10:28:35:c2:80:56:5d:00:a4:da:3e:
                    fb:4b:c4:e6:39:12:a0:cc:09:10:fd:f7:e6:0a:00:
                    bb:87:83:36:22:11:44:71:82:52:20:95:47:a8:83:
                    09:e9:c6:71:c3:68:d0:33:1e:68:84:39:fb:44:34:
                    2e:16:e8:0b:cb:d6:05:e0:64:6d:9a:87:5c:28:37:
                    cd:a8:12:f1:5a:78:34:6d:ee:47:20:b0:cc:08:8d:
                    63:3f:6f:52:1d:0d:9a:b8:68:2e:2c:e5:74:80:15:
                    84:e2:b1:71:9b:07:e3:52:2d:7c:01:7c:60:97:a0:
                    3b:47:fa:e1:5a:d2:06:59:22:ff:4c:c0:7d:b3:4c:
                    3f:9d:fb:c7:65:fb:05:3c:a8:4c:67:e8:62:b4:ab:
                    86:ce:f1:ca:a9:ee:1b:27:04:8d:e4:b5:9f:87:cd:
                    b5:03:3e:6f:5e:62:a4:fb:7e:3d:e1:d2:63:33:ac:
                    30:89:44:5d:e0:45:48:7d:bf:2c:e7:f5:1b:52:c2:
                    1a:1a:52:eb:67:d7:9d:96:35:27:29:a5:2b:d1:81:
                    da:c9:4a:b3:ff:e5:3d:4e:79:34:08:26:17:93:51:
                    86:77:17:20:90:01:35:4f:a7:ab:7f:e1:42:6e:88:
                    87:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:CE:3D:C6:A4:04:67:AA:3B:13:25:13:8C:17:B4:2E:57:F1:85:FD
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1M49xqQEZ6o7EyUTjBe0Llfxhf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.238.0/23
                  45.150.196.0/22
                  91.208.69.0/24
                  91.208.73.0/24
                  91.208.104.0/24
                  91.208.109.0/24
                  91.213.186.0/24
                  91.213.189.0/24
                  91.213.200.0/24
                  194.156.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:61:8b:48:a4:f4:0b:ef:26:27:c4:9c:65:7b:c3:d8:1c:24:
         5d:61:cc:df:03:0e:1f:20:41:b5:9f:ae:8b:d0:ea:12:0e:73:
         a3:94:8b:62:e7:d4:e8:31:a1:20:74:44:64:9f:34:2c:73:f1:
         46:74:5a:43:ba:fa:1d:4d:63:b4:4f:f9:b8:2e:e3:d9:68:05:
         47:bf:80:aa:d3:e3:b3:06:eb:8c:37:e8:27:69:b5:4f:33:b5:
         b4:62:19:24:1c:8a:75:61:f1:45:a7:9e:bf:b4:a8:65:94:cc:
         3d:8e:b2:6b:0d:2e:64:b7:c1:9f:46:55:e0:79:40:8c:05:8f:
         d2:70:87:60:b4:52:8e:6b:18:30:06:c0:8f:52:a0:b6:8f:8c:
         12:53:b3:e5:13:85:9b:de:9c:0b:05:be:8f:c1:9d:1d:ee:15:
         bf:cf:3b:63:c7:f0:29:d3:fc:3b:ba:36:c7:19:3c:36:22:61:
         7c:70:a6:c5:41:3f:8b:19:0c:46:c8:dd:dd:9f:d2:7b:c7:86:
         64:51:87:78:5b:42:f4:90:00:a3:e5:20:70:de:68:5d:02:12:
         14:84:7f:2f:fc:c3:58:34:5c:b6:5a:b8:73:7a:81:6c:d8:15:
         2c:95:51:c8:70:79:4e:50:d2:51:67:1a:99:1d:4a:4e:79:51:
         a3:f1:6f:67
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEA8smRzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjQ3MzgzODljYjNiOTk4ZWM0ZmE2ZDQyNzJmOGRkNzk5ZmJjNGE5MB4XDTIyMDEw
MTAyNTYzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDRjZTNkYzZhNDA0
NjdhYTNiMTMyNTEzOGMxN2I0MmU1N2YxODVmZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALT+326CAoNxxtyM8x05kVcpPRAoNcKAVl0ApNo++0vE5jkS
oMwJEP335goAu4eDNiIRRHGCUiCVR6iDCenGccNo0DMeaIQ5+0Q0LhboC8vWBeBk
bZqHXCg3zagS8Vp4NG3uRyCwzAiNYz9vUh0NmrhoLizldIAVhOKxcZsH41ItfAF8
YJegO0f64VrSBlki/0zAfbNMP537x2X7BTyoTGfoYrSrhs7xyqnuGycEjeS1n4fN
tQM+b15ipPt+PeHSYzOsMIlEXeBFSH2/LOf1G1LCGhpS62fXnZY1JymlK9GB2slK
s//lPU55NAgmF5NRhncXIJABNU+nq3/hQm6IhysCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBTUzj3GpARnqjsTJROMF7QuV/GF/TAfBgNVHSMEGDAWgBQfRzg4nLO5mOxP
ptQnL43XmfvEqTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gwYzRPSnl6dVpqc1Q2YlVKeS1OMTVuN3hLay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzUvNTE3Njk0LWM4YTEtNDU4Yi05Y2YyLTZjN2U1Njg1ODkwYy8x
LzFNNDl4cVFFWjZvN0V5VVRqQmUwTGxmeGhmMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUv
NTE3Njk0LWM4YTEtNDU4Yi05Y2YyLTZjN2U1Njg1ODkwYy8xL0gwYzRPSnl6dVpq
c1Q2YlVKeS1OMTVuN3hLay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAS1T7gMEAi2WxAMEAFvQRQMEAFvQ
SQMEAFvQaAMEAFvQbQMEAFvVugMEAFvVvQMEAFvVyAMEAcKcljANBgkqhkiG9w0B
AQsFAAOCAQEAXmGLSKT0C+8mJ8ScZXvD2BwkXWHM3wMOHyBBtZ+ui9DqEg5zo5SL
YufU6DGhIHREZJ80LHPxRnRaQ7r6HU1jtE/5uC7j2WgFR7+AqtPjswbrjDfoJ2m1
TzO1tGIZJByKdWHxRaeev7SoZZTMPY6yaw0uZLfBn0ZV4HlAjAWP0nCHYLRSjmsY
MAbAj1Kgto+MElOz5ROFm96cCwW+j8GdHe4Vv887Y8fwKdP8O7o2xxk8NiJhfHCm
xUE/ixkMRsjd3Z/Se8eGZFGHeFtC9JAAo+UgcN5oXQISFIR/L/zDWDRctlq4c3qB
bNgVLJVRyHB5TlDSUWcamR1KTnlRo/FvZw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org