Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/93PF5rprE7_MvAx0lxXQ5gv7UhE.roa
File:                     93PF5rprE7_MvAx0lxXQ5gv7UhE.roa (raw, json)
Hash identifier:          W8tZ4sHSqJSTLX0woZdLJZldcj0dA13cbmfVQ+xgHOU=
Subject key identifier:   F7:73:C5:E6:BA:6B:13:BF:CC:BC:0C:74:97:15:D0:E6:0B:FB:52:11
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       0183A71B940A397FD95BA7DD4CAF339C553F
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/93PF5rprE7_MvAx0lxXQ5gv7UhE.roa
Signing time:             Wed 05 Oct 2022 07:45:45 +0000
ROA not before:           Wed 05 Oct 2022 07:45:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39650
IP address blocks:        45.90.73.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a7:1b:94:0a:39:7f:d9:5b:a7:dd:4c:af:33:9c:55:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Oct  5 07:45:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f773c5e6ba6b13bfccbc0c749715d0e60bfb5211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9d:36:6c:59:87:f2:f4:c5:0e:85:c8:ae:8d:
                    77:98:a4:d6:c6:ab:1f:ca:36:a9:8f:84:a1:c6:b7:
                    c8:f1:eb:69:59:bd:d1:3d:0d:b9:c7:2f:67:23:c4:
                    51:d1:c7:63:67:31:b2:70:d1:79:79:c1:02:89:27:
                    cc:f2:ff:e0:4d:64:4a:51:de:c2:35:cd:47:9f:67:
                    ed:af:72:74:ce:04:59:f9:3b:64:d9:b7:ae:e5:38:
                    6c:95:26:03:09:97:4e:0e:d4:27:e8:47:d1:36:d6:
                    85:62:b9:05:df:0d:2e:f1:3b:9e:5b:f5:c9:a6:b1:
                    f1:0b:75:ce:d3:bf:d8:6e:1a:38:a9:27:d7:82:8f:
                    ba:be:fa:c6:94:33:62:63:7a:1b:b6:9d:60:43:c9:
                    fe:36:7a:7a:b0:2c:1b:3f:d6:e1:1b:3c:f0:92:50:
                    0e:ef:c2:4c:7d:f9:34:c5:7e:b0:69:a3:e5:88:fb:
                    43:88:18:3a:45:0f:13:56:d2:ba:31:52:97:fb:f1:
                    e8:b8:38:b5:75:be:21:3a:88:ea:77:68:2a:50:a8:
                    6f:2b:7f:f1:08:8c:28:8b:be:dc:5a:7c:c6:2b:fa:
                    a4:52:a1:97:12:81:dd:f1:bf:44:bb:76:a4:1e:55:
                    0b:5c:5e:19:da:02:e8:e2:0c:b8:a5:81:82:6c:7a:
                    59:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:73:C5:E6:BA:6B:13:BF:CC:BC:0C:74:97:15:D0:E6:0B:FB:52:11
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/93PF5rprE7_MvAx0lxXQ5gv7UhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:ce:a4:29:57:f1:dd:a3:f9:6d:7c:9c:04:3a:d0:35:1f:2a:
         ad:16:6a:ae:c8:d7:74:ca:81:b6:01:43:0d:1c:68:6c:5f:85:
         cd:f8:8d:ae:da:58:85:8b:5d:c3:b2:81:6e:18:a5:ec:d5:cc:
         bb:aa:7a:af:b5:07:bc:49:7f:2c:49:3f:4a:79:d8:69:e7:c0:
         27:a8:73:15:70:37:b9:b3:c1:2f:60:6a:80:7a:c7:7a:7a:f2:
         e2:58:e6:08:12:ec:77:37:e7:bc:8c:04:6f:c0:08:53:e6:e6:
         ea:d5:46:c2:82:7d:6d:fd:3f:29:4c:f0:09:16:98:83:b7:8c:
         a6:a4:ca:16:42:3c:ab:e4:25:cd:cf:6f:aa:83:ac:d2:8d:2e:
         fb:4e:f2:f3:26:70:b0:02:6f:8d:53:b0:53:67:d1:3f:51:61:
         3d:85:df:91:a1:83:45:d3:97:02:e0:d9:e7:69:ad:02:ae:ec:
         52:55:2c:93:9f:d4:25:43:72:c9:b5:7a:a2:11:72:d8:8f:21:
         2b:98:22:c0:8e:cf:07:91:8b:01:df:8a:30:c8:07:4e:2b:74:
         65:7d:5e:4d:e6:33:2d:21:68:9d:29:f5:bf:49:13:5d:af:ba:
         be:61:d7:53:13:7c:ef:6a:b7:e7:0c:85:d5:28:f5:38:28:40:
         a4:68:2a:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYOnG5QKOX/ZW6fdTK8znFU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjIxMDA1MDc0NTQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzczYzVlNmJhNmIxM2JmY2NiYzBjNzQ5NzE1ZDBlNjBiZmI1MjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJ02bFmH8vTFDoXIro13mKTWxqsf
yjapj4ShxrfI8etpWb3RPQ25xy9nI8RR0cdjZzGycNF5ecECiSfM8v/gTWRKUd7C
Nc1Hn2ftr3J0zgRZ+Ttk2beu5ThslSYDCZdODtQn6EfRNtaFYrkF3w0u8TueW/XJ
prHxC3XO07/Ybho4qSfXgo+6vvrGlDNiY3obtp1gQ8n+Nnp6sCwbP9bhGzzwklAO
78JMffk0xX6waaPliPtDiBg6RQ8TVtK6MVKX+/HouDi1db4hOojqd2gqUKhvK3/x
CIwoi77cWnzGK/qkUqGXEoHd8b9Eu3akHlULXF4Z2gLo4gy4pYGCbHpZaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdzxea6axO/zLwMdJcV0OYL+1IRMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvOTNQRjVycHJFN19NdkF4MGx4WFE1Z3Y3VWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVpJMA0G
CSqGSIb3DQEBCwUAA4IBAQChzqQpV/Hdo/ltfJwEOtA1HyqtFmquyNd0yoG2AUMN
HGhsX4XN+I2u2liFi13DsoFuGKXs1cy7qnqvtQe8SX8sST9Kedhp58AnqHMVcDe5
s8EvYGqAesd6evLiWOYIEux3N+e8jARvwAhT5ubq1UbCgn1t/T8pTPAJFpiDt4ym
pMoWQjyr5CXNz2+qg6zSjS77TvLzJnCwAm+NU7BTZ9E/UWE9hd+RoYNF05cC4Nnn
aa0CruxSVSyTn9QlQ3LJtXqiEXLYjyErmCLAjs8HkYsB34owyAdOK3RlfV5N5jMt
IWidKfW/SRNdr7q+YddTE3zvarfnDIXVKPU4KECkaCpB
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:19 2024 by rpki-client on console-ams.rpki-client.org