Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/GsMmfauoFKWLycYj50B3w7cc2mU.roa
File:                     GsMmfauoFKWLycYj50B3w7cc2mU.roa (raw, json)
Hash identifier:          QepJEYboCOjqA3G8YefSrVr30L2YIeMVA87S8hT7J5s=
Subject key identifier:   1A:C3:26:7D:AB:A8:14:A5:8B:C9:C6:23:E7:40:77:C3:B7:1C:DA:65
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       018BFCECD7008BD38DFE56C5F6A82AA3B949
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/GsMmfauoFKWLycYj50B3w7cc2mU.roa
Signing time:             Thu 23 Nov 2023 16:04:21 +0000
ROA not before:           Thu 23 Nov 2023 16:04:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64458
IP address blocks:        45.90.75.0/24 maxlen: 24
                          45.90.73.0/24 maxlen: 24
                          45.90.74.0/24 maxlen: 24
                          45.90.72.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:fc:ec:d7:00:8b:d3:8d:fe:56:c5:f6:a8:2a:a3:b9:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Nov 23 16:04:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ac3267daba814a58bc9c623e74077c3b71cda65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:07:ec:94:d9:89:4e:86:e0:8f:46:1a:2f:7d:
                    09:6d:d0:f7:a3:d2:b7:50:30:fd:65:6a:c4:eb:af:
                    ff:84:5c:58:24:17:6a:9a:ff:7a:de:2d:47:73:01:
                    61:53:5f:b3:4e:28:db:59:2a:ca:a3:84:16:39:b1:
                    54:1e:f5:35:d1:93:43:86:5a:d6:af:11:82:78:7c:
                    50:66:86:a1:e2:ed:0c:ab:be:ce:74:90:a9:ce:87:
                    af:4a:78:ba:1c:bd:c0:05:b0:99:c1:bb:66:44:b2:
                    93:73:f1:88:70:8c:68:01:6b:2e:fc:4d:0f:10:35:
                    76:db:e0:54:04:37:2e:8f:55:e6:8c:69:70:01:31:
                    5a:f6:2a:df:9c:a0:22:9e:db:8b:1e:20:21:57:c2:
                    10:7c:6e:0a:cb:0c:71:cc:55:36:85:7e:70:a6:04:
                    36:d3:92:ac:44:9c:e3:6c:7e:38:4a:43:cb:01:d5:
                    38:43:ae:4b:3e:62:cb:bc:15:a2:89:c4:18:cb:db:
                    59:f2:53:d3:54:bf:c0:76:c7:45:ee:c4:b0:fd:fd:
                    78:c9:25:fc:a9:22:92:0c:87:85:ed:40:8c:7d:71:
                    a4:94:29:15:2b:69:16:4b:5a:d8:9a:cd:50:85:95:
                    b2:3d:95:8a:43:67:5b:63:2d:1f:ad:ca:8a:4e:34:
                    8d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C3:26:7D:AB:A8:14:A5:8B:C9:C6:23:E7:40:77:C3:B7:1C:DA:65
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/GsMmfauoFKWLycYj50B3w7cc2mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:69:fb:17:39:6f:ef:b0:65:fe:71:c0:86:6b:b1:ef:51:0d:
         33:e9:ed:53:fb:19:66:54:5d:80:a5:24:41:f6:c1:16:7e:cb:
         21:25:5a:d8:f9:f6:d6:4b:1b:1d:08:3f:d3:27:e0:2c:15:93:
         e3:ad:fc:aa:67:9d:c3:08:a9:28:23:34:e4:d0:e9:d4:37:d1:
         62:15:5e:85:84:f4:05:ea:d5:bf:d4:51:f4:24:19:2d:67:bd:
         f3:a5:84:d9:2f:94:51:b1:69:79:e5:59:34:4c:d9:ce:40:ca:
         02:23:c3:a6:f5:26:37:7b:f8:1a:83:02:c3:ce:77:90:3d:42:
         ad:26:4a:0a:61:9d:b9:54:79:f7:9f:5b:d5:64:0e:dc:eb:01:
         bf:5c:5a:5c:c5:a3:02:1c:a3:7d:0b:92:13:f8:20:24:aa:29:
         0d:96:f1:bf:68:7c:10:a7:51:dc:cc:d0:d8:d7:78:3f:11:54:
         31:ea:e3:c0:c7:80:ba:85:e7:c3:c1:d2:cb:f5:2e:64:7d:00:
         27:57:d3:b6:4e:f2:28:c4:de:a0:07:df:e9:6c:75:0c:15:8a:
         58:b0:59:85:c7:08:b3:2a:3c:23:69:06:de:0c:a5:47:f8:4d:
         2c:a7:aa:c6:a3:e4:b4:a6:f0:89:14:fb:bf:2d:2d:ed:11:34:
         2a:6c:16:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYv87NcAi9ON/lbF9qgqo7lJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjMxMTIzMTYwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWMzMjY3ZGFiYTgxNGE1OGJjOWM2MjNlNzQwNzdjM2I3MWNkYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwfslNmJTobgj0YaL30JbdD3o9K3
UDD9ZWrE66//hFxYJBdqmv963i1HcwFhU1+zTijbWSrKo4QWObFUHvU10ZNDhlrW
rxGCeHxQZoah4u0Mq77OdJCpzoevSni6HL3ABbCZwbtmRLKTc/GIcIxoAWsu/E0P
EDV22+BUBDcuj1XmjGlwATFa9irfnKAintuLHiAhV8IQfG4KywxxzFU2hX5wpgQ2
05KsRJzjbH44SkPLAdU4Q65LPmLLvBWiicQYy9tZ8lPTVL/AdsdF7sSw/f14ySX8
qSKSDIeF7UCMfXGklCkVK2kWS1rYms1QhZWyPZWKQ2dbYy0frcqKTjSNowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrDJn2rqBSli8nGI+dAd8O3HNplMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvR3NNbWZhdW9GS1dMeWNZajUwQjN3N2NjMm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVpIMA0G
CSqGSIb3DQEBCwUAA4IBAQBhafsXOW/vsGX+ccCGa7HvUQ0z6e1T+xlmVF2ApSRB
9sEWfsshJVrY+fbWSxsdCD/TJ+AsFZPjrfyqZ53DCKkoIzTk0OnUN9FiFV6FhPQF
6tW/1FH0JBktZ73zpYTZL5RRsWl55Vk0TNnOQMoCI8Om9SY3e/gagwLDzneQPUKt
JkoKYZ25VHn3n1vVZA7c6wG/XFpcxaMCHKN9C5IT+CAkqikNlvG/aHwQp1HczNDY
13g/EVQx6uPAx4C6hefDwdLL9S5kfQAnV9O2TvIoxN6gB9/pbHUMFYpYsFmFxwiz
KjwjaQbeDKVH+E0sp6rGo+S0pvCJFPu/LS3tETQqbBao
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:16 2024 by rpki-client on console-fra.rpki-client.org