Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/dA1FZQAolwgRRk39IEUv3IrKXD8.roa
File:                     dA1FZQAolwgRRk39IEUv3IrKXD8.roa (raw, json)
Hash identifier:          LdHeoum2whdbt8itTiMPZrNinEQTkKBLw9oPNjn+Nyw=
Subject key identifier:   74:0D:45:65:00:28:97:08:11:46:4D:FD:20:45:2F:DC:8A:CA:5C:3F
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       018572C3853B3E12DE423EFCC3ACE0D39764
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/dA1FZQAolwgRRk39IEUv3IrKXD8.roa
Signing time:             Mon 02 Jan 2023 13:54:54 +0000
ROA not before:           Mon 02 Jan 2023 13:54:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201194
IP address blocks:        45.81.16.0/22 maxlen: 22
                          45.81.17.0/24 maxlen: 24
                          45.81.16.0/24 maxlen: 24
                          45.81.18.0/24 maxlen: 24
                          45.81.19.0/24 maxlen: 24
                          185.201.49.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:c3:85:3b:3e:12:de:42:3e:fc:c3:ac:e0:d3:97:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Jan  2 13:54:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=740d45650028970811464dfd20452fdc8aca5c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:62:f1:26:17:e7:b1:68:62:53:36:13:77:94:
                    f7:40:c3:09:a4:88:df:ea:ee:e7:42:c4:8b:57:9a:
                    82:0e:f2:94:54:41:49:b3:cc:66:a8:78:71:cb:85:
                    30:20:25:1f:3d:bf:b9:58:0b:ee:65:3c:67:a2:c0:
                    8e:64:28:6b:9f:22:a4:1a:1f:7d:30:61:e8:ce:80:
                    16:f0:e3:f7:f1:51:bd:0a:f6:b6:07:f1:ae:19:7a:
                    aa:89:73:65:d6:2f:5f:93:c4:0c:99:0b:f6:51:93:
                    7b:d3:41:c0:3d:53:d4:b4:1b:e0:ff:dc:2d:60:3e:
                    8b:c2:f3:b3:a2:ea:96:a7:df:bc:ca:a0:79:26:34:
                    c1:f6:83:38:ab:78:d0:2d:8e:38:97:0e:c8:46:a1:
                    86:bd:e9:74:19:e1:bd:3b:44:86:26:6b:69:4b:ee:
                    62:f5:00:6c:47:be:da:19:ee:57:85:0f:f3:fb:57:
                    3d:11:5f:6f:2e:a5:6b:9c:d8:af:0a:f0:bb:de:d6:
                    b0:a6:55:23:d1:11:ea:f5:c8:05:c9:10:9b:31:77:
                    2f:30:7d:dc:d2:e9:e1:3d:bf:19:37:e6:0f:35:6c:
                    38:05:e1:66:42:4a:fd:77:9f:7c:31:4d:cd:39:5e:
                    bc:c4:a6:a4:18:65:87:2b:28:5d:af:b9:91:94:16:
                    42:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:0D:45:65:00:28:97:08:11:46:4D:FD:20:45:2F:DC:8A:CA:5C:3F
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/dA1FZQAolwgRRk39IEUv3IrKXD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.16.0/22
                  185.201.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:09:ac:25:d0:5c:d0:15:c4:89:eb:cb:7c:fe:e7:00:0a:b0:
         99:be:81:39:40:6f:ca:88:6a:16:fa:cc:f6:0f:34:4f:13:95:
         2d:41:26:56:91:8a:bd:d8:97:4b:3f:5e:b4:9e:9a:51:73:65:
         8c:0f:f2:e5:e2:5c:a2:f1:e6:15:b3:7a:65:7c:6f:be:60:1c:
         d5:db:aa:4e:50:86:e1:b8:72:71:9a:79:95:b4:fe:17:2f:06:
         65:e2:21:e0:f2:dc:79:e9:77:f4:fc:a7:7c:11:26:52:ff:08:
         b8:87:1a:cf:79:db:b3:8e:a5:d0:f5:23:b3:f6:82:1e:b3:fa:
         f1:87:a9:47:29:74:93:03:ea:82:19:65:b5:2d:6c:ed:6c:d8:
         9f:bc:84:95:24:33:83:d9:b8:56:8b:67:bb:89:07:88:43:5d:
         67:71:ee:89:fc:54:fd:8a:4d:47:de:1a:f9:0f:5d:34:0d:03:
         7b:22:2e:bd:ed:fa:10:7b:94:91:ed:6f:7a:0f:92:a6:6b:49:
         0b:e1:3c:cc:0a:54:49:15:67:c0:6b:e9:56:f8:e0:50:53:5f:
         11:c7:58:40:ef:fd:7a:09:db:36:c5:69:98:0c:51:0d:35:8b:
         11:08:15:09:f0:6d:7b:a8:b7:50:b5:bc:1b:37:e9:03:9f:3b:
         64:99:fc:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyw4U7PhLeQj78w6zg05dkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjMwMTAyMTM1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDBkNDU2NTAwMjg5NzA4MTE0NjRkZmQyMDQ1MmZkYzhhY2E1YzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGLxJhfnsWhiUzYTd5T3QMMJpIjf
6u7nQsSLV5qCDvKUVEFJs8xmqHhxy4UwICUfPb+5WAvuZTxnosCOZChrnyKkGh99
MGHozoAW8OP38VG9Cva2B/GuGXqqiXNl1i9fk8QMmQv2UZN700HAPVPUtBvg/9wt
YD6LwvOzouqWp9+8yqB5JjTB9oM4q3jQLY44lw7IRqGGvel0GeG9O0SGJmtpS+5i
9QBsR77aGe5XhQ/z+1c9EV9vLqVrnNivCvC73tawplUj0RHq9cgFyRCbMXcvMH3c
0unhPb8ZN+YPNWw4BeFmQkr9d598MU3NOV68xKakGGWHKyhdr7mRlBZC/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHQNRWUAKJcIEUZN/SBFL9yKylw/MB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvZEExRlpRQW9sd2dSUmszOUlFVXYzSXJLWEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVEQAwQA
uckxMA0GCSqGSIb3DQEBCwUAA4IBAQBnCawl0FzQFcSJ68t8/ucACrCZvoE5QG/K
iGoW+sz2DzRPE5UtQSZWkYq92JdLP160nppRc2WMD/Ll4lyi8eYVs3plfG++YBzV
26pOUIbhuHJxmnmVtP4XLwZl4iHg8tx56Xf0/Kd8ESZS/wi4hxrPeduzjqXQ9SOz
9oIes/rxh6lHKXSTA+qCGWW1LWztbNifvISVJDOD2bhWi2e7iQeIQ11nce6J/FT9
ik1H3hr5D100DQN7Ii697foQe5SR7W96D5Kma0kL4TzMClRJFWfAa+lW+OBQU18R
x1hA7/16Cds2xWmYDFENNYsRCBUJ8G17qLdQtbwbN+kDnztkmfzk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:16 2024 by rpki-client on console-fra.rpki-client.org