Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/u-nxJcmxYYXdKdo7fFbGW0l0xJw.roa
File:                     u-nxJcmxYYXdKdo7fFbGW0l0xJw.roa (raw, json)
Hash identifier:          R5V95OT/XhT3voW29cwyet3+1mh3dsAQTgIY10/xIOo=
Subject key identifier:   BB:E9:F1:25:C9:B1:61:85:DD:29:DA:3B:7C:56:C6:5B:49:74:C4:9C
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       018572C3844775B0D55EADB57407E0655055
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/u-nxJcmxYYXdKdo7fFbGW0l0xJw.roa
Signing time:             Mon 02 Jan 2023 13:54:53 +0000
ROA not before:           Mon 02 Jan 2023 13:54:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60631
IP address blocks:        45.159.150.0/24 maxlen: 24
                          45.159.149.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:c3:84:47:75:b0:d5:5e:ad:b5:74:07:e0:65:50:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Jan  2 13:54:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bbe9f125c9b16185dd29da3b7c56c65b4974c49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ab:a0:60:d2:07:cb:c5:50:ee:c8:d2:7e:96:
                    73:60:96:d0:09:a2:5f:e2:e6:72:63:a0:b3:94:d5:
                    22:7e:e4:17:7f:b8:f1:38:43:b5:ab:68:23:fd:bf:
                    cc:c7:e9:f4:f6:33:75:ea:e1:a3:4b:c5:e4:23:9c:
                    6a:56:1f:14:bc:f1:ef:9a:67:33:1f:b1:b0:f0:3b:
                    5f:a2:d7:80:ba:d7:94:60:dc:5e:eb:3c:d7:d7:9e:
                    04:89:76:07:8c:ac:c6:61:98:ed:3a:c4:39:85:4c:
                    2a:81:b2:3a:a9:39:c5:d0:4d:77:bd:6f:d2:50:73:
                    5d:b6:21:6a:19:ed:c7:85:6b:71:6f:2f:e7:b4:84:
                    a1:ff:d8:20:5b:42:ec:d1:69:43:05:c8:46:f8:31:
                    89:dd:2a:ab:f0:7c:ea:eb:f1:46:6b:3e:27:0b:93:
                    99:ee:8d:65:b0:eb:f2:4b:73:cd:23:70:d5:28:5f:
                    4c:b0:71:3b:4c:40:7a:fb:de:e5:cd:df:12:fc:b9:
                    24:fa:7f:0b:b0:4f:7d:e8:fd:9f:84:51:4c:3a:0e:
                    d8:1a:60:c2:d1:98:e8:a4:98:d0:56:ea:81:d9:d2:
                    f3:37:5b:cf:c2:17:16:fb:60:98:0f:53:06:10:32:
                    e0:e4:01:e7:cd:ef:cc:49:41:35:d2:9f:b9:8c:0a:
                    a6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E9:F1:25:C9:B1:61:85:DD:29:DA:3B:7C:56:C6:5B:49:74:C4:9C
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/u-nxJcmxYYXdKdo7fFbGW0l0xJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.149.0-45.159.150.255

    Signature Algorithm: sha256WithRSAEncryption
         3e:a8:b2:bf:75:cf:bf:df:a3:8a:fc:8c:10:b3:a7:4f:73:0e:
         e2:0e:df:c8:0e:a9:67:48:84:9e:96:b1:ac:1b:d7:ae:3b:e0:
         c4:68:fe:03:32:49:e4:88:92:37:65:47:c8:51:af:ae:58:3c:
         38:30:0d:bf:27:4b:6f:68:9b:8d:2b:b5:2d:ab:b6:f4:ab:ca:
         12:0f:53:c0:c2:3e:dd:48:21:38:bf:b4:5d:6d:b1:95:0c:1f:
         80:96:39:81:f8:21:7e:7c:f1:63:a6:30:56:df:4f:a6:1c:56:
         51:8e:a7:56:ef:49:9a:e9:55:ac:af:9b:9c:30:c8:6c:36:d5:
         b6:cb:3e:a3:02:97:3c:47:0d:be:88:c8:c3:ad:ef:4e:b8:27:
         f9:b5:9d:9c:bb:5a:c9:a0:dc:9f:7b:72:f4:e5:0f:54:da:a7:
         42:ea:5d:ff:10:2b:21:1d:85:b0:95:43:9d:df:f3:c9:81:85:
         4b:8c:1f:15:a6:78:40:82:d4:78:f7:bf:2f:05:53:bc:81:fa:
         5b:98:71:7e:d6:5d:9a:0c:f0:a6:b0:52:b4:ad:63:ef:cc:fb:
         01:8e:01:61:4a:21:0b:0e:51:a2:5d:41:8f:78:74:89:5e:f3:
         63:00:fd:e4:0a:7f:a6:23:a7:c6:ed:b5:56:9b:42:4a:14:a4:
         d0:d8:03:49
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVyw4RHdbDVXq21dAfgZVBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjMwMTAyMTM1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmU5ZjEyNWM5YjE2MTg1ZGQyOWRhM2I3YzU2YzY1YjQ5NzRjNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqugYNIHy8VQ7sjSfpZzYJbQCaJf
4uZyY6CzlNUifuQXf7jxOEO1q2gj/b/Mx+n09jN16uGjS8XkI5xqVh8UvPHvmmcz
H7Gw8DtfoteAuteUYNxe6zzX154EiXYHjKzGYZjtOsQ5hUwqgbI6qTnF0E13vW/S
UHNdtiFqGe3HhWtxby/ntISh/9ggW0Ls0WlDBchG+DGJ3Sqr8Hzq6/FGaz4nC5OZ
7o1lsOvyS3PNI3DVKF9MsHE7TEB6+97lzd8S/Lkk+n8LsE996P2fhFFMOg7YGmDC
0ZjopJjQVuqB2dLzN1vPwhcW+2CYD1MGEDLg5AHnze/MSUE10p+5jAqmxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLvp8SXJsWGF3SnaO3xWxltJdMScMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvdS1ueEpjbXhZWVhkS2RvN2ZGYkdXMGwweEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtn5UD
BAAtn5YwDQYJKoZIhvcNAQELBQADggEBAD6osr91z7/fo4r8jBCzp09zDuIO38gO
qWdIhJ6Wsawb16474MRo/gMySeSIkjdlR8hRr65YPDgwDb8nS29om40rtS2rtvSr
yhIPU8DCPt1IITi/tF1tsZUMH4CWOYH4IX588WOmMFbfT6YcVlGOp1bvSZrpVayv
m5wwyGw21bbLPqMClzxHDb6IyMOt7064J/m1nZy7Wsmg3J97cvTlD1Tap0LqXf8Q
KyEdhbCVQ53f88mBhUuMHxWmeECC1Hj3vy8FU7yB+luYcX7WXZoM8KawUrStY+/M
+wGOAWFKIQsOUaJdQY94dIle82MA/eQKf6Yjp8bttVabQkoUpNDYA0k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:16 2024 by rpki-client on console-fra.rpki-client.org