Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0mR3vD-ZHVfg0wRExQlB3jy7SHU.roa
File:                     0mR3vD-ZHVfg0wRExQlB3jy7SHU.roa (raw, json)
Hash identifier:          3YtZo+GAiWraTn85VORD0AePxVljofQjJn+ZGJBSBRM=
Subject key identifier:   D2:64:77:BC:3F:99:1D:57:E0:D3:04:44:C5:09:41:DE:3C:BB:48:75
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018B0537839472A2CF7B3B753F9B196E1377
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0mR3vD-ZHVfg0wRExQlB3jy7SHU.roa
Signing time:             Fri 06 Oct 2023 13:40:06 +0000
ROA not before:           Fri 06 Oct 2023 13:40:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62240
IP address blocks:        92.119.192.0/24 maxlen: 24
                          45.159.85.0/24 maxlen: 24
                          45.153.227.0/24 maxlen: 24
                          193.32.164.0/24 maxlen: 24
                          193.32.166.0/24 maxlen: 24
                          193.32.165.0/24 maxlen: 24
                          45.142.37.0/24 maxlen: 24
                          45.129.130.0/24 maxlen: 24
                          45.129.129.0/24 maxlen: 24
                          45.129.131.0/24 maxlen: 24
                          193.32.167.0/24 maxlen: 24
                          193.36.231.0/24 maxlen: 24
                          45.138.4.0/24 maxlen: 24
                          176.222.58.0/24 maxlen: 24
                          45.138.6.0/24 maxlen: 24
                          45.138.5.0/24 maxlen: 24
                          45.146.26.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:05:37:83:94:72:a2:cf:7b:3b:75:3f:9b:19:6e:13:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Oct  6 13:40:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d26477bc3f991d57e0d30444c50941de3cbb4875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fe:c8:20:cf:ad:20:f4:d9:51:96:7a:d5:0d:
                    ac:d8:21:f3:15:f8:81:2f:2c:28:49:bc:51:be:50:
                    dc:e5:3e:79:1b:9b:1e:93:47:eb:88:85:fe:2a:40:
                    f7:76:bc:bf:5f:cd:08:ca:ae:8a:80:43:94:01:1b:
                    a3:12:0e:c9:f8:ca:3e:bf:e2:07:02:21:a7:98:41:
                    41:73:db:3f:82:6e:19:33:fb:44:1e:a4:90:70:a9:
                    b7:87:52:d4:e7:7f:28:78:3f:0a:33:54:5c:61:70:
                    6f:1a:13:8a:c9:8d:ab:e3:ac:b8:6d:11:52:13:2c:
                    70:01:9b:d8:af:e8:04:e9:55:ec:45:5a:fe:82:0f:
                    26:12:8d:cb:43:96:bb:1c:bc:4a:56:74:fe:82:af:
                    30:d7:07:e6:68:62:5b:2e:9c:77:09:be:4c:eb:f7:
                    15:1e:47:67:fb:e3:55:19:64:a6:30:b2:2b:81:00:
                    42:c0:83:05:ee:71:08:df:6e:01:62:d6:7e:8e:61:
                    1d:55:d4:2d:4b:60:bb:82:db:47:54:13:27:db:0d:
                    9e:6c:a2:44:fb:30:30:ad:69:a6:cb:98:2b:6f:bf:
                    50:db:c8:f5:62:f3:27:cd:0d:e3:16:fa:1a:4a:4f:
                    f0:7c:75:c2:0c:c8:ec:03:95:76:ca:5f:dc:30:f1:
                    33:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:64:77:BC:3F:99:1D:57:E0:D3:04:44:C5:09:41:DE:3C:BB:48:75
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0mR3vD-ZHVfg0wRExQlB3jy7SHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.129.0-45.129.131.255
                  45.138.4.0-45.138.6.255
                  45.142.37.0/24
                  45.146.26.0/24
                  45.153.227.0/24
                  45.159.85.0/24
                  92.119.192.0/24
                  176.222.58.0/24
                  193.32.164.0/22
                  193.36.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:11:35:06:40:46:c8:d3:54:3e:5a:36:d4:ec:c1:81:5b:7a:
         d2:f7:1a:0f:ac:ec:9a:f4:1e:9a:63:37:96:37:b8:1e:32:50:
         d7:8f:30:92:ce:27:c4:ec:98:1d:7a:cd:f1:0a:41:a0:57:c3:
         d9:e0:92:95:e3:2c:03:6b:83:37:ad:95:89:53:d9:f8:6c:ba:
         40:98:e3:2c:4c:ac:18:6c:a9:19:17:bd:c1:eb:40:8e:5c:76:
         18:c4:e6:3e:7e:4d:cb:6b:6d:3f:4f:c0:34:61:3d:ff:7e:00:
         15:1a:b9:ec:54:33:10:21:b7:9b:41:9e:1a:2d:67:e4:fc:da:
         c2:88:18:a2:5e:ad:ef:a9:96:43:3e:3e:51:b5:90:d7:1e:aa:
         1f:f5:6d:98:b2:29:e8:1a:cc:87:77:5c:00:e7:65:7a:d2:2b:
         98:9e:27:d6:ba:04:7f:5c:66:e4:4b:fa:26:01:2d:65:8a:6d:
         57:a8:b2:b5:ad:94:67:6f:09:96:43:ac:18:31:e8:45:29:c7:
         9c:36:1b:6b:4c:24:35:a6:13:07:bf:46:d2:87:4b:cb:fc:aa:
         4b:60:d7:d9:4a:22:0b:e4:5f:f5:65:4d:e2:35:5b:55:af:19:
         a4:4c:f9:86:cb:2a:c7:22:1a:e5:5e:aa:98:c6:56:f9:b9:d3:
         f3:02:5c:03
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYsFN4OUcqLPezt1P5sZbhN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMxMDA2MTM0MDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjY0NzdiYzNmOTkxZDU3ZTBkMzA0NDRjNTA5NDFkZTNjYmI0ODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/7IIM+tIPTZUZZ61Q2s2CHzFfiB
LywoSbxRvlDc5T55G5sek0friIX+KkD3dry/X80Iyq6KgEOUARujEg7J+Mo+v+IH
AiGnmEFBc9s/gm4ZM/tEHqSQcKm3h1LU538oeD8KM1RcYXBvGhOKyY2r46y4bRFS
EyxwAZvYr+gE6VXsRVr+gg8mEo3LQ5a7HLxKVnT+gq8w1wfmaGJbLpx3Cb5M6/cV
Hkdn++NVGWSmMLIrgQBCwIMF7nEI324BYtZ+jmEdVdQtS2C7gttHVBMn2w2ebKJE
+zAwrWmmy5grb79Q28j1YvMnzQ3jFvoaSk/wfHXCDMjsA5V2yl/cMPEzNwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFNJkd7w/mR1X4NMERMUJQd48u0h1MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvMG1SM3ZELVpIVmZnMHdSRXhRbEIzank3U0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAAtgYED
BAItgYAwDAMEAi2KBAMEAC2KBgMEAC2OJQMEAC2SGgMEAC2Z4wMEAC2fVQMEAFx3
wAMEALDeOgMEAsEgpAMEAMEk5zANBgkqhkiG9w0BAQsFAAOCAQEAaRE1BkBGyNNU
Plo21OzBgVt60vcaD6zsmvQemmM3lje4HjJQ148wks4nxOyYHXrN8QpBoFfD2eCS
leMsA2uDN62ViVPZ+Gy6QJjjLEysGGypGRe9wetAjlx2GMTmPn5Ny2ttP0/ANGE9
/34AFRq57FQzECG3m0GeGi1n5PzawogYol6t76mWQz4+UbWQ1x6qH/VtmLIp6BrM
h3dcAOdletIrmJ4n1roEf1xm5Ev6JgEtZYptV6iyta2UZ28JlkOsGDHoRSnHnDYb
a0wkNaYTB79G0odLy/yqS2DX2UoiC+Rf9WVN4jVbVa8ZpEz5hssqxyIa5V6qmMZW
+bnT8wJcAw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org