Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5khmtQyMVD7ZJLjGuukVQkmBgIA.roa
File:                     5khmtQyMVD7ZJLjGuukVQkmBgIA.roa (raw, json)
Hash identifier:          urBzOWxkLMKj5oJPIYaMJO6jQWpUtw+SXwisxcXnHDk=
Subject key identifier:   E6:48:66:B5:0C:8C:54:3E:D9:24:B8:C6:BA:E9:15:42:49:81:80:80
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01870ECCF9EC055EA72BDAD151601E250855
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5khmtQyMVD7ZJLjGuukVQkmBgIA.roa
Signing time:             Thu 23 Mar 2023 14:08:46 +0000
ROA not before:           Thu 23 Mar 2023 14:08:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52000
IP address blocks:        45.153.230.0/24 maxlen: 24
                          195.246.110.0/24 maxlen: 24
                          37.44.196.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0e:cc:f9:ec:05:5e:a7:2b:da:d1:51:60:1e:25:08:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Mar 23 14:08:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e64866b50c8c543ed924b8c6bae9154249818080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4c:d4:22:32:12:ef:41:c4:78:be:9b:13:b3:
                    bf:2c:38:a2:1f:75:cf:19:6f:dc:91:b8:2c:dd:61:
                    58:01:92:10:00:ec:ca:ca:11:4d:17:a5:f4:4a:c7:
                    9d:2a:41:c2:76:d7:09:26:f6:8f:07:70:b1:28:5c:
                    7a:8c:2c:d5:ba:33:d0:f6:36:56:60:fb:e0:74:61:
                    2f:c8:ce:2d:fd:7e:7b:2a:5c:a2:6e:81:d9:69:35:
                    c0:0c:eb:55:7c:78:b3:d6:c1:3e:3b:f8:7d:d2:62:
                    6f:50:c8:4b:98:31:01:89:b5:43:84:5e:cc:03:06:
                    9c:ef:a6:b4:15:67:b6:d3:83:68:e3:fd:d8:82:26:
                    a3:fc:15:92:69:fb:32:f2:9d:f8:f3:19:9c:f4:42:
                    c3:21:e0:0c:c8:a7:53:36:6b:85:cf:10:86:7e:f7:
                    56:f8:2e:98:c2:f7:b2:cf:9e:6f:ec:9a:e8:20:3e:
                    bb:fa:5c:a5:1b:8d:7b:f9:6a:36:0b:69:4a:89:ce:
                    71:78:d4:0c:83:00:9a:dd:cd:83:0a:f8:50:15:5f:
                    bf:cb:5a:2c:02:80:70:ff:1f:00:46:b3:bd:b3:24:
                    10:9c:d0:39:b2:fb:af:76:4a:fb:3e:13:b5:5c:d2:
                    55:79:ac:3d:7e:b9:7a:e5:a4:c8:d4:c2:76:d1:8d:
                    af:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:48:66:B5:0C:8C:54:3E:D9:24:B8:C6:BA:E9:15:42:49:81:80:80
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5khmtQyMVD7ZJLjGuukVQkmBgIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.196.0/23
                  45.153.230.0/24
                  195.246.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b5:4b:c5:8f:e9:8a:e1:a9:20:e9:92:82:d4:c7:98:3d:9c:
         79:59:f4:2f:9e:ea:d1:14:3d:8b:24:cc:2e:e6:b5:17:01:9c:
         fc:10:26:ea:7f:3c:e3:56:71:1e:28:cd:b8:40:bc:3e:3f:36:
         61:7d:79:c1:30:7f:e9:e2:99:54:39:67:06:d9:9b:00:4f:c8:
         91:fb:37:60:33:76:10:f3:ab:ff:27:b8:a1:45:d3:8d:fc:f2:
         f8:58:ac:11:aa:03:89:34:ac:63:38:b8:e5:72:28:0c:3b:d1:
         00:ad:38:b6:50:48:4f:47:bd:16:40:84:7e:4a:e0:08:59:38:
         36:3e:49:6e:76:5f:53:d8:e7:88:72:55:a7:56:05:ae:db:ef:
         5a:41:e4:06:48:63:6c:ac:db:2a:60:c9:76:59:48:70:d8:76:
         66:88:73:2e:56:dc:94:c9:b5:b0:26:56:2d:90:01:46:18:67:
         c3:72:56:f4:91:80:d2:ad:93:61:66:1d:aa:6b:88:7a:47:9e:
         e6:32:77:78:ca:35:fc:3b:80:04:4b:6b:7a:2c:0e:93:c2:8b:
         18:e7:bd:22:b5:2a:8a:0f:3a:7b:6c:bc:53:a9:f4:6c:6d:3a:
         93:b7:f3:19:fc:9f:1a:88:7c:0e:7e:db:f0:db:1b:ad:00:e8:
         b2:48:aa:f1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYcOzPnsBV6nK9rRUWAeJQhVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMzIzMTQwODQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQ4NjZiNTBjOGM1NDNlZDkyNGI4YzZiYWU5MTU0MjQ5ODE4MDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkzUIjIS70HEeL6bE7O/LDiiH3XP
GW/ckbgs3WFYAZIQAOzKyhFNF6X0SsedKkHCdtcJJvaPB3CxKFx6jCzVujPQ9jZW
YPvgdGEvyM4t/X57KlyiboHZaTXADOtVfHiz1sE+O/h90mJvUMhLmDEBibVDhF7M
Awac76a0FWe204No4/3Ygiaj/BWSafsy8p348xmc9ELDIeAMyKdTNmuFzxCGfvdW
+C6Ywveyz55v7JroID67+lylG417+Wo2C2lKic5xeNQMgwCa3c2DCvhQFV+/y1os
AoBw/x8ARrO9syQQnNA5svuvdkr7PhO1XNJVeaw9frl65aTI1MJ20Y2vpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOZIZrUMjFQ+2SS4xrrpFUJJgYCAMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvNWtobXRReU1WRDdaSkxqR3V1a1ZRa21CZ0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBJSzEAwQA
LZnmAwQAw/ZuMA0GCSqGSIb3DQEBCwUAA4IBAQBHtUvFj+mK4akg6ZKC1MeYPZx5
WfQvnurRFD2LJMwu5rUXAZz8ECbqfzzjVnEeKM24QLw+PzZhfXnBMH/p4plUOWcG
2ZsAT8iR+zdgM3YQ86v/J7ihRdON/PL4WKwRqgOJNKxjOLjlcigMO9EArTi2UEhP
R70WQIR+SuAIWTg2Pkludl9T2OeIclWnVgWu2+9aQeQGSGNsrNsqYMl2WUhw2HZm
iHMuVtyUybWwJlYtkAFGGGfDclb0kYDSrZNhZh2qa4h6R57mMnd4yjX8O4AES2t6
LA6TwosY570itSqKDzp7bLxTqfRsbTqTt/MZ/J8aiHwOftvw2xutAOiySKrx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org