Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/ONaffGAmDpnxMRw_ljKOPA705os.roa
File:                     ONaffGAmDpnxMRw_ljKOPA705os.roa (raw, json)
Hash identifier:          Q4j5Zf+fIOL2LMVwMISNphaCwqLCcG+peXXKoYr4IQg=
Subject key identifier:   38:D6:9F:7C:60:26:0E:99:F1:31:1C:3F:96:32:8E:3C:0E:F4:E6:8B
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       047B3F2A
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/ONaffGAmDpnxMRw_ljKOPA705os.roa
Signing time:             Tue 29 Mar 2022 11:29:33 +0000
ROA not before:           Tue 29 Mar 2022 11:29:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56694
IP address blocks:        45.146.43.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 75185962 (0x47b3f2a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Mar 29 11:29:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=38d69f7c60260e99f1311c3f96328e3c0ef4e68b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:be:d1:d2:fd:e2:52:c8:0f:de:78:d8:3d:70:
                    00:00:cd:e2:d3:82:a2:8d:83:40:b1:46:24:a8:d4:
                    ea:31:4d:78:66:6b:15:e5:94:91:70:38:d5:9a:0c:
                    03:41:46:40:45:19:1e:60:27:55:c3:4d:32:84:c5:
                    2f:d6:0f:3a:2e:b8:17:f2:fd:66:ca:7d:cb:aa:87:
                    77:5c:da:6d:10:96:39:22:a2:69:c5:e2:db:9c:b1:
                    2f:f1:05:e2:7b:54:b1:4e:c4:01:46:9a:0e:b2:19:
                    cb:10:ad:cd:b7:0a:84:36:7b:53:b6:01:bf:b5:82:
                    f9:13:ad:de:1a:38:ea:2b:f5:b6:fb:2e:6d:84:ed:
                    fc:e0:eb:b4:1c:7e:50:38:28:ce:13:9a:1e:d8:1b:
                    ee:0d:bf:e1:f2:a9:d3:e9:38:43:e5:c8:bc:a1:c1:
                    62:60:fc:bd:1a:03:29:a3:c9:fb:1c:3d:cc:28:e0:
                    1d:26:f8:f2:82:e4:30:1e:66:93:de:b7:60:30:51:
                    c0:a2:79:46:3f:de:84:fc:0b:de:45:bd:bb:37:fd:
                    46:c3:c8:44:35:84:4e:37:e1:a2:aa:a2:e9:5a:5d:
                    cb:30:eb:9e:19:0b:fc:52:1d:89:39:35:75:49:1f:
                    ed:21:4e:a6:94:02:a7:3a:29:37:81:63:be:bd:36:
                    c9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D6:9F:7C:60:26:0E:99:F1:31:1C:3F:96:32:8E:3C:0E:F4:E6:8B
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/ONaffGAmDpnxMRw_ljKOPA705os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:22:3f:26:82:2c:6d:fd:24:56:55:ed:85:76:86:eb:13:27:
         6e:90:2b:73:0e:53:de:7e:a7:6a:62:7e:19:07:86:7e:91:4a:
         9e:6d:7e:3e:db:96:55:33:70:77:90:c6:c4:81:c2:f2:71:24:
         d3:b9:01:a8:0b:ee:82:3e:f9:26:9a:26:64:c8:35:3f:ce:71:
         83:70:fb:c4:6e:9f:d4:19:0b:c7:11:7f:7e:79:ca:71:1c:3f:
         d3:95:99:ff:a1:40:2e:d4:0c:72:d6:29:2a:b0:1a:55:85:1f:
         20:a0:f7:9d:d9:6d:56:e7:4d:eb:7e:a5:78:da:98:02:8f:1f:
         60:c5:da:3d:0f:64:33:52:2e:bb:d3:f9:4a:a8:44:05:0d:0d:
         d4:60:07:dd:b2:c0:96:4a:31:4c:30:8d:96:5b:f2:6a:3c:22:
         63:f3:9d:7f:5a:64:8f:20:2f:85:30:80:14:5e:d1:74:27:4e:
         1b:60:e6:d7:b6:6c:f4:82:12:c1:a1:38:fb:a3:3d:41:cc:65:
         e4:a1:4f:12:fe:aa:a2:22:38:f9:7d:0e:8d:e9:14:80:13:aa:
         f8:b7:80:3e:4d:68:9f:a8:f5:6c:91:13:3f:d3:ce:ea:de:e3:
         98:87:1b:34:59:2d:b1:7e:ff:f5:1b:9c:1d:c3:55:8e:f6:c8:
         e4:bc:f8:98
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBHs/KjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGEzOTQxYzI3Y2ZlNWMyMzRjNGJmMjIxZWNiMmE1NzliMmRlYWFiMB4XDTIyMDMy
OTExMjkzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzhkNjlmN2M2MDI2
MGU5OWYxMzExYzNmOTYzMjhlM2MwZWY0ZTY4YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL++0dL94lLID9542D1wAADN4tOCoo2DQLFGJKjU6jFNeGZr
FeWUkXA41ZoMA0FGQEUZHmAnVcNNMoTFL9YPOi64F/L9Zsp9y6qHd1zabRCWOSKi
acXi25yxL/EF4ntUsU7EAUaaDrIZyxCtzbcKhDZ7U7YBv7WC+ROt3ho46iv1tvsu
bYTt/ODrtBx+UDgozhOaHtgb7g2/4fKp0+k4Q+XIvKHBYmD8vRoDKaPJ+xw9zCjg
HSb48oLkMB5mk963YDBRwKJ5Rj/ehPwL3kW9uzf9RsPIRDWETjfhoqqi6VpdyzDr
nhkL/FIdiTk1dUkf7SFOppQCpzopN4Fjvr02yesCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ41p98YCYOmfExHD+WMo48DvTmizAfBgNVHSMEGDAWgBRdo5QcJ8/lwjTE
vyIeyypXmy3qqzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hhT1VIQ2ZQNWNJMHhMOGlIc3NxVjVzdDZxcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvMzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8x
L09OYWZmR0FtRHBueE1Sd19saktPUEE3MDVvcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
MzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8xL1hhT1VIQ2ZQNWNJ
MHhMOGlIc3NxVjVzdDZxcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2SKzANBgkqhkiG9w0BAQsFAAOC
AQEAqiI/JoIsbf0kVlXthXaG6xMnbpArcw5T3n6namJ+GQeGfpFKnm1+PtuWVTNw
d5DGxIHC8nEk07kBqAvugj75JpomZMg1P85xg3D7xG6f1BkLxxF/fnnKcRw/05WZ
/6FALtQMctYpKrAaVYUfIKD3ndltVudN636leNqYAo8fYMXaPQ9kM1Iuu9P5SqhE
BQ0N1GAH3bLAlkoxTDCNllvyajwiY/Odf1pkjyAvhTCAFF7RdCdOG2Dm17Zs9IIS
waE4+6M9Qcxl5KFPEv6qoiI4+X0OjekUgBOq+LeAPk1on6j1bJETP9PO6t7jmIcb
NFktsX7/9RucHcNVjvbI5Lz4mA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org