Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/oSyfsrTM06jlKseIczrSh1Ky1QY.roa
File:                     oSyfsrTM06jlKseIczrSh1Ky1QY.roa (raw, json)
Hash identifier:          J0urFolHGiIcOYOiyL8xsAQDN7GAELatxqS5kikvxTA=
Subject key identifier:   A1:2C:9F:B2:B4:CC:D3:A8:E5:2A:C7:88:73:3A:D2:87:52:B2:D5:06
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018964895B6F3BE71697A0D6BCC6D985AE4E
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/oSyfsrTM06jlKseIczrSh1Ky1QY.roa
Signing time:             Mon 17 Jul 2023 15:47:50 +0000
ROA not before:           Mon 17 Jul 2023 15:47:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49505
IP address blocks:        45.146.24.0/24 maxlen: 24
                          45.152.116.0/24 maxlen: 24
                          45.152.117.0/24 maxlen: 24
                          45.134.24.0/24 maxlen: 24
                          45.131.47.0/24 maxlen: 24
                          91.236.121.0/24 maxlen: 24
                          45.138.213.0/24 maxlen: 24
                          45.138.214.0/24 maxlen: 24
                          176.222.57.0/24 maxlen: 24
                          176.222.56.0/24 maxlen: 24
                          176.222.59.0/24 maxlen: 24
                          91.206.68.0/24 maxlen: 24
                          45.146.27.0/24 maxlen: 24
                          45.146.25.0/24 maxlen: 24
                          45.147.15.0/24 maxlen: 24
                          45.147.12.0/24 maxlen: 24
                          45.147.13.0/24 maxlen: 24
                          45.147.14.0/24 maxlen: 24
                          45.153.224.0/24 maxlen: 24
                          45.153.225.0/24 maxlen: 24
                          45.153.226.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:64:89:5b:6f:3b:e7:16:97:a0:d6:bc:c6:d9:85:ae:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jul 17 15:47:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a12c9fb2b4ccd3a8e52ac788733ad28752b2d506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:af:1e:e7:5d:14:26:5a:07:99:50:b5:83:45:
                    8c:8d:f0:0d:24:f3:03:d4:4c:82:4b:7d:11:41:32:
                    01:40:57:44:26:b7:2c:9a:f9:94:d4:09:13:b2:9b:
                    a8:4e:a4:b5:81:63:a7:07:82:43:80:9c:3d:b4:74:
                    1a:ab:32:cb:9d:7c:d8:ae:74:17:b8:7b:be:e2:d8:
                    0e:f9:e1:8c:66:53:c9:15:e1:aa:ea:d9:f8:ad:d0:
                    e5:25:85:1d:fb:41:4b:88:42:c2:bf:a6:9e:12:9c:
                    5f:bf:5e:9c:0b:52:ea:ff:9d:31:34:44:64:a9:5f:
                    1d:36:58:10:8e:94:1d:11:54:40:6d:01:9b:20:a1:
                    72:9f:d3:9b:be:33:1a:af:77:bf:32:d0:ef:9a:81:
                    34:c7:fb:34:76:1c:6a:42:70:47:80:38:9f:bf:ac:
                    1f:ff:86:e2:1e:2e:1b:45:58:ac:59:1a:8c:6f:af:
                    10:ef:cc:30:b1:4e:1d:6d:9c:a9:66:b9:d6:10:14:
                    fc:17:3f:69:1e:32:99:5c:a7:3f:e9:5d:bf:a6:c1:
                    eb:48:ab:2e:24:2b:c8:b5:0c:35:1a:b5:85:88:17:
                    ac:9a:90:e6:ea:30:0e:eb:26:2c:b4:0a:e7:a5:78:
                    b0:80:da:06:5b:15:f5:1a:7d:1d:ce:2d:b7:16:62:
                    02:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:2C:9F:B2:B4:CC:D3:A8:E5:2A:C7:88:73:3A:D2:87:52:B2:D5:06
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/oSyfsrTM06jlKseIczrSh1Ky1QY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.47.0/24
                  45.134.24.0/24
                  45.138.213.0-45.138.214.255
                  45.146.24.0/23
                  45.146.27.0/24
                  45.147.12.0/22
                  45.152.116.0/23
                  45.153.224.0-45.153.226.255
                  91.206.68.0/24
                  91.236.121.0/24
                  176.222.56.0/23
                  176.222.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:d5:8a:cb:f5:2b:a1:ed:d4:c4:b3:73:e2:07:72:9e:1b:3d:
         f0:97:9b:a2:36:13:dc:36:94:61:c4:a6:6b:1c:b8:b7:68:63:
         73:82:78:5b:5b:65:56:29:c0:b2:96:d4:f2:a9:c1:64:4c:ed:
         c9:65:9e:c1:56:7a:c2:a2:77:a0:eb:f8:7e:33:3f:53:71:91:
         b2:13:b8:c1:34:cf:95:93:f9:27:34:b3:dd:d5:75:4f:21:41:
         6c:0e:2b:cd:a5:16:da:6c:d1:ad:f1:de:f6:a0:26:c6:f9:36:
         0a:f0:93:70:b3:2c:e7:8a:20:d0:bb:a4:f8:0d:9c:27:06:26:
         42:55:f2:6b:f0:13:99:b6:b4:59:db:02:54:84:e5:68:fd:71:
         3c:f3:fb:57:d7:13:1c:70:98:4b:59:5b:a7:4a:6c:14:06:4b:
         af:5a:68:15:95:fe:c8:7a:a0:56:a7:d3:d0:2b:e9:89:11:76:
         ae:70:48:6f:d1:7c:40:b3:74:42:f8:00:3d:6d:ec:ce:ba:37:
         ca:e1:0b:fb:8b:af:83:7d:51:a8:47:22:94:ef:4f:fd:7a:9b:
         e0:64:e1:36:92:67:a9:71:3c:ce:ef:63:6f:21:ed:59:27:1b:
         09:51:41:52:05:73:4b:f0:68:95:9e:3d:95:96:44:fa:57:a8:
         08:65:0a:19
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYlkiVtvO+cWl6DWvMbZha5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTJjOWZiMmI0Y2NkM2E4ZTUyYWM3ODg3MzNhZDI4NzUyYjJkNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq8e510UJloHmVC1g0WMjfANJPMD
1EyCS30RQTIBQFdEJrcsmvmU1AkTspuoTqS1gWOnB4JDgJw9tHQaqzLLnXzYrnQX
uHu+4tgO+eGMZlPJFeGq6tn4rdDlJYUd+0FLiELCv6aeEpxfv16cC1Lq/50xNERk
qV8dNlgQjpQdEVRAbQGbIKFyn9ObvjMar3e/MtDvmoE0x/s0dhxqQnBHgDifv6wf
/4biHi4bRVisWRqMb68Q78wwsU4dbZypZrnWEBT8Fz9pHjKZXKc/6V2/psHrSKsu
JCvItQw1GrWFiBesmpDm6jAO6yYstArnpXiwgNoGWxX1Gn0dzi23FmICnQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFKEsn7K0zNOo5SrHiHM60odSstUGMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvb1N5ZnNyVE0wNmpsS3NlSWN6clNoMUt5MVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQALYMvAwQA
LYYYMAwDBAAtitUDBAAtitYDBAEtkhgDBAAtkhsDBAItkwwDBAEtmHQwDAMEBS2Z
4AMEAC2Z4gMEAFvORAMEAFvseQMEAbDeOAMEALDeOzANBgkqhkiG9w0BAQsFAAOC
AQEAm9WKy/Uroe3UxLNz4gdynhs98JebojYT3DaUYcSmaxy4t2hjc4J4W1tlVinA
spbU8qnBZEztyWWewVZ6wqJ3oOv4fjM/U3GRshO4wTTPlZP5JzSz3dV1TyFBbA4r
zaUW2mzRrfHe9qAmxvk2CvCTcLMs54og0Luk+A2cJwYmQlXya/ATmba0WdsCVITl
aP1xPPP7V9cTHHCYS1lbp0psFAZLr1poFZX+yHqgVqfT0CvpiRF2rnBIb9F8QLN0
QvgAPW3szro3yuEL+4uvg31RqEcilO9P/Xqb4GThNpJnqXE8zu9jbyHtWScbCVFB
UgVzS/BolZ49lZZE+leoCGUKGQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org