Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/vzkoQbdIGvTNuxs2hBTbFizer1E.roa
File:                     vzkoQbdIGvTNuxs2hBTbFizer1E.roa (raw, json)
Hash identifier:          CDMl65UXlp2i4Uy1RVYqL++PfVFlA5o8wVmP3AXzkV4=
Subject key identifier:   BF:39:28:41:B7:48:1A:F4:CD:BB:1B:36:84:14:DB:16:2C:DE:AF:51
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018CC86FBEF8AD71F87799725EF9668F73C1
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/vzkoQbdIGvTNuxs2hBTbFizer1E.roa
Signing time:             Tue 02 Jan 2024 04:30:15 +0000
ROA not before:           Tue 02 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        45.132.131.0/24 maxlen: 24
                          45.132.130.0/24 maxlen: 24
                          2a0e:4bc6::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:be:f8:ad:71:f8:77:99:72:5e:f9:66:8f:73:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf392841b7481af4cdbb1b368414db162cdeaf51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7c:9c:a9:3f:78:ee:92:d8:5d:d1:64:e2:3b:
                    a6:d4:2b:05:5b:b4:e7:4d:eb:76:30:a7:4d:24:d1:
                    dc:0a:88:6f:d0:e9:61:a4:c8:b8:c6:9e:e7:bd:6a:
                    dc:65:12:5f:6b:f9:5b:5d:9e:fa:e3:6f:8a:3b:2d:
                    c0:ff:0b:57:be:d4:8c:f5:d4:41:f0:88:19:64:81:
                    68:4e:cf:ac:0f:b8:c4:a5:27:aa:6f:95:90:e9:e2:
                    75:60:60:bd:c2:31:30:a5:28:c8:f2:22:0a:8d:a9:
                    25:54:e3:aa:0b:b0:52:17:6a:42:d6:01:65:b3:d5:
                    cc:97:10:8e:3c:5a:b7:7c:c8:da:3e:e8:87:b8:6b:
                    a6:05:83:92:8e:81:38:e0:e5:00:6d:03:68:79:01:
                    35:36:b4:e3:94:4c:4f:d2:c8:ac:9c:f8:3c:36:02:
                    33:41:0c:06:5a:54:ea:96:75:59:d8:2b:ca:5a:bb:
                    78:7a:52:f4:77:a5:fd:66:d6:01:14:0a:3b:a0:63:
                    b5:ed:e8:82:46:18:0e:be:00:1e:f8:87:6b:ae:78:
                    a0:8f:d4:43:b1:1b:e7:5d:55:5b:fe:fd:4b:1c:fe:
                    22:c6:ba:7c:cf:74:85:16:29:7e:7e:bf:f6:31:44:
                    7c:e7:32:82:e0:82:3b:ba:60:e4:05:e6:19:15:95:
                    63:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:39:28:41:B7:48:1A:F4:CD:BB:1B:36:84:14:DB:16:2C:DE:AF:51
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/vzkoQbdIGvTNuxs2hBTbFizer1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.130.0/23
                IPv6:
                  2a0e:4bc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:6c:14:f0:b6:f7:f1:67:5b:06:5f:23:41:41:29:f5:7e:13:
         d9:c8:5d:a2:d2:15:d5:88:b0:02:f4:c6:2d:7b:d0:40:cf:f6:
         ff:60:08:5e:a2:7e:73:8d:a2:14:8e:a7:ed:84:c6:c9:e4:53:
         3b:c0:12:63:8d:b8:20:a2:69:fb:20:ae:8c:df:cc:6b:39:d8:
         23:16:8e:b3:54:0f:10:8a:64:82:7e:fd:34:40:a1:43:42:bc:
         a1:ab:ed:1e:15:50:01:fd:4a:96:21:d6:9c:6e:6d:df:dc:b9:
         f0:ac:67:3b:f6:bc:db:df:df:34:7f:a5:91:12:39:ca:0f:55:
         2a:0b:66:8f:ec:65:9d:e0:6d:d1:b2:78:35:f2:7f:40:f9:76:
         d7:27:a1:a4:64:47:59:ea:cd:41:00:07:b9:d0:b2:a5:2b:34:
         94:58:90:ec:0d:f4:00:71:90:63:ef:fd:a6:34:17:9d:ce:a4:
         3b:77:61:27:7f:a5:f7:12:6a:7c:21:4c:c3:d9:11:d8:a7:9e:
         92:14:32:ed:83:75:99:5e:3e:79:2f:b7:a0:df:0c:7c:3b:a4:
         7d:58:7e:ae:e6:5e:a3:92:b2:cc:6e:f8:b7:4b:3e:37:85:e0:
         81:ed:02:27:21:14:6d:70:1f:40:23:65:b7:e5:de:36:0b:0f:
         6d:aa:fe:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb774rXH4d5lyXvlmj3PBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMTAyMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjM5Mjg0MWI3NDgxYWY0Y2RiYjFiMzY4NDE0ZGIxNjJjZGVhZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHycqT947pLYXdFk4jum1CsFW7Tn
Tet2MKdNJNHcCohv0OlhpMi4xp7nvWrcZRJfa/lbXZ7642+KOy3A/wtXvtSM9dRB
8IgZZIFoTs+sD7jEpSeqb5WQ6eJ1YGC9wjEwpSjI8iIKjaklVOOqC7BSF2pC1gFl
s9XMlxCOPFq3fMjaPuiHuGumBYOSjoE44OUAbQNoeQE1NrTjlExP0sisnPg8NgIz
QQwGWlTqlnVZ2CvKWrt4elL0d6X9ZtYBFAo7oGO17eiCRhgOvgAe+Idrrnigj9RD
sRvnXVVb/v1LHP4ixrp8z3SFFil+fr/2MUR85zKC4II7umDkBeYZFZVj4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL85KEG3SBr0zbsbNoQU2xYs3q9RMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvdnprb1FiZElHdlROdXhzMmhCVGJGaXplcjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLYSCMA0E
AgACMAcDBQAqDkvGMA0GCSqGSIb3DQEBCwUAA4IBAQA2bBTwtvfxZ1sGXyNBQSn1
fhPZyF2i0hXViLAC9MYte9BAz/b/YAheon5zjaIUjqfthMbJ5FM7wBJjjbggomn7
IK6M38xrOdgjFo6zVA8QimSCfv00QKFDQryhq+0eFVAB/UqWIdacbm3f3LnwrGc7
9rzb3980f6WREjnKD1UqC2aP7GWd4G3Rsng18n9A+XbXJ6GkZEdZ6s1BAAe50LKl
KzSUWJDsDfQAcZBj7/2mNBedzqQ7d2Enf6X3Emp8IUzD2RHYp56SFDLtg3WZXj55
L7eg3wx8O6R9WH6u5l6jkrLMbvi3Sz43heCB7QInIRRtcB9AI2W35d42Cw9tqv7U
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org