Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9XL3dFcncdTVunXQYu7X25f9fpY.roa
File:                     9XL3dFcncdTVunXQYu7X25f9fpY.roa (raw, json)
Hash identifier:          uoINFd7ZeVEqbiBuW2nOwB387pah9uWGIJOb1dnrbNE=
Subject key identifier:   F5:72:F7:74:57:27:71:D4:D5:BA:75:D0:62:EE:D7:DB:97:FD:7E:96
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801E11FA42CE0D7ED48A257A3BEECD3
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9XL3dFcncdTVunXQYu7X25f9fpY.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210937
IP address blocks:        45.143.0.0/22 maxlen: 24
                          45.153.244.0/22 maxlen: 24
                          2a09:4::/48 maxlen: 48
                          2a09:2::/48 maxlen: 48
                          2a09:3::/48 maxlen: 48
                          2a09:5::/48 maxlen: 48
                          2a09:1::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e1:1f:a4:2c:e0:d7:ed:48:a2:57:a3:be:ec:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f572f774572771d4d5ba75d062eed7db97fd7e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:77:1a:b6:64:66:e8:c2:b4:39:ec:b7:2e:15:
                    bc:33:d2:7f:a9:d2:62:c8:c3:b4:ac:38:d0:08:ae:
                    1f:bf:ba:ab:9f:8f:7c:c8:4f:a5:1d:9d:0a:8f:60:
                    48:a4:32:a8:d2:26:6d:39:49:0d:22:0e:8e:be:31:
                    fd:d4:93:db:2b:fb:12:56:1a:1d:d2:07:78:d2:f0:
                    1f:eb:60:7b:17:21:76:43:2d:0d:aa:60:50:72:d7:
                    e2:eb:b3:1b:b3:7f:46:b7:cf:db:78:43:44:ce:32:
                    ab:8c:e7:84:7b:e7:42:a7:c3:d3:9a:ed:2c:70:1a:
                    be:77:bc:10:27:de:75:63:70:01:b8:b1:62:81:d9:
                    58:de:6f:22:83:4a:5c:31:fd:e7:d0:55:6f:86:78:
                    a1:81:2a:d8:18:4c:fb:86:1d:18:b0:be:00:e6:a5:
                    b4:8c:3f:60:25:aa:d3:a6:33:82:3e:b4:e0:bd:1e:
                    2f:9e:18:91:e4:7e:aa:cb:e1:41:1b:93:b3:38:6d:
                    53:ba:55:27:d5:d8:0b:80:64:2c:38:f0:83:dc:1a:
                    26:cf:aa:7b:88:32:56:a5:92:1a:1b:a9:c3:ed:b5:
                    44:43:02:06:69:44:26:6f:08:ac:52:ce:09:39:b8:
                    cf:f1:2c:75:f4:ef:54:91:46:52:9c:e7:c3:81:4b:
                    3d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:72:F7:74:57:27:71:D4:D5:BA:75:D0:62:EE:D7:DB:97:FD:7E:96
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9XL3dFcncdTVunXQYu7X25f9fpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.0.0/22
                  45.153.244.0/22
                IPv6:
                  2a09:1::/48
                  2a09:2::/48
                  2a09:3::/48
                  2a09:4::/48
                  2a09:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:0d:13:7f:68:9b:4a:47:b1:35:d3:a5:9f:33:e4:26:cc:a4:
         a9:b3:c1:ce:1e:60:41:6f:e8:dd:e2:94:f0:a4:a9:19:be:6e:
         ee:fb:6e:a7:33:c2:49:4e:c7:0c:a0:60:3e:50:59:44:79:55:
         93:6d:82:19:09:bf:87:92:85:c8:44:86:0f:01:16:17:f7:d0:
         41:d6:a1:72:7b:72:35:2c:43:b8:5f:10:44:ff:6a:00:3f:e8:
         de:b0:d4:3c:15:61:15:c8:4e:92:dd:8d:9a:7b:17:23:6b:c9:
         d8:6c:6e:05:ce:7d:77:0c:2d:85:7a:b0:17:30:b3:7f:05:aa:
         5a:dc:d5:85:8a:96:10:77:60:62:aa:f8:a9:43:80:8c:6e:29:
         f5:66:6d:4f:55:22:44:34:1f:58:d9:f7:c1:79:c1:0a:64:85:
         c2:91:fb:90:65:8b:1a:69:67:45:d4:1c:87:d3:42:88:06:03:
         49:6d:40:10:60:b3:c3:c9:ab:02:36:86:52:5f:d1:10:ce:6f:
         d6:ea:71:c7:32:77:87:65:5a:37:92:61:f4:91:50:ca:10:7f:
         f9:f8:56:b0:95:da:12:39:9e:b3:b7:f2:ef:af:1b:6c:12:ca:
         fc:19:0b:55:3a:34:20:07:27:f8:45:81:b3:54:79:7e:dd:53:
         59:0c:4b:49
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYzIAeEfpCzg1+1IolejvuzTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTcyZjc3NDU3Mjc3MWQ0ZDViYTc1ZDA2MmVlZDdkYjk3ZmQ3ZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXcatmRm6MK0Oey3LhW8M9J/qdJi
yMO0rDjQCK4fv7qrn498yE+lHZ0Kj2BIpDKo0iZtOUkNIg6OvjH91JPbK/sSVhod
0gd40vAf62B7FyF2Qy0NqmBQctfi67Mbs39Gt8/beENEzjKrjOeEe+dCp8PTmu0s
cBq+d7wQJ951Y3ABuLFigdlY3m8ig0pcMf3n0FVvhnihgSrYGEz7hh0YsL4A5qW0
jD9gJarTpjOCPrTgvR4vnhiR5H6qy+FBG5OzOG1TulUn1dgLgGQsOPCD3Bomz6p7
iDJWpZIaG6nD7bVEQwIGaUQmbwisUs4JObjP8Sx19O9UkUZSnOfDgUs9pQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFPVy93RXJ3HU1bp10GLu19uX/X6WMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvOVhMM2RGY25jZFRWdW5YUVl1N1gyNWY5ZnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTASBAIAATAMAwQCLY8AAwQC
LZn0MDMEAgACMC0DBwAqCQABAAADBwAqCQACAAADBwAqCQADAAADBwAqCQAEAAAD
BwAqCQAFAAAwDQYJKoZIhvcNAQELBQADggEBAD8NE39om0pHsTXTpZ8z5CbMpKmz
wc4eYEFv6N3ilPCkqRm+bu77bqczwklOxwygYD5QWUR5VZNtghkJv4eShchEhg8B
Fhf30EHWoXJ7cjUsQ7hfEET/agA/6N6w1DwVYRXITpLdjZp7FyNrydhsbgXOfXcM
LYV6sBcws38Fqlrc1YWKlhB3YGKq+KlDgIxuKfVmbU9VIkQ0H1jZ98F5wQpkhcKR
+5BlixppZ0XUHIfTQogGA0ltQBBgs8PJqwI2hlJf0RDOb9bqcccyd4dlWjeSYfSR
UMoQf/n4VrCV2hI5nrO38u+vG2wSyvwZC1U6NCAHJ/hFgbNUeX7dU1kMS0k=
-----END CERTIFICATE-----
Generated at Tue Jul 2 14:42:04 2024 by rpki-client on console-ams.rpki-client.org