Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/VahxWntNTIqcBUN3qkXDrjYRHSI.roa
File:                     VahxWntNTIqcBUN3qkXDrjYRHSI.roa (raw, json)
Hash identifier:          zyNT6Uum33ZloiIreYW+eyK4zrMLsWwotKa+Xufa2ko=
Subject key identifier:   55:A8:71:5A:7B:4D:4C:8A:9C:05:43:77:AA:45:C3:AE:36:11:1D:22
Certificate issuer:       /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial:       091F1523
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/VahxWntNTIqcBUN3qkXDrjYRHSI.roa
Signing time:             Tue 22 Mar 2022 12:51:36 +0000
ROA not before:           Tue 22 Mar 2022 12:51:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212657
IP address blocks:        45.131.33.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 153031971 (0x91f1523)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
        Validity
            Not Before: Mar 22 12:51:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=55a8715a7b4d4c8a9c054377aa45c3ae36111d22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:be:b6:6d:29:4f:e2:ff:88:36:9c:05:b4:b1:
                    6d:10:8b:23:54:6b:4f:de:60:0b:42:af:ff:70:fc:
                    14:2f:4a:1d:e3:e1:78:5d:35:99:fa:36:f2:bb:e8:
                    f5:8f:f6:fe:72:1d:1b:e2:db:3f:71:68:23:13:2f:
                    0c:a2:d9:d6:4a:df:93:81:9e:35:48:e4:d1:b7:a6:
                    e8:eb:29:94:d8:bb:7d:70:89:ce:0f:18:74:be:d0:
                    44:13:47:b7:27:cf:46:61:3f:01:c7:7f:c8:f4:27:
                    57:9d:5e:56:cf:4e:75:05:ad:00:ce:f4:74:18:22:
                    9e:28:30:ad:1f:82:ce:f8:f5:ea:d4:95:f9:9e:06:
                    48:ff:d9:73:11:6f:e1:cb:b6:e7:95:02:4d:71:16:
                    35:e1:6d:b5:79:9c:d8:7a:cf:fd:f8:94:ec:0e:f8:
                    e0:d8:d2:cc:80:9d:97:5a:e6:88:71:57:5b:a5:fc:
                    e1:c7:fa:fe:05:8a:42:05:4c:cc:db:89:89:85:a3:
                    79:74:c4:79:4e:3c:d0:70:87:49:de:91:0b:a6:02:
                    ef:92:a8:87:f5:6f:68:81:e0:69:93:1d:e0:13:6e:
                    22:27:d3:57:ac:e3:35:2f:4b:77:96:be:c3:d8:eb:
                    48:c7:99:3c:e3:97:81:e1:33:83:2f:d9:55:fd:6f:
                    dc:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A8:71:5A:7B:4D:4C:8A:9C:05:43:77:AA:45:C3:AE:36:11:1D:22
            X509v3 Authority Key Identifier:
                keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/VahxWntNTIqcBUN3qkXDrjYRHSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:09:9f:cb:a2:22:10:28:ee:15:b3:d1:60:c6:87:ab:58:b0:
         0e:2c:9f:63:d4:36:9e:1f:5c:90:56:8c:09:36:49:9e:01:b7:
         8f:50:8b:2c:52:13:d7:ac:ce:57:6a:52:db:43:3a:29:0e:e5:
         24:a6:4e:7f:72:36:26:00:2b:b5:33:1d:29:4d:0d:10:a2:ef:
         5d:64:7e:cd:5d:75:0d:86:67:9e:b7:c6:c6:12:f4:73:31:86:
         0b:2f:17:5d:bc:17:52:1b:2d:af:19:05:e6:0d:54:99:a9:be:
         41:7f:b2:ea:0e:b2:ce:78:6d:a3:93:13:18:cd:dd:84:90:8c:
         8e:44:18:3a:6d:29:bc:df:f4:dc:84:00:c4:e0:79:7d:27:66:
         90:16:ff:b6:f2:03:74:e6:9c:6b:2e:20:b2:a2:75:7f:dc:78:
         51:46:31:bb:57:00:fd:8a:fd:67:7f:38:3a:ac:c9:3b:0e:b1:
         24:1b:58:f8:51:14:d8:24:24:25:c5:ba:6d:ec:20:b1:16:d5:
         d2:f4:ce:3e:b6:b3:ee:bc:0d:d3:58:ad:b9:46:b1:c9:18:fd:
         f3:26:4b:95:30:ff:c5:bf:5a:76:37:d2:8c:bc:88:70:87:79:
         e6:1a:43:9b:4f:9a:f1:ec:1a:b3:76:7b:10:85:7e:0a:ee:85:
         53:a1:22:e2
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECR8VIzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ODExYTJjOWZjOGRlOTY3OWJiMTU4NTgxYjEwY2VhZWU5MWZmNzkxMB4XDTIyMDMy
MjEyNTEzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTVhODcxNWE3YjRk
NGM4YTljMDU0Mzc3YWE0NWMzYWUzNjExMWQyMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPS+tm0pT+L/iDacBbSxbRCLI1RrT95gC0Kv/3D8FC9KHePh
eF01mfo28rvo9Y/2/nIdG+LbP3FoIxMvDKLZ1krfk4GeNUjk0bem6OsplNi7fXCJ
zg8YdL7QRBNHtyfPRmE/Acd/yPQnV51eVs9OdQWtAM70dBginigwrR+Czvj16tSV
+Z4GSP/ZcxFv4cu255UCTXEWNeFttXmc2HrP/fiU7A744NjSzICdl1rmiHFXW6X8
4cf6/gWKQgVMzNuJiYWjeXTEeU480HCHSd6RC6YC75Koh/VvaIHgaZMd4BNuIifT
V6zjNS9Ld5a+w9jrSMeZPOOXgeEzgy/ZVf1v3C0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRVqHFae01MipwFQ3eqRcOuNhEdIjAfBgNVHSMEGDAWgBSoEaLJ/I3pZ5ux
WFgbEM6u6R/3kTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FCR2l5ZnlONldlYnNWaFlHeERPcnVrZjk1RS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODkvMWRlY2IzLTE1OTMtNDVkYi1hZjU2LTBjYzRjMDAwMDg1OC8x
L1ZhaHhXbnROVElxY0JVTjNxa1hEcmpZUkhTSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODkv
MWRlY2IzLTE1OTMtNDVkYi1hZjU2LTBjYzRjMDAwMDg1OC8xL3FCR2l5ZnlONldl
YnNWaFlHeERPcnVrZjk1RS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2DITANBgkqhkiG9w0BAQsFAAOC
AQEAIwmfy6IiECjuFbPRYMaHq1iwDiyfY9Q2nh9ckFaMCTZJngG3j1CLLFIT16zO
V2pS20M6KQ7lJKZOf3I2JgArtTMdKU0NEKLvXWR+zV11DYZnnrfGxhL0czGGCy8X
XbwXUhstrxkF5g1Umam+QX+y6g6yznhto5MTGM3dhJCMjkQYOm0pvN/03IQAxOB5
fSdmkBb/tvIDdOacay4gsqJ1f9x4UUYxu1cA/Yr9Z384OqzJOw6xJBtY+FEU2CQk
JcW6bewgsRbV0vTOPraz7rwN01ituUaxyRj98yZLlTD/xb9adjfSjLyIcId55hpD
m0+a8ewas3Z7EIV+Cu6FU6Ei4g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:59 2024 by rpki-client on console-fra.rpki-client.org