Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/EjS1W0B_D9ge6AK-z7gVvM0Tt2Q.roa
File:                     EjS1W0B_D9ge6AK-z7gVvM0Tt2Q.roa (raw, json)
Hash identifier:          /Eyjpqs2/gD9uTO6zH6ZQPe+rsP/4o0FEbRd/04t+rs=
Subject key identifier:   12:34:B5:5B:40:7F:0F:D8:1E:E8:02:BE:CF:B8:15:BC:CD:13:B7:64
Certificate issuer:       /CN=80ab4c0945b738edda0583a274b63c1b8673a630
Certificate serial:       074F6901
Authority key identifier: 80:AB:4C:09:45:B7:38:ED:DA:05:83:A2:74:B6:3C:1B:86:73:A6:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gKtMCUW3OO3aBYOidLY8G4ZzpjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/EjS1W0B_D9ge6AK-z7gVvM0Tt2Q.roa
Signing time:             Sat 01 Jan 2022 12:07:01 +0000
ROA not before:           Sat 01 Jan 2022 12:07:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208201
IP address blocks:        45.153.120.0/24 maxlen: 24
                          2a0f:af00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122644737 (0x74f6901)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ab4c0945b738edda0583a274b63c1b8673a630
        Validity
            Not Before: Jan  1 12:07:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1234b55b407f0fd81ee802becfb815bccd13b764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d8:93:7a:68:db:66:1a:09:87:c6:f3:b9:0d:
                    8c:78:f2:73:11:0c:5d:ad:e3:40:01:a6:c6:56:de:
                    1b:70:1c:e0:a3:46:9f:46:18:a4:f3:28:de:bd:5f:
                    df:37:6c:4b:3f:37:cb:a6:d5:97:05:8e:0d:7a:37:
                    97:5b:46:8c:1e:70:4e:71:27:5b:c5:39:b2:e2:1e:
                    f7:b8:36:dd:58:76:4f:91:d7:6d:88:6a:b4:58:1e:
                    56:da:8a:81:64:4f:0f:f9:53:e8:2d:31:a5:a7:23:
                    dc:ea:a7:90:53:34:35:e1:af:d7:81:3a:b2:0c:5f:
                    c6:2e:d9:d6:22:54:b2:fe:d7:96:e6:5c:c8:b9:34:
                    05:16:f0:3d:85:cd:37:83:40:ce:71:9c:80:b6:e2:
                    cd:32:b2:b4:16:0b:39:5a:46:d8:3c:5a:99:8c:a2:
                    52:26:c1:56:5b:bb:b9:c3:f7:c1:1d:90:cf:5a:96:
                    95:84:bb:53:fd:68:cf:55:eb:69:9f:22:f3:01:25:
                    c0:ae:fe:2b:7b:05:56:94:16:2e:9f:83:92:5e:fa:
                    f0:f2:40:26:ef:3f:08:55:e8:67:be:c5:da:5f:47:
                    9d:b6:c5:7a:af:e3:97:ad:6c:d2:de:1c:c6:13:bb:
                    b7:4a:eb:c0:ce:2d:2b:8a:bf:ff:de:da:95:a2:71:
                    90:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:34:B5:5B:40:7F:0F:D8:1E:E8:02:BE:CF:B8:15:BC:CD:13:B7:64
            X509v3 Authority Key Identifier:
                keyid:80:AB:4C:09:45:B7:38:ED:DA:05:83:A2:74:B6:3C:1B:86:73:A6:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gKtMCUW3OO3aBYOidLY8G4ZzpjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/EjS1W0B_D9ge6AK-z7gVvM0Tt2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/gKtMCUW3OO3aBYOidLY8G4ZzpjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.120.0/24
                IPv6:
                  2a0f:af00::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:8e:3f:1a:55:e0:19:74:35:0c:fa:a6:fd:b1:4b:a4:d5:61:
         66:a6:09:e8:8f:cf:07:d4:fd:fe:bc:94:a3:65:a3:c7:52:a1:
         0b:a0:95:c1:18:1b:c6:ec:99:ac:7f:12:bc:fa:e4:1f:78:7c:
         f9:71:01:f1:69:de:a1:c9:08:73:56:71:1c:88:17:f5:e9:75:
         b7:2e:b2:fa:63:d4:54:db:78:90:83:ac:a8:6f:a5:46:98:74:
         43:06:06:23:aa:20:f9:f5:fb:16:e1:b2:94:65:26:e7:5f:7a:
         80:f8:aa:be:64:66:71:93:a9:c2:5d:eb:85:e2:e2:6a:1b:5e:
         80:89:fe:b6:c5:5c:4c:5f:f0:fe:51:b0:45:ee:4b:09:f7:61:
         b6:f1:17:94:d0:8b:2a:ad:7d:13:88:5f:90:ad:7c:97:cb:0e:
         2f:23:a8:b8:a5:49:5c:45:8b:9e:fd:d8:52:c1:ad:02:1e:6f:
         5c:ce:d5:bd:6f:df:63:31:76:a7:cb:5a:56:f8:95:c5:ac:83:
         66:b4:f7:f0:79:c3:3d:6e:c6:41:8a:75:5d:05:4e:b0:b5:03:
         da:d1:c6:42:8d:4f:90:d0:3a:fc:30:f0:88:41:48:a1:b9:b2:
         ae:96:89:41:7c:db:96:c9:80:8f:37:a6:47:a7:60:6a:90:c6:
         55:fc:e4:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEB09pATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MGFiNGMwOTQ1YjczOGVkZGEwNTgzYTI3NGI2M2MxYjg2NzNhNjMwMB4XDTIyMDEw
MTEyMDcwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTIzNGI1NWI0MDdm
MGZkODFlZTgwMmJlY2ZiODE1YmNjZDEzYjc2NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIzYk3po22YaCYfG87kNjHjycxEMXa3jQAGmxlbeG3Ac4KNG
n0YYpPMo3r1f3zdsSz83y6bVlwWODXo3l1tGjB5wTnEnW8U5suIe97g23Vh2T5HX
bYhqtFgeVtqKgWRPD/lT6C0xpacj3OqnkFM0NeGv14E6sgxfxi7Z1iJUsv7XluZc
yLk0BRbwPYXNN4NAznGcgLbizTKytBYLOVpG2DxamYyiUibBVlu7ucP3wR2Qz1qW
lYS7U/1oz1XraZ8i8wElwK7+K3sFVpQWLp+Dkl768PJAJu8/CFXoZ77F2l9HnbbF
eq/jl61s0t4cxhO7t0rrwM4tK4q//97alaJxkAkCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQSNLVbQH8P2B7oAr7PuBW8zRO3ZDAfBgNVHSMEGDAWgBSAq0wJRbc47doF
g6J0tjwbhnOmMDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dLdE1DVVczT08zYUJZT2lkTFk4RzRaenBqQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODkvZjZmZWU2LWMwYTItNGEwMy1hOTgxLWY1ZmRhMGVhMzAwZC8x
L0VqUzFXMEJfRDlnZTZBSy16N2dWdk0wVHQyUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODkv
ZjZmZWU2LWMwYTItNGEwMy1hOTgxLWY1ZmRhMGVhMzAwZC8xL2dLdE1DVVczT08z
YUJZT2lkTFk4RzRaenBqQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAC2ZeDANBAIAAjAHAwUAKg+vADAN
BgkqhkiG9w0BAQsFAAOCAQEAHo4/GlXgGXQ1DPqm/bFLpNVhZqYJ6I/PB9T9/ryU
o2Wjx1KhC6CVwRgbxuyZrH8SvPrkH3h8+XEB8WneockIc1ZxHIgX9el1ty6y+mPU
VNt4kIOsqG+lRph0QwYGI6og+fX7FuGylGUm5196gPiqvmRmcZOpwl3rheLiahte
gIn+tsVcTF/w/lGwRe5LCfdhtvEXlNCLKq19E4hfkK18l8sOLyOouKVJXEWLnv3Y
UsGtAh5vXM7VvW/fYzF2p8taVviVxayDZrT38HnDPW7GQYp1XQVOsLUD2tHGQo1P
kNA6/DDwiEFIobmyrpaJQXzblsmAjzemR6dgapDGVfzkkA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:05 2024 by rpki-client on console-fra.rpki-client.org