Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/rjdOrAdoeY8ZXeECucrm_yUEqtE.roa
File:                     rjdOrAdoeY8ZXeECucrm_yUEqtE.roa (raw, json)
Hash identifier:          Vz2491T5hbyWXglDTdQZTlpDYnB8ckvYYQJgv/u/LRU=
Subject key identifier:   AE:37:4E:AC:07:68:79:8F:19:5D:E1:02:B9:CA:E6:FF:25:04:AA:D1
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       0183658A56A42A560F7A27F6A050175D1F83
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/rjdOrAdoeY8ZXeECucrm_yUEqtE.roa
Signing time:             Thu 22 Sep 2022 14:11:48 +0000
ROA not before:           Thu 22 Sep 2022 14:11:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203020
IP address blocks:        45.134.76.0/22 maxlen: 32
                          170.245.40.0/22 maxlen: 32
                          188.68.0.0/22 maxlen: 32
                          168.205.72.0/22 maxlen: 32
                          95.181.216.0/22 maxlen: 32
                          193.19.204.0/24 maxlen: 24
                          193.19.205.0/24 maxlen: 32
                          193.19.206.0/24 maxlen: 32
                          193.19.207.0/24 maxlen: 32
                          63.141.36.0/23 maxlen: 32
                          45.66.48.0/22 maxlen: 32
                          45.131.224.0/22 maxlen: 32
                          63.141.34.0/23 maxlen: 32
                          45.145.104.0/22 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:65:8a:56:a4:2a:56:0f:7a:27:f6:a0:50:17:5d:1f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Sep 22 14:11:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ae374eac0768798f195de102b9cae6ff2504aad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:99:d2:46:6f:f6:6f:38:d9:f3:ef:f3:9a:a7:
                    96:6c:54:54:d6:2c:a2:ab:56:ce:aa:39:df:2d:e6:
                    8f:19:80:4c:ad:bc:46:10:4c:24:34:02:df:d9:54:
                    7e:ba:a7:8c:74:25:f8:07:a5:3d:10:bd:11:65:77:
                    a9:3b:85:47:f5:ad:d7:19:87:c9:52:95:16:7c:29:
                    2b:6d:a0:76:02:3f:76:e4:3d:bb:d5:96:99:a7:64:
                    0b:14:ab:22:20:d9:26:dd:08:bd:d1:e7:81:c8:f7:
                    08:c2:75:1e:93:f7:bd:49:62:61:1d:3a:0b:76:49:
                    99:d7:65:05:2e:86:81:a2:de:0f:6e:c4:74:42:7c:
                    a2:02:aa:4e:ed:e8:53:18:43:d4:b8:56:aa:86:e6:
                    ae:4d:ad:40:9f:f8:8b:78:22:65:bc:0c:02:ab:d0:
                    42:0e:82:a0:48:83:70:ee:bd:ac:86:d6:77:fd:70:
                    21:af:f0:9b:3b:2e:78:57:89:cb:41:3e:0f:a4:37:
                    90:81:e9:84:1f:65:0b:5a:2a:3e:46:e9:a4:83:9a:
                    6b:40:6b:69:71:a3:1f:6d:65:77:da:3f:db:42:fa:
                    19:b2:92:b8:46:13:06:16:58:7e:de:fd:90:dd:c6:
                    47:b5:95:dc:22:f5:90:ad:94:e9:eb:f7:4f:b1:fd:
                    05:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:37:4E:AC:07:68:79:8F:19:5D:E1:02:B9:CA:E6:FF:25:04:AA:D1
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/rjdOrAdoeY8ZXeECucrm_yUEqtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.48.0/22
                  45.131.224.0/22
                  45.134.76.0/22
                  45.145.104.0/22
                  63.141.34.0-63.141.37.255
                  95.181.216.0/22
                  168.205.72.0/22
                  170.245.40.0/22
                  188.68.0.0/22
                  193.19.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:9a:d7:7b:63:fd:63:44:8b:b6:27:3a:d8:4f:6d:6b:8c:88:
         b4:0f:d0:72:47:6f:67:aa:73:f3:25:ca:0a:99:02:99:8a:56:
         1f:34:f6:ed:7a:35:01:7d:48:f9:22:a6:b3:e7:f7:62:5c:07:
         90:d2:27:22:6f:f6:29:52:a5:04:65:47:6c:14:a1:1f:ed:b1:
         18:80:47:29:f8:57:69:cf:04:f1:d8:12:43:a6:fc:82:36:09:
         c3:49:46:5b:46:7b:08:32:19:e9:43:ba:79:bf:e4:55:8f:f5:
         f3:24:8d:2a:e0:e2:35:a9:f5:32:f4:08:a1:43:b6:18:db:63:
         df:56:b2:c9:94:40:46:8c:60:13:a8:cc:06:7d:1c:d8:3c:a9:
         46:39:d7:79:25:9b:86:b8:45:1c:e4:7f:76:00:4c:f9:f5:40:
         68:ce:a5:a3:73:57:31:65:35:eb:33:79:f9:45:c9:11:e5:2c:
         41:83:ba:71:52:7a:e1:0e:64:b9:06:a1:52:b6:fa:2f:1f:dc:
         3d:d4:39:86:e5:bb:81:83:14:46:26:e5:10:f5:5c:96:62:c2:
         cc:7c:96:ae:76:a5:b6:fd:12:5f:ce:d0:bd:70:17:b9:dc:d0:
         39:03:88:95:dd:e2:36:dc:db:5f:4b:9f:b3:7d:a7:f1:66:84:
         4c:19:96:b7
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYNlilakKlYPeif2oFAXXR+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjIwOTIyMTQxMTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTM3NGVhYzA3Njg3OThmMTk1ZGUxMDJiOWNhZTZmZjI1MDRhYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJnSRm/2bzjZ8+/zmqeWbFRU1iyi
q1bOqjnfLeaPGYBMrbxGEEwkNALf2VR+uqeMdCX4B6U9EL0RZXepO4VH9a3XGYfJ
UpUWfCkrbaB2Aj925D271ZaZp2QLFKsiINkm3Qi90eeByPcIwnUek/e9SWJhHToL
dkmZ12UFLoaBot4PbsR0QnyiAqpO7ehTGEPUuFaqhuauTa1An/iLeCJlvAwCq9BC
DoKgSINw7r2shtZ3/XAhr/CbOy54V4nLQT4PpDeQgemEH2ULWio+Rumkg5prQGtp
caMfbWV32j/bQvoZspK4RhMGFlh+3v2Q3cZHtZXcIvWQrZTp6/dPsf0FTQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFK43TqwHaHmPGV3hArnK5v8lBKrRMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvcmpkT3JBZG9lWThaWGVFQ3Vjcm1feVVFcXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCLUIwAwQC
LYPgAwQCLYZMAwQCLZFoMAwDBAE/jSIDBAE/jSQDBAJftdgDBAKozUgDBAKq9SgD
BAK8RAADBALBE8wwDQYJKoZIhvcNAQELBQADggEBAHaa13tj/WNEi7YnOthPbWuM
iLQP0HJHb2eqc/MlygqZApmKVh809u16NQF9SPkiprPn92JcB5DSJyJv9ilSpQRl
R2wUoR/tsRiARyn4V2nPBPHYEkOm/II2CcNJRltGewgyGelDunm/5FWP9fMkjSrg
4jWp9TL0CKFDthjbY99WssmUQEaMYBOozAZ9HNg8qUY513klm4a4RRzkf3YATPn1
QGjOpaNzVzFlNeszeflFyRHlLEGDunFSeuEOZLkGoVK2+i8f3D3UOYblu4GDFEYm
5RD1XJZiwsx8lq52pbb9El/O0L1wF7nc0DkDiJXd4jbc219Ln7N9p/FmhEwZlrc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:58 2024 by rpki-client on console-fra.rpki-client.org