Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/He10C5260D_SFNfcfm6cIaFyISM.roa
File:                     He10C5260D_SFNfcfm6cIaFyISM.roa (raw, json)
Hash identifier:          tf5yO1W+jwE0A0a9If8IprKHCMWg8T7w2q++NWqf6wM=
Subject key identifier:   1D:ED:74:0B:9D:BA:D0:3F:D2:14:D7:DC:7E:6E:9C:21:A1:72:21:23
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       0185A75948A8BD590D015B53C5348CABDC3B
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/He10C5260D_SFNfcfm6cIaFyISM.roa
Signing time:             Thu 12 Jan 2023 18:58:44 +0000
ROA not before:           Thu 12 Jan 2023 18:58:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     40015
IP address blocks:        45.147.254.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a7:59:48:a8:bd:59:0d:01:5b:53:c5:34:8c:ab:dc:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Jan 12 18:58:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ded740b9dbad03fd214d7dc7e6e9c21a1722123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:68:f1:08:18:5a:a8:02:9b:63:b8:35:c7:80:
                    2e:b0:51:a2:67:10:04:d3:9b:07:fb:48:c4:13:79:
                    8a:f1:dc:ef:0f:b9:68:7c:1b:f0:71:16:bb:2e:a0:
                    36:23:7b:3c:d2:9a:85:67:40:78:62:cf:11:80:a5:
                    b1:d1:dd:d1:92:d4:7b:1d:6a:41:7d:f2:91:eb:47:
                    8e:8f:63:bd:f4:be:91:4a:a8:51:61:86:b2:6f:76:
                    76:51:69:dc:76:ff:93:55:b7:03:39:2b:83:f0:9b:
                    ec:23:a2:9c:f6:91:db:41:a0:00:38:52:d8:4f:2b:
                    7e:c8:9a:b0:2e:7d:83:60:af:5e:5a:c8:43:4c:1e:
                    05:25:2f:f9:b5:a7:7a:97:0d:88:35:8e:41:16:6b:
                    1c:2e:4f:fa:07:0b:f6:7b:36:77:32:e6:8e:7f:13:
                    fd:39:2f:da:dd:5b:9f:ad:f8:8b:de:5f:bf:09:ef:
                    6d:c6:fe:97:a5:c4:73:40:f2:46:55:a2:0f:ce:3c:
                    b8:d2:3a:1e:eb:75:88:af:08:bd:f5:a4:2c:a3:ec:
                    b0:3e:c4:a1:a5:6b:0d:17:2a:d1:4b:40:18:83:3a:
                    20:2f:d5:be:94:66:14:3e:63:71:46:ae:69:04:29:
                    48:be:83:1e:d9:d0:77:60:32:1c:b7:f0:9d:2e:88:
                    34:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:ED:74:0B:9D:BA:D0:3F:D2:14:D7:DC:7E:6E:9C:21:A1:72:21:23
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/He10C5260D_SFNfcfm6cIaFyISM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:36:af:db:44:e1:a9:25:8e:4c:d0:44:51:3c:d3:5f:6a:d5:
         63:7c:67:2c:ed:dc:8b:8a:0c:9e:aa:81:34:7a:69:f5:f2:9d:
         99:ff:cf:de:f1:fa:62:aa:6d:52:cb:ac:1b:73:8a:21:82:c6:
         88:9c:b8:2b:57:1b:49:05:97:12:38:4d:83:20:44:9d:3f:e4:
         46:21:7f:a5:39:4d:98:d2:b6:cc:69:2d:6a:14:ab:a6:e7:6b:
         00:43:9c:91:51:77:35:e7:17:10:2e:e5:58:f2:a8:3c:28:39:
         e3:9b:18:70:92:a8:f1:38:dd:f4:78:d6:21:f4:d4:75:d5:1b:
         ae:0b:8f:b6:07:3f:c0:5f:13:09:6d:09:f6:df:16:f0:16:5f:
         71:2f:cf:29:88:c4:0b:52:d6:c1:d0:a0:64:a3:2a:91:81:39:
         8c:d4:e8:73:32:f8:56:09:7c:a3:cd:30:f0:1b:be:fb:0b:4e:
         42:8d:a2:02:d9:0e:86:4a:1d:4a:15:9f:56:34:4b:f7:81:89:
         72:2e:c0:fe:0d:3e:e4:63:63:30:aa:9e:0e:8e:3e:e4:09:15:
         56:9f:e3:ec:a8:fb:97:b6:5d:62:c3:37:2f:3f:f9:37:ca:79:
         7d:19:a1:bd:55:91:c1:7e:64:9b:06:23:eb:b3:8e:db:7b:94:
         a8:7e:ea:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWnWUiovVkNAVtTxTSMq9w7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjMwMTEyMTg1ODQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGVkNzQwYjlkYmFkMDNmZDIxNGQ3ZGM3ZTZlOWMyMWExNzIyMTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGjxCBhaqAKbY7g1x4AusFGiZxAE
05sH+0jEE3mK8dzvD7lofBvwcRa7LqA2I3s80pqFZ0B4Ys8RgKWx0d3RktR7HWpB
ffKR60eOj2O99L6RSqhRYYayb3Z2UWncdv+TVbcDOSuD8JvsI6Kc9pHbQaAAOFLY
Tyt+yJqwLn2DYK9eWshDTB4FJS/5tad6lw2INY5BFmscLk/6Bwv2ezZ3MuaOfxP9
OS/a3VufrfiL3l+/Ce9txv6XpcRzQPJGVaIPzjy40joe63WIrwi99aQso+ywPsSh
pWsNFyrRS0AYgzogL9W+lGYUPmNxRq5pBClIvoMe2dB3YDIct/CdLog0rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3tdAudutA/0hTX3H5unCGhciEjMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvSGUxMEM1MjYwRF9TRk5mY2ZtNmNJYUZ5SVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZP+MA0G
CSqGSIb3DQEBCwUAA4IBAQAMNq/bROGpJY5M0ERRPNNfatVjfGcs7dyLigyeqoE0
emn18p2Z/8/e8fpiqm1Sy6wbc4ohgsaInLgrVxtJBZcSOE2DIESdP+RGIX+lOU2Y
0rbMaS1qFKum52sAQ5yRUXc15xcQLuVY8qg8KDnjmxhwkqjxON30eNYh9NR11Ruu
C4+2Bz/AXxMJbQn23xbwFl9xL88piMQLUtbB0KBkoyqRgTmM1OhzMvhWCXyjzTDw
G777C05CjaIC2Q6GSh1KFZ9WNEv3gYlyLsD+DT7kY2Mwqp4Ojj7kCRVWn+PsqPuX
tl1iwzcvP/k3ynl9GaG9VZHBfmSbBiPrs47be5SofuqS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:48 2024 by rpki-client on console-fra.rpki-client.org