Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Jf6KrLo3O-OaRYar-dla8wO7P7s.roa
File:                     Jf6KrLo3O-OaRYar-dla8wO7P7s.roa (raw, json)
Hash identifier:          Dsqw0ggoBlcxy2oLnbDPjd6EYVn1rufN+l9nfeDVnIE=
Subject key identifier:   25:FE:8A:AC:BA:37:3B:E3:9A:45:86:AB:F9:D9:5A:F3:03:BB:3F:BB
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       01869DEAE8BC352973D1F5D55579667AC24B
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Jf6KrLo3O-OaRYar-dla8wO7P7s.roa
Signing time:             Wed 01 Mar 2023 16:04:23 +0000
ROA not before:           Wed 01 Mar 2023 16:04:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8100
IP address blocks:        45.149.74.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:9d:ea:e8:bc:35:29:73:d1:f5:d5:55:79:66:7a:c2:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Mar  1 16:04:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=25fe8aacba373be39a4586abf9d95af303bb3fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:70:aa:4f:0f:50:dc:bc:95:d5:06:8c:32:20:
                    33:83:07:f3:9f:fb:70:ea:31:99:65:4e:4e:c6:32:
                    1d:6f:18:12:0f:db:54:9c:1e:5e:81:de:d8:bf:37:
                    e7:37:e9:07:f9:a6:a7:68:17:9a:3a:d1:65:f3:36:
                    a2:91:e1:72:71:e3:54:17:fa:7c:63:8c:8f:68:52:
                    28:5c:ef:f9:f0:c9:0f:ac:ba:5a:54:02:0f:d1:4a:
                    c7:25:39:84:67:c3:61:8e:99:14:19:35:ff:ac:8f:
                    ae:58:e8:e6:d1:00:2d:16:08:6b:ee:24:a2:36:8b:
                    07:48:73:e4:ef:9f:82:89:db:5a:55:c5:f3:e3:95:
                    e7:fe:a0:1d:aa:ff:98:0a:4e:2a:c9:ab:32:56:a6:
                    6d:54:6f:78:bc:f8:89:c2:e2:74:3a:90:ab:22:11:
                    6b:77:5f:f4:c0:6e:70:64:72:fd:24:f7:fc:12:af:
                    59:b8:4d:32:7e:57:33:c2:59:1a:7c:48:7b:76:61:
                    b9:fd:58:07:a1:74:a2:dd:c9:ee:8a:71:48:bb:0c:
                    fe:54:f1:f6:0c:69:17:6b:7e:23:12:de:7c:40:9b:
                    21:7c:46:f7:ea:c3:05:ab:e7:c0:a4:41:17:6a:1b:
                    39:58:02:5c:4c:1d:dc:82:13:56:cd:26:c7:69:f5:
                    b6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:FE:8A:AC:BA:37:3B:E3:9A:45:86:AB:F9:D9:5A:F3:03:BB:3F:BB
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Jf6KrLo3O-OaRYar-dla8wO7P7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:c3:8c:ee:19:e0:36:d5:3e:62:f2:da:cc:44:cb:03:59:e1:
         6e:dc:15:09:e1:cb:1c:2b:59:06:e3:47:59:27:1d:0a:64:cd:
         48:be:0d:ea:38:d5:9d:58:68:ce:c7:35:18:1a:53:60:38:4b:
         ca:5f:31:40:e8:bb:79:25:ff:fb:a4:91:3d:3d:ed:a7:53:d8:
         18:9e:e8:6d:c8:b8:0f:b2:c7:2e:75:dd:81:4c:14:a6:b4:c0:
         d1:f5:97:6f:0b:5c:4f:cf:a7:06:48:ea:09:c1:d4:f7:57:ce:
         c6:a1:dd:5f:04:89:5e:1b:a9:63:6b:62:b1:ac:6d:7e:e9:c1:
         94:88:ce:56:2a:6a:66:fa:2a:1f:3b:c0:67:66:eb:ab:81:43:
         6a:ee:98:2c:73:07:17:56:04:8f:78:4d:3b:0e:87:13:12:1d:
         d0:e2:06:05:73:b4:02:93:62:84:59:64:b7:a4:88:73:c2:aa:
         6a:73:34:76:05:4b:ee:36:d8:e5:52:fa:cb:71:7b:34:16:f3:
         8b:2f:7e:a5:c3:9e:44:ab:ff:d9:cb:57:16:5a:c0:aa:6e:bc:
         6e:bf:17:89:a1:5a:17:52:ac:1d:9e:fe:6a:e2:2a:0f:62:ab:
         0f:e4:74:36:5d:e7:af:45:72:ee:57:97:84:56:7e:4b:a1:8e:
         4a:13:fc:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYad6ui8NSlz0fXVVXlmesJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjMwMzAxMTYwNDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWZlOGFhY2JhMzczYmUzOWE0NTg2YWJmOWQ5NWFmMzAzYmIzZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHCqTw9Q3LyV1QaMMiAzgwfzn/tw
6jGZZU5OxjIdbxgSD9tUnB5egd7YvzfnN+kH+aanaBeaOtFl8zaikeFyceNUF/p8
Y4yPaFIoXO/58MkPrLpaVAIP0UrHJTmEZ8NhjpkUGTX/rI+uWOjm0QAtFghr7iSi
NosHSHPk75+CidtaVcXz45Xn/qAdqv+YCk4qyasyVqZtVG94vPiJwuJ0OpCrIhFr
d1/0wG5wZHL9JPf8Eq9ZuE0yflczwlkafEh7dmG5/VgHoXSi3cnuinFIuwz+VPH2
DGkXa34jEt58QJshfEb36sMFq+fApEEXahs5WAJcTB3cghNWzSbHafW2bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX+iqy6NzvjmkWGq/nZWvMDuz+7MB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvSmY2S3JMbzNPLU9hUllhci1kbGE4d083UDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZVKMA0G
CSqGSIb3DQEBCwUAA4IBAQCNw4zuGeA21T5i8trMRMsDWeFu3BUJ4cscK1kG40dZ
Jx0KZM1Ivg3qONWdWGjOxzUYGlNgOEvKXzFA6Lt5Jf/7pJE9Pe2nU9gYnuhtyLgP
sscudd2BTBSmtMDR9ZdvC1xPz6cGSOoJwdT3V87God1fBIleG6lja2KxrG1+6cGU
iM5WKmpm+iofO8BnZuurgUNq7pgscwcXVgSPeE07DocTEh3Q4gYFc7QCk2KEWWS3
pIhzwqpqczR2BUvuNtjlUvrLcXs0FvOLL36lw55Eq//Zy1cWWsCqbrxuvxeJoVoX
Uqwdnv5q4ioPYqsP5HQ2XeevRXLuV5eEVn5LoY5KE/w+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:52 2024 by rpki-client on console-fra.rpki-client.org