Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/aKjOubxNpTLJGDrVi_jGsygTqYA.roa
File:                     aKjOubxNpTLJGDrVi_jGsygTqYA.roa (raw, json)
Hash identifier:          Ro4t6LloOM5gwkPG9uTG4MyyeXHlUnJpRuuDIQ0fQro=
Subject key identifier:   68:A8:CE:B9:BC:4D:A5:32:C9:18:3A:D5:8B:F8:C6:B3:28:13:A9:80
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       19CBABE0
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/aKjOubxNpTLJGDrVi_jGsygTqYA.roa
Signing time:             Sat 01 Jan 2022 15:56:36 +0000
ROA not before:           Sat 01 Jan 2022 15:56:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7922
IP address blocks:        45.89.156.0/22 maxlen: 22
                          45.89.84.0/22 maxlen: 22
                          45.91.112.0/22 maxlen: 22
                          45.90.172.0/22 maxlen: 22
                          45.93.164.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 432778208 (0x19cbabe0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  1 15:56:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=68a8ceb9bc4da532c9183ad58bf8c6b32813a980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b6:ae:32:9d:f2:92:01:32:31:c2:d9:b2:6b:
                    58:b5:f1:66:37:7e:a1:b6:3d:b6:66:8a:9a:51:de:
                    67:c3:01:15:cf:77:9b:d9:7a:45:23:6b:80:ce:26:
                    39:f0:e9:71:0b:85:27:f0:33:83:3e:69:bc:11:c2:
                    0d:74:c0:b0:91:a8:11:75:ed:06:dc:ee:72:60:e9:
                    93:f8:61:30:63:9c:de:83:b3:e8:86:fb:78:7c:e3:
                    56:15:85:f0:1f:78:9f:44:c6:75:4b:76:28:a2:45:
                    7a:31:d2:1a:16:ef:2e:c2:81:fb:6a:78:81:30:e6:
                    06:9e:04:50:b7:a2:1a:56:b4:0d:64:c6:40:7b:e1:
                    fc:ca:aa:a9:aa:f9:a6:31:ab:2c:19:d7:d8:97:7f:
                    ad:26:b7:86:67:03:0a:38:f2:f7:41:44:ec:02:5b:
                    c3:33:3e:51:c3:9e:6c:d9:e4:2e:45:ba:d2:86:4f:
                    4a:1f:33:50:a5:3e:7c:8d:e8:66:95:15:5f:61:d3:
                    a1:9e:14:4e:de:06:95:41:51:cf:da:b9:c9:d9:b1:
                    7f:61:26:5e:51:e0:02:52:fb:3c:77:08:f4:5a:f7:
                    88:ef:cd:e7:2a:6f:f5:61:db:5e:67:0b:12:b8:9e:
                    ac:43:16:00:1a:5c:39:cf:b6:ac:2b:be:99:b0:39:
                    81:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A8:CE:B9:BC:4D:A5:32:C9:18:3A:D5:8B:F8:C6:B3:28:13:A9:80
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/aKjOubxNpTLJGDrVi_jGsygTqYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.84.0/22
                  45.89.156.0/22
                  45.90.172.0/22
                  45.91.112.0/22
                  45.93.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:d0:50:2a:c7:7b:9c:50:a2:d7:7d:27:f9:76:24:ec:2f:d2:
         c8:a6:ce:93:a4:a7:d9:07:fc:65:c9:b3:16:51:75:a7:00:3c:
         d7:42:d1:19:39:b1:43:15:1c:ba:1f:9d:28:cb:f1:db:5b:3b:
         4d:39:4e:ee:9b:73:66:78:dd:d3:e2:79:df:e6:38:55:39:95:
         bf:a7:7d:ae:85:ea:40:d8:07:25:a6:ea:72:b7:0b:47:a3:7c:
         11:77:00:89:20:9c:a7:c7:88:fa:06:af:f3:9e:95:47:c2:50:
         bd:28:40:5c:cd:52:92:49:04:bd:f2:83:ac:70:3d:97:ce:20:
         04:fe:a2:39:ec:7a:56:04:2c:6c:a6:3e:a7:f4:7e:a9:65:ca:
         4f:83:5c:ae:28:bc:c1:bd:9b:a8:3e:e0:35:bd:ff:bb:91:30:
         9f:18:80:da:28:b5:42:c4:73:d5:9b:dc:16:8e:1e:1d:b4:62:
         d7:b3:f3:1a:d3:a5:8e:9e:9b:03:33:bb:11:ed:95:0d:f8:a9:
         36:7b:15:37:d1:a4:06:53:d9:0b:7e:47:2a:6b:21:05:57:19:
         4f:51:c6:33:46:c6:4a:10:92:5f:84:69:88:7b:73:b6:cf:30:
         2e:1f:97:ce:52:87:dc:43:83:25:1a:16:17:17:5f:24:01:b8:
         30:b7:0e:04
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEGcur4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTU1MDA5YzNkZTQyMWNjNGU2N2I5YTlhZTQyM2JiMzVkZTBiOTI2MB4XDTIyMDEw
MTE1NTYzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjhhOGNlYjliYzRk
YTUzMmM5MTgzYWQ1OGJmOGM2YjMyODEzYTk4MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKu2rjKd8pIBMjHC2bJrWLXxZjd+obY9tmaKmlHeZ8MBFc93
m9l6RSNrgM4mOfDpcQuFJ/Azgz5pvBHCDXTAsJGoEXXtBtzucmDpk/hhMGOc3oOz
6Ib7eHzjVhWF8B94n0TGdUt2KKJFejHSGhbvLsKB+2p4gTDmBp4EULeiGla0DWTG
QHvh/Mqqqar5pjGrLBnX2Jd/rSa3hmcDCjjy90FE7AJbwzM+UcOebNnkLkW60oZP
Sh8zUKU+fI3oZpUVX2HToZ4UTt4GlUFRz9q5ydmxf2EmXlHgAlL7PHcI9Fr3iO/N
5ypv9WHbXmcLErierEMWABpcOc+2rCu+mbA5gdECAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRoqM65vE2lMskYOtWL+MazKBOpgDAfBgNVHSMEGDAWgBSxVQCcPeQhzE5n
uamuQjuzXeC5JjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NWVUFuRDNrSWN4T1o3bXBya0k3czEzZ3VTWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTAvZGU5MDJjLTNkMTMtNDdkMS1hNWU2LTczODU2YWY0OWYzZS8x
L2FLak91YnhOcFRMSkdEclZpX2pHc3lnVHFZQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAv
ZGU5MDJjLTNkMTMtNDdkMS1hNWU2LTczODU2YWY0OWYzZS8xL3NWVUFuRDNrSWN4
T1o3bXBya0k3czEzZ3VTWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAi1ZVAMEAi1ZnAMEAi1arAMEAi1b
cAMEAi1dpDANBgkqhkiG9w0BAQsFAAOCAQEATNBQKsd7nFCi130n+XYk7C/SyKbO
k6Sn2Qf8ZcmzFlF1pwA810LRGTmxQxUcuh+dKMvx21s7TTlO7ptzZnjd0+J53+Y4
VTmVv6d9roXqQNgHJabqcrcLR6N8EXcAiSCcp8eI+gav856VR8JQvShAXM1SkkkE
vfKDrHA9l84gBP6iOex6VgQsbKY+p/R+qWXKT4Ncrii8wb2bqD7gNb3/u5EwnxiA
2ii1QsRz1ZvcFo4eHbRi17PzGtOljp6bAzO7Ee2VDfipNnsVN9GkBlPZC35HKmsh
BVcZT1HGM0bGShCSX4RpiHtzts8wLh+XzlKH3EODJRoWFxdfJAG4MLcOBA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:52 2024 by rpki-client on console-fra.rpki-client.org