Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/z0o45PAaabbkSP8zvskB77dxqdM.roa
File:                     z0o45PAaabbkSP8zvskB77dxqdM.roa (raw, json)
Hash identifier:          IULmKp9kW6Wszo768avPJJfHm2ClysbNOiRJZlNHIkA=
Subject key identifier:   CF:4A:38:E4:F0:1A:69:B6:E4:48:FF:33:BE:C9:01:EF:B7:71:A9:D3
Certificate issuer:       /CN=93a229e266b2558899f3547ee63d84ed6594768b
Certificate serial:       018AFFA11F1F727EA402BF4602B4E9B22DB4
Authority key identifier: 93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/z0o45PAaabbkSP8zvskB77dxqdM.roa
Signing time:             Thu 05 Oct 2023 11:37:43 +0000
ROA not before:           Thu 05 Oct 2023 11:37:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56655
IP address blocks:        195.16.73.0/24 maxlen: 24
                          45.88.201.0/24 maxlen: 24
                          45.88.200.0/24 maxlen: 24
                          185.14.97.0/24 maxlen: 24
                          185.181.60.0/22 maxlen: 24
                          185.125.168.0/22 maxlen: 24
                          198.140.141.0/24 maxlen: 24
                          194.32.107.0/24 maxlen: 24
                          185.243.217.0/24 maxlen: 24
                          185.243.216.0/24 maxlen: 24
                          185.243.218.0/24 maxlen: 24
                          151.216.32.0/21 maxlen: 21
                          2a03:94e1::/32 maxlen: 32
                          2a0a:cd80::/32 maxlen: 32
                          2a03:94e2::/32 maxlen: 32
                          2a03:94e3::/32 maxlen: 32
                          2a03:94e0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ff:a1:1f:1f:72:7e:a4:02:bf:46:02:b4:e9:b2:2d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a229e266b2558899f3547ee63d84ed6594768b
        Validity
            Not Before: Oct  5 11:37:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf4a38e4f01a69b6e448ff33bec901efb771a9d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a2:05:0f:27:50:6e:01:ff:52:70:50:ad:b4:
                    2f:64:27:79:03:93:97:59:44:c2:ff:d2:e7:2b:62:
                    b1:9f:72:1c:e4:05:8c:98:2e:6b:1a:6d:ee:9e:0a:
                    1d:65:37:22:eb:43:13:b8:ca:7f:23:b3:7a:3c:c8:
                    7e:4d:25:5a:5c:4b:f0:e4:f5:1a:d7:f5:d8:a9:7b:
                    b9:d8:22:c1:79:8d:56:2a:2a:72:85:c6:f6:2e:ba:
                    48:53:1d:d9:30:8b:b2:8d:f4:28:76:12:95:4e:31:
                    08:87:c9:a8:2f:54:d3:c8:ba:2f:fa:8b:4e:99:f2:
                    d7:9f:78:3c:60:57:40:4a:50:e5:6b:19:48:ba:c4:
                    ef:9f:c6:8e:44:3c:e7:f9:ae:2d:cb:39:3f:0c:b9:
                    8a:af:e0:b1:83:45:c2:a4:92:af:6a:a2:cc:c5:d3:
                    f4:09:2d:c5:d7:00:3e:f2:6f:09:bc:44:10:ae:12:
                    01:2d:89:f2:7f:37:4f:93:26:32:65:62:96:9b:46:
                    0e:de:f4:42:4f:1c:a8:34:e6:79:22:13:09:66:3e:
                    07:d0:2c:b6:6b:10:16:d9:aa:61:a1:c0:7e:48:b9:
                    86:90:b8:9e:9a:b7:ec:ba:dc:5b:c0:df:9b:80:2e:
                    e1:ba:84:11:42:37:39:ce:f2:34:56:bf:a8:b1:68:
                    ef:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4A:38:E4:F0:1A:69:B6:E4:48:FF:33:BE:C9:01:EF:B7:71:A9:D3
            X509v3 Authority Key Identifier:
                keyid:93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/z0o45PAaabbkSP8zvskB77dxqdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.200.0/23
                  151.216.32.0/21
                  185.14.97.0/24
                  185.125.168.0/22
                  185.181.60.0/22
                  185.243.216.0-185.243.218.255
                  194.32.107.0/24
                  195.16.73.0/24
                  198.140.141.0/24
                IPv6:
                  2a03:94e0::/30
                  2a0a:cd80::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:90:50:d8:02:a4:da:9b:d9:41:82:85:a5:4e:f2:80:b6:3e:
         16:d3:9c:c5:eb:4c:02:7e:1d:fc:3d:d6:9f:fe:82:fc:1c:8a:
         73:e3:f1:bc:df:29:46:d8:b5:00:4f:67:d8:3c:51:c7:e2:c6:
         4e:de:7e:c4:e1:c8:39:f3:2f:c6:5c:be:31:c0:58:14:28:80:
         0e:57:33:ae:9d:77:01:e8:aa:2c:f1:04:d9:1e:4e:f4:4d:14:
         84:37:e7:13:1d:b8:b4:80:9e:e1:19:94:e3:8c:d9:b7:7e:3a:
         09:7c:95:dc:66:75:99:14:2f:07:bb:c5:e3:de:d0:36:fc:08:
         b6:f6:c9:77:34:d0:80:a5:bd:fb:44:fe:79:7b:a3:06:9b:9f:
         c4:93:c6:34:2d:b6:a6:78:19:dc:83:22:e3:07:40:85:99:14:
         5c:af:d8:1c:9b:8c:1d:e8:e5:ac:43:3d:73:d9:e8:bd:d9:86:
         8b:2d:b0:e8:d4:2b:96:48:72:aa:80:b9:18:99:9f:76:c9:60:
         b0:b9:2d:03:86:05:da:8c:50:67:a3:4e:07:72:63:21:bf:a1:
         2f:66:73:2d:57:23:c9:53:c3:0a:ed:f9:bc:53:5a:f4:87:52:
         f0:6b:42:31:34:84:45:90:d8:5e:9b:c4:28:d3:d9:67:74:a5:
         8a:39:6d:be
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYr/oR8fcn6kAr9GArTpsi20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTIyOWUyNjZiMjU1ODg5OWYzNTQ3ZWU2M2Q4NGVkNjU5
NDc2OGIwHhcNMjMxMDA1MTEzNzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRhMzhlNGYwMWE2OWI2ZTQ0OGZmMzNiZWM5MDFlZmI3NzFhOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6IFDydQbgH/UnBQrbQvZCd5A5OX
WUTC/9LnK2Kxn3Ic5AWMmC5rGm3ungodZTci60MTuMp/I7N6PMh+TSVaXEvw5PUa
1/XYqXu52CLBeY1WKipyhcb2LrpIUx3ZMIuyjfQodhKVTjEIh8moL1TTyLov+otO
mfLXn3g8YFdASlDlaxlIusTvn8aORDzn+a4tyzk/DLmKr+Cxg0XCpJKvaqLMxdP0
CS3F1wA+8m8JvEQQrhIBLYnyfzdPkyYyZWKWm0YO3vRCTxyoNOZ5IhMJZj4H0Cy2
axAW2aphocB+SLmGkLiemrfsutxbwN+bgC7huoQRQjc5zvI0Vr+osWjvtwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFM9KOOTwGmm25Ej/M77JAe+3canTMB8GA1UdIwQY
MBaAFJOiKeJmslWImfNUfuY9hO1llHaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYt
NGQ3NzdjYWNkOWE0LzEvejBvNDVQQWFhYmJrU1A4enZza0I3N2R4cWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYtNGQ3NzdjYWNkOWE0
LzEvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQBLVjIAwQD
l9ggAwQAuQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADCIGsDBADDEEkD
BADGjI0wFAQCAAIwDgMFAioDlOADBQAqCs2AMA0GCSqGSIb3DQEBCwUAA4IBAQCK
kFDYAqTam9lBgoWlTvKAtj4W05zF60wCfh38Pdaf/oL8HIpz4/G83ylG2LUAT2fY
PFHH4sZO3n7E4cg58y/GXL4xwFgUKIAOVzOunXcB6Kos8QTZHk70TRSEN+cTHbi0
gJ7hGZTjjNm3fjoJfJXcZnWZFC8Hu8Xj3tA2/Ai29sl3NNCApb37RP55e6MGm5/E
k8Y0LbameBncgyLjB0CFmRRcr9gcm4wd6OWsQz1z2ei92YaLLbDo1CuWSHKqgLkY
mZ92yWCwuS0DhgXajFBno04HcmMhv6EvZnMtVyPJU8MK7fm8U1r0h1Lwa0IxNIRF
kNhem8Qo09lndKWKOW2+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:21 2024 by rpki-client on console-fra.rpki-client.org