Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/4ovkodtXWnQS9hxP8Pj7TR98yf8.roa
File:                     4ovkodtXWnQS9hxP8Pj7TR98yf8.roa (raw, json)
Hash identifier:          QBxquu/DcxGBI/uRkZsFQkBY7IujcVo5COOxWYtYx88=
Subject key identifier:   E2:8B:E4:A1:DB:57:5A:74:12:F6:1C:4F:F0:F8:FB:4D:1F:7C:C9:FF
Certificate issuer:       /CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Certificate serial:       018211F20599E6DD3CBCC78242933BF5A468
Authority key identifier: 9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/4ovkodtXWnQS9hxP8Pj7TR98yf8.roa
Signing time:             Mon 18 Jul 2022 15:34:09 +0000
ROA not before:           Mon 18 Jul 2022 15:34:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44547
IP address blocks:        45.11.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:11:f2:05:99:e6:dd:3c:bc:c7:82:42:93:3b:f5:a4:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
        Validity
            Not Before: Jul 18 15:34:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e28be4a1db575a7412f61c4ff0f8fb4d1f7cc9ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:84:aa:5e:15:a2:c7:88:1b:f2:79:9b:c2:29:
                    79:5b:60:03:cb:a6:57:5d:37:ce:4d:d5:44:61:bc:
                    d3:c5:20:20:d7:1a:5f:9d:a3:06:fb:e3:f3:e6:98:
                    81:28:e7:58:86:97:ab:72:65:24:3b:50:5b:64:a0:
                    7f:34:d3:b7:b8:b1:1e:81:4f:99:66:37:b8:a6:5c:
                    13:ed:ee:52:96:c2:9d:ce:d9:00:4f:72:c4:13:8b:
                    87:91:74:6d:1a:8d:62:17:17:b0:55:4e:40:71:37:
                    bb:20:64:96:37:99:cb:48:23:60:43:12:db:26:9e:
                    1b:1f:8e:ce:c6:e8:29:2a:67:ef:49:3b:4c:ce:3b:
                    c4:63:ce:e5:52:22:c6:dc:a8:c7:70:e1:f6:7c:41:
                    51:be:af:4c:d5:d8:e4:79:82:56:8c:e7:a1:ff:66:
                    f7:47:93:eb:62:f1:23:bd:1b:76:2d:b6:9e:d7:42:
                    82:bc:0c:29:7f:ec:04:c7:bb:61:da:86:fc:e0:28:
                    1d:02:29:be:06:d8:38:a2:b5:50:e4:2b:6f:ff:a5:
                    60:cd:9a:1b:2c:1a:ff:85:6b:32:44:ff:33:c3:7f:
                    3e:bb:3e:a2:9c:45:b3:62:dd:8d:5a:b0:93:6c:0c:
                    6c:a5:52:10:c2:23:53:1e:f0:21:ef:2e:2f:7c:3a:
                    47:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:8B:E4:A1:DB:57:5A:74:12:F6:1C:4F:F0:F8:FB:4D:1F:7C:C9:FF
            X509v3 Authority Key Identifier:
                keyid:9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/4ovkodtXWnQS9hxP8Pj7TR98yf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:8f:53:8c:7a:72:a8:a9:83:9d:55:cb:60:2f:38:0e:c5:59:
         c9:ca:f9:41:f1:42:7f:5d:52:8d:c2:fe:f6:e6:6c:36:4f:00:
         2d:28:52:9e:5b:d8:cd:3b:e9:c4:3f:50:b0:ca:7a:05:76:0a:
         84:a9:d7:c6:35:38:06:9c:89:d0:4d:b2:57:96:28:ac:89:90:
         c9:88:20:44:a5:0d:cf:e8:80:c3:c8:fd:2b:54:66:a0:d4:db:
         f5:9d:84:77:73:45:a8:8c:fe:e6:a4:ca:36:d2:da:c3:8b:d4:
         b6:55:7b:bf:cf:14:5d:22:9a:7e:7c:84:d1:55:40:1c:f3:1e:
         07:03:65:3f:d4:f1:a6:7c:e0:b0:0a:e8:98:b2:b7:b9:53:47:
         40:14:54:5e:c8:65:c4:e1:bc:eb:9a:bd:5d:c6:d6:c5:14:54:
         6e:e8:81:e5:a9:88:b7:9a:eb:3e:f2:e0:b1:38:88:b9:0d:30:
         e4:66:27:7e:e4:79:ad:6e:1a:33:87:83:ea:21:be:b4:86:f9:
         5f:9d:be:b7:38:a1:e5:94:69:66:49:a5:ae:08:6f:74:45:a2:
         3c:f2:8a:e0:7a:ce:00:c3:e4:92:0e:1f:5d:95:f5:84:78:d9:
         c8:bf:49:fa:79:a8:4b:d7:e1:70:71:08:cb:7b:32:a9:e6:e2:
         49:3b:db:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYIR8gWZ5t08vMeCQpM79aRoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZDA3NTg4MjVkZDg5Y2ZlZTVmZGVjYzdkY2I2NTFmMGE1
ZDEwMTgwHhcNMjIwNzE4MTUzNDA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjhiZTRhMWRiNTc1YTc0MTJmNjFjNGZmMGY4ZmI0ZDFmN2NjOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYSqXhWix4gb8nmbwil5W2ADy6ZX
XTfOTdVEYbzTxSAg1xpfnaMG++Pz5piBKOdYhpercmUkO1BbZKB/NNO3uLEegU+Z
Zje4plwT7e5SlsKdztkAT3LEE4uHkXRtGo1iFxewVU5AcTe7IGSWN5nLSCNgQxLb
Jp4bH47OxugpKmfvSTtMzjvEY87lUiLG3KjHcOH2fEFRvq9M1djkeYJWjOeh/2b3
R5PrYvEjvRt2Lbae10KCvAwpf+wEx7th2ob84CgdAim+Btg4orVQ5Ctv/6VgzZob
LBr/hWsyRP8zw38+uz6inEWzYt2NWrCTbAxspVIQwiNTHvAh7y4vfDpHIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKL5KHbV1p0EvYcT/D4+00ffMn/MB8GA1UdIwQY
MBaAFJzQdYgl3YnP7l/ezH3LZR8KXRAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3Yjkt
YTU0ZjhlNDgxM2U3LzEvNG92a29kdFhXblFTOWh4UDhQajdUUjk4eWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3YjktYTU0ZjhlNDgxM2U3
LzEvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQtjMA0G
CSqGSIb3DQEBCwUAA4IBAQBOj1OMenKoqYOdVctgLzgOxVnJyvlB8UJ/XVKNwv72
5mw2TwAtKFKeW9jNO+nEP1CwynoFdgqEqdfGNTgGnInQTbJXliisiZDJiCBEpQ3P
6IDDyP0rVGag1Nv1nYR3c0WojP7mpMo20trDi9S2VXu/zxRdIpp+fITRVUAc8x4H
A2U/1PGmfOCwCuiYsre5U0dAFFReyGXE4bzrmr1dxtbFFFRu6IHlqYi3mus+8uCx
OIi5DTDkZid+5Hmtbhozh4PqIb60hvlfnb63OKHllGlmSaWuCG90RaI88orges4A
w+SSDh9dlfWEeNnIv0n6eahL1+FwcQjLezKp5uJJO9sd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:09 2024 by rpki-client on console-fra.rpki-client.org