Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/GeooUk5qMR4YMKmNUB6DF_eS_vg.roa
File:                     GeooUk5qMR4YMKmNUB6DF_eS_vg.roa (raw, json)
Hash identifier:          UN/I1ybv9KfqsG2kvZbu38rQv/8G4Qo7fgvpeiVVdQQ=
Subject key identifier:   19:EA:28:52:4E:6A:31:1E:18:30:A9:8D:50:1E:83:17:F7:92:FE:F8
Certificate issuer:       /CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Certificate serial:       0185715538FCDA7C7C9C36F29C45BCABD558
Authority key identifier: 9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/GeooUk5qMR4YMKmNUB6DF_eS_vg.roa
Signing time:             Mon 02 Jan 2023 07:14:48 +0000
ROA not before:           Mon 02 Jan 2023 07:14:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204843
IP address blocks:        45.11.96.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:55:38:fc:da:7c:7c:9c:36:f2:9c:45:bc:ab:d5:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
        Validity
            Not Before: Jan  2 07:14:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=19ea28524e6a311e1830a98d501e8317f792fef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:43:84:90:95:73:5e:66:7e:1b:39:eb:1c:9d:
                    23:f9:ac:3f:52:f4:95:99:fc:45:02:e0:ac:c4:6c:
                    eb:f0:37:c0:e0:19:00:fe:53:70:2e:b1:1c:0c:88:
                    70:a4:92:63:72:3e:71:05:80:94:98:9a:1d:45:01:
                    e6:5e:6f:1c:98:3d:20:81:dc:65:43:bd:af:b6:7f:
                    cf:fa:fd:2a:62:9a:ab:eb:10:e7:cb:58:14:1d:e4:
                    18:e7:f3:c0:2f:7c:ae:8d:d1:2d:95:d7:99:93:15:
                    1d:aa:ec:d7:bd:55:7e:4e:f4:04:11:96:3d:c0:63:
                    5f:5c:75:c1:e1:d4:a3:cd:dc:3d:be:63:64:93:7c:
                    6d:68:be:a8:73:db:8c:5f:2c:00:ae:9d:7f:32:65:
                    6a:93:26:61:57:b2:00:59:40:23:e6:05:2b:a6:dc:
                    61:35:59:29:04:3a:63:15:f7:12:da:90:63:96:a9:
                    b0:d0:c0:5b:a1:e3:d9:7d:fd:6e:ef:f9:70:db:4b:
                    6b:1d:3b:0e:e9:e5:ed:07:4d:80:29:7c:e7:a6:f6:
                    08:53:7e:ea:65:38:55:a0:46:92:21:00:b5:b9:93:
                    ef:d8:ef:b2:cf:46:36:dc:31:56:e4:4f:56:54:e0:
                    0d:ad:50:59:23:38:ed:c5:4e:1b:27:e8:49:9a:c8:
                    6d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:EA:28:52:4E:6A:31:1E:18:30:A9:8D:50:1E:83:17:F7:92:FE:F8
            X509v3 Authority Key Identifier:
                keyid:9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/GeooUk5qMR4YMKmNUB6DF_eS_vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:02:ed:e4:f2:8c:06:48:26:d6:35:66:65:e8:4f:82:c1:5c:
         de:bf:a5:95:c9:00:34:34:91:2c:83:e9:9d:17:e1:0f:ee:9e:
         1b:6f:3b:5a:05:50:ff:82:bc:2e:cf:ad:3b:20:e1:3e:b3:8c:
         f2:69:a7:e6:06:c6:15:fe:7a:d7:1b:75:54:fb:10:6d:26:91:
         0f:1b:27:88:1c:85:77:49:81:36:ac:15:43:46:be:ce:05:e8:
         3b:af:c4:88:ec:1e:49:3e:a0:76:13:aa:c2:ed:be:ce:77:3d:
         73:fc:74:f7:65:95:23:63:7b:3c:64:3c:89:07:6a:4f:98:46:
         bb:60:db:52:89:01:15:30:ac:16:4c:f5:9a:68:07:39:ca:af:
         d3:94:88:fc:7a:b1:99:67:de:ff:e7:b6:20:f1:a1:13:95:8f:
         01:ca:0c:f5:08:2e:07:17:a2:5a:00:bf:6a:d2:80:3a:f1:b0:
         f9:05:d5:e7:64:27:4c:57:3d:36:84:87:da:89:23:0d:ba:2f:
         ef:f8:33:30:30:fa:71:e4:83:cc:d9:5d:be:bd:a9:1e:6f:6a:
         0b:4c:71:b6:a0:94:18:9d:e1:52:cb:c3:65:fa:ae:d3:ca:aa:
         c6:89:78:ab:5b:7c:d4:a7:81:b3:dd:6f:23:d1:14:e9:2c:11:
         88:7a:d6:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxVTj82nx8nDbynEW8q9VYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZDA3NTg4MjVkZDg5Y2ZlZTVmZGVjYzdkY2I2NTFmMGE1
ZDEwMTgwHhcNMjMwMTAyMDcxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWVhMjg1MjRlNmEzMTFlMTgzMGE5OGQ1MDFlODMxN2Y3OTJmZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10OEkJVzXmZ+GznrHJ0j+aw/UvSV
mfxFAuCsxGzr8DfA4BkA/lNwLrEcDIhwpJJjcj5xBYCUmJodRQHmXm8cmD0ggdxl
Q72vtn/P+v0qYpqr6xDny1gUHeQY5/PAL3yujdEtldeZkxUdquzXvVV+TvQEEZY9
wGNfXHXB4dSjzdw9vmNkk3xtaL6oc9uMXywArp1/MmVqkyZhV7IAWUAj5gUrptxh
NVkpBDpjFfcS2pBjlqmw0MBboePZff1u7/lw20trHTsO6eXtB02AKXznpvYIU37q
ZThVoEaSIQC1uZPv2O+yz0Y23DFW5E9WVOANrVBZIzjtxU4bJ+hJmshtKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnqKFJOajEeGDCpjVAegxf3kv74MB8GA1UdIwQY
MBaAFJzQdYgl3YnP7l/ezH3LZR8KXRAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3Yjkt
YTU0ZjhlNDgxM2U3LzEvR2Vvb1VrNXFNUjRZTUttTlVCNkRGX2VTX3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3YjktYTU0ZjhlNDgxM2U3
LzEvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQtgMA0G
CSqGSIb3DQEBCwUAA4IBAQC/Au3k8owGSCbWNWZl6E+CwVzev6WVyQA0NJEsg+md
F+EP7p4bbztaBVD/grwuz607IOE+s4zyaafmBsYV/nrXG3VU+xBtJpEPGyeIHIV3
SYE2rBVDRr7OBeg7r8SI7B5JPqB2E6rC7b7Odz1z/HT3ZZUjY3s8ZDyJB2pPmEa7
YNtSiQEVMKwWTPWaaAc5yq/TlIj8erGZZ97/57Yg8aETlY8Bygz1CC4HF6JaAL9q
0oA68bD5BdXnZCdMVz02hIfaiSMNui/v+DMwMPpx5IPM2V2+vakeb2oLTHG2oJQY
neFSy8Nl+q7TyqrGiXirW3zUp4Gz3W8j0RTpLBGIetY1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:36 2024 by rpki-client on console-ams.rpki-client.org