Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/mfZy_hCk_cI2HIdU4Cat9Nmu_Rw.roa
File:                     mfZy_hCk_cI2HIdU4Cat9Nmu_Rw.roa (raw, json)
Hash identifier:          cgvLp/UPFs0+W05lk+xkirOd4xCYREtYho90Ys1oEEE=
Subject key identifier:   99:F6:72:FE:10:A4:FD:C2:36:1C:87:54:E0:26:AD:F4:D9:AE:FD:1C
Certificate issuer:       /CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Certificate serial:       0700D2D7
Authority key identifier: 9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/mfZy_hCk_cI2HIdU4Cat9Nmu_Rw.roa
Signing time:             Tue 28 Jun 2022 20:45:03 +0000
ROA not before:           Tue 28 Jun 2022 20:45:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48678
IP address blocks:        45.11.98.0/24 maxlen: 24
                          45.11.97.0/24 maxlen: 24
                          45.11.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 117494487 (0x700d2d7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
        Validity
            Not Before: Jun 28 20:45:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=99f672fe10a4fdc2361c8754e026adf4d9aefd1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ad:a5:93:11:70:45:0a:b1:f4:58:e2:2f:21:
                    20:62:3b:34:25:60:fd:77:73:e6:d9:6a:63:94:11:
                    43:a7:fb:f6:1e:6e:08:e3:10:c8:cd:ab:1b:1c:a6:
                    44:11:94:c4:f2:68:1a:19:d4:a6:f0:15:ac:65:90:
                    ba:72:90:4e:c0:cf:d1:c6:60:e9:28:72:b1:83:a8:
                    38:6c:3b:34:cd:cf:f6:fd:26:5b:1e:d3:a9:d9:df:
                    85:46:38:51:16:c8:72:46:80:dd:af:b7:7b:18:6f:
                    0d:d8:b6:a1:e2:f9:c2:fe:41:c3:41:5b:4d:3e:4a:
                    99:9f:20:b6:49:a2:37:91:7a:3c:5c:f0:bd:a2:60:
                    be:6c:df:96:d4:c9:cf:da:77:f8:34:2c:31:73:c2:
                    3f:6b:6a:ac:66:b1:7d:ff:16:6a:7b:d2:e9:81:3e:
                    15:09:a2:08:89:ba:e7:ac:c1:81:c9:72:4a:1e:43:
                    8e:7a:de:19:45:be:6d:b6:69:db:3e:93:ab:13:6b:
                    56:af:56:7b:bf:a7:01:91:3d:70:ae:9c:82:ad:ed:
                    be:45:8b:9b:83:15:d6:a0:ee:69:ec:6e:37:2c:cf:
                    5d:94:82:4f:39:ec:58:be:d9:18:e1:b9:57:4c:6e:
                    1c:1a:02:6b:2c:96:d8:0f:d3:bf:21:1a:f5:4c:23:
                    ee:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F6:72:FE:10:A4:FD:C2:36:1C:87:54:E0:26:AD:F4:D9:AE:FD:1C
            X509v3 Authority Key Identifier:
                keyid:9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/mfZy_hCk_cI2HIdU4Cat9Nmu_Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.97.0-45.11.99.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:d0:52:64:f0:b8:14:cc:bd:35:9b:b2:4f:9f:91:68:48:4e:
         e3:f5:d4:60:7a:81:55:7f:67:a6:d6:e7:ba:0a:e4:d0:05:16:
         8b:55:51:dc:b9:b9:55:df:e3:b7:7d:74:bc:fa:d0:a2:b6:d3:
         ed:fc:7e:da:b7:41:98:29:13:4b:da:63:66:95:2b:c0:66:6c:
         e5:9b:89:5b:6b:d5:70:ae:d9:50:ff:7b:b4:2e:a3:c4:9e:fb:
         1a:d0:ee:32:56:f8:5a:aa:c8:0a:4f:86:4f:4e:c5:7f:c4:4a:
         1f:63:e4:19:a4:9d:1e:15:81:e9:fd:8b:3a:b7:50:df:35:fe:
         0d:e8:8c:36:ef:58:56:39:a0:f1:34:82:d9:43:9d:56:f2:78:
         7c:18:99:92:9c:77:0d:05:5a:62:87:2e:a0:91:20:49:5c:7e:
         9b:aa:8f:b2:c8:7d:bc:4e:7d:a9:6f:a3:c6:ee:76:03:50:73:
         84:36:54:67:d1:24:2d:d1:60:b9:d9:53:c6:b2:98:1f:b6:b0:
         2c:0b:7c:84:a2:4d:8c:91:34:f3:41:7b:df:4a:37:c8:dc:48:
         11:d7:ff:28:f7:0b:71:00:a7:27:35:09:b0:6c:a1:b0:85:71:
         3e:76:dc:5e:b9:8e:5c:4e:2a:f2:e6:3c:9f:9a:d6:5f:32:cf:
         a4:6b:6b:7e
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEBwDS1zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
Y2QwNzU4ODI1ZGQ4OWNmZWU1ZmRlY2M3ZGNiNjUxZjBhNWQxMDE4MB4XDTIyMDYy
ODIwNDUwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTlmNjcyZmUxMGE0
ZmRjMjM2MWM4NzU0ZTAyNmFkZjRkOWFlZmQxYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANWtpZMRcEUKsfRY4i8hIGI7NCVg/Xdz5tlqY5QRQ6f79h5u
COMQyM2rGxymRBGUxPJoGhnUpvAVrGWQunKQTsDP0cZg6ShysYOoOGw7NM3P9v0m
Wx7TqdnfhUY4URbIckaA3a+3exhvDdi2oeL5wv5Bw0FbTT5KmZ8gtkmiN5F6PFzw
vaJgvmzfltTJz9p3+DQsMXPCP2tqrGaxff8WanvS6YE+FQmiCIm656zBgclySh5D
jnreGUW+bbZp2z6TqxNrVq9We7+nAZE9cK6cgq3tvkWLm4MV1qDuaexuNyzPXZSC
TznsWL7ZGOG5V0xuHBoCayyW2A/TvyEa9Uwj7pMCAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBSZ9nL+EKT9wjYch1TgJq302a79HDAfBgNVHSMEGDAWgBSc0HWIJd2Jz+5f
3sx9y2UfCl0QGDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25OQjFpQ1hkaWNfdVg5N01mY3RsSHdwZEVCZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWEvMGU2NTFlLTkwYzctNGFjZC05N2I5LWE1NGY4ZTQ4MTNlNy8x
L21mWnlfaENrX2NJMkhJZFU0Q2F0OU5tdV9Sdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEv
MGU2NTFlLTkwYzctNGFjZC05N2I5LWE1NGY4ZTQ4MTNlNy8xL25OQjFpQ1hkaWNf
dVg5N01mY3RsSHdwZEVCZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQALQthAwQCLQtgMA0GCSqGSIb3
DQEBCwUAA4IBAQA60FJk8LgUzL01m7JPn5FoSE7j9dRgeoFVf2em1ue6CuTQBRaL
VVHcublV3+O3fXS8+tCittPt/H7at0GYKRNL2mNmlSvAZmzlm4lba9VwrtlQ/3u0
LqPEnvsa0O4yVvhaqsgKT4ZPTsV/xEofY+QZpJ0eFYHp/Ys6t1DfNf4N6Iw271hW
OaDxNILZQ51W8nh8GJmSnHcNBVpihy6gkSBJXH6bqo+yyH28Tn2pb6PG7nYDUHOE
NlRn0SQt0WC52VPGspgftrAsC3yEok2MkTTzQXvfSjfI3EgR1/8o9wtxAKcnNQmw
bKGwhXE+dtxeuY5cTiry5jyfmtZfMs+ka2t+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:36 2024 by rpki-client on console-ams.rpki-client.org