Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/rCRtVqPNsMY-HkgkRS7m959Bc1I.roa
File:                     rCRtVqPNsMY-HkgkRS7m959Bc1I.roa (raw, json)
Hash identifier:          olFbYR4QWrknAEgeIOc3tPaRwb201AavvLkVR3kZlts=
Subject key identifier:   AC:24:6D:56:A3:CD:B0:C6:3E:1E:48:24:45:2E:E6:F7:9F:41:73:52
Certificate issuer:       /CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
Certificate serial:       0187C723BFCB7E84BFAA48DF61FA79EBACB3
Authority key identifier: 3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/rCRtVqPNsMY-HkgkRS7m959Bc1I.roa
Signing time:             Fri 28 Apr 2023 09:13:41 +0000
ROA not before:           Fri 28 Apr 2023 09:13:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39305
IP address blocks:        193.57.227.0/24 maxlen: 24
                          185.151.214.0/23 maxlen: 24
                          91.211.64.0/22 maxlen: 22
                          91.238.63.0/24 maxlen: 24
                          45.84.52.0/22 maxlen: 22
                          185.88.9.0/24 maxlen: 24
                          94.24.24.0/22 maxlen: 22
                          94.24.30.0/23 maxlen: 23
                          62.106.73.0/24 maxlen: 24
                          193.57.226.0/24 maxlen: 24
                          2a0e:9780::/29 maxlen: 29
                          2a0c:7140::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c7:23:bf:cb:7e:84:bf:aa:48:df:61:fa:79:eb:ac:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
        Validity
            Not Before: Apr 28 09:13:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac246d56a3cdb0c63e1e4824452ee6f79f417352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fb:26:ba:3d:8a:7e:56:b5:5e:75:e7:ee:42:
                    30:3b:ca:68:8e:0c:31:e9:f5:5a:38:36:ae:1b:f9:
                    ed:b5:7f:ea:eb:52:0a:8a:b5:75:cb:2e:47:72:07:
                    c5:c3:60:58:65:de:7e:19:6b:20:61:ca:bf:62:f5:
                    e5:9b:91:c8:65:64:e4:24:b6:b0:db:e7:c7:c1:74:
                    1c:10:f7:79:7d:ce:02:24:a1:f1:51:1c:07:58:70:
                    e9:9d:9e:ef:fb:83:d7:cc:33:72:de:1e:9c:8b:ed:
                    69:1e:05:81:05:19:d6:39:12:12:4f:f1:dc:03:c2:
                    6a:e9:2f:46:4a:be:3d:7b:19:ab:b1:3c:f1:65:75:
                    15:17:55:05:e8:22:73:c6:1e:ab:a6:8f:7a:c0:0b:
                    73:8f:4e:10:63:d5:b4:5e:31:39:70:3d:53:c7:60:
                    c9:d3:53:5d:f7:d3:89:2b:88:9f:82:5e:69:19:87:
                    3c:10:4a:ce:66:07:d7:62:9e:ce:e5:80:6d:9d:43:
                    93:d4:a3:e1:36:ef:f2:bf:3b:6c:0b:08:6e:45:f4:
                    5f:e9:0b:40:f2:ca:d9:4a:9b:d9:e8:c8:8b:d7:7f:
                    e7:00:02:e0:c0:11:7b:7e:a7:5a:e6:b7:01:46:1d:
                    d8:a2:45:1e:f2:ff:41:c7:6f:03:02:80:da:77:6b:
                    a8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:24:6D:56:A3:CD:B0:C6:3E:1E:48:24:45:2E:E6:F7:9F:41:73:52
            X509v3 Authority Key Identifier:
                keyid:3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/rCRtVqPNsMY-HkgkRS7m959Bc1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.52.0/22
                  62.106.73.0/24
                  91.211.64.0/22
                  91.238.63.0/24
                  94.24.24.0/22
                  94.24.30.0/23
                  185.88.9.0/24
                  185.151.214.0/23
                  193.57.226.0/23
                IPv6:
                  2a0c:7140::/29
                  2a0e:9780::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:20:e6:7c:3d:31:a4:ee:cf:75:a7:8f:ba:e4:2d:d2:6f:40:
         90:49:7a:b0:5e:92:3e:56:67:35:3f:50:56:84:5e:ab:7f:bb:
         78:69:9e:0c:de:7b:1d:ad:e7:46:06:51:40:3e:2a:82:2a:37:
         75:5e:32:1b:e2:df:9c:0d:84:f7:b2:7d:bd:fa:46:7c:a5:63:
         a2:79:47:1b:1c:d6:8e:38:7f:6d:e3:69:0c:62:78:41:c6:c4:
         fa:9c:0c:2c:51:89:c9:ad:15:60:f1:df:3b:fd:b7:79:47:c4:
         c1:98:f0:4a:5d:0d:f9:ce:44:b1:03:f2:1a:a3:92:f1:26:d2:
         dd:23:bf:7c:f8:5d:d6:29:90:bf:aa:8a:44:85:d0:8a:b9:6f:
         e4:36:93:c3:fc:30:74:82:81:19:0b:43:81:0d:db:7a:ac:12:
         53:bb:dc:20:45:85:92:bd:92:d7:f0:68:2c:64:c4:c9:01:89:
         0b:a5:43:2b:bf:db:c8:d1:d2:fb:1c:2c:89:b2:c1:a9:bf:31:
         55:71:77:36:dd:5b:6c:16:b1:a0:fc:bd:ec:91:4e:b9:69:b0:
         13:33:fa:49:4b:6c:74:ee:dd:06:94:7a:02:7a:45:04:35:32:
         48:1b:fa:2d:26:21:c6:b4:96:b3:c1:cd:7a:d1:59:b7:3e:bc:
         6d:94:7e:20
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYfHI7/LfoS/qkjfYfp566yzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMjMwNzUyZjNiYTAwMjZmYmIyMGM1ZTRjOTYzYjExMjlh
YzlkMzQwHhcNMjMwNDI4MDkxMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzI0NmQ1NmEzY2RiMGM2M2UxZTQ4MjQ0NTJlZTZmNzlmNDE3MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvsmuj2Kfla1XnXn7kIwO8pojgwx
6fVaODauG/nttX/q61IKirV1yy5HcgfFw2BYZd5+GWsgYcq/YvXlm5HIZWTkJLaw
2+fHwXQcEPd5fc4CJKHxURwHWHDpnZ7v+4PXzDNy3h6ci+1pHgWBBRnWORIST/Hc
A8Jq6S9GSr49exmrsTzxZXUVF1UF6CJzxh6rpo96wAtzj04QY9W0XjE5cD1Tx2DJ
01Nd99OJK4ifgl5pGYc8EErOZgfXYp7O5YBtnUOT1KPhNu/yvztsCwhuRfRf6QtA
8srZSpvZ6MiL13/nAALgwBF7fqda5rcBRh3YokUe8v9Bx28DAoDad2uofwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKwkbVajzbDGPh5IJEUu5vefQXNSMB8GA1UdIwQY
MBaAFD8jB1LzugAm+7IMXkyWOxEprJ00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjkt
ZGQyMjUzMGUxNWE0LzEvckNSdFZxUE5zTVktSGtna1JTN205NTlCYzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjktZGQyMjUzMGUxNWE0
LzEvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQCLVQ0AwQA
PmpJAwQCW9NAAwQAW+4/AwQCXhgYAwQBXhgeAwQAuVgJAwQBuZfWAwQBwTniMBQE
AgACMA4DBQMqDHFAAwUDKg6XgDANBgkqhkiG9w0BAQsFAAOCAQEAISDmfD0xpO7P
daePuuQt0m9AkEl6sF6SPlZnNT9QVoReq3+7eGmeDN57Ha3nRgZRQD4qgio3dV4y
G+LfnA2E97J9vfpGfKVjonlHGxzWjjh/beNpDGJ4QcbE+pwMLFGJya0VYPHfO/23
eUfEwZjwSl0N+c5EsQPyGqOS8SbS3SO/fPhd1imQv6qKRIXQirlv5DaTw/wwdIKB
GQtDgQ3beqwSU7vcIEWFkr2S1/BoLGTEyQGJC6VDK7/byNHS+xwsibLBqb8xVXF3
Nt1bbBaxoPy97JFOuWmwEzP6SUtsdO7dBpR6AnpFBDUySBv6LSYhxrSWs8HNetFZ
tz68bZR+IA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:02 2024 by rpki-client on console-ams.rpki-client.org