Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/3xO7zlpjR0JWXUuPCD9giwAuQho.roa
File:                     3xO7zlpjR0JWXUuPCD9giwAuQho.roa (raw, json)
Hash identifier:          yb/FZcFdQz562+WgbhDpVUDs9WWVy5GDxVmW4kSW+/o=
Subject key identifier:   DF:13:BB:CE:5A:63:47:42:56:5D:4B:8F:08:3F:60:8B:00:2E:42:1A
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B576DECE1BCFC5402A90E1DB5B74
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/3xO7zlpjR0JWXUuPCD9giwAuQho.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207645
IP address blocks:        45.137.18.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b5:76:de:ce:1b:cf:c5:40:2a:90:e1:db:5b:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df13bbce5a634742565d4b8f083f608b002e421a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:19:c3:17:de:9d:b5:d6:7e:88:b7:f2:9e:15:
                    6c:78:c6:d8:ba:35:e2:c1:6d:41:01:5a:e4:bf:c4:
                    98:d7:c5:b0:bb:6c:55:77:b9:0e:8f:58:02:61:3b:
                    d1:9e:4d:fa:27:d7:07:eb:01:de:1b:fa:2a:21:94:
                    69:d6:5b:a3:74:10:6c:b2:14:8e:6c:9f:3d:ad:c4:
                    0e:73:b6:e1:33:14:8d:b8:57:dd:08:7f:ac:44:f1:
                    55:4d:93:95:7d:92:c9:00:ea:4a:f4:98:22:0f:cf:
                    73:26:94:51:c6:2f:ce:a1:14:ff:ae:28:8b:58:b4:
                    6f:ab:f2:c5:7a:36:36:d1:50:92:98:83:be:0a:35:
                    f5:6b:39:fd:0e:b9:5b:39:c8:87:7d:cc:c8:1c:9d:
                    82:d6:a8:c1:0e:0d:ad:b5:0f:bc:6a:2e:9b:a0:e4:
                    62:91:57:eb:41:57:db:4e:4c:3a:6b:c2:4f:c1:a7:
                    8d:58:f4:e6:bb:ff:28:7b:9a:a8:82:cc:ef:1d:2b:
                    ee:85:d8:d6:7c:9b:b9:9c:1f:92:f0:95:bf:aa:08:
                    1e:fc:00:ce:e9:07:18:f3:25:ba:6e:c5:ca:12:b8:
                    66:3e:28:03:39:6f:1c:17:04:c5:83:98:65:c7:95:
                    c3:b3:bd:df:17:52:25:a3:b0:79:c8:9e:06:64:df:
                    7c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:13:BB:CE:5A:63:47:42:56:5D:4B:8F:08:3F:60:8B:00:2E:42:1A
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/3xO7zlpjR0JWXUuPCD9giwAuQho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:2e:f1:ae:4e:89:0b:23:08:ca:e7:9f:8b:34:99:68:36:8d:
         91:d3:9a:4a:46:62:db:26:08:06:1d:8d:3f:48:f1:d8:a0:3e:
         36:66:1e:60:83:c8:7e:6b:e8:3e:d5:60:28:d6:f1:56:f5:b9:
         2d:3e:84:27:7c:80:4a:1d:b8:d7:8c:34:85:b4:53:cf:79:44:
         57:17:f5:db:e5:93:d0:48:1c:cd:74:ed:69:25:71:ba:b0:77:
         8b:bb:57:3b:c9:e2:f8:1b:e0:7c:86:c1:83:be:a2:bc:30:34:
         6c:92:08:25:35:11:27:90:32:6d:2a:6a:bb:a3:3e:53:02:bf:
         61:f1:7c:75:e4:a7:9c:e2:3f:89:c8:9a:22:2f:f4:7c:a8:88:
         bf:ed:3c:9e:5f:6c:67:53:46:7d:3e:cc:6a:41:f6:06:26:7e:
         90:97:f5:f2:d0:f2:36:80:88:34:2b:1b:79:e6:3a:75:fe:c9:
         e2:b8:88:48:96:f8:42:45:cc:3e:90:ff:83:20:dd:b2:05:f9:
         37:8f:60:1f:3f:c5:1b:c7:05:17:d5:80:91:65:87:0e:85:fc:
         ad:05:b7:cf:8a:6e:85:81:5b:fb:42:cf:3a:87:56:38:a7:2f:
         32:9b:a4:3c:46:30:d7:4d:5c:eb:ba:f1:78:22:96:79:ee:47:
         23:ec:93:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALV23s4bz8VAKpDh21t0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjEzYmJjZTVhNjM0NzQyNTY1ZDRiOGYwODNmNjA4YjAwMmU0MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxnDF96dtdZ+iLfynhVseMbYujXi
wW1BAVrkv8SY18Wwu2xVd7kOj1gCYTvRnk36J9cH6wHeG/oqIZRp1lujdBBsshSO
bJ89rcQOc7bhMxSNuFfdCH+sRPFVTZOVfZLJAOpK9JgiD89zJpRRxi/OoRT/riiL
WLRvq/LFejY20VCSmIO+CjX1azn9DrlbOciHfczIHJ2C1qjBDg2ttQ+8ai6boORi
kVfrQVfbTkw6a8JPwaeNWPTmu/8oe5qogszvHSvuhdjWfJu5nB+S8JW/qgge/ADO
6QcY8yW6bsXKErhmPigDOW8cFwTFg5hlx5XDs73fF1Ilo7B5yJ4GZN98/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8Tu85aY0dCVl1Ljwg/YIsALkIaMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvM3hPN3pscGpSMEpXWFV1UENEOWdpd0F1UWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYkSMA0G
CSqGSIb3DQEBCwUAA4IBAQABLvGuTokLIwjK55+LNJloNo2R05pKRmLbJggGHY0/
SPHYoD42Zh5gg8h+a+g+1WAo1vFW9bktPoQnfIBKHbjXjDSFtFPPeURXF/Xb5ZPQ
SBzNdO1pJXG6sHeLu1c7yeL4G+B8hsGDvqK8MDRskgglNREnkDJtKmq7oz5TAr9h
8Xx15Kec4j+JyJoiL/R8qIi/7TyeX2xnU0Z9PsxqQfYGJn6Ql/Xy0PI2gIg0Kxt5
5jp1/sniuIhIlvhCRcw+kP+DIN2yBfk3j2AfP8UbxwUX1YCRZYcOhfytBbfPim6F
gVv7Qs86h1Y4py8ym6Q8RjDXTVzruvF4IpZ57kcj7JM0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:42 2024 by rpki-client on console-ams.rpki-client.org