Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/XxorkmJtrN-U_27WjDZmRjStaKI.roa
File:                     XxorkmJtrN-U_27WjDZmRjStaKI.roa (raw, json)
Hash identifier:          oAVgOT7SLVgdvjlPdL+kGXzm+uS9je3rZBEd2aZdYwQ=
Subject key identifier:   5F:1A:2B:92:62:6D:AC:DF:94:FF:6E:D6:8C:36:66:46:34:AD:68:A2
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018313E4824D0715F6C161760FE15D65ED0D
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/XxorkmJtrN-U_27WjDZmRjStaKI.roa
Signing time:             Tue 06 Sep 2022 17:41:25 +0000
ROA not before:           Tue 06 Sep 2022 17:41:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212426
IP address blocks:        45.137.18.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:13:e4:82:4d:07:15:f6:c1:61:76:0f:e1:5d:65:ed:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Sep  6 17:41:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5f1a2b92626dacdf94ff6ed68c36664634ad68a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:03:d3:3b:94:12:61:50:93:04:fa:a4:25:ca:
                    1b:81:74:9e:b8:09:4a:90:4d:01:e8:63:2d:e7:56:
                    35:86:57:07:f8:b4:59:9b:ae:78:17:e6:f8:92:5c:
                    4e:ba:1d:1e:1a:98:2e:ba:85:f5:ba:03:39:26:87:
                    30:5e:88:63:df:49:2d:34:91:f6:b8:b6:29:10:02:
                    ff:26:e3:84:6d:dc:0d:8f:72:49:3b:81:3b:54:36:
                    c5:e0:10:a7:8f:ea:cc:b6:cb:15:c6:35:2a:01:c3:
                    51:dc:35:7e:a7:fe:d2:a1:2e:b9:df:a0:d3:db:26:
                    c5:15:db:12:75:e7:c1:60:6f:24:3b:9c:2c:5d:cc:
                    c6:18:94:5d:10:92:74:8f:0b:c2:a7:e5:f0:44:c8:
                    0b:1c:a7:06:03:ba:08:03:d8:71:f0:41:6c:4d:eb:
                    b7:a4:35:1f:33:97:88:96:6e:23:bd:eb:e3:f8:96:
                    29:60:e4:b2:a5:ad:7f:a4:43:70:24:8d:fb:18:19:
                    c7:93:ec:e9:56:6b:84:ff:cb:53:c9:c4:44:2f:0a:
                    8e:b4:d8:e8:ca:33:e5:6d:56:90:32:b1:60:da:d7:
                    6e:76:8e:39:49:47:ad:6c:7b:ad:71:e8:2b:6b:a5:
                    8f:3a:32:15:63:38:81:4a:77:dd:1d:f9:35:ab:18:
                    bf:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1A:2B:92:62:6D:AC:DF:94:FF:6E:D6:8C:36:66:46:34:AD:68:A2
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/XxorkmJtrN-U_27WjDZmRjStaKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:97:c0:62:8d:bc:90:b2:43:a5:01:8d:f8:88:03:a6:78:af:
         e4:29:67:0f:fa:ea:c7:ff:ee:d3:d3:1d:26:3d:5e:6d:df:96:
         04:8d:ab:0a:76:c0:23:6a:a1:27:72:5c:83:21:ef:fc:b5:7b:
         ac:b6:17:0b:4b:4e:f1:fe:ee:25:85:ad:32:80:b3:30:f2:51:
         81:6f:3c:a4:51:c0:72:96:ce:60:be:4f:88:3c:ca:25:6d:dd:
         be:41:ca:1a:03:c5:42:a9:ca:8e:e7:d1:ee:31:fb:23:7b:0f:
         af:bd:85:b2:a5:e5:dc:6e:7a:8f:58:17:d9:5a:76:0a:47:73:
         68:42:99:c1:c8:cb:be:8e:68:ad:f6:72:14:e6:cb:eb:4f:cb:
         16:be:b0:0d:a7:ee:79:a8:c7:55:9c:b4:64:14:c5:e6:c6:6d:
         8f:bc:42:4d:f8:e0:b3:e9:30:b5:77:45:c4:e7:c4:7c:0a:21:
         80:27:23:40:a7:e8:b5:a8:3a:11:c6:32:06:19:6e:b7:07:88:
         7d:05:50:49:9a:c3:27:c2:a1:b2:a4:a5:b1:23:f0:71:b4:2a:
         11:aa:42:70:90:6f:26:77:e2:c4:a2:9d:1b:86:05:0e:bc:fc:
         77:e2:66:f9:90:44:87:b1:67:81:e2:b7:b2:70:f0:ac:36:c2:
         be:7a:98:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYMT5IJNBxX2wWF2D+FdZe0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjIwOTA2MTc0MTI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFhMmI5MjYyNmRhY2RmOTRmZjZlZDY4YzM2NjY0NjM0YWQ2OGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAPTO5QSYVCTBPqkJcobgXSeuAlK
kE0B6GMt51Y1hlcH+LRZm654F+b4klxOuh0eGpguuoX1ugM5JocwXohj30ktNJH2
uLYpEAL/JuOEbdwNj3JJO4E7VDbF4BCnj+rMtssVxjUqAcNR3DV+p/7SoS6536DT
2ybFFdsSdefBYG8kO5wsXczGGJRdEJJ0jwvCp+XwRMgLHKcGA7oIA9hx8EFsTeu3
pDUfM5eIlm4jvevj+JYpYOSypa1/pENwJI37GBnHk+zpVmuE/8tTycRELwqOtNjo
yjPlbVaQMrFg2tdudo45SUetbHutcegra6WPOjIVYziBSnfdHfk1qxi/hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8aK5JibazflP9u1ow2ZkY0rWiiMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvWHhvcmttSnRyTi1VXzI3V2pEWm1SalN0YUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYkSMA0G
CSqGSIb3DQEBCwUAA4IBAQCBl8BijbyQskOlAY34iAOmeK/kKWcP+urH/+7T0x0m
PV5t35YEjasKdsAjaqEnclyDIe/8tXusthcLS07x/u4lha0ygLMw8lGBbzykUcBy
ls5gvk+IPMolbd2+QcoaA8VCqcqO59HuMfsjew+vvYWypeXcbnqPWBfZWnYKR3No
QpnByMu+jmit9nIU5svrT8sWvrANp+55qMdVnLRkFMXmxm2PvEJN+OCz6TC1d0XE
58R8CiGAJyNAp+i1qDoRxjIGGW63B4h9BVBJmsMnwqGypKWxI/BxtCoRqkJwkG8m
d+LEop0bhgUOvPx34mb5kESHsWeB4reycPCsNsK+epjg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:00 2024 by rpki-client on console-fra.rpki-client.org