Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LXVWOrEgNbA0LRpAFK5BpBk3k2c.roa
File:                     LXVWOrEgNbA0LRpAFK5BpBk3k2c.roa (raw, json)
Hash identifier:          TXEOr+Bs7JYZP+M2gs/GnkyAjNuJ2Gff0IG5g3ukY7U=
Subject key identifier:   2D:75:56:3A:B1:20:35:B0:34:2D:1A:40:14:AE:41:A4:19:37:93:67
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0185CD561090DED503D76A57CBAC0D1E1F28
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LXVWOrEgNbA0LRpAFK5BpBk3k2c.roa
Signing time:             Fri 20 Jan 2023 04:00:47 +0000
ROA not before:           Fri 20 Jan 2023 04:00:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59253
IP address blocks:        103.7.204.0/22 maxlen: 22
                          45.117.136.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:cd:56:10:90:de:d5:03:d7:6a:57:cb:ac:0d:1e:1f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan 20 04:00:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2d75563ab12035b0342d1a4014ae41a419379367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b4:7b:c0:56:96:0b:6e:46:53:97:40:d9:0f:
                    77:45:55:b6:1c:df:41:7f:9d:b3:80:71:71:bc:7c:
                    fb:96:07:76:4c:02:47:81:c2:17:19:79:3e:2e:cd:
                    cb:75:0f:9e:ec:38:e7:97:c1:6f:7d:6d:73:13:68:
                    3a:88:d2:02:9b:a4:20:2b:ae:7f:dd:24:5e:2b:62:
                    bb:8a:e7:aa:e8:74:68:70:c7:76:a2:fb:b4:5f:27:
                    7d:10:88:85:63:3e:af:42:9e:6d:ed:12:5a:e5:8a:
                    88:a4:af:ec:d7:aa:28:bf:ad:7f:f6:9f:b0:ac:cd:
                    6a:5a:55:1d:ae:30:48:88:70:bd:6d:d1:20:c6:84:
                    27:89:82:e6:3b:dc:c2:4a:fe:c1:21:e9:01:9d:04:
                    fa:ba:de:cf:d7:9d:80:1d:56:95:3d:8a:8c:13:44:
                    59:e9:4d:72:9c:dd:f5:e3:44:98:f6:bc:84:ce:19:
                    6a:01:ed:9c:13:97:83:21:48:1e:d9:a6:aa:9f:fc:
                    2d:c4:6e:56:9e:f4:d6:11:65:74:35:77:82:ab:70:
                    b6:91:df:21:44:85:43:39:57:3c:21:b8:13:1d:e8:
                    a5:00:11:9f:0a:99:b0:45:04:80:85:db:f6:b7:2f:
                    f8:b8:26:1f:ef:d5:fd:41:4c:8b:c8:b3:d3:c3:d0:
                    d1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:75:56:3A:B1:20:35:B0:34:2D:1A:40:14:AE:41:A4:19:37:93:67
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LXVWOrEgNbA0LRpAFK5BpBk3k2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.136.0/22
                  103.7.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:87:80:b9:13:98:4e:a9:81:ab:62:9d:5b:f2:0f:1c:5d:b3:
         f5:7d:85:92:72:35:3f:b4:48:9e:a5:e5:71:c7:1e:15:d2:9b:
         08:a4:90:8e:44:f6:dd:13:2c:5c:c9:46:23:76:0a:29:21:c6:
         07:c6:1b:07:4a:8d:19:5a:6f:c6:10:c8:f4:5f:96:77:70:ba:
         51:55:39:b9:23:c1:4b:37:62:a2:de:f2:73:32:ea:0d:f8:e7:
         53:6b:85:e5:84:88:7d:fe:23:76:71:fb:d5:3b:bb:cf:ff:16:
         c8:60:e1:69:a9:a5:88:20:0e:7d:64:28:91:ae:e1:38:e0:50:
         08:3c:fc:64:e7:4e:84:2e:e2:eb:36:da:de:fb:85:c9:85:c1:
         cd:8c:25:2c:21:2d:6c:00:e7:89:9e:1a:c1:8d:d1:e1:69:bd:
         54:82:2a:61:04:49:06:8e:46:9b:05:66:24:2f:a1:61:c9:f1:
         7b:f3:93:5b:a6:c5:8a:f3:b9:bb:14:2b:67:31:17:22:12:4b:
         82:b5:85:b5:56:4f:59:f1:71:f4:d8:b5:59:f1:e5:b8:1b:dc:
         86:23:02:d0:20:9d:8b:f0:e3:90:0a:ab:62:86:ee:03:9f:8e:
         e8:dd:1c:1c:d5:5b:63:7a:76:7d:d7:ff:26:da:ce:0b:d6:d1:
         2d:0b:91:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYXNVhCQ3tUD12pXy6wNHh8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTIwMDQwMDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc1NTYzYWIxMjAzNWIwMzQyZDFhNDAxNGFlNDFhNDE5Mzc5MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7R7wFaWC25GU5dA2Q93RVW2HN9B
f52zgHFxvHz7lgd2TAJHgcIXGXk+Ls3LdQ+e7Djnl8FvfW1zE2g6iNICm6QgK65/
3SReK2K7iueq6HRocMd2ovu0Xyd9EIiFYz6vQp5t7RJa5YqIpK/s16oov61/9p+w
rM1qWlUdrjBIiHC9bdEgxoQniYLmO9zCSv7BIekBnQT6ut7P152AHVaVPYqME0RZ
6U1ynN3140SY9ryEzhlqAe2cE5eDIUge2aaqn/wtxG5WnvTWEWV0NXeCq3C2kd8h
RIVDOVc8IbgTHeilABGfCpmwRQSAhdv2ty/4uCYf79X9QUyLyLPTw9DRkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC11VjqxIDWwNC0aQBSuQaQZN5NnMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTFhWV09yRWdOYkEwTFJwQUZLNUJwQmszazJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLXWIAwQC
ZwfMMA0GCSqGSIb3DQEBCwUAA4IBAQAlh4C5E5hOqYGrYp1b8g8cXbP1fYWScjU/
tEiepeVxxx4V0psIpJCORPbdEyxcyUYjdgopIcYHxhsHSo0ZWm/GEMj0X5Z3cLpR
VTm5I8FLN2Ki3vJzMuoN+OdTa4XlhIh9/iN2cfvVO7vP/xbIYOFpqaWIIA59ZCiR
ruE44FAIPPxk506ELuLrNtre+4XJhcHNjCUsIS1sAOeJnhrBjdHhab1UgiphBEkG
jkabBWYkL6FhyfF785NbpsWK87m7FCtnMRciEkuCtYW1Vk9Z8XH02LVZ8eW4G9yG
IwLQIJ2L8OOQCqtihu4Dn47o3Rwc1VtjenZ91/8m2s4L1tEtC5F+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org