Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/3v_gYo1kWHuVOZWAmStnJ1kZ-lU.roa
File:                     3v_gYo1kWHuVOZWAmStnJ1kZ-lU.roa (raw, json)
Hash identifier:          fe2W6BfmmhlibeTAi7zoU9vyaPUaK1+KiruVLmudUwo=
Subject key identifier:   DE:FF:E0:62:8D:64:58:7B:95:39:95:80:99:2B:67:27:59:19:FA:55
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       018322E9FED682E24463FC60C8EA6377ADDC
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/3v_gYo1kWHuVOZWAmStnJ1kZ-lU.roa
Signing time:             Fri 09 Sep 2022 15:41:43 +0000
ROA not before:           Fri 09 Sep 2022 15:41:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60995
IP address blocks:        45.13.136.0/24 maxlen: 24
                          193.32.29.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:22:e9:fe:d6:82:e2:44:63:fc:60:c8:ea:63:77:ad:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Sep  9 15:41:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=deffe0628d64587b95399580992b67275919fa55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ce:38:73:ae:e4:c2:bf:94:36:ac:45:ce:3f:
                    1e:08:ec:24:bb:34:cf:f9:3e:4c:f2:a2:e2:13:83:
                    a9:0c:40:65:45:68:c1:8c:49:43:9a:1d:de:2d:c7:
                    04:70:c3:fb:0e:f4:90:ce:cc:03:b7:6f:f9:08:d6:
                    91:8d:df:3b:b4:fa:e8:71:22:bb:28:04:6d:3d:42:
                    2b:15:fc:02:b2:a0:df:9b:13:5e:66:55:8b:d6:0c:
                    88:13:0c:d3:2f:b4:18:f2:34:80:b7:60:83:92:14:
                    67:90:69:0b:24:67:89:e3:c0:9b:58:c3:ea:bb:93:
                    c1:6f:4e:78:dc:bf:7d:50:ce:48:6a:bc:f9:84:44:
                    47:cd:8f:2f:d6:37:16:52:79:5d:62:69:34:20:e9:
                    c1:f9:a1:62:d3:a3:06:0d:9f:d4:05:cc:c6:c2:4f:
                    3f:23:9d:a1:69:02:49:05:da:23:51:6b:3d:ef:aa:
                    96:f7:d4:71:47:aa:91:6d:8d:b9:80:b7:10:78:b0:
                    4b:5e:62:9d:44:2a:a3:b2:4b:08:fd:ba:49:af:7e:
                    7a:e9:b3:02:0a:26:9f:06:4b:01:0c:b0:77:2c:6c:
                    ce:a0:9d:ac:9b:23:00:38:af:46:17:b0:80:9d:5f:
                    0e:13:45:af:9a:e5:01:59:bb:de:cd:d2:09:44:2e:
                    fd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FF:E0:62:8D:64:58:7B:95:39:95:80:99:2B:67:27:59:19:FA:55
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/3v_gYo1kWHuVOZWAmStnJ1kZ-lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.136.0/24
                  193.32.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:56:3f:13:7c:9f:06:1f:61:01:94:03:e6:a3:e9:47:62:bf:
         54:50:46:7f:29:51:a6:25:78:a6:68:98:1f:4c:0e:fd:25:ac:
         aa:80:d2:22:4c:87:7d:b1:d7:d8:53:17:c3:95:e7:71:99:4a:
         e7:cd:12:2d:7e:df:80:c7:d2:18:46:52:a0:ca:b9:ef:7c:4c:
         6d:a2:60:7d:74:ae:b1:a4:0c:cf:12:8a:02:ee:7f:9c:73:ba:
         71:98:d4:28:a0:29:70:10:bf:e7:2f:c0:ad:a0:e8:ad:cc:53:
         61:70:14:44:7e:e7:f9:1e:ad:8a:14:cf:50:51:95:59:0d:c9:
         c8:24:9d:6f:44:c9:4f:d7:a2:97:48:22:89:60:53:fe:cd:44:
         e6:c7:0a:c8:9d:de:cc:60:0e:8a:04:1b:2e:60:6e:c9:51:2d:
         d5:44:63:41:49:09:7d:c3:f5:69:d9:05:60:37:1a:3d:32:cf:
         43:af:11:84:c9:68:74:dd:08:2e:c3:4f:03:7a:2b:8f:b9:44:
         af:3f:ba:2e:9a:54:dc:85:3f:02:cc:37:cc:83:1d:fd:60:c7:
         03:d2:18:d4:b6:2b:b4:3d:82:06:29:2b:34:47:8b:81:71:2a:
         0c:3a:f9:51:84:fa:93:4d:61:dd:4b:af:3f:51:db:60:39:13:
         a8:55:0a:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYMi6f7WguJEY/xgyOpjd63cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjIwOTA5MTU0MTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWZmZTA2MjhkNjQ1ODdiOTUzOTk1ODA5OTJiNjcyNzU5MTlmYTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc44c67kwr+UNqxFzj8eCOwkuzTP
+T5M8qLiE4OpDEBlRWjBjElDmh3eLccEcMP7DvSQzswDt2/5CNaRjd87tProcSK7
KARtPUIrFfwCsqDfmxNeZlWL1gyIEwzTL7QY8jSAt2CDkhRnkGkLJGeJ48CbWMPq
u5PBb0543L99UM5Iarz5hERHzY8v1jcWUnldYmk0IOnB+aFi06MGDZ/UBczGwk8/
I52haQJJBdojUWs976qW99RxR6qRbY25gLcQeLBLXmKdRCqjsksI/bpJr3566bMC
CiafBksBDLB3LGzOoJ2smyMAOK9GF7CAnV8OE0WvmuUBWbvezdIJRC79lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN7/4GKNZFh7lTmVgJkrZydZGfpVMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvM3ZfZ1lvMWtXSHVWT1pXQW1TdG5KMWtaLWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ2IAwQA
wSAdMA0GCSqGSIb3DQEBCwUAA4IBAQBmVj8TfJ8GH2EBlAPmo+lHYr9UUEZ/KVGm
JXimaJgfTA79JayqgNIiTId9sdfYUxfDledxmUrnzRItft+Ax9IYRlKgyrnvfExt
omB9dK6xpAzPEooC7n+cc7pxmNQooClwEL/nL8CtoOitzFNhcBREfuf5Hq2KFM9Q
UZVZDcnIJJ1vRMlP16KXSCKJYFP+zUTmxwrInd7MYA6KBBsuYG7JUS3VRGNBSQl9
w/Vp2QVgNxo9Ms9DrxGEyWh03Qguw08DeiuPuUSvP7oumlTchT8CzDfMgx39YMcD
0hjUtiu0PYIGKSs0R4uBcSoMOvlRhPqTTWHdS68/UdtgOROoVQoY
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org