Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/o_Zc8wjJEd8gHX7PzG_WV6t43vg.roa
File:                     o_Zc8wjJEd8gHX7PzG_WV6t43vg.roa (raw, json)
Hash identifier:          1YLxcAfr/7JWcYSg+PrCDTPOq9qseKaqfTa5rqTweD4=
Subject key identifier:   A3:F6:5C:F3:08:C9:11:DF:20:1D:7E:CF:CC:6F:D6:57:AB:78:DE:F8
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018DB649BCC1FA455270F5CBFFFB6CC52B49
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/o_Zc8wjJEd8gHX7PzG_WV6t43vg.roa
Signing time:             Sat 17 Feb 2024 08:58:22 +0000
ROA not before:           Sat 17 Feb 2024 08:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        45.8.209.0/24 maxlen: 24
                          213.108.196.0/24 maxlen: 24
                          2a0b:da00::/29 maxlen: 29
                          2a0c:77c0::/29 maxlen: 29
                          2a0c:aa40::/29 maxlen: 29
                          2a0d:2dc0::/29 maxlen: 29
                          2a0f:1180::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b6:49:bc:c1:fa:45:52:70:f5:cb:ff:fb:6c:c5:2b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Feb 17 08:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3f65cf308c911df201d7ecfcc6fd657ab78def8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c7:0c:d3:cf:4e:ec:58:fa:9a:89:3a:0e:4e:
                    9c:30:ff:9c:57:ff:b0:14:c7:ac:b4:fe:a2:14:e0:
                    8f:bb:f5:6e:44:52:8f:2b:3a:6e:53:f9:1a:06:ad:
                    a1:59:69:f6:77:a9:21:92:77:88:5a:3e:a1:92:6c:
                    b0:b8:4d:8a:82:b4:20:9a:30:69:74:a8:ab:a8:95:
                    25:5f:be:c2:85:c0:a5:a9:20:57:2a:bb:3d:2d:cc:
                    2b:95:38:7d:30:41:a4:25:a3:3f:76:38:2b:a2:f7:
                    52:57:8d:03:db:35:05:f3:d6:8d:4c:3b:a1:ff:b0:
                    a4:89:75:df:b2:2a:ee:f2:be:65:9e:ac:5d:2c:c0:
                    f3:55:56:1c:97:65:9a:ee:26:d5:0b:bb:af:ee:1f:
                    49:5b:4c:fa:84:70:e1:c0:b4:cf:0a:a7:b7:8c:fb:
                    d5:19:6b:7d:7e:50:ef:9f:75:02:db:69:d3:18:a5:
                    f5:b7:02:a8:51:da:4a:1c:29:e8:3d:9e:4c:0b:7c:
                    e7:57:70:a1:0a:0f:10:a0:ba:b9:81:2b:bc:e6:0e:
                    ee:1c:04:4d:d8:0c:2e:84:96:7a:ff:c2:d7:88:13:
                    0a:48:ce:a3:f1:4e:b4:f3:a0:cc:e0:2e:ce:09:fd:
                    06:f0:81:78:56:ad:46:d3:61:95:50:22:ef:ad:46:
                    44:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F6:5C:F3:08:C9:11:DF:20:1D:7E:CF:CC:6F:D6:57:AB:78:DE:F8
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/o_Zc8wjJEd8gHX7PzG_WV6t43vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.209.0/24
                  213.108.196.0/24
                IPv6:
                  2a0b:da00::/29
                  2a0c:77c0::/29
                  2a0c:aa40::/29
                  2a0d:2dc0::/29
                  2a0f:1180::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:d7:94:c9:ba:f9:bd:48:79:23:d6:a3:ef:b8:3f:de:7e:8d:
         85:97:66:54:c9:a1:93:79:ac:e4:c8:54:72:e4:50:15:4e:34:
         66:58:47:9b:db:f0:77:40:ca:42:5a:17:c2:53:45:79:4d:22:
         66:6c:18:63:e3:c3:e9:94:a1:5e:c9:e2:ca:12:80:b5:11:fd:
         ea:ea:fd:d9:dc:08:44:b7:ba:43:59:a3:19:b2:fa:a1:67:69:
         08:2f:b9:8d:7e:87:e9:ab:bc:11:77:78:46:a3:b5:8c:46:45:
         52:c6:1f:8b:38:7c:fa:d4:76:09:23:79:96:d5:08:ce:0c:ae:
         9f:8f:25:a8:6d:ed:36:5d:f8:57:a0:1a:ea:3b:34:a2:8b:2a:
         83:9c:11:96:8b:78:e6:3e:8f:a2:f5:15:b1:76:e7:fa:de:33:
         6b:f3:e2:24:56:19:64:dd:eb:1f:98:cf:bb:f8:bb:ce:9e:b0:
         1e:08:e7:fb:33:80:87:b6:f4:b6:88:02:8b:aa:bf:75:ef:25:
         76:5b:b7:fb:cd:03:9a:51:e9:b1:c8:8c:6b:db:01:f8:b3:8f:
         67:fb:72:10:cf:a7:b8:a1:d8:e7:1b:cf:83:1c:44:2c:2a:32:
         86:7f:4f:cc:a4:28:fc:43:e5:57:e2:ae:5f:39:c2:81:f1:6f:
         fc:71:e6:cc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY22SbzB+kVScPXL//tsxStJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMjE3MDg1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Y2NWNmMzA4YzkxMWRmMjAxZDdlY2ZjYzZmZDY1N2FiNzhkZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ccM089O7Fj6mok6Dk6cMP+cV/+w
FMestP6iFOCPu/VuRFKPKzpuU/kaBq2hWWn2d6khkneIWj6hkmywuE2KgrQgmjBp
dKirqJUlX77ChcClqSBXKrs9LcwrlTh9MEGkJaM/djgrovdSV40D2zUF89aNTDuh
/7CkiXXfsiru8r5lnqxdLMDzVVYcl2Wa7ibVC7uv7h9JW0z6hHDhwLTPCqe3jPvV
GWt9flDvn3UC22nTGKX1twKoUdpKHCnoPZ5MC3znV3ChCg8QoLq5gSu85g7uHARN
2AwuhJZ6/8LXiBMKSM6j8U6086DM4C7OCf0G8IF4Vq1G02GVUCLvrUZEGQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKP2XPMIyRHfIB1+z8xv1lereN74MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvb19aYzh3akpFZDhnSFg3UHpHX1dWNnQ0M3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjASBAIAATAMAwQALQjRAwQA
1WzEMDAEAgACMCoDBQMqC9oAAwUDKgx3wAMFAyoMqkADBQMqDS3AAwUDKg8RgAMF
AyoPx4AwDQYJKoZIhvcNAQELBQADggEBACTXlMm6+b1IeSPWo++4P95+jYWXZlTJ
oZN5rOTIVHLkUBVONGZYR5vb8HdAykJaF8JTRXlNImZsGGPjw+mUoV7J4soSgLUR
/erq/dncCES3ukNZoxmy+qFnaQgvuY1+h+mrvBF3eEajtYxGRVLGH4s4fPrUdgkj
eZbVCM4Mrp+PJaht7TZd+FegGuo7NKKLKoOcEZaLeOY+j6L1FbF25/reM2vz4iRW
GWTd6x+Yz7v4u86esB4I5/szgIe29LaIAouqv3XvJXZbt/vNA5pR6bHIjGvbAfiz
j2f7chDPp7ih2Ocbz4McRCwqMoZ/T8ykKPxD5Vfirl85woHxb/xx5sw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org