Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/keKRCJYNUVEenXDGwMrT7f8SVd0.roa
File:                     keKRCJYNUVEenXDGwMrT7f8SVd0.roa (raw, json)
Hash identifier:          RCcy8ekGz7ZYTGaZ80PUEcS4JDAYXz4kk2dEZuI2Iz0=
Subject key identifier:   91:E2:91:08:96:0D:51:51:1E:9D:70:C6:C0:CA:D3:ED:FF:12:55:DD
Certificate issuer:       /CN=a9b36504f5b241f91d27efcfe178bc0ba6b2b9b3
Certificate serial:       08171E54
Authority key identifier: A9:B3:65:04:F5:B2:41:F9:1D:27:EF:CF:E1:78:BC:0B:A6:B2:B9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbNlBPWyQfkdJ-_P4Xi8C6ayubM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/keKRCJYNUVEenXDGwMrT7f8SVd0.roa
Signing time:             Sat 01 Jan 2022 07:58:10 +0000
ROA not before:           Sat 01 Jan 2022 07:58:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208942
IP address blocks:        45.14.232.0/22 maxlen: 22
                          2a0e:1580::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 135732820 (0x8171e54)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b36504f5b241f91d27efcfe178bc0ba6b2b9b3
        Validity
            Not Before: Jan  1 07:58:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91e29108960d51511e9d70c6c0cad3edff1255dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ed:6d:87:78:9f:6b:7a:ba:c7:d3:3d:4d:0a:
                    0d:f0:cd:83:91:fe:5d:8e:9a:ad:e3:b8:e1:90:fe:
                    ce:d1:5b:4a:91:cb:2c:92:f1:05:1c:b5:4b:8c:8a:
                    aa:a7:23:8d:a7:15:35:a0:ca:7c:22:09:e0:67:ff:
                    5d:e4:fe:5e:8c:9f:5d:4b:7f:08:f9:08:7d:6c:46:
                    74:22:93:88:85:8a:b6:67:82:5f:f8:1f:98:b3:94:
                    bc:c3:02:1a:d2:a3:f9:f2:74:f2:f5:b9:91:ca:de:
                    d6:53:8f:e0:21:e0:a2:49:fc:6a:ad:1e:bb:d1:b5:
                    6d:d5:29:6e:71:3f:bd:9a:15:ff:b8:5d:51:af:f2:
                    f7:74:b5:41:b1:99:f5:9b:85:34:e1:22:f8:91:eb:
                    b6:d7:d8:99:95:65:c2:98:1c:44:26:98:a2:19:79:
                    78:78:80:66:45:7f:2c:88:be:8a:08:be:99:4a:a0:
                    d2:33:f1:05:f7:7e:f4:8a:c7:d5:f6:02:b5:24:83:
                    0e:ce:77:24:d3:6b:cc:8b:3c:af:35:99:f2:e6:6b:
                    37:72:eb:01:76:c0:a1:5f:4c:72:a4:0b:f2:f7:02:
                    4b:ff:48:58:f4:8b:bf:1a:aa:65:d4:ae:4f:ed:a3:
                    66:1b:be:d1:e1:23:d9:0c:3c:61:fe:62:33:0f:a9:
                    a8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E2:91:08:96:0D:51:51:1E:9D:70:C6:C0:CA:D3:ED:FF:12:55:DD
            X509v3 Authority Key Identifier:
                keyid:A9:B3:65:04:F5:B2:41:F9:1D:27:EF:CF:E1:78:BC:0B:A6:B2:B9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbNlBPWyQfkdJ-_P4Xi8C6ayubM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/keKRCJYNUVEenXDGwMrT7f8SVd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/qbNlBPWyQfkdJ-_P4Xi8C6ayubM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.232.0/22
                IPv6:
                  2a0e:1580::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:de:3c:07:d9:e1:6e:6d:09:d3:b9:2e:1d:b0:e6:2a:78:51:
         33:79:9c:b5:06:3f:d1:a1:a6:c3:e4:b0:d8:64:d7:23:3b:6b:
         65:56:91:8a:cf:da:b6:fe:fc:e1:41:ed:8a:ea:71:73:02:5e:
         ec:41:ad:68:36:e0:4c:f3:43:25:9c:b8:fd:a1:7d:b3:f7:f2:
         e3:7c:74:1e:6f:7b:60:ba:44:81:28:22:30:86:4e:18:29:bd:
         f8:dc:0b:3d:29:6d:29:d8:ef:4c:52:43:29:95:35:bf:38:17:
         72:30:8b:96:84:46:24:1b:6d:a2:d4:68:f9:f1:b8:ad:4c:e2:
         a3:5b:e8:40:c6:74:04:10:7d:29:73:39:3b:8e:ec:a1:3f:c0:
         4b:3b:2e:73:ca:23:4a:2f:f1:b6:6c:b4:ea:14:bd:33:2f:7a:
         1b:34:54:82:1f:fd:d1:a1:91:3a:32:dc:99:c2:40:ec:09:5a:
         af:22:8e:8b:16:50:57:c6:fa:1f:f6:f7:94:ec:6c:81:eb:56:
         9b:2f:94:a2:90:79:14:10:f8:60:d7:32:60:82:87:bb:7f:78:
         47:cb:86:c0:24:5e:47:5c:f2:75:58:7b:c9:60:83:69:ed:ed:
         3f:45:ff:1c:30:be:e9:b1:1c:c8:10:20:07:82:b8:4d:ba:2f:
         61:3b:c7:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECBceVDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
OWIzNjUwNGY1YjI0MWY5MWQyN2VmY2ZlMTc4YmMwYmE2YjJiOWIzMB4XDTIyMDEw
MTA3NTgxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTFlMjkxMDg5NjBk
NTE1MTFlOWQ3MGM2YzBjYWQzZWRmZjEyNTVkZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI/tbYd4n2t6usfTPU0KDfDNg5H+XY6areO44ZD+ztFbSpHL
LJLxBRy1S4yKqqcjjacVNaDKfCIJ4Gf/XeT+XoyfXUt/CPkIfWxGdCKTiIWKtmeC
X/gfmLOUvMMCGtKj+fJ08vW5kcre1lOP4CHgokn8aq0eu9G1bdUpbnE/vZoV/7hd
Ua/y93S1QbGZ9ZuFNOEi+JHrttfYmZVlwpgcRCaYohl5eHiAZkV/LIi+igi+mUqg
0jPxBfd+9IrH1fYCtSSDDs53JNNrzIs8rzWZ8uZrN3LrAXbAoV9McqQL8vcCS/9I
WPSLvxqqZdSuT+2jZhu+0eEj2Qw8Yf5iMw+pqCMCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSR4pEIlg1RUR6dcMbAytPt/xJV3TAfBgNVHSMEGDAWgBSps2UE9bJB+R0n
78/heLwLprK5szAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FiTmxCUFd5UWZrZEotX1A0WGk4QzZheXViTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzYvYzUyY2QyLTQyZjgtNDEyZS1hMWM5LWUxNzU4MzdlZjkzOC8x
L2tlS1JDSllOVVZFZW5YREd3TXJUN2Y4U1ZkMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzYv
YzUyY2QyLTQyZjgtNDEyZS1hMWM5LWUxNzU4MzdlZjkzOC8xL3FiTmxCUFd5UWZr
ZEotX1A0WGk4QzZheXViTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi0O6DANBAIAAjAHAwUDKg4VgDAN
BgkqhkiG9w0BAQsFAAOCAQEAM948B9nhbm0J07kuHbDmKnhRM3mctQY/0aGmw+Sw
2GTXIztrZVaRis/atv784UHtiupxcwJe7EGtaDbgTPNDJZy4/aF9s/fy43x0Hm97
YLpEgSgiMIZOGCm9+NwLPSltKdjvTFJDKZU1vzgXcjCLloRGJBttotRo+fG4rUzi
o1voQMZ0BBB9KXM5O47soT/ASzsuc8ojSi/xtmy06hS9My96GzRUgh/90aGROjLc
mcJA7AlaryKOixZQV8b6H/b3lOxsgetWmy+UopB5FBD4YNcyYIKHu394R8uGwCRe
R1zydVh7yWCDae3tP0X/HDC+6bEcyBAgB4K4TbovYTvHKg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:17 2024 by rpki-client on console-fra.rpki-client.org