Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/GlzUn3VivYzG2NkJu0dIwV5CFeE.roa
File:                     GlzUn3VivYzG2NkJu0dIwV5CFeE.roa (raw, json)
Hash identifier:          xAfiX6dL4NaC3GtnysgyR7RYG6q2LArF8evmD5BOv4k=
Subject key identifier:   1A:5C:D4:9F:75:62:BD:8C:C6:D8:D9:09:BB:47:48:C1:5E:42:15:E1
Certificate issuer:       /CN=5d382238289a8802cf52b67d9bf4ae87a50933c3
Certificate serial:       059374E0
Authority key identifier: 5D:38:22:38:28:9A:88:02:CF:52:B6:7D:9B:F4:AE:87:A5:09:33:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTgiOCiaiALPUrZ9m_Suh6UJM8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/GlzUn3VivYzG2NkJu0dIwV5CFeE.roa
Signing time:             Sat 01 Jan 2022 02:02:10 +0000
ROA not before:           Sat 01 Jan 2022 02:02:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209465
IP address blocks:        45.90.80.0/24 maxlen: 24
                          171.22.151.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 93549792 (0x59374e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d382238289a8802cf52b67d9bf4ae87a50933c3
        Validity
            Not Before: Jan  1 02:02:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1a5cd49f7562bd8cc6d8d909bb4748c15e4215e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a6:eb:57:91:0c:66:ad:ea:a2:2c:9e:db:52:
                    c5:c1:55:5e:4a:44:6a:d6:14:3b:d2:6d:9f:64:98:
                    52:b7:ac:94:8b:fb:a5:70:b0:b5:a5:2f:a8:dc:1a:
                    e4:98:25:18:8d:33:05:18:d2:e2:16:8b:9f:0b:98:
                    ee:77:fb:ea:23:c7:17:7a:ab:c1:fc:d2:83:6d:d8:
                    c6:c6:9f:fa:d9:02:29:0c:7c:b2:68:c8:0b:a8:0e:
                    23:e4:17:4b:7a:15:ef:6b:97:4a:2a:c3:fd:4b:41:
                    0a:d5:87:be:c4:f3:da:c3:fb:d8:9a:59:e3:3f:d1:
                    78:ce:30:b7:a5:91:ae:aa:33:b3:c3:ec:52:a4:b7:
                    68:fa:33:1c:7a:24:3f:8c:03:7c:88:ce:9e:fe:53:
                    f7:af:36:36:d0:45:ce:5d:2a:f3:a1:6f:b1:db:b2:
                    c8:e3:dc:45:fd:0c:13:8c:f2:bc:bb:d2:fd:e7:14:
                    d6:5e:cb:6f:44:11:ca:23:a6:67:d8:2a:ab:07:03:
                    8f:40:3a:cd:2e:07:3f:c8:ec:b9:06:e8:0c:28:0b:
                    e2:1d:2e:36:4a:b9:0d:e9:21:be:d3:85:5e:e0:e9:
                    71:e7:a2:50:03:23:8f:52:e9:10:05:25:1e:3d:e9:
                    f4:61:2a:62:3a:6e:de:0b:05:b8:26:6d:67:40:36:
                    2b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:5C:D4:9F:75:62:BD:8C:C6:D8:D9:09:BB:47:48:C1:5E:42:15:E1
            X509v3 Authority Key Identifier:
                keyid:5D:38:22:38:28:9A:88:02:CF:52:B6:7D:9B:F4:AE:87:A5:09:33:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTgiOCiaiALPUrZ9m_Suh6UJM8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/GlzUn3VivYzG2NkJu0dIwV5CFeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/XTgiOCiaiALPUrZ9m_Suh6UJM8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.80.0/24
                  171.22.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:6a:2c:0e:9a:cb:e7:48:e2:5d:49:3f:7a:1a:c4:db:9b:2f:
         f1:b2:88:d7:dc:bc:96:24:33:02:42:bc:83:76:49:f4:86:fa:
         2e:95:4c:36:d3:29:5a:83:2f:7a:8e:50:41:19:70:39:06:21:
         a1:4e:2a:e2:b7:13:86:02:5c:66:4d:60:23:a9:99:54:60:74:
         4f:56:8e:3f:95:5e:d0:0e:03:fc:58:66:4d:3e:ac:78:fe:4b:
         98:95:49:bb:66:f9:d7:2d:84:ad:c1:13:50:1b:41:a5:a8:3e:
         cb:af:fd:b4:39:c3:5d:ab:85:63:7d:ce:cb:1e:07:e6:12:fa:
         ca:be:03:b0:cd:48:43:b3:6b:ea:1d:4e:ca:bf:77:c6:21:6f:
         b9:6f:71:f7:40:68:5b:75:98:77:02:f1:68:04:ad:be:07:8d:
         41:76:d2:3b:be:8c:26:a1:33:c8:6e:6b:0c:c5:45:e4:49:90:
         74:9e:e5:a5:70:da:73:e6:d1:02:5c:f4:fb:e2:6f:97:19:bd:
         6c:9c:1c:6f:cf:a9:0a:c0:54:43:5f:8e:a8:91:9f:a5:c8:b0:
         e9:82:71:49:a7:6f:44:af:6a:21:01:78:11:7d:c3:76:32:22:
         c5:37:cc:cb:2b:9c:3a:a0:6b:3f:38:68:52:5e:00:da:57:0b:
         5e:93:cf:d6
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBZN04DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZDM4MjIzODI4OWE4ODAyY2Y1MmI2N2Q5YmY0YWU4N2E1MDkzM2MzMB4XDTIyMDEw
MTAyMDIxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWE1Y2Q0OWY3NTYy
YmQ4Y2M2ZDhkOTA5YmI0NzQ4YzE1ZTQyMTVlMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJWm61eRDGat6qIsnttSxcFVXkpEatYUO9Jtn2SYUreslIv7
pXCwtaUvqNwa5JglGI0zBRjS4haLnwuY7nf76iPHF3qrwfzSg23Yxsaf+tkCKQx8
smjIC6gOI+QXS3oV72uXSirD/UtBCtWHvsTz2sP72JpZ4z/ReM4wt6WRrqozs8Ps
UqS3aPozHHokP4wDfIjOnv5T9682NtBFzl0q86FvsduyyOPcRf0ME4zyvLvS/ecU
1l7Lb0QRyiOmZ9gqqwcDj0A6zS4HP8jsuQboDCgL4h0uNkq5DekhvtOFXuDpceei
UAMjj1LpEAUlHj3p9GEqYjpu3gsFuCZtZ0A2K98CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQaXNSfdWK9jMbY2Qm7R0jBXkIV4TAfBgNVHSMEGDAWgBRdOCI4KJqIAs9S
tn2b9K6HpQkzwzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hUZ2lPQ2lhaUFMUFVyWjltX1N1aDZVSk04TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDIvODUwMThhLWMyMzgtNDMxOS1hZDQyLTg4NTc1N2MxMjQ4Zi8x
L0dselVuM1Zpdll6RzJOa0p1MGRJd1Y1Q0ZlRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDIv
ODUwMThhLWMyMzgtNDMxOS1hZDQyLTg4NTc1N2MxMjQ4Zi8xL1hUZ2lPQ2lhaUFM
UFVyWjltX1N1aDZVSk04TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC1aUAMEAKsWlzANBgkqhkiG9w0B
AQsFAAOCAQEAV2osDprL50jiXUk/ehrE25sv8bKI19y8liQzAkK8g3ZJ9Ib6LpVM
NtMpWoMveo5QQRlwOQYhoU4q4rcThgJcZk1gI6mZVGB0T1aOP5Ve0A4D/FhmTT6s
eP5LmJVJu2b51y2ErcETUBtBpag+y6/9tDnDXauFY33Oyx4H5hL6yr4DsM1IQ7Nr
6h1Oyr93xiFvuW9x90BoW3WYdwLxaAStvgeNQXbSO76MJqEzyG5rDMVF5EmQdJ7l
pXDac+bRAlz0++Jvlxm9bJwcb8+pCsBUQ1+OqJGfpciw6YJxSadvRK9qIQF4EX3D
djIixTfMyyucOqBrPzhoUl4A2lcLXpPP1g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:02 2024 by rpki-client on console-fra.rpki-client.org