Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/tq1JF63pkbJPuwS83VuNiTZXCGE.roa
File:                     tq1JF63pkbJPuwS83VuNiTZXCGE.roa (raw, json)
Hash identifier:          8gH6lTIHlRG07ni/b/S0D6dLZQSChUtRKPGKJx7yHJ8=
Subject key identifier:   B6:AD:49:17:AD:E9:91:B2:4F:BB:04:BC:DD:5B:8D:89:36:57:08:61
Certificate issuer:       /CN=5d382238289a8802cf52b67d9bf4ae87a50933c3
Certificate serial:       059395D6
Authority key identifier: 5D:38:22:38:28:9A:88:02:CF:52:B6:7D:9B:F4:AE:87:A5:09:33:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTgiOCiaiALPUrZ9m_Suh6UJM8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/tq1JF63pkbJPuwS83VuNiTZXCGE.roa
Signing time:             Sat 01 Jan 2022 02:02:11 +0000
ROA not before:           Sat 01 Jan 2022 02:02:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212752
IP address blocks:        45.90.83.0/24 maxlen: 24
                          45.90.82.0/24 maxlen: 24
                          45.90.81.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 93558230 (0x59395d6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d382238289a8802cf52b67d9bf4ae87a50933c3
        Validity
            Not Before: Jan  1 02:02:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b6ad4917ade991b24fbb04bcdd5b8d8936570861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6c:ba:48:4a:15:0d:b2:b3:53:0a:d8:91:62:
                    ff:53:fb:2f:33:d7:8c:92:1b:5a:3d:04:d6:29:52:
                    fc:63:d7:a7:1e:5f:b5:5d:00:41:0d:ed:23:ed:f8:
                    08:00:ab:74:8f:68:89:83:d0:93:25:d1:05:4e:f3:
                    91:98:ac:b8:1e:bb:f9:37:2e:75:dc:2d:12:55:2b:
                    5f:4e:28:c7:11:83:36:9f:f2:c0:1b:33:06:f2:24:
                    6d:1d:2f:bb:e3:a0:1f:a9:fb:da:79:77:68:65:d9:
                    59:75:08:2b:8a:a8:a4:d5:2d:23:58:82:05:94:56:
                    10:1a:51:1b:70:ac:ab:a1:ae:0b:6e:f4:5b:3a:88:
                    d3:65:8c:cc:95:a9:f4:c6:a1:dd:26:88:f4:12:d2:
                    46:f4:a8:73:5b:6c:17:15:d6:66:43:96:93:a7:48:
                    d0:ec:08:da:3c:ea:45:de:47:fa:06:b6:0c:ba:fb:
                    3b:e5:a5:21:12:6f:88:8e:79:53:00:fc:f5:2e:e3:
                    1e:5e:c3:fe:c5:41:2a:a0:2c:60:63:38:1c:c4:16:
                    5a:13:d6:b2:4f:93:62:87:f9:3f:a5:c1:12:4f:fc:
                    e0:1d:68:09:b3:6d:b4:c6:44:f7:9f:ef:10:f2:05:
                    93:63:20:4e:2b:6b:51:d1:97:83:68:f4:e1:1e:7b:
                    5c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:AD:49:17:AD:E9:91:B2:4F:BB:04:BC:DD:5B:8D:89:36:57:08:61
            X509v3 Authority Key Identifier:
                keyid:5D:38:22:38:28:9A:88:02:CF:52:B6:7D:9B:F4:AE:87:A5:09:33:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTgiOCiaiALPUrZ9m_Suh6UJM8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/tq1JF63pkbJPuwS83VuNiTZXCGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85018a-c238-4319-ad42-885757c1248f/1/XTgiOCiaiALPUrZ9m_Suh6UJM8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.81.0-45.90.83.255

    Signature Algorithm: sha256WithRSAEncryption
         8a:84:50:fd:e1:ed:b5:ef:27:db:1d:49:58:da:20:0a:cf:2d:
         29:89:ce:0e:33:f1:ca:dd:44:a9:a0:b7:0a:dd:29:2a:49:4b:
         70:54:08:9c:81:a5:53:df:c1:46:3f:2d:28:25:07:36:25:b5:
         c8:85:ea:56:a0:98:47:6b:0b:4f:3b:29:88:97:f3:09:ed:44:
         72:94:2b:d9:26:86:e7:9e:90:34:17:78:ac:46:18:3c:c1:9f:
         02:49:0a:b6:0a:54:0d:f5:c6:77:1d:18:af:50:7c:18:8d:2a:
         0d:38:b8:c2:f4:85:fc:c0:ad:1a:fd:89:d5:5c:2e:8f:86:a8:
         ff:95:9e:dd:37:87:05:df:60:72:73:3a:e2:cc:0b:d1:7c:99:
         49:c1:69:43:c7:09:32:fb:13:31:b6:c0:e3:8e:bb:e9:6b:61:
         7b:1b:87:39:fb:63:c4:90:7c:4e:0a:fe:ce:8e:db:84:5a:ec:
         80:ca:dc:f6:ae:29:3a:80:f9:46:0a:49:55:06:ff:11:e4:db:
         36:3a:fd:2a:4b:53:fc:9c:a1:e9:ca:0f:ea:a8:8a:8f:b2:4a:
         ab:f8:fb:9f:b5:9d:19:a0:fd:10:93:32:3c:18:a8:42:64:84:
         45:2b:47:7d:2b:50:4b:58:a4:5e:5d:1d:8c:6a:a1:b4:bb:fb:
         5e:01:2e:1b
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEBZOV1jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZDM4MjIzODI4OWE4ODAyY2Y1MmI2N2Q5YmY0YWU4N2E1MDkzM2MzMB4XDTIyMDEw
MTAyMDIxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjZhZDQ5MTdhZGU5
OTFiMjRmYmIwNGJjZGQ1YjhkODkzNjU3MDg2MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKdsukhKFQ2ys1MK2JFi/1P7LzPXjJIbWj0E1ilS/GPXpx5f
tV0AQQ3tI+34CACrdI9oiYPQkyXRBU7zkZisuB67+TcuddwtElUrX04oxxGDNp/y
wBszBvIkbR0vu+OgH6n72nl3aGXZWXUIK4qopNUtI1iCBZRWEBpRG3Csq6GuC270
WzqI02WMzJWp9Mah3SaI9BLSRvSoc1tsFxXWZkOWk6dI0OwI2jzqRd5H+ga2DLr7
O+WlIRJviI55UwD89S7jHl7D/sVBKqAsYGM4HMQWWhPWsk+TYof5P6XBEk/84B1o
CbNttMZE95/vEPIFk2MgTitrUdGXg2j04R57XHMCAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBS2rUkXremRsk+7BLzdW42JNlcIYTAfBgNVHSMEGDAWgBRdOCI4KJqIAs9S
tn2b9K6HpQkzwzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hUZ2lPQ2lhaUFMUFVyWjltX1N1aDZVSk04TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDIvODUwMThhLWMyMzgtNDMxOS1hZDQyLTg4NTc1N2MxMjQ4Zi8x
L3RxMUpGNjNwa2JKUHV3UzgzVnVOaVRaWENHRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDIv
ODUwMThhLWMyMzgtNDMxOS1hZDQyLTg4NTc1N2MxMjQ4Zi8xL1hUZ2lPQ2lhaUFM
UFVyWjltX1N1aDZVSk04TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQALVpRAwQCLVpQMA0GCSqGSIb3
DQEBCwUAA4IBAQCKhFD94e217yfbHUlY2iAKzy0pic4OM/HK3USpoLcK3SkqSUtw
VAicgaVT38FGPy0oJQc2JbXIhepWoJhHawtPOymIl/MJ7URylCvZJobnnpA0F3is
Rhg8wZ8CSQq2ClQN9cZ3HRivUHwYjSoNOLjC9IX8wK0a/YnVXC6Phqj/lZ7dN4cF
32ByczrizAvRfJlJwWlDxwky+xMxtsDjjrvpa2F7G4c5+2PEkHxOCv7OjtuEWuyA
ytz2rik6gPlGCklVBv8R5Ns2Ov0qS1P8nKHpyg/qqIqPskqr+PuftZ0ZoP0QkzI8
GKhCZIRFK0d9K1BLWKReXR2MaqG0u/teAS4b
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:56 2024 by rpki-client on console-ams.rpki-client.org