Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/0tRhXxqfYVi5YzCn-tIep5IwkdU.roa
File:                     0tRhXxqfYVi5YzCn-tIep5IwkdU.roa (raw, json)
Hash identifier:          BtnA6bzaVZhpgCOc2nE09ARnsmmH8TLelxpx/w1sMyY=
Subject key identifier:   D2:D4:61:5F:1A:9F:61:58:B9:63:30:A7:FA:D2:1E:A7:92:30:91:D5
Certificate issuer:       /CN=7ba9977d0c656ce119e6c8a1db34aa3148afa868
Certificate serial:       D37FB8
Authority key identifier: 7B:A9:97:7D:0C:65:6C:E1:19:E6:C8:A1:DB:34:AA:31:48:AF:A8:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6mXfQxlbOEZ5sih2zSqMUivqGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/0tRhXxqfYVi5YzCn-tIep5IwkdU.roa
Signing time:             Sat 01 Jan 2022 11:55:16 +0000
ROA not before:           Sat 01 Jan 2022 11:55:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        45.151.188.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13860792 (0xd37fb8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba9977d0c656ce119e6c8a1db34aa3148afa868
        Validity
            Not Before: Jan  1 11:55:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d2d4615f1a9f6158b96330a7fad21ea7923091d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:92:40:18:bf:be:a9:35:04:41:4e:b6:ac:28:
                    e4:e7:66:7b:9c:30:1c:c8:ca:5e:11:b3:92:eb:3c:
                    02:4d:ae:b3:ee:33:b1:30:2b:92:93:82:e4:1f:e0:
                    a2:71:ce:8f:73:43:bb:d9:e9:dc:4c:58:10:ba:58:
                    3f:5e:a8:8d:2d:de:a4:cd:af:33:22:4f:57:60:4c:
                    09:e4:08:12:ed:35:2a:2e:57:6b:d1:cb:ec:77:77:
                    13:8f:e2:48:43:49:f2:4d:7e:82:4c:92:4f:b8:52:
                    87:91:1e:8f:1f:57:0e:fb:fa:b5:96:b1:b6:ef:f6:
                    5e:3c:7b:70:75:b3:e4:a0:a4:4f:72:09:e7:fe:b9:
                    81:d8:6a:d8:66:06:ae:89:4e:a0:a8:1f:fa:7c:9d:
                    38:22:3c:3b:e9:77:24:b1:29:b2:4a:3a:84:36:a7:
                    5e:0d:1b:8f:0f:fa:47:c7:5f:36:bd:bd:3f:31:34:
                    1b:e8:37:78:e1:23:5f:3e:db:71:23:4a:7f:8c:58:
                    74:0b:68:31:0b:a4:d8:17:a6:64:1b:ea:48:e7:16:
                    d8:db:2f:0f:05:97:7e:98:67:cc:b6:73:0c:13:df:
                    46:a4:af:44:ff:e9:2d:fb:72:0b:38:d6:74:12:99:
                    3d:31:c7:a4:a6:af:72:be:6e:ec:9f:3b:a8:a3:90:
                    9a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D4:61:5F:1A:9F:61:58:B9:63:30:A7:FA:D2:1E:A7:92:30:91:D5
            X509v3 Authority Key Identifier:
                keyid:7B:A9:97:7D:0C:65:6C:E1:19:E6:C8:A1:DB:34:AA:31:48:AF:A8:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6mXfQxlbOEZ5sih2zSqMUivqGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/0tRhXxqfYVi5YzCn-tIep5IwkdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/e6mXfQxlbOEZ5sih2zSqMUivqGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:25:f8:28:32:38:9e:6d:51:11:a6:78:e2:f2:fa:73:15:34:
         07:12:28:67:31:96:99:38:c5:40:6b:58:6e:69:d5:e0:16:15:
         32:a6:a1:b1:ee:f1:d1:e5:46:e4:04:a2:2a:61:b0:d6:b7:5d:
         a5:2c:7f:d6:31:d0:2c:36:05:09:99:a1:bd:a1:2f:58:2b:89:
         50:0f:43:72:32:bf:7a:74:17:a8:cd:6f:b5:6c:1a:49:0d:0f:
         98:e5:d7:19:8c:a4:a7:5d:fa:00:39:2d:b0:0f:79:c0:dd:68:
         e9:a0:00:49:33:cb:e3:93:fd:c1:fb:c3:85:9e:59:05:2d:71:
         6e:8e:f6:54:06:f5:9d:56:6f:ad:e7:a2:f9:c7:b6:1d:39:61:
         9b:ba:4a:21:e2:5f:19:1c:88:f3:d8:fe:1f:84:12:61:fd:6e:
         d2:10:94:db:03:b4:0c:f9:bf:33:71:03:26:e4:24:63:b2:37:
         00:70:7f:91:22:ff:cf:43:b3:a8:d7:8c:d7:9a:f8:03:f1:86:
         1d:3c:f8:94:9a:28:52:d3:1f:74:05:ef:b6:da:fd:26:54:f0:
         59:be:2e:c4:e0:65:7e:fe:72:a2:d6:9e:df:96:ec:ba:a7:b5:
         88:a2:ce:7f:1a:fa:91:fe:84:a7:64:b7:d6:e3:97:03:f0:0a:
         06:fc:01:ee
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEANN/uDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YmE5OTc3ZDBjNjU2Y2UxMTllNmM4YTFkYjM0YWEzMTQ4YWZhODY4MB4XDTIyMDEw
MTExNTUxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDJkNDYxNWYxYTlm
NjE1OGI5NjMzMGE3ZmFkMjFlYTc5MjMwOTFkNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI+SQBi/vqk1BEFOtqwo5Odme5wwHMjKXhGzkus8Ak2us+4z
sTArkpOC5B/gonHOj3NDu9np3ExYELpYP16ojS3epM2vMyJPV2BMCeQIEu01Ki5X
a9HL7Hd3E4/iSENJ8k1+gkyST7hSh5Eejx9XDvv6tZaxtu/2Xjx7cHWz5KCkT3IJ
5/65gdhq2GYGrolOoKgf+nydOCI8O+l3JLEpsko6hDanXg0bjw/6R8dfNr29PzE0
G+g3eOEjXz7bcSNKf4xYdAtoMQuk2BemZBvqSOcW2NsvDwWXfphnzLZzDBPfRqSv
RP/pLftyCzjWdBKZPTHHpKavcr5u7J87qKOQmqcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTS1GFfGp9hWLljMKf60h6nkjCR1TAfBgNVHSMEGDAWgBR7qZd9DGVs4Rnm
yKHbNKoxSK+oaDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2U2bVhmUXhsYk9FWjVzaWgyelNxTVVpdnFHZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDkvY2IzYTA0LTQ0NDItNDBmOS1hZGNmLWM3NTFhNjEyYjVjMC8x
LzB0UmhYeHFmWVZpNVl6Q24tdEllcDVJd2tkVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDkv
Y2IzYTA0LTQ0NDItNDBmOS1hZGNmLWM3NTFhNjEyYjVjMC8xL2U2bVhmUXhsYk9F
WjVzaWgyelNxTVVpdnFHZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2XvDANBgkqhkiG9w0BAQsFAAOC
AQEAXCX4KDI4nm1REaZ44vL6cxU0BxIoZzGWmTjFQGtYbmnV4BYVMqahse7x0eVG
5ASiKmGw1rddpSx/1jHQLDYFCZmhvaEvWCuJUA9DcjK/enQXqM1vtWwaSQ0PmOXX
GYykp136ADktsA95wN1o6aAASTPL45P9wfvDhZ5ZBS1xbo72VAb1nVZvreei+ce2
HTlhm7pKIeJfGRyI89j+H4QSYf1u0hCU2wO0DPm/M3EDJuQkY7I3AHB/kSL/z0Oz
qNeM15r4A/GGHTz4lJooUtMfdAXvttr9JlTwWb4uxOBlfv5yotae35bsuqe1iKLO
fxr6kf6Ep2S31uOXA/AKBvwB7g==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:39 2023 by rpki-client on console-ams.rpki-client.org