Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/mhaBy06k_PeQy7T8hE5VOZla1Mk.roa
File:                     mhaBy06k_PeQy7T8hE5VOZla1Mk.roa (raw, json)
Hash identifier:          chh+pcamAJcWLkfZmj94AAfdrfqg4ntaKONYAYNYWRw=
Subject key identifier:   9A:16:81:CB:4E:A4:FC:F7:90:CB:B4:FC:84:4E:55:39:99:5A:D4:C9
Certificate issuer:       /CN=7ba9977d0c656ce119e6c8a1db34aa3148afa868
Certificate serial:       D35388
Authority key identifier: 7B:A9:97:7D:0C:65:6C:E1:19:E6:C8:A1:DB:34:AA:31:48:AF:A8:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6mXfQxlbOEZ5sih2zSqMUivqGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/mhaBy06k_PeQy7T8hE5VOZla1Mk.roa
Signing time:             Sat 01 Jan 2022 11:55:16 +0000
ROA not before:           Sat 01 Jan 2022 11:55:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        45.151.188.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13849480 (0xd35388)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba9977d0c656ce119e6c8a1db34aa3148afa868
        Validity
            Not Before: Jan  1 11:55:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9a1681cb4ea4fcf790cbb4fc844e5539995ad4c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:30:01:4d:0e:78:e9:cc:39:cd:56:f2:48:ee:
                    f3:3f:f0:89:f7:b9:67:c8:99:07:8d:44:8c:3b:15:
                    0a:95:47:12:f1:cc:c4:a7:ec:61:41:8a:e4:7e:7d:
                    26:72:9c:70:07:38:09:4a:af:7e:46:b6:ce:c2:c8:
                    5e:86:d5:6b:aa:f9:f8:45:78:9e:bc:82:8b:07:76:
                    9e:cd:c1:c4:d8:f2:62:7b:4b:f2:9c:28:b0:a9:aa:
                    d4:3b:de:29:79:e4:e4:dc:99:14:be:7c:5b:77:23:
                    a0:86:f0:b8:a1:1d:18:ea:40:41:f7:ec:9e:7b:07:
                    ed:63:92:f8:1e:9d:29:86:ae:6b:29:07:3a:ec:da:
                    ac:23:76:e3:67:9a:30:ac:78:04:9b:7d:3a:e2:96:
                    f4:c0:77:42:65:75:a4:55:05:74:5b:20:68:5e:e1:
                    65:66:10:76:63:54:13:fe:fa:91:55:1c:ad:32:8b:
                    b1:ff:15:b7:29:98:86:97:e1:23:8e:ab:8b:a5:95:
                    19:11:70:cf:5e:fc:9b:3b:32:7b:81:9b:b7:87:fc:
                    16:62:0d:45:b1:9f:46:1b:04:51:47:d3:02:b8:b7:
                    94:aa:c5:e7:c4:86:83:7c:c5:e4:1e:80:2b:dd:5e:
                    9a:6c:c5:20:23:2a:c8:97:1c:37:4d:b9:61:bc:3a:
                    7c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:16:81:CB:4E:A4:FC:F7:90:CB:B4:FC:84:4E:55:39:99:5A:D4:C9
            X509v3 Authority Key Identifier:
                keyid:7B:A9:97:7D:0C:65:6C:E1:19:E6:C8:A1:DB:34:AA:31:48:AF:A8:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6mXfQxlbOEZ5sih2zSqMUivqGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/mhaBy06k_PeQy7T8hE5VOZla1Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cb3a04-4442-40f9-adcf-c751a612b5c0/1/e6mXfQxlbOEZ5sih2zSqMUivqGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:68:f3:d1:a0:60:8b:e0:97:96:48:5b:e3:3a:d5:a3:a1:4e:
         95:78:e8:bc:ec:5a:26:7f:d5:a7:a8:83:bc:de:9e:f1:06:d6:
         24:40:2d:28:28:0b:53:66:2c:14:6c:3d:78:b8:20:55:9d:92:
         c6:7d:d4:1b:68:bc:a7:6e:1b:61:d7:e4:45:3e:15:dc:5f:62:
         78:66:75:4c:fb:87:e8:91:de:c8:b7:e2:35:6c:23:ac:58:c4:
         28:e6:d9:97:5d:44:86:1c:a2:f3:b9:db:83:d8:a1:89:1b:80:
         ae:22:00:c4:61:3b:76:e2:0a:1b:66:47:93:f2:6b:e5:59:38:
         c7:1c:36:0f:51:14:65:36:97:d7:82:4c:e8:a2:6b:31:d9:bf:
         0c:cd:da:b1:83:46:58:20:52:6f:21:6f:ff:65:8c:00:b2:d3:
         5e:02:ef:af:ad:6d:f7:30:cb:fd:62:a8:be:f4:7d:40:0f:d4:
         a5:c3:70:95:d5:e9:4b:22:a1:f2:56:b5:e6:2f:3e:77:e9:61:
         e1:6d:b6:be:1e:e9:91:a9:18:cc:f9:eb:c6:f6:ef:77:7b:47:
         b9:de:ff:4a:4e:65:ad:60:ae:3b:e0:74:ea:f7:bc:0a:1e:b1:
         96:13:36:93:1a:7b:58:83:60:3c:68:d2:f1:1e:3a:b1:25:05:
         87:f0:df:02
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEANNTiDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YmE5OTc3ZDBjNjU2Y2UxMTllNmM4YTFkYjM0YWEzMTQ4YWZhODY4MB4XDTIyMDEw
MTExNTUxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWExNjgxY2I0ZWE0
ZmNmNzkwY2JiNGZjODQ0ZTU1Mzk5OTVhZDRjOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI8wAU0OeOnMOc1W8kju8z/wife5Z8iZB41EjDsVCpVHEvHM
xKfsYUGK5H59JnKccAc4CUqvfka2zsLIXobVa6r5+EV4nryCiwd2ns3BxNjyYntL
8pwosKmq1DveKXnk5NyZFL58W3cjoIbwuKEdGOpAQffsnnsH7WOS+B6dKYauaykH
OuzarCN242eaMKx4BJt9OuKW9MB3QmV1pFUFdFsgaF7hZWYQdmNUE/76kVUcrTKL
sf8VtymYhpfhI46ri6WVGRFwz178mzsye4Gbt4f8FmINRbGfRhsEUUfTAri3lKrF
58SGg3zF5B6AK91emmzFICMqyJccN025Ybw6fA0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSaFoHLTqT895DLtPyETlU5mVrUyTAfBgNVHSMEGDAWgBR7qZd9DGVs4Rnm
yKHbNKoxSK+oaDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2U2bVhmUXhsYk9FWjVzaWgyelNxTVVpdnFHZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDkvY2IzYTA0LTQ0NDItNDBmOS1hZGNmLWM3NTFhNjEyYjVjMC8x
L21oYUJ5MDZrX1BlUXk3VDhoRTVWT1psYTFNay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDkv
Y2IzYTA0LTQ0NDItNDBmOS1hZGNmLWM3NTFhNjEyYjVjMC8xL2U2bVhmUXhsYk9F
WjVzaWgyelNxTVVpdnFHZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2XvDANBgkqhkiG9w0BAQsFAAOC
AQEAUWjz0aBgi+CXlkhb4zrVo6FOlXjovOxaJn/Vp6iDvN6e8QbWJEAtKCgLU2Ys
FGw9eLggVZ2Sxn3UG2i8p24bYdfkRT4V3F9ieGZ1TPuH6JHeyLfiNWwjrFjEKObZ
l11Ehhyi87nbg9ihiRuAriIAxGE7duIKG2ZHk/Jr5Vk4xxw2D1EUZTaX14JM6KJr
Mdm/DM3asYNGWCBSbyFv/2WMALLTXgLvr61t9zDL/WKovvR9QA/UpcNwldXpSyKh
8la15i8+d+lh4W22vh7pkakYzPnrxvbvd3tHud7/Sk5lrWCuO+B06ve8Ch6xlhM2
kxp7WINgPGjS8R46sSUFh/DfAg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:39 2023 by rpki-client on console-ams.rpki-client.org