Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/iL6uGdEaT2Qwbu3liSJ87VvDD1Y.roa
File:                     iL6uGdEaT2Qwbu3liSJ87VvDD1Y.roa (raw, json)
Hash identifier:          irDYhCuDQj3tdRZ56RXuc8Myzma8w4n93tJSNsqWYj4=
Subject key identifier:   88:BE:AE:19:D1:1A:4F:64:30:6E:ED:E5:89:22:7C:ED:5B:C3:0F:56
Certificate issuer:       /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial:       018571D7C2ECCB71877FDEF56263226D3CF0
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/iL6uGdEaT2Qwbu3liSJ87VvDD1Y.roa
Signing time:             Mon 02 Jan 2023 09:37:23 +0000
ROA not before:           Mon 02 Jan 2023 09:37:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206065
IP address blocks:        45.140.228.0/22 maxlen: 22
                          85.198.48.0/20 maxlen: 20
                          45.156.180.0/22 maxlen: 22
                          45.156.192.0/22 maxlen: 22
                          45.156.200.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:c2:ec:cb:71:87:7f:de:f5:62:63:22:6d:3c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
        Validity
            Not Before: Jan  2 09:37:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=88beae19d11a4f64306eede589227ced5bc30f56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6f:4f:83:07:e2:f1:0a:51:b4:e8:99:82:81:
                    41:61:df:57:64:8e:06:76:8b:72:ae:8f:ef:12:9c:
                    59:27:38:45:8f:b7:3c:b8:36:86:70:fa:f7:b3:ca:
                    a5:49:5c:dd:7d:a8:04:e6:c3:d1:2b:96:f4:e2:72:
                    ed:b3:bc:e0:d4:21:e7:5f:7c:b1:9b:06:24:2f:90:
                    14:2d:9f:84:53:9b:a8:05:07:d6:06:1e:5c:e9:3e:
                    0d:62:91:0b:52:c0:ca:77:a4:30:ae:3c:2f:66:65:
                    97:af:3b:02:3f:69:d3:01:20:e5:15:56:37:cb:52:
                    0f:aa:62:a7:77:81:c6:7c:55:8f:71:0d:7d:be:46:
                    92:8a:12:91:f1:d8:03:e4:d0:9e:3a:9f:ea:7b:19:
                    eb:ca:a6:ff:c2:86:c8:a4:cb:18:e4:2a:0d:55:f6:
                    97:56:cd:58:66:d6:12:2c:30:66:72:28:a8:40:1c:
                    02:e2:09:37:2e:7e:a9:61:29:df:d1:f7:df:4a:54:
                    af:c2:8d:8b:0d:e5:fd:68:56:77:f0:de:54:a1:52:
                    88:b4:1d:55:20:26:0b:79:46:50:e9:70:ab:30:71:
                    73:35:a1:a3:c6:b8:50:ee:60:69:40:2b:3d:cb:e4:
                    92:9b:10:21:a1:5b:94:57:a5:2e:bd:ba:ff:c0:6c:
                    62:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:BE:AE:19:D1:1A:4F:64:30:6E:ED:E5:89:22:7C:ED:5B:C3:0F:56
            X509v3 Authority Key Identifier:
                keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/iL6uGdEaT2Qwbu3liSJ87VvDD1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.228.0/22
                  45.156.180.0/22
                  45.156.192.0/22
                  45.156.200.0/22
                  85.198.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         99:ee:c6:90:a7:7e:37:fc:b1:91:88:7e:9c:3b:77:08:41:6f:
         37:e6:4e:92:1c:5d:77:6b:92:f2:5e:4b:09:ca:7a:21:cb:0c:
         e4:1f:57:c6:aa:3f:20:2f:9c:23:4c:ca:c4:76:b2:18:c8:9e:
         19:ab:ae:f5:52:63:43:f7:bc:b8:7c:4f:39:46:3a:ff:e7:98:
         33:b9:17:77:04:fc:0a:0e:47:7c:c9:a6:1d:9b:f2:13:df:37:
         8d:61:f9:7c:d5:4b:98:34:68:35:03:f1:ad:ac:fe:e5:d9:0b:
         4a:08:ab:0d:79:9f:45:af:97:d4:0f:4c:f1:d6:f9:20:99:ca:
         d1:11:7a:da:b6:d9:1c:22:68:15:80:b1:a9:a5:ef:9e:33:b2:
         7c:7b:77:26:bc:72:c9:90:30:be:fb:56:b6:e0:43:ef:bc:41:
         82:a0:2e:7d:1b:87:4c:eb:9f:e1:1e:d7:ca:fb:40:f6:61:91:
         05:d2:4e:26:24:c9:ab:e9:69:64:19:94:89:9a:59:a3:fb:af:
         1a:69:75:52:4a:1f:d8:60:e5:4c:58:9c:3c:81:2d:f9:5b:58:
         e9:92:51:23:0b:27:c1:46:22:65:e5:43:8f:2e:ef:8a:0b:55:
         71:51:6f:57:cf:7c:64:87:ce:35:df:67:39:ff:98:81:e8:6d:
         3c:64:9d:e5
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVx18Lsy3GHf971YmMibTzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjMwMTAyMDkzNzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGJlYWUxOWQxMWE0ZjY0MzA2ZWVkZTU4OTIyN2NlZDViYzMwZjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjG9Pgwfi8QpRtOiZgoFBYd9XZI4G
dotyro/vEpxZJzhFj7c8uDaGcPr3s8qlSVzdfagE5sPRK5b04nLts7zg1CHnX3yx
mwYkL5AULZ+EU5uoBQfWBh5c6T4NYpELUsDKd6QwrjwvZmWXrzsCP2nTASDlFVY3
y1IPqmKnd4HGfFWPcQ19vkaSihKR8dgD5NCeOp/qexnryqb/wobIpMsY5CoNVfaX
Vs1YZtYSLDBmciioQBwC4gk3Ln6pYSnf0fffSlSvwo2LDeX9aFZ38N5UoVKItB1V
ICYLeUZQ6XCrMHFzNaGjxrhQ7mBpQCs9y+SSmxAhoVuUV6Uuvbr/wGxiWwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIi+rhnRGk9kMG7t5YkifO1bww9WMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvaUw2dUdkRWFUMlF3YnUzbGlTSjg3VnZERDFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYtMDM2NzI2OGZmODcx
LzEvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCLYzkAwQC
LZy0AwQCLZzAAwQCLZzIAwQEVcYwMA0GCSqGSIb3DQEBCwUAA4IBAQCZ7saQp343
/LGRiH6cO3cIQW835k6SHF13a5LyXksJynohywzkH1fGqj8gL5wjTMrEdrIYyJ4Z
q671UmND97y4fE85Rjr/55gzuRd3BPwKDkd8yaYdm/IT3zeNYfl81UuYNGg1A/Gt
rP7l2QtKCKsNeZ9Fr5fUD0zx1vkgmcrREXrattkcImgVgLGppe+eM7J8e3cmvHLJ
kDC++1a24EPvvEGCoC59G4dM65/hHtfK+0D2YZEF0k4mJMmr6WlkGZSJmlmj+68a
aXVSSh/YYOVMWJw8gS35W1jpklEjCyfBRiJl5UOPLu+KC1VxUW9Xz3xkh84132c5
/5iB6G08ZJ3l
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:49 2024 by rpki-client on console-ams.rpki-client.org