Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/9hAX0yE0UvVZBG_vY3xX_kVlxC0.roa
File:                     9hAX0yE0UvVZBG_vY3xX_kVlxC0.roa (raw, json)
Hash identifier:          StUmnyqXpxNGgZFWiM5xxZitj7w53mprlnM+cqgPwno=
Subject key identifier:   F6:10:17:D3:21:34:52:F5:59:04:6F:EF:63:7C:57:FE:45:65:C4:2D
Certificate issuer:       /CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
Certificate serial:       018BAB491EC1134223551A3C65F609A58C4E
Authority key identifier: CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/9hAX0yE0UvVZBG_vY3xX_kVlxC0.roa
Signing time:             Tue 07 Nov 2023 19:36:17 +0000
ROA not before:           Tue 07 Nov 2023 19:36:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25530
IP address blocks:        62.113.34.0/23 maxlen: 23
                          62.113.38.0/24 maxlen: 24
                          62.113.32.0/23 maxlen: 23
                          62.113.36.0/23 maxlen: 23
                          62.113.33.0/24 maxlen: 24
                          62.113.40.0/21 maxlen: 21
                          62.113.45.0/24 maxlen: 24
                          62.113.48.0/21 maxlen: 21
                          62.113.56.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ab:49:1e:c1:13:42:23:55:1a:3c:65:f6:09:a5:8c:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
        Validity
            Not Before: Nov  7 19:36:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f61017d3213452f559046fef637c57fe4565c42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7d:cb:ff:4f:48:09:61:fe:c6:13:29:92:5c:
                    6b:b3:3a:85:f7:50:c5:ff:35:11:5c:82:e8:af:eb:
                    27:31:d3:d3:18:52:2d:ca:b9:ee:fa:5b:ec:dc:fd:
                    aa:2c:63:ff:0f:42:40:33:6e:42:9e:ad:8a:09:2c:
                    de:4c:b3:eb:74:53:cd:75:b1:db:a6:5d:89:95:7d:
                    c1:3e:ac:05:9f:b9:cc:36:51:97:eb:bc:9a:e5:e4:
                    c3:56:89:87:2b:e2:a5:cc:1c:1f:23:b9:7f:36:e0:
                    b3:a4:71:35:27:78:69:6e:bd:9d:7c:44:50:0d:f1:
                    a1:f0:e5:ed:c6:90:25:d2:05:04:e9:a2:f9:e8:70:
                    47:de:25:ee:55:15:1a:a9:ae:ee:b8:f2:c2:b9:13:
                    bb:7e:73:b5:23:3a:44:9c:0f:cd:59:3e:48:da:db:
                    e6:33:fc:89:bb:13:ba:7f:9f:9c:91:5f:91:8d:a2:
                    8d:76:7b:08:47:62:ac:9c:fa:8f:fe:ad:3c:20:f8:
                    aa:5c:c8:2a:89:27:93:ab:65:d3:18:37:4e:23:6a:
                    13:82:66:5d:ec:0b:bb:b9:d7:8a:48:7f:b0:e4:38:
                    30:ba:e4:5c:8a:aa:87:bc:93:18:c2:9f:9e:a6:5e:
                    c3:fb:62:dc:e7:b2:d2:76:79:f5:f4:27:1f:72:ee:
                    5f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:10:17:D3:21:34:52:F5:59:04:6F:EF:63:7C:57:FE:45:65:C4:2D
            X509v3 Authority Key Identifier:
                keyid:CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/9hAX0yE0UvVZBG_vY3xX_kVlxC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.113.32.0-62.113.38.255
                  62.113.40.0-62.113.59.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:0a:17:72:29:35:37:db:6d:45:f6:d1:15:7f:74:ac:04:84:
         cc:f7:48:de:e6:4d:91:37:3a:0d:3f:f0:6a:95:4a:e7:75:29:
         08:64:00:92:be:30:d3:c9:3c:9b:9f:e9:00:36:4f:85:40:88:
         7b:ea:be:c9:d8:b1:2e:2b:66:f9:29:31:1b:d9:cc:10:32:a3:
         57:01:50:cf:fc:78:34:2d:d0:37:c1:6f:c8:6b:33:32:c4:d9:
         69:2f:46:30:55:9e:8d:74:1c:1c:16:73:a0:bf:c2:a2:61:20:
         ea:fc:35:55:40:d9:6d:12:2c:8d:fc:53:fd:43:ce:70:bf:e8:
         1f:45:c9:66:67:bd:d4:19:27:cf:87:23:cb:58:5f:32:60:ab:
         3a:ac:b9:43:74:5f:0f:0a:a5:f5:be:56:13:38:2b:ce:82:7a:
         8b:70:9c:6d:59:22:2a:97:f5:2e:54:47:87:00:52:ef:fe:86:
         8a:72:e7:42:ea:c2:18:92:0b:65:7c:70:85:d9:a6:0d:40:01:
         11:ea:ab:24:02:b3:52:28:80:98:a1:b8:13:86:bc:0b:79:d1:
         0e:76:21:b2:4c:ef:b6:2c:1e:7e:1f:63:c9:d8:63:f7:c6:67:
         b4:cc:42:70:ea:fc:0d:1a:37:38:e4:25:b0:b9:db:eb:47:07:
         56:b2:a5:76
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYurSR7BE0IjVRo8ZfYJpYxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNTYzNjA2MjRjYzFiNGM0OWRhNzJiYzMyNWY1YmI2YWI0
ZDgzMDAwHhcNMjMxMTA3MTkzNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjEwMTdkMzIxMzQ1MmY1NTkwNDZmZWY2MzdjNTdmZTQ1NjVjNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn33L/09ICWH+xhMpklxrszqF91DF
/zURXILor+snMdPTGFItyrnu+lvs3P2qLGP/D0JAM25Cnq2KCSzeTLPrdFPNdbHb
pl2JlX3BPqwFn7nMNlGX67ya5eTDVomHK+KlzBwfI7l/NuCzpHE1J3hpbr2dfERQ
DfGh8OXtxpAl0gUE6aL56HBH3iXuVRUaqa7uuPLCuRO7fnO1IzpEnA/NWT5I2tvm
M/yJuxO6f5+ckV+RjaKNdnsIR2KsnPqP/q08IPiqXMgqiSeTq2XTGDdOI2oTgmZd
7Au7udeKSH+w5DgwuuRciqqHvJMYwp+epl7D+2Lc57LSdnn19Ccfcu5foQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPYQF9MhNFL1WQRv72N8V/5FZcQtMB8GA1UdIwQY
MBaAFM5WNgYkzBtMSdpyvDJfW7arTYMAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUt
YTk4ZWYzMDA4NTgwLzEvOWhBWDB5RTBVdlZaQkdfdlkzeFhfa1ZseEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUtYTk4ZWYzMDA4NTgw
LzEvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAU+cSAD
BAA+cSYwDAMEAz5xKAMEAj5xODANBgkqhkiG9w0BAQsFAAOCAQEAWgoXcik1N9tt
RfbRFX90rASEzPdI3uZNkTc6DT/wapVK53UpCGQAkr4w08k8m5/pADZPhUCIe+q+
ydixLitm+SkxG9nMEDKjVwFQz/x4NC3QN8FvyGszMsTZaS9GMFWejXQcHBZzoL/C
omEg6vw1VUDZbRIsjfxT/UPOcL/oH0XJZme91Bknz4cjy1hfMmCrOqy5Q3RfDwql
9b5WEzgrzoJ6i3CcbVkiKpf1LlRHhwBS7/6GinLnQurCGJILZXxwhdmmDUABEeqr
JAKzUiiAmKG4E4a8C3nRDnYhskzvtiwefh9jydhj98ZntMxCcOr8DRo3OOQlsLnb
60cHVrKldg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:08 2024 by rpki-client on console-ams.rpki-client.org