Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/LD_Uc3BBbtGizjuOAffdeU_8XNg.roa
File:                     LD_Uc3BBbtGizjuOAffdeU_8XNg.roa (raw, json)
Hash identifier:          /H6XpqrrCEsXScy6zRpuVq/GGLEJXh++90NDaxsdXUs=
Subject key identifier:   2C:3F:D4:73:70:41:6E:D1:A2:CE:3B:8E:01:F7:DD:79:4F:FC:5C:D8
Certificate issuer:       /CN=b4bdc376a159d05e2af97176a3eba8360e60d176
Certificate serial:       01874D2F8BB9CFF538F2E623FA2BB285BA69
Authority key identifier: B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/LD_Uc3BBbtGizjuOAffdeU_8XNg.roa
Signing time:             Tue 04 Apr 2023 16:52:54 +0000
ROA not before:           Tue 04 Apr 2023 16:52:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50247
IP address blocks:        91.218.240.0/24 maxlen: 24
                          185.178.236.0/22 maxlen: 22
                          109.197.36.0/23 maxlen: 23
                          109.196.80.0/20 maxlen: 20
                          91.224.143.0/24 maxlen: 24
                          91.224.142.0/23 maxlen: 23
                          91.224.142.0/24 maxlen: 24
                          45.131.33.0/24 maxlen: 24
                          109.95.88.0/21 maxlen: 21
                          2a0a:7080::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4d:2f:8b:b9:cf:f5:38:f2:e6:23:fa:2b:b2:85:ba:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4bdc376a159d05e2af97176a3eba8360e60d176
        Validity
            Not Before: Apr  4 16:52:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c3fd47370416ed1a2ce3b8e01f7dd794ffc5cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:68:01:1b:df:92:b1:c7:5f:5a:0d:eb:51:c1:
                    72:81:ef:80:ed:4b:d0:22:77:60:44:7b:de:63:7b:
                    03:60:72:43:c9:10:4b:16:fa:12:2f:7a:81:20:5c:
                    73:b9:fa:d4:2e:f2:9d:91:01:a1:28:44:04:09:00:
                    56:de:7d:b6:84:6e:74:90:b0:28:ac:37:7c:19:58:
                    76:eb:fb:37:6e:55:60:05:f3:24:ec:7d:7c:7c:d0:
                    e9:65:d4:86:93:cf:2e:77:42:1a:ae:5e:c6:22:5f:
                    c2:1f:c6:08:66:ee:c5:bc:d7:e0:5e:6d:99:b9:e0:
                    25:b8:50:bd:48:88:71:23:d6:cf:5c:90:78:96:ef:
                    21:ae:f9:a4:40:b7:56:94:98:24:ad:42:59:46:f1:
                    13:52:67:95:5d:fb:a3:ba:64:c0:cb:20:db:3f:7d:
                    3c:e2:1f:fd:be:66:20:31:16:4f:cc:a2:3d:4f:bf:
                    28:33:cf:d1:84:cb:a2:ff:61:76:37:0c:cd:6a:75:
                    e5:47:72:c7:ec:21:20:a0:cf:3b:f4:ce:97:1d:51:
                    a1:0a:ef:e5:5a:b2:bd:19:02:fe:2d:4c:46:f2:89:
                    c5:e9:bc:c6:22:b1:d7:96:03:9d:10:0f:5d:47:89:
                    25:b9:2d:62:cc:75:27:cb:67:ee:55:09:80:91:65:
                    6e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:3F:D4:73:70:41:6E:D1:A2:CE:3B:8E:01:F7:DD:79:4F:FC:5C:D8
            X509v3 Authority Key Identifier:
                keyid:B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/LD_Uc3BBbtGizjuOAffdeU_8XNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.33.0/24
                  91.218.240.0/24
                  91.224.142.0/23
                  109.95.88.0/21
                  109.196.80.0/20
                  109.197.36.0/23
                  185.178.236.0/22
                IPv6:
                  2a0a:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:f2:cb:c2:03:ff:ca:dc:52:23:65:74:6d:b0:ed:a6:7b:b3:
         0d:f2:3a:eb:93:9e:73:a4:55:a4:dc:fd:10:fc:89:40:a5:97:
         05:90:0b:3b:2b:ba:83:4f:d8:6d:1f:e0:b8:55:f5:4a:21:ec:
         f8:69:d1:24:26:25:ab:4d:62:ed:9d:0f:98:f4:d8:ae:1c:a6:
         d5:c6:49:9d:87:83:28:37:e2:da:70:64:b2:7b:e2:61:73:c7:
         88:ce:52:b1:f2:ef:62:e5:e0:3d:3b:c8:f8:ce:a5:d2:60:3a:
         f6:94:c3:09:85:99:70:f0:b4:94:11:d8:3b:ee:eb:a4:ad:8f:
         71:3e:8f:3f:89:01:17:98:bd:18:94:55:3a:d6:ce:4e:b4:0b:
         5d:ee:40:10:44:48:b9:c7:92:fb:37:47:91:74:a9:f7:4b:31:
         ac:24:d5:15:07:13:fa:62:c6:41:1b:72:b6:bb:b1:d6:7a:40:
         60:e8:aa:5b:bb:d9:7b:a6:dc:e8:76:04:d4:47:49:4c:0b:9d:
         12:c4:e6:76:ae:d5:da:91:f9:43:21:2e:b2:09:30:ad:72:70:
         0a:b7:b7:44:c5:78:41:72:0c:04:d1:24:b7:37:95:77:12:e0:
         71:00:3b:66:e4:dc:5e:18:e7:66:86:cd:9f:f8:7e:67:28:ab:
         0a:9f:36:aa
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYdNL4u5z/U48uYj+iuyhbppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YmRjMzc2YTE1OWQwNWUyYWY5NzE3NmEzZWJhODM2MGU2
MGQxNzYwHhcNMjMwNDA0MTY1MjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzNmZDQ3MzcwNDE2ZWQxYTJjZTNiOGUwMWY3ZGQ3OTRmZmM1Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGgBG9+SscdfWg3rUcFyge+A7UvQ
IndgRHveY3sDYHJDyRBLFvoSL3qBIFxzufrULvKdkQGhKEQECQBW3n22hG50kLAo
rDd8GVh26/s3blVgBfMk7H18fNDpZdSGk88ud0Iarl7GIl/CH8YIZu7FvNfgXm2Z
ueAluFC9SIhxI9bPXJB4lu8hrvmkQLdWlJgkrUJZRvETUmeVXfujumTAyyDbP308
4h/9vmYgMRZPzKI9T78oM8/RhMui/2F2NwzNanXlR3LH7CEgoM879M6XHVGhCu/l
WrK9GQL+LUxG8onF6bzGIrHXlgOdEA9dR4kluS1izHUny2fuVQmAkWVuWQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFCw/1HNwQW7Ros47jgH33XlP/FzYMB8GA1UdIwQY
MBaAFLS9w3ahWdBeKvlxdqPrqDYOYNF2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUt
MjhkMDEwNjAzNTI5LzEvTERfVWMzQkJidEdpemp1T0FmZmRlVV84WE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUtMjhkMDEwNjAzNTI5
LzEvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQALYMhAwQA
W9rwAwQBW+COAwQDbV9YAwQEbcRQAwQBbcUkAwQCubLsMA0EAgACMAcDBQMqCnCA
MA0GCSqGSIb3DQEBCwUAA4IBAQAG8svCA//K3FIjZXRtsO2me7MN8jrrk55zpFWk
3P0Q/IlApZcFkAs7K7qDT9htH+C4VfVKIez4adEkJiWrTWLtnQ+Y9NiuHKbVxkmd
h4MoN+LacGSye+Jhc8eIzlKx8u9i5eA9O8j4zqXSYDr2lMMJhZlw8LSUEdg77uuk
rY9xPo8/iQEXmL0YlFU61s5OtAtd7kAQREi5x5L7N0eRdKn3SzGsJNUVBxP6YsZB
G3K2u7HWekBg6Kpbu9l7ptzodgTUR0lMC50SxOZ2rtXakflDIS6yCTCtcnAKt7dE
xXhBcgwE0SS3N5V3EuBxADtm5NxeGOdmhs2f+H5nKKsKnzaq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:16 2024 by rpki-client on console-fra.rpki-client.org