Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/gS7B8Ca6jfjXCUuput9VRJL0a4w.roa
File:                     gS7B8Ca6jfjXCUuput9VRJL0a4w.roa (raw, json)
Hash identifier:          RUo+5aLM2mlR9BwSIPvvD+yooxv9XEebML7QeyYDmxA=
Subject key identifier:   81:2E:C1:F0:26:BA:8D:F8:D7:09:4B:A9:BA:DF:55:44:92:F4:6B:8C
Certificate issuer:       /CN=39019f9c0ab29b42e0db12e9ac87b327bfc55af9
Certificate serial:       01856C138BEA474597BC2886B0C5703D9266
Authority key identifier: 39:01:9F:9C:0A:B2:9B:42:E0:DB:12:E9:AC:87:B3:27:BF:C5:5A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQGfnAqym0Lg2xLprIezJ7_FWvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/gS7B8Ca6jfjXCUuput9VRJL0a4w.roa
Signing time:             Sun 01 Jan 2023 06:44:58 +0000
ROA not before:           Sun 01 Jan 2023 06:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44534
IP address blocks:        2a0e:fd87::/32 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:13:8b:ea:47:45:97:bc:28:86:b0:c5:70:3d:92:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39019f9c0ab29b42e0db12e9ac87b327bfc55af9
        Validity
            Not Before: Jan  1 06:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=812ec1f026ba8df8d7094ba9badf554492f46b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1b:65:af:17:5b:30:39:e5:e6:57:9c:2f:cc:
                    96:13:d3:a4:e8:45:a8:56:d8:ee:da:0c:3b:18:9b:
                    a7:8d:12:b6:2b:d6:1c:04:8e:5b:61:10:36:06:3e:
                    9b:c9:10:10:e9:a2:81:59:d1:97:0f:f8:34:cb:b6:
                    9e:c9:b0:2a:e3:c6:51:66:a6:b4:c0:43:1d:c4:d5:
                    57:09:bf:04:39:1b:ce:07:24:3b:3e:11:05:5b:d2:
                    bc:de:a7:e0:31:e4:6d:e0:2e:fa:bd:8e:39:94:d0:
                    a2:e3:73:61:a9:ef:ef:6e:26:af:b7:52:1b:fd:d6:
                    b9:a9:c8:62:4e:b5:b1:a0:0e:54:a9:0c:fb:9d:b7:
                    66:27:80:fa:53:27:02:ec:62:c9:23:60:45:c4:22:
                    8a:b0:e3:15:56:1a:5c:2a:22:28:a0:26:b4:96:46:
                    05:16:c7:bb:d5:0d:1d:09:5b:30:c1:10:ba:46:aa:
                    09:af:e3:50:1d:27:f7:e7:22:b3:27:13:af:cc:4e:
                    fb:c3:3a:2e:ff:14:1e:0d:ac:6d:b8:a4:d0:c9:f4:
                    5e:f9:ed:b1:ef:7a:bf:f5:58:81:14:da:6a:f3:00:
                    c5:54:81:38:4a:21:e5:17:14:28:a3:90:8d:7d:00:
                    a3:6a:7c:47:cf:0d:b7:39:68:52:a2:a9:30:b6:ee:
                    4e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:2E:C1:F0:26:BA:8D:F8:D7:09:4B:A9:BA:DF:55:44:92:F4:6B:8C
            X509v3 Authority Key Identifier:
                keyid:39:01:9F:9C:0A:B2:9B:42:E0:DB:12:E9:AC:87:B3:27:BF:C5:5A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQGfnAqym0Lg2xLprIezJ7_FWvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/gS7B8Ca6jfjXCUuput9VRJL0a4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/OQGfnAqym0Lg2xLprIezJ7_FWvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:fd87::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:5f:42:09:26:e6:e1:2f:43:b7:71:38:be:e3:fe:4a:cc:be:
         e6:6a:e7:7e:c7:8e:fe:ab:46:ac:aa:39:e5:19:f2:b2:ab:74:
         19:b6:ec:f0:db:39:dc:cb:27:ae:cb:73:17:af:62:d7:23:9d:
         e3:64:a8:51:b9:8c:51:80:ea:2d:e7:e8:2c:1a:3e:05:59:87:
         32:57:14:52:c0:6c:03:12:b4:c9:c7:6d:4f:b5:95:ae:7a:70:
         ad:31:60:78:93:9a:61:35:61:0d:d3:9c:82:a5:e7:59:50:26:
         4c:8f:16:95:7d:03:8c:55:a3:19:9d:59:9a:51:ae:d8:74:f7:
         17:95:5f:10:a2:6d:ae:bc:21:d1:bf:a4:8b:71:a2:26:c9:1b:
         51:54:35:70:fb:e3:ed:40:6e:39:01:e6:a4:7d:f4:f1:d6:8d:
         97:4d:ec:8f:f2:11:10:20:f6:bd:d6:2c:37:5e:29:ac:52:b9:
         73:25:85:72:3f:8b:dc:af:be:4c:46:6d:84:af:8e:dd:fc:30:
         48:91:cd:6a:04:58:5b:8e:3a:c6:a5:24:5f:c2:91:85:b3:43:
         16:4e:f3:03:29:81:68:8b:6a:98:d9:a5:dd:19:8a:3e:15:e9:
         93:00:27:0f:35:7b:1b:bc:59:17:4b:6a:37:60:c5:7a:ec:7e:
         cc:a8:c9:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVsE4vqR0WXvCiGsMVwPZJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDE5ZjljMGFiMjliNDJlMGRiMTJlOWFjODdiMzI3YmZj
NTVhZjkwHhcNMjMwMTAxMDY0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTJlYzFmMDI2YmE4ZGY4ZDcwOTRiYTliYWRmNTU0NDkyZjQ2YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBtlrxdbMDnl5lecL8yWE9Ok6EWo
Vtju2gw7GJunjRK2K9YcBI5bYRA2Bj6byRAQ6aKBWdGXD/g0y7aeybAq48ZRZqa0
wEMdxNVXCb8EORvOByQ7PhEFW9K83qfgMeRt4C76vY45lNCi43Nhqe/vbiavt1Ib
/da5qchiTrWxoA5UqQz7nbdmJ4D6UycC7GLJI2BFxCKKsOMVVhpcKiIooCa0lkYF
Fse71Q0dCVswwRC6RqoJr+NQHSf35yKzJxOvzE77wzou/xQeDaxtuKTQyfRe+e2x
73q/9ViBFNpq8wDFVIE4SiHlFxQoo5CNfQCjanxHzw23OWhSoqkwtu5OaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIEuwfAmuo341wlLqbrfVUSS9GuMMB8GA1UdIwQY
MBaAFDkBn5wKsptC4NsS6ayHsye/xVr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FHZm5BcXltMExnMnhMcHJJZXpKN19GV3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80MzBjODEtZWU0Yi00ZTg4LWEzNmYt
Nzg4ZjVhNTgwNDRmLzEvZ1M3QjhDYTZqZmpYQ1V1cHV0OVZSSkwwYTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80MzBjODEtZWU0Yi00ZTg4LWEzNmYtNzg4ZjVhNTgwNDRm
LzEvT1FHZm5BcXltMExnMnhMcHJJZXpKN19GV3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg79hzAN
BgkqhkiG9w0BAQsFAAOCAQEAgl9CCSbm4S9Dt3E4vuP+Ssy+5mrnfseO/qtGrKo5
5Rnysqt0Gbbs8Ns53MsnrstzF69i1yOd42SoUbmMUYDqLefoLBo+BVmHMlcUUsBs
AxK0ycdtT7WVrnpwrTFgeJOaYTVhDdOcgqXnWVAmTI8WlX0DjFWjGZ1ZmlGu2HT3
F5VfEKJtrrwh0b+ki3GiJskbUVQ1cPvj7UBuOQHmpH308daNl03sj/IRECD2vdYs
N14prFK5cyWFcj+L3K++TEZthK+O3fwwSJHNagRYW446xqUkX8KRhbNDFk7zAymB
aItqmNml3RmKPhXpkwAnDzV7G7xZF0tqN2DFeux+zKjJeg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:35:20 2025 by rpki-client