Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
File:                     34352e31332e3134392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          /aJYXmycChaYAP8nUETPknnMtZH4D42r3VGCkxcOatk=
Subject key identifier:   67:E7:4E:DD:86:E4:FB:1F:D4:83:11:2A:43:17:1B:03:2A:82:11:24
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       6C5F54536F8583606A82B508BA52EDCCAD27959D
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     61317
IP address blocks:        45.13.149.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:5f:54:53:6f:85:83:60:6a:82:b5:08:ba:52:ed:cc:ad:27:95:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=67E74EDD86E4FB1FD483112A43171B032A821124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c2:3c:8b:e8:6c:20:2a:be:e1:e0:40:af:19:
                    56:84:32:ed:f1:54:47:b4:92:eb:74:b4:bd:01:bf:
                    f0:0d:be:9f:a6:8d:9d:20:57:bd:5e:47:7a:ce:c5:
                    46:3b:57:b2:25:46:ab:11:9b:c4:19:7c:70:05:15:
                    7e:7a:8f:c9:78:07:82:e8:20:6d:76:0b:12:0e:fd:
                    ff:9e:45:b7:35:c4:68:a0:cc:3b:32:7e:4f:54:67:
                    df:18:b3:3a:59:d0:e1:ef:35:38:25:f4:e0:ff:07:
                    49:53:a6:ba:71:03:0a:fa:19:7c:6b:05:0d:32:ae:
                    a0:77:5d:3e:da:5c:cc:74:d8:5a:b9:5e:c2:47:73:
                    ec:85:ed:de:c5:fb:a7:0a:77:bd:b8:3f:5a:8c:2f:
                    be:03:57:9b:7c:ec:28:a4:8c:5b:dc:ef:6a:94:34:
                    55:1a:fa:86:7d:4f:98:b1:2a:3b:18:a5:fc:83:b7:
                    98:dd:22:69:56:d1:fe:81:ae:18:d1:28:36:08:84:
                    b5:e0:1a:20:90:42:eb:4b:b7:8d:d9:31:c3:22:10:
                    3c:63:9b:a5:7b:c0:df:be:d8:d7:fc:2e:67:2b:d7:
                    f9:19:b4:22:81:fb:75:69:7c:fa:0e:80:37:a2:ac:
                    c8:eb:60:2c:32:4f:5e:f0:b3:af:88:fa:a1:53:b0:
                    33:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:E7:4E:DD:86:E4:FB:1F:D4:83:11:2A:43:17:1B:03:2A:82:11:24
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:55:7e:66:b0:51:6a:73:87:5d:53:f7:c9:11:54:2d:78:6a:
         19:58:92:8b:9f:aa:26:18:70:03:4e:e2:33:8f:1a:3e:72:79:
         5d:75:d1:42:01:23:d1:dc:f0:e0:06:a7:59:b6:c0:66:c0:13:
         19:dd:9a:a3:98:5e:f5:e6:66:70:ad:aa:42:20:ac:ba:fd:55:
         49:d2:0e:37:80:c2:60:74:30:f6:d2:fa:a9:06:ef:47:d5:84:
         e8:a1:bf:17:4b:2b:fe:7a:2d:cc:28:40:c3:36:20:30:5d:7f:
         7b:d1:76:eb:f2:80:80:ff:6a:8e:84:54:b8:b2:b7:52:1a:b7:
         eb:f2:cf:09:7e:ad:74:16:36:9c:af:2e:38:71:27:01:67:92:
         c7:0e:ae:4c:c4:d5:a4:35:ab:91:a9:3e:9e:ee:3a:dd:4f:69:
         cf:d5:e5:22:f2:26:5d:f6:00:a4:49:67:a5:75:a4:4f:4c:55:
         a2:b5:0c:65:b4:23:13:fe:78:82:02:0c:8f:a6:cd:7e:98:f8:
         7e:91:5b:5b:42:96:1e:a2:7c:20:e1:fa:3a:db:ff:4a:69:b1:
         53:d4:4a:50:92:c8:74:a3:e2:3b:3a:39:62:3a:96:73:85:f7:
         58:f3:71:a6:ee:98:71:3a:18:0d:1d:9d:32:a5:75:10:ad:81:
         d5:6c:d8:61
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbF9UU2+Fg2BqgrUIulLtzK0nlZ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKDY3RTc0RUREODZFNEZCMUZENDgzMTEyQTQzMTcxQjAzMkE4MjExMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmwjyL6GwgKr7h4ECvGVaEMu3x
VEe0kut0tL0Bv/ANvp+mjZ0gV71eR3rOxUY7V7IlRqsRm8QZfHAFFX56j8l4B4Lo
IG12CxIO/f+eRbc1xGigzDsyfk9UZ98YszpZ0OHvNTgl9OD/B0lTprpxAwr6GXxr
BQ0yrqB3XT7aXMx02Fq5XsJHc+yF7d7F+6cKd724P1qML74DV5t87CikjFvc72qU
NFUa+oZ9T5ixKjsYpfyDt5jdImlW0f6BrhjRKDYIhLXgGiCQQutLt43ZMcMiEDxj
m6V7wN++2Nf8Lmcr1/kZtCKB+3VpfPoOgDeirMjrYCwyT17ws6+I+qFTsDPrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZ+dO3Ybk+x/UgxEqQxcbAyqCESQwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzEzMzJlMzEzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0N
lTANBgkqhkiG9w0BAQsFAAOCAQEAVFV+ZrBRanOHXVP3yRFULXhqGViSi5+qJhhw
A07iM48aPnJ5XXXRQgEj0dzw4AanWbbAZsATGd2ao5he9eZmcK2qQiCsuv1VSdIO
N4DCYHQw9tL6qQbvR9WE6KG/F0sr/notzChAwzYgMF1/e9F26/KAgP9qjoRUuLK3
Uhq36/LPCX6tdBY2nK8uOHEnAWeSxw6uTMTVpDWrkak+nu463U9pz9XlIvImXfYA
pElnpXWkT0xVorUMZbQjE/54ggIMj6bNfpj4fpFbW0KWHqJ8IOH6Otv/SmmxU9RK
UJLIdKPiOzo5YjqWc4X3WPNxpu6YcToYDR2dMqV1EK2B1WzYYQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 12:41:07 2024 by rpki-client on console-fra.rpki-client.org