Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3134392e302f32342d3234203d3e20323132323338.roa
File:                     34352e36362e3134392e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          /OMx7MFE8UrXMyEzRJg0zSoKofUzxr5YB8gd8e+bYhk=
Subject key identifier:   79:42:91:34:10:51:41:12:A5:2A:57:CA:68:9F:4A:99:C0:DA:A4:78
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       20F54777E5551D82D1987690A4BD4B53ED34594E
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3134392e302f32342d3234203d3e20323132323338.roa
Signing time:             Thu 22 Feb 2024 17:05:14 +0000
ROA not before:           Thu 22 Feb 2024 17:00:14 +0000
ROA not after:            Thu 20 Feb 2025 17:05:14 +0000
asID:                     212238
IP address blocks:        45.66.149.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:f5:47:77:e5:55:1d:82:d1:98:76:90:a4:bd:4b:53:ed:34:59:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:14 2024 GMT
            Not After : Feb 20 17:05:14 2025 GMT
        Subject: CN=7942913410514112A52A57CA689F4A99C0DAA478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8b:45:76:5d:0b:41:ed:fc:c2:a7:ad:cd:9c:
                    1c:6b:b1:b3:53:43:3d:d8:45:37:73:af:1e:fe:f0:
                    ee:30:dc:1f:13:79:16:2b:f0:0f:f4:fd:2b:09:47:
                    7a:ed:ae:ee:a7:1c:6c:41:35:50:29:cd:19:68:b5:
                    c0:3f:44:46:23:58:67:8e:12:07:fa:a7:5a:3e:53:
                    ee:1a:e9:79:98:a2:cc:5a:b6:d9:e9:e6:34:bb:24:
                    49:12:e1:4b:57:d8:b0:7a:d2:ec:63:e0:32:b5:ff:
                    d1:57:32:11:4a:ba:4c:54:c9:b7:07:71:2c:2c:1b:
                    91:7a:52:e6:41:6a:19:1e:4c:49:7a:67:65:18:c7:
                    f8:d5:3b:62:41:f7:4d:b3:0f:18:38:95:49:d1:9c:
                    35:ed:ea:0d:56:d3:82:cd:14:ec:34:a7:ef:94:25:
                    f2:39:7a:05:0e:e4:53:dd:67:d8:5d:11:c3:9e:96:
                    34:bd:cf:25:b1:79:54:69:4c:0f:e9:d6:fa:2c:6f:
                    93:62:97:54:a2:f7:cb:26:b7:6d:64:1d:8b:a0:59:
                    64:64:c7:05:e3:4c:91:e0:94:fd:22:13:1f:bc:ef:
                    87:9b:2d:eb:17:5c:20:0a:0f:cb:55:ae:04:a0:20:
                    cb:98:c6:ac:1f:c7:26:07:e2:eb:a9:63:b9:30:84:
                    18:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:42:91:34:10:51:41:12:A5:2A:57:CA:68:9F:4A:99:C0:DA:A4:78
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3134392e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:df:29:43:ea:ea:1f:d7:e0:6b:a5:c7:d9:57:45:f1:22:25:
         ab:9a:d9:d2:78:82:aa:0f:e3:68:ca:71:c3:60:02:06:18:73:
         10:46:7c:c7:25:1a:e5:69:da:e7:ec:fe:8a:d5:f9:c8:4b:c2:
         15:af:83:c3:fe:0a:66:73:97:5d:0b:bb:06:f1:b1:06:91:3d:
         69:ce:fe:f9:0b:f9:02:48:2a:72:19:f3:a5:74:bc:b3:75:df:
         7f:20:1b:69:ee:29:d0:5f:b1:ae:d8:95:a2:68:7d:dc:95:4f:
         8c:8c:da:ed:90:8f:fc:17:ec:d6:ce:aa:6e:20:22:03:35:6e:
         41:9f:e1:d2:87:30:ca:32:83:41:f9:09:f4:ff:35:99:b2:64:
         d2:f5:d5:1f:7e:c9:61:d8:73:48:ae:aa:1e:2b:4c:3e:ee:37:
         1f:44:e1:5a:17:75:55:c9:55:d2:14:63:be:05:94:45:78:06:
         b3:26:9e:27:f6:de:76:8c:00:3f:1d:e2:b1:fa:73:27:e8:d6:
         dc:3d:8f:78:14:10:50:fd:64:b4:30:89:cb:21:1e:a7:15:c1:
         06:1d:d2:2f:6f:3c:65:2f:9a:e2:1d:28:a8:04:33:31:a8:83:
         a3:6b:70:4a:14:73:bb:14:33:1a:50:42:5b:4c:2b:89:e2:d3:
         3e:c5:a3:69
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUIPVHd+VVHYLRmHaQpL1LU+00WU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTRaFw0yNTAyMjAxNzA1MTRaMDMxMTAvBgNV
BAMTKDc5NDI5MTM0MTA1MTQxMTJBNTJBNTdDQTY4OUY0QTk5QzBEQUE0NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMi0V2XQtB7fzCp63NnBxrsbNT
Qz3YRTdzrx7+8O4w3B8TeRYr8A/0/SsJR3rtru6nHGxBNVApzRlotcA/REYjWGeO
Egf6p1o+U+4a6XmYosxattnp5jS7JEkS4UtX2LB60uxj4DK1/9FXMhFKukxUybcH
cSwsG5F6UuZBahkeTEl6Z2UYx/jVO2JB902zDxg4lUnRnDXt6g1W04LNFOw0p++U
JfI5egUO5FPdZ9hdEcOeljS9zyWxeVRpTA/p1vosb5Nil1Si98smt21kHYugWWRk
xwXjTJHglP0iEx+874ebLesXXCAKD8tVrgSgIMuYxqwfxyYH4uupY7kwhBhFAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUeUKRNBBRQRKlKlfKaJ9KmcDapHgwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzYzNjJlMzEzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzIzMzM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LUKVMA0GCSqGSIb3DQEBCwUAA4IBAQCH3ylD6uof1+BrpcfZV0XxIiWrmtnSeIKq
D+NoynHDYAIGGHMQRnzHJRrladrn7P6K1fnIS8IVr4PD/gpmc5ddC7sG8bEGkT1p
zv75C/kCSCpyGfOldLyzdd9/IBtp7inQX7Gu2JWiaH3clU+MjNrtkI/8F+zWzqpu
ICIDNW5Bn+HShzDKMoNB+Qn0/zWZsmTS9dUffslh2HNIrqoeK0w+7jcfROFaF3VV
yVXSFGO+BZRFeAazJp4n9t52jAA/HeKx+nMn6NbcPY94FBBQ/WS0MInLIR6nFcEG
HdIvbzxlL5riHSioBDMxqIOja3BKFHO7FDMaUEJbTCuJ4tM+xaNp
-----END CERTIFICATE-----
Generated at Thu Jun 6 12:41:07 2024 by rpki-client on console-fra.rpki-client.org