Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/yhnBSf5ugTEArNKsN1836Jes6QY.roa
File:                     yhnBSf5ugTEArNKsN1836Jes6QY.roa (raw, json)
Hash identifier:          DspfMSolIGm4GlgbySQs7oxbbQIvOJFSOjjJ6+GfBBE=
Subject key identifier:   CA:19:C1:49:FE:6E:81:31:00:AC:D2:AC:37:5F:37:E8:97:AC:E9:06
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       018CC8016ABF1968E6D8A4D662564CE8425C
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/yhnBSf5ugTEArNKsN1836Jes6QY.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15879
IP address blocks:        46.255.104.0/21 maxlen: 24
                          77.245.80.0/20 maxlen: 24
                          194.105.138.0/23 maxlen: 24
                          217.115.192.0/20 maxlen: 24
                          87.250.128.0/19 maxlen: 24
                          193.189.134.0/24 maxlen: 24
                          213.130.160.0/19 maxlen: 24
                          212.204.192.0/18 maxlen: 24
                          217.149.64.0/20 maxlen: 24
                          185.55.128.0/22 maxlen: 24
                          185.28.148.0/22 maxlen: 24
                          193.91.48.0/20 maxlen: 24
                          83.219.64.0/19 maxlen: 24
                          93.188.248.0/21 maxlen: 24
                          213.133.32.0/19 maxlen: 24
                          217.148.80.0/20 maxlen: 24
                          94.247.192.0/21 maxlen: 24
                          217.194.96.0/19 maxlen: 24
                          213.197.192.0/18 maxlen: 24
                          80.246.176.0/20 maxlen: 24
                          213.206.64.0/18 maxlen: 24
                          5.226.40.0/21 maxlen: 24
                          82.201.0.0/17 maxlen: 24
                          81.24.48.0/20 maxlen: 24
                          2001:67c:1a4::/48 maxlen: 48
                          2001:9a0::/32 maxlen: 48
                          2a02:f18::/32 maxlen: 48
                          2001:898::/29 maxlen: 48
                          2a02:f30::/32 maxlen: 48
                          2001:14a0::/32 maxlen: 48
                          2001:40e0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6a:bf:19:68:e6:d8:a4:d6:62:56:4c:e8:42:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca19c149fe6e813100acd2ac375f37e897ace906
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c2:80:91:84:50:c1:35:c2:dc:09:f7:79:f1:
                    6f:33:c8:23:d9:96:89:75:98:dc:9e:e9:c9:d3:ee:
                    d0:63:8d:2a:04:63:0e:6b:67:63:1d:a3:96:aa:e9:
                    d7:dc:e6:e1:14:11:cf:a4:22:93:b0:ee:0f:9c:ed:
                    dc:29:f8:fa:2f:f2:59:bb:44:b4:f4:32:83:36:52:
                    c1:58:cb:47:18:dc:6a:f9:f2:9d:1a:bb:bb:e2:10:
                    ae:d3:76:9a:32:d7:b8:96:94:0b:f7:7c:75:d1:1a:
                    ff:ed:fc:51:cb:42:00:9a:5b:16:82:ea:19:11:4d:
                    56:0f:05:b1:30:29:33:0f:f3:a1:53:69:f3:09:69:
                    19:34:15:da:f3:78:e2:ac:9a:f5:cc:58:c9:f8:a2:
                    0b:fa:f0:f6:24:43:20:18:44:aa:a6:03:30:1d:ab:
                    ae:97:a4:ca:c9:a7:69:aa:de:92:78:15:c1:2c:ff:
                    eb:ed:69:6c:bc:09:b9:35:f8:45:ff:ab:94:b6:b7:
                    be:47:21:25:f5:39:dc:5f:1e:72:a0:e7:6e:53:7e:
                    f8:4f:9b:d7:1d:ad:0f:93:bc:97:a6:4d:ee:13:4d:
                    69:94:7f:ae:66:db:82:83:2b:e7:39:43:05:eb:5e:
                    5f:01:17:4a:fc:4c:33:ad:44:c7:95:2b:4d:8d:90:
                    d0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:19:C1:49:FE:6E:81:31:00:AC:D2:AC:37:5F:37:E8:97:AC:E9:06
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/yhnBSf5ugTEArNKsN1836Jes6QY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.40.0/21
                  46.255.104.0/21
                  77.245.80.0/20
                  80.246.176.0/20
                  81.24.48.0/20
                  82.201.0.0/17
                  83.219.64.0/19
                  87.250.128.0/19
                  93.188.248.0/21
                  94.247.192.0/21
                  185.28.148.0/22
                  185.55.128.0/22
                  193.91.48.0/20
                  193.189.134.0/24
                  194.105.138.0/23
                  212.204.192.0/18
                  213.130.160.0/19
                  213.133.32.0/19
                  213.197.192.0/18
                  213.206.64.0/18
                  217.115.192.0/20
                  217.148.80.0/20
                  217.149.64.0/20
                  217.194.96.0/19
                IPv6:
                  2001:67c:1a4::/48
                  2001:898::/29
                  2001:9a0::/32
                  2001:14a0::/32
                  2001:40e0::/32
                  2a02:f18::/32
                  2a02:f30::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:06:3e:aa:6a:db:5d:f3:ec:6b:5d:3a:1a:7a:8e:3b:fb:d3:
         22:3b:5d:22:5d:84:6d:ac:68:1b:93:b3:52:2b:10:2b:c5:02:
         d8:d8:81:fc:bc:d7:31:14:1f:1c:57:df:e8:9f:5b:47:3a:2a:
         78:19:48:d8:47:10:54:c4:aa:65:f0:4e:44:a8:ca:49:33:32:
         db:fb:80:24:5d:ab:bc:30:20:f2:a6:8c:44:80:f6:f1:9b:f5:
         4a:e9:a4:81:2a:fe:36:d2:fc:df:03:93:16:44:e2:d3:df:11:
         f4:6e:4a:91:a3:2c:80:50:e5:43:8d:76:20:fc:44:d8:80:4c:
         62:04:f1:d1:01:28:5a:6b:0f:c3:44:f4:ee:f2:d0:ac:c1:ac:
         64:3e:71:71:46:50:54:8f:bb:0d:58:a1:cf:33:3f:c0:2e:9d:
         fc:20:6e:a4:86:20:41:5d:00:d2:c0:b5:43:72:0a:5d:65:d2:
         c5:ff:db:86:24:50:a1:77:41:5f:44:05:28:21:63:6d:32:fc:
         71:95:0d:c1:b1:a2:b5:5b:71:02:78:22:ca:f6:5e:bd:e5:af:
         c4:bf:a7:44:56:1e:c1:34:40:36:95:fe:f9:89:f9:6b:f9:29:
         c1:7f:91:50:30:00:e4:f8:b2:33:90:48:3c:6a:56:e0:94:9e:
         96:d0:71:78
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgISAYzIAWq/GWjm2KTWYlZM6EJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE5YzE0OWZlNmU4MTMxMDBhY2QyYWMzNzVmMzdlODk3YWNlOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsKAkYRQwTXC3An3efFvM8gj2ZaJ
dZjcnunJ0+7QY40qBGMOa2djHaOWqunX3ObhFBHPpCKTsO4PnO3cKfj6L/JZu0S0
9DKDNlLBWMtHGNxq+fKdGru74hCu03aaMte4lpQL93x10Rr/7fxRy0IAmlsWguoZ
EU1WDwWxMCkzD/OhU2nzCWkZNBXa83jirJr1zFjJ+KIL+vD2JEMgGESqpgMwHauu
l6TKyadpqt6SeBXBLP/r7WlsvAm5NfhF/6uUtre+RyEl9TncXx5yoOduU374T5vX
Ha0Pk7yXpk3uE01plH+uZtuCgyvnOUMF615fARdK/EwzrUTHlStNjZDQIQIDAQAB
o4IC0zCCAs8wHQYDVR0OBBYEFMoZwUn+boExAKzSrDdfN+iXrOkGMB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEveWhuQlNmNXVnVEVBck5Lc04xODM2SmVzNlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHoBggrBgEFBQcBBwEB/wSB2DCB1TCBlwQCAAEwgZADBAMF
4igDBAMu/2gDBARN9VADBARQ9rADBARRGDADBAdSyQADBAVT20ADBAVX+oADBANd
vPgDBANe98ADBAK5HJQDBAK5N4ADBATBWzADBADBvYYDBAHCaYoDBAbUzMADBAXV
gqADBAXVhSADBAbVxcADBAbVzkADBATZc8ADBATZlFADBATZlUADBAXZwmAwOQQC
AAIwMwMHACABBnwBpAMFAyABCJgDBQAgAQmgAwUAIAEUoAMFACABQOADBQAqAg8Y
AwUAKgIPMDANBgkqhkiG9w0BAQsFAAOCAQEARgY+qmrbXfPsa106GnqOO/vTIjtd
Il2EbaxoG5OzUisQK8UC2NiB/LzXMRQfHFff6J9bRzoqeBlI2EcQVMSqZfBORKjK
STMy2/uAJF2rvDAg8qaMRID28Zv1SumkgSr+NtL83wOTFkTi098R9G5KkaMsgFDl
Q412IPxE2IBMYgTx0QEoWmsPw0T07vLQrMGsZD5xcUZQVI+7DVihzzM/wC6d/CBu
pIYgQV0A0sC1Q3IKXWXSxf/bhiRQoXdBX0QFKCFjbTL8cZUNwbGitVtxAngiyvZe
veWvxL+nRFYewTRANpX++Yn5a/kpwX+RUDAA5PiyM5BIPGpW4JSeltBxeA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:02 2024 by rpki-client on console-fra.rpki-client.org