Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/00fe6e-1476-4288-8d15-9d4ae9d00c2e/1/93LDSGfZM0sTx_nvWJAu4KtBvxc.roa
File:                     93LDSGfZM0sTx_nvWJAu4KtBvxc.roa (raw, json)
Hash identifier:          XNGL0WqjOe9MMdPNMzxd0l7HD8L0twHUiR1ADRsrGKg=
Subject key identifier:   F7:72:C3:48:67:D9:33:4B:13:C7:F9:EF:58:90:2E:E0:AB:41:BF:17
Certificate issuer:       /CN=b6307b828ffc8515634ce97ae504f5a529cd2701
Certificate serial:       01856FC26B16A7E60F444A3CA6AAB8535A65
Authority key identifier: B6:30:7B:82:8F:FC:85:15:63:4C:E9:7A:E5:04:F5:A5:29:CD:27:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjB7go_8hRVjTOl65QT1pSnNJwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/00fe6e-1476-4288-8d15-9d4ae9d00c2e/1/93LDSGfZM0sTx_nvWJAu4KtBvxc.roa
Signing time:             Sun 01 Jan 2023 23:54:50 +0000
ROA not before:           Sun 01 Jan 2023 23:54:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        2a11:2a47::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:c2:6b:16:a7:e6:0f:44:4a:3c:a6:aa:b8:53:5a:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6307b828ffc8515634ce97ae504f5a529cd2701
        Validity
            Not Before: Jan  1 23:54:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f772c34867d9334b13c7f9ef58902ee0ab41bf17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a6:08:49:e7:db:12:3e:fc:20:ec:fd:48:d5:
                    77:0d:e2:83:d2:68:f9:75:42:b7:dd:36:84:6d:f5:
                    9b:4a:74:3d:dc:37:e5:b9:2b:ee:ca:8f:bf:91:9b:
                    3d:be:bb:f7:fe:a6:d2:70:27:09:14:56:cb:16:6a:
                    c1:c8:e0:e3:3b:7f:04:08:ec:b0:ed:ec:09:26:3e:
                    91:b9:af:3e:c3:0b:a8:83:0c:2e:d3:29:fa:d3:54:
                    d0:ff:c8:fc:ad:9b:b2:74:2a:3f:76:70:e0:6f:8e:
                    e3:a4:46:60:3c:4a:7e:7a:39:15:35:78:d7:48:85:
                    30:fb:ba:77:fa:f2:e6:15:9b:4d:5c:7e:73:0e:a2:
                    49:1d:61:65:4b:94:65:28:01:6d:f1:68:b9:2f:34:
                    42:50:3a:12:50:f7:12:e4:54:08:9f:cb:54:69:2b:
                    18:21:bb:47:97:a6:33:a8:32:f1:1c:19:d4:70:c9:
                    43:bb:c9:a6:69:78:8f:45:17:13:64:d0:0c:8b:ef:
                    4d:40:17:b2:98:e3:30:f9:7f:5c:1e:0d:81:32:3d:
                    bd:ef:c5:e7:1e:2b:e9:1e:c2:a6:06:12:cf:6b:0f:
                    29:87:ae:d6:87:bb:d5:11:4c:be:78:2e:0c:80:bb:
                    bd:5e:df:55:fb:b2:c4:b9:e1:11:5f:66:e0:99:8f:
                    a8:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:72:C3:48:67:D9:33:4B:13:C7:F9:EF:58:90:2E:E0:AB:41:BF:17
            X509v3 Authority Key Identifier:
                keyid:B6:30:7B:82:8F:FC:85:15:63:4C:E9:7A:E5:04:F5:A5:29:CD:27:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjB7go_8hRVjTOl65QT1pSnNJwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/00fe6e-1476-4288-8d15-9d4ae9d00c2e/1/93LDSGfZM0sTx_nvWJAu4KtBvxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/00fe6e-1476-4288-8d15-9d4ae9d00c2e/1/tjB7go_8hRVjTOl65QT1pSnNJwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2a47::/32

    Signature Algorithm: sha256WithRSAEncryption
         bf:d2:8d:55:57:13:48:01:9d:1f:ff:69:2a:c9:95:c0:bd:24:
         88:36:2a:a6:f1:45:e6:bb:32:d7:bc:c4:33:a7:1f:d2:44:42:
         cd:fa:36:07:97:56:04:28:d3:a9:71:4c:b8:bd:92:08:7c:c1:
         37:57:f5:17:bf:00:28:c4:bb:b6:1b:0e:9f:b5:10:96:78:59:
         86:d0:c4:d2:c2:81:b8:5c:f2:d4:3b:6d:c0:89:2e:29:64:a2:
         aa:76:54:56:8d:23:e6:63:b9:eb:88:64:49:39:24:7e:fd:c3:
         8b:a6:6f:50:da:47:b5:51:ac:fe:aa:69:ec:9e:fa:ff:e8:28:
         ef:e8:1a:27:6c:fd:38:cb:f7:f6:94:85:70:03:90:b1:c0:0a:
         bb:9b:1b:e2:da:b8:f2:64:80:48:a5:c2:92:3c:9e:21:91:ac:
         96:c6:cc:85:76:b4:a2:76:ae:0d:a2:b9:ca:04:3e:de:57:96:
         3e:0b:dc:53:e0:7a:eb:cb:a7:3a:10:dc:4c:6b:3b:c8:19:a8:
         5b:2d:2a:8b:f1:31:47:94:64:f4:1c:a9:db:7b:b3:d2:d9:37:
         b4:41:6f:08:7e:4d:97:cd:bb:73:e2:4e:34:cf:e2:ea:68:cc:
         de:74:5b:6d:7f:85:eb:9e:25:2e:89:df:f9:a4:3f:2e:bb:b9:
         cf:7e:67:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVvwmsWp+YPREo8pqq4U1plMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzA3YjgyOGZmYzg1MTU2MzRjZTk3YWU1MDRmNWE1Mjlj
ZDI3MDEwHhcNMjMwMTAxMjM1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzcyYzM0ODY3ZDkzMzRiMTNjN2Y5ZWY1ODkwMmVlMGFiNDFiZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKYISefbEj78IOz9SNV3DeKD0mj5
dUK33TaEbfWbSnQ93DfluSvuyo+/kZs9vrv3/qbScCcJFFbLFmrByODjO38ECOyw
7ewJJj6Rua8+wwuogwwu0yn601TQ/8j8rZuydCo/dnDgb47jpEZgPEp+ejkVNXjX
SIUw+7p3+vLmFZtNXH5zDqJJHWFlS5RlKAFt8Wi5LzRCUDoSUPcS5FQIn8tUaSsY
IbtHl6YzqDLxHBnUcMlDu8mmaXiPRRcTZNAMi+9NQBeymOMw+X9cHg2BMj2978Xn
HivpHsKmBhLPaw8ph67Wh7vVEUy+eC4MgLu9Xt9V+7LEueERX2bgmY+o8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPdyw0hn2TNLE8f571iQLuCrQb8XMB8GA1UdIwQY
MBaAFLYwe4KP/IUVY0zpeuUE9aUpzScBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpCN2dvXzhoUlZqVE9sNjVRVDFwU25OSndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wMGZlNmUtMTQ3Ni00Mjg4LThkMTUt
OWQ0YWU5ZDAwYzJlLzEvOTNMRFNHZlpNMHNUeF9udldKQXU0S3RCdnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wMGZlNmUtMTQ3Ni00Mjg4LThkMTUtOWQ0YWU5ZDAwYzJl
LzEvdGpCN2dvXzhoUlZqVE9sNjVRVDFwU25OSndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEqRzAN
BgkqhkiG9w0BAQsFAAOCAQEAv9KNVVcTSAGdH/9pKsmVwL0kiDYqpvFF5rsy17zE
M6cf0kRCzfo2B5dWBCjTqXFMuL2SCHzBN1f1F78AKMS7thsOn7UQlnhZhtDE0sKB
uFzy1DttwIkuKWSiqnZUVo0j5mO564hkSTkkfv3Di6ZvUNpHtVGs/qpp7J76/+go
7+gaJ2z9OMv39pSFcAOQscAKu5sb4tq48mSASKXCkjyeIZGslsbMhXa0onauDaK5
ygQ+3leWPgvcU+B668unOhDcTGs7yBmoWy0qi/ExR5Rk9Byp23uz0tk3tEFvCH5N
l827c+JONM/i6mjM3nRbbX+F654lLonf+aQ/Lru5z35nCA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:41:49 2023 by rpki-client on console-fra.rpki-client.org