Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/29lUYVqn21sPHAsAAFcTz-R6Tis.roa
File:                     29lUYVqn21sPHAsAAFcTz-R6Tis.roa (raw, json)
Hash identifier:          WFI+FCfJtDsb3Q6VZ6j7UG8RDNUBXdjgf+eU8LtGuUs=
Subject key identifier:   DB:D9:54:61:5A:A7:DB:5B:0F:1C:0B:00:00:57:13:CF:E4:7A:4E:2B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0188477009DA8A3BC6EA1F5EB34835751664
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/29lUYVqn21sPHAsAAFcTz-R6Tis.roa
Signing time:             Tue 23 May 2023 07:08:24 +0000
ROA not before:           Tue 23 May 2023 07:08:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213200
IP address blocks:        84.21.173.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:47:70:09:da:8a:3b:c6:ea:1f:5e:b3:48:35:75:16:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 23 07:08:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbd954615aa7db5b0f1c0b00005713cfe47a4e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ba:6f:cc:72:d9:76:c8:13:cd:3e:2b:33:42:
                    0d:1f:44:28:5e:71:1d:07:4c:e7:f8:59:dd:fe:b8:
                    6c:73:b7:60:08:c9:12:78:c1:79:52:ff:47:b6:0b:
                    a4:3f:e3:6f:d2:29:d8:b6:6f:68:00:d7:17:23:a0:
                    da:58:82:aa:7b:18:ef:ba:5b:fb:eb:99:14:3b:9a:
                    b2:e6:26:39:07:22:b7:1e:38:7a:c7:83:89:e8:ae:
                    e3:c6:4d:98:e1:d0:dc:c5:8f:40:e8:39:1e:80:35:
                    fc:72:b9:d7:60:d9:a0:1d:38:87:83:f7:56:ca:89:
                    22:7f:c4:cb:b7:72:24:86:e7:e4:65:7e:69:9f:a3:
                    c0:d4:01:2e:6b:e4:60:54:6f:3e:30:c8:40:a3:f1:
                    88:22:6a:c5:9e:eb:dd:ab:18:d9:8f:c0:32:f0:51:
                    7c:cc:f9:71:c7:78:20:37:32:dc:ca:95:f7:4f:39:
                    69:53:8f:41:89:59:11:d3:37:fc:96:85:0b:e6:0e:
                    2a:8e:97:5a:5e:46:ec:29:dd:26:bc:ef:2e:2f:65:
                    8f:c1:41:a8:0f:ac:96:ee:d6:f1:8d:62:96:b1:55:
                    6f:48:9c:10:b4:1e:96:7e:a6:57:77:55:d2:97:76:
                    56:1b:a4:96:ad:49:a0:97:77:cc:42:2d:57:2e:b9:
                    0c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D9:54:61:5A:A7:DB:5B:0F:1C:0B:00:00:57:13:CF:E4:7A:4E:2B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/29lUYVqn21sPHAsAAFcTz-R6Tis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.173.0/24
                  87.121.59.0/24
                  93.123.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:2d:53:30:b9:ac:17:c9:3e:b1:97:49:67:dc:b8:92:88:2c:
         87:15:0b:98:67:79:b0:b3:97:4f:48:c3:1d:9e:8c:4f:58:4d:
         5a:2a:15:86:a9:48:b7:bc:7d:d1:3b:de:6d:6c:9b:5c:3d:a9:
         77:4a:ea:de:08:c6:82:28:ee:ec:25:da:16:33:a7:48:23:b4:
         b6:cb:b7:f4:99:7f:66:5b:d7:ad:15:7d:24:75:e4:b8:ad:9a:
         c9:b6:da:db:0f:50:70:75:88:e7:ce:d9:5a:b3:82:74:ee:8e:
         ec:4d:f1:24:22:9d:c3:3c:f9:69:3f:71:20:fd:32:31:09:9f:
         75:06:45:cc:06:1f:92:3e:0e:c1:98:b5:20:21:35:b9:0b:50:
         94:2c:b7:2e:6b:82:33:8c:61:4c:52:6c:b4:cf:72:e7:b5:4a:
         df:84:22:01:87:2b:ae:72:0c:ee:66:29:b7:57:d1:cd:52:d8:
         c5:b5:8a:f7:79:56:75:ef:c8:c3:f9:ea:75:1d:2d:a8:2d:ef:
         0f:09:ab:7d:5f:3b:b4:0e:23:47:86:2c:3f:da:66:6a:c3:26:
         a9:a3:5c:0d:70:96:27:16:f2:1b:46:f1:43:8f:8f:81:d2:61:
         41:fa:44:8d:57:83:3a:b3:20:5e:ef:7f:67:ce:7a:94:ec:85:
         7d:7c:42:d2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYhHcAnaijvG6h9es0g1dRZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTIzMDcwODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQ5NTQ2MTVhYTdkYjViMGYxYzBiMDAwMDU3MTNjZmU0N2E0ZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrpvzHLZdsgTzT4rM0INH0QoXnEd
B0zn+Fnd/rhsc7dgCMkSeMF5Uv9HtgukP+Nv0inYtm9oANcXI6DaWIKqexjvulv7
65kUO5qy5iY5ByK3Hjh6x4OJ6K7jxk2Y4dDcxY9A6DkegDX8crnXYNmgHTiHg/dW
yokif8TLt3IkhufkZX5pn6PA1AEua+RgVG8+MMhAo/GIImrFnuvdqxjZj8Ay8FF8
zPlxx3ggNzLcypX3TzlpU49BiVkR0zf8loUL5g4qjpdaXkbsKd0mvO8uL2WPwUGo
D6yW7tbxjWKWsVVvSJwQtB6WfqZXd1XSl3ZWG6SWrUmgl3fMQi1XLrkMlwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNvZVGFap9tbDxwLAABXE8/kek4rMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMjlsVVlWcW4yMXNQSEFzQUFGY1R6LVI2VGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVBWtAwQA
V3k7AwQAXXtVMA0GCSqGSIb3DQEBCwUAA4IBAQBeLVMwuawXyT6xl0ln3LiSiCyH
FQuYZ3mws5dPSMMdnoxPWE1aKhWGqUi3vH3RO95tbJtcPal3SureCMaCKO7sJdoW
M6dII7S2y7f0mX9mW9etFX0kdeS4rZrJttrbD1BwdYjnztlas4J07o7sTfEkIp3D
PPlpP3Eg/TIxCZ91BkXMBh+SPg7BmLUgITW5C1CULLcua4IzjGFMUmy0z3LntUrf
hCIBhyuucgzuZim3V9HNUtjFtYr3eVZ178jD+ep1HS2oLe8PCat9Xzu0DiNHhiw/
2mZqwyapo1wNcJYnFvIbRvFDj4+B0mFB+kSNV4M6syBe739nznqU7IV9fELS
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org