Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/W6pPj2VBGMk_T6N7AqchWnO8Il4.roa
File:                     W6pPj2VBGMk_T6N7AqchWnO8Il4.roa (raw, json)
Hash identifier:          X7Xsp8IZtNSzYZUOFdFMeXHi/yw8yJqGLbiOfC0wLQM=
Subject key identifier:   5B:AA:4F:8F:65:41:18:C9:3F:4F:A3:7B:02:A7:21:5A:73:BC:22:5E
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       387A00C5
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/W6pPj2VBGMk_T6N7AqchWnO8Il4.roa
Signing time:             Wed 13 Apr 2022 13:50:26 +0000
ROA not before:           Wed 13 Apr 2022 13:50:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6700
IP address blocks:        217.26.64.0/20 maxlen: 20
                          195.252.110.0/24 maxlen: 24
                          195.252.109.0/24 maxlen: 24
                          195.252.122.0/23 maxlen: 23
                          195.252.64.0/19 maxlen: 19
                          195.252.78.0/23 maxlen: 23
                          195.252.76.0/23 maxlen: 23
                          195.252.80.0/23 maxlen: 23
                          195.252.96.0/19 maxlen: 19
                          195.252.102.0/24 maxlen: 24
                          213.244.224.0/20 maxlen: 20
                          194.106.165.0/24 maxlen: 24
                          194.106.166.0/24 maxlen: 24
                          194.106.162.0/24 maxlen: 24
                          194.106.160.0/20 maxlen: 20
                          194.106.170.0/24 maxlen: 24
                          194.106.176.0/20 maxlen: 20
                          194.106.182.0/24 maxlen: 24
                          62.193.131.0/24 maxlen: 24
                          62.193.129.0/24 maxlen: 24
                          62.193.130.0/24 maxlen: 24
                          62.193.128.0/19 maxlen: 19
                          62.193.137.0/24 maxlen: 24
                          62.193.151.0/24 maxlen: 24
                          91.148.117.0/24 maxlen: 24
                          91.148.118.0/24 maxlen: 24
                          91.148.124.0/24 maxlen: 24
                          91.148.125.0/24 maxlen: 24
                          91.148.123.0/24 maxlen: 24
                          91.148.122.0/24 maxlen: 24
                          91.148.120.0/23 maxlen: 23
                          85.222.160.0/24 maxlen: 24
                          85.222.160.0/21 maxlen: 21
                          85.222.166.0/23 maxlen: 23
                          91.148.69.0/24 maxlen: 24
                          91.148.70.0/24 maxlen: 24
                          91.148.68.0/24 maxlen: 24
                          91.148.64.0/18 maxlen: 18
                          91.148.72.0/24 maxlen: 24
                          91.148.73.0/24 maxlen: 24
                          91.148.80.0/20 maxlen: 20
                          91.148.96.0/21 maxlen: 21
                          91.148.105.0/24 maxlen: 24
                          91.148.104.0/24 maxlen: 24
                          185.47.210.0/24 maxlen: 24
                          185.47.208.0/22 maxlen: 22
                          185.47.208.0/24 maxlen: 24
                          178.20.206.0/24 maxlen: 24
                          62.108.96.0/19 maxlen: 19
                          178.20.205.0/24 maxlen: 24
                          178.20.200.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 947519685 (0x387a00c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Apr 13 13:50:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5baa4f8f654118c93f4fa37b02a7215a73bc225e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8d:cb:fd:56:68:b9:22:fe:b4:8a:c5:af:9c:
                    21:e1:24:d3:74:1e:b4:fa:a7:52:39:a9:a2:f5:93:
                    e0:65:b2:f1:e2:53:ba:84:5b:a1:e2:6e:b4:35:1f:
                    46:1c:92:59:f4:26:27:d1:c5:37:09:0e:40:d2:ad:
                    33:83:f7:87:34:9f:92:ab:bb:d7:7e:4a:01:10:08:
                    97:a3:34:07:84:de:a1:cb:47:64:86:8b:07:7d:35:
                    59:1f:73:7e:ee:51:17:a0:c9:93:80:6d:06:e8:75:
                    56:18:e4:15:0b:01:7e:14:56:9c:5b:19:da:1d:88:
                    f8:22:a6:d7:82:64:a9:d8:1f:52:42:a6:f2:46:50:
                    72:a7:ed:58:f3:6e:35:29:a9:df:0e:80:24:2b:ef:
                    47:82:d6:c9:95:7a:42:3d:fd:ef:2f:bd:d1:17:06:
                    8d:1c:37:d9:3d:87:ec:23:ca:58:7a:8a:3b:0b:7d:
                    8a:fd:66:cf:45:54:c2:99:e0:96:e9:f9:27:92:3c:
                    02:6f:eb:7a:02:26:69:62:8a:4d:dd:44:bb:ca:84:
                    7d:c9:9c:6b:db:41:00:82:5a:41:d0:3d:90:eb:37:
                    0e:33:9a:53:7f:45:a0:0d:31:7e:7a:f1:ab:de:5d:
                    3e:8b:55:6d:43:2b:2e:20:b7:79:29:30:4f:4c:3d:
                    a4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:AA:4F:8F:65:41:18:C9:3F:4F:A3:7B:02:A7:21:5A:73:BC:22:5E
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/W6pPj2VBGMk_T6N7AqchWnO8Il4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/21
                  91.148.64.0/18
                  178.20.200.0/24
                  178.20.205.0-178.20.207.255
                  185.47.208.0/22
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.224.0/20
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:46:e8:ac:64:65:ec:d2:d1:f1:51:92:6b:8f:cc:1a:9b:50:
         d8:3b:27:9e:d0:36:02:1c:bd:b9:98:1f:8f:04:52:86:11:92:
         94:a8:67:1c:62:d2:03:28:d5:34:b6:06:b7:10:e5:19:08:1f:
         2a:7b:e2:b6:e4:ce:b1:22:ee:2b:0e:d8:24:03:a9:ce:7a:a5:
         90:32:91:0b:b5:0e:83:b3:48:b4:60:4a:69:cc:c2:87:97:19:
         8d:dd:77:7d:22:1c:52:7c:df:06:29:6e:21:dd:05:c3:b8:3e:
         d7:2e:81:d4:f0:d8:97:98:be:14:39:75:3a:e1:c5:e6:29:e9:
         7f:f2:d4:73:1f:ff:fa:23:4d:ca:d6:ee:2d:e3:2b:c8:37:e9:
         21:3a:d8:db:08:96:a5:fa:16:3e:28:e5:52:2b:cf:9f:20:9f:
         1c:1b:3d:7b:72:b6:a3:ec:b8:56:49:98:6d:ef:62:1a:89:62:
         8c:f8:82:69:8a:f3:df:47:44:6d:4d:70:ba:34:f8:70:47:1b:
         5e:2b:f0:1f:93:b6:a1:4f:e9:7e:b8:ee:0d:a2:d2:d0:82:2b:
         2e:6c:23:d1:81:c5:d5:2a:6a:df:bb:d8:c2:bc:d1:4e:be:a1:
         56:bf:c2:05:44:32:88:fd:b2:61:ab:13:eb:81:3a:01:15:ca:
         08:f7:ef:3d
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIEOHoAxTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Mjc4YTc2OGM5MTBiYWRjZDVjNGFlZjdjMTcyYTlmMDYxNTQ3ZThjMB4XDTIyMDQx
MzEzNTAyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWJhYTRmOGY2NTQx
MThjOTNmNGZhMzdiMDJhNzIxNWE3M2JjMjI1ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALiNy/1WaLki/rSKxa+cIeEk03QetPqnUjmpovWT4GWy8eJT
uoRboeJutDUfRhySWfQmJ9HFNwkOQNKtM4P3hzSfkqu7135KARAIl6M0B4TeoctH
ZIaLB301WR9zfu5RF6DJk4BtBuh1VhjkFQsBfhRWnFsZ2h2I+CKm14JkqdgfUkKm
8kZQcqftWPNuNSmp3w6AJCvvR4LWyZV6Qj397y+90RcGjRw32T2H7CPKWHqKOwt9
iv1mz0VUwpnglun5J5I8Am/regImaWKKTd1Eu8qEfcmca9tBAIJaQdA9kOs3DjOa
U39FoA0xfnrxq95dPotVbUMrLiC3eSkwT0w9pGECAwEAAaOCAmMwggJfMB0GA1Ud
DgQWBBRbqk+PZUEYyT9Po3sCpyFac7wiXjAfBgNVHSMEGDAWgBRieKdoyRC63NXE
rvfBcqnwYVR+jDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1luaW5hTWtRdXR6VnhLNzN3WEtwOEdGVWZvdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGIvNDJkZmMwLWE3NjQtNGQ1ZC1hNjM0LTM0NTRmNDkwZmQ5Ni8x
L1c2cFBqMlZCR01rX1Q2TjdBcWNoV25POElsNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGIv
NDJkZmMwLWE3NjQtNGQ1ZC1hNjM0LTM0NTRmNDkwZmQ5Ni8xL1luaW5hTWtRdXR6
VnhLNzN3WEtwOEdGVWZvdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB5
BggrBgEFBQcBBwEB/wRqMGgwUAQCAAEwSgMEBT5sYAMEBT7BgAMEA1XeoAMEBluU
QAMEALIUyDAMAwQAshTNAwQEshTAAwQCuS/QAwQFwmqgAwQGw/xAAwQE1fTgAwQE
2RpAMBQEAgACMA4DBQAgAQjIAwUAKgIOQDANBgkqhkiG9w0BAQsFAAOCAQEAakbo
rGRl7NLR8VGSa4/MGptQ2DsnntA2Ahy9uZgfjwRShhGSlKhnHGLSAyjVNLYGtxDl
GQgfKnvituTOsSLuKw7YJAOpznqlkDKRC7UOg7NItGBKaczCh5cZjd13fSIcUnzf
BiluId0Fw7g+1y6B1PDYl5i+FDl1OuHF5inpf/LUcx//+iNNytbuLeMryDfpITrY
2wiWpfoWPijlUivPnyCfHBs9e3K2o+y4VkmYbe9iGolijPiCaYrz30dEbU1wujT4
cEcbXivwH5O2oU/pfrjuDaLS0IIrLmwj0YHF1Spq37vYwrzRTr6hVr/CBUQyiP2y
YasT64E6ARXKCPfvPQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:19 2024 by rpki-client on console-ams.rpki-client.org