Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/VRrYqDGKeVT6xE81peaCpqfLEWw.roa
File:                     VRrYqDGKeVT6xE81peaCpqfLEWw.roa (raw, json)
Hash identifier:          RxHJsSTevuIfh6vcQXY8VkfN6Xd/KGGl51VCy8DzBPk=
Subject key identifier:   55:1A:D8:A8:31:8A:79:54:FA:C4:4F:35:A5:E6:82:A6:A7:CB:11:6C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018EE608E8487F05B47CFFF866B79023C3B8
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/VRrYqDGKeVT6xE81peaCpqfLEWw.roa
Signing time:             Tue 16 Apr 2024 08:32:07 +0000
ROA not before:           Tue 16 Apr 2024 08:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216213
IP address blocks:        2a13:e0c0::/29 maxlen: 29
                          2a14:17c0::/29 maxlen: 29
                          2a14:1840::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:08:e8:48:7f:05:b4:7c:ff:f8:66:b7:90:23:c3:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 16 08:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=551ad8a8318a7954fac44f35a5e682a6a7cb116c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:03:15:e9:50:77:e7:6c:14:ea:91:a4:9e:b4:
                    43:3a:bb:b3:69:a7:d2:07:68:3d:d5:4d:fd:2b:f1:
                    7c:8f:9f:d7:05:6c:42:77:78:c0:8c:9f:7f:96:f3:
                    bc:8b:84:60:61:a3:13:c3:96:4f:f2:7e:7b:ad:97:
                    62:a3:c2:9f:d6:53:30:f3:12:eb:89:c5:31:36:41:
                    7e:70:05:d9:42:6b:78:22:c9:90:80:b1:cc:55:d9:
                    80:a7:7e:a5:8c:a4:8e:9a:0a:9f:1a:d7:b5:92:91:
                    1a:bf:4e:ed:a5:d4:a3:f5:be:53:c8:91:46:d2:64:
                    6d:05:be:52:93:a0:24:52:1d:15:d1:b1:49:78:d5:
                    2a:65:07:9c:c6:3f:ae:56:68:83:ea:1a:01:97:b0:
                    d2:ab:b1:ea:79:82:f5:48:41:27:d7:bf:04:4a:37:
                    3e:6d:e2:7b:d4:30:19:ce:61:af:12:73:6a:50:0e:
                    af:a3:e4:38:3f:5e:3b:6b:7b:32:be:3b:a8:b8:00:
                    5f:d1:4e:57:80:15:ea:68:f9:c2:90:1a:57:3c:03:
                    6b:c7:2b:38:c3:0e:1f:aa:b3:32:00:a5:70:11:0c:
                    68:4a:ae:db:a3:bb:4a:bf:49:02:a1:74:49:40:07:
                    cb:86:84:28:12:8c:3b:df:a2:71:00:6c:e1:c3:9e:
                    e7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:1A:D8:A8:31:8A:79:54:FA:C4:4F:35:A5:E6:82:A6:A7:CB:11:6C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/VRrYqDGKeVT6xE81peaCpqfLEWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e0c0::/29
                  2a14:17c0::/29
                  2a14:1840::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:bb:54:15:2d:ae:ad:01:35:92:49:8e:27:00:27:5e:b5:1d:
         ff:75:4b:d3:ce:2e:37:68:de:89:c3:8f:df:68:f6:0e:ec:f0:
         1e:77:b6:40:56:de:c5:10:2e:eb:39:c0:e4:e5:8e:ce:4d:f5:
         a0:a0:0b:13:a6:d8:14:e8:ea:3f:4c:a2:f9:8c:8b:cf:60:95:
         3d:6d:15:54:f5:8d:29:f7:03:be:45:3f:81:ed:92:f3:99:f8:
         3e:f8:c0:97:a0:29:b6:05:ab:ea:f3:e4:52:d2:4d:01:d8:f8:
         3f:c3:d2:0d:a3:c6:2a:90:15:23:2d:0c:1b:98:06:51:98:03:
         3b:a0:7b:05:06:71:72:c6:0f:0c:d9:27:1a:b7:36:37:6f:cb:
         d3:f9:73:31:78:ef:0d:89:39:59:70:b4:d6:c1:01:2f:6a:11:
         2b:e5:17:8a:5c:cb:f1:a0:81:77:95:b9:62:56:19:ad:8c:57:
         a3:9c:43:ba:1d:f4:b3:bb:03:68:a9:89:7b:f9:1b:14:b2:cc:
         55:11:38:2b:3a:38:d0:ed:60:a8:69:aa:50:76:77:ce:d1:1a:
         72:05:2d:d3:5c:9f:3a:70:4e:db:77:d8:f0:1d:2c:5e:66:46:
         96:10:23:f8:49:f9:ec:72:8a:d1:67:3f:76:cd:13:a3:1b:70:
         cb:b4:77:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7mCOhIfwW0fP/4ZreQI8O4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDE2MDgzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTFhZDhhODMxOGE3OTU0ZmFjNDRmMzVhNWU2ODJhNmE3Y2IxMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQMV6VB352wU6pGknrRDOruzaafS
B2g91U39K/F8j5/XBWxCd3jAjJ9/lvO8i4RgYaMTw5ZP8n57rZdio8Kf1lMw8xLr
icUxNkF+cAXZQmt4IsmQgLHMVdmAp36ljKSOmgqfGte1kpEav07tpdSj9b5TyJFG
0mRtBb5Sk6AkUh0V0bFJeNUqZQecxj+uVmiD6hoBl7DSq7HqeYL1SEEn178ESjc+
beJ71DAZzmGvEnNqUA6vo+Q4P147a3syvjuouABf0U5XgBXqaPnCkBpXPANrxys4
ww4fqrMyAKVwEQxoSq7bo7tKv0kCoXRJQAfLhoQoEow736JxAGzhw57nkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFUa2KgxinlU+sRPNaXmgqanyxFsMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVlJyWXFER0tlVlQ2eEU4MXBlYUNwcWZMRVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhPgwAMF
AyoUF8ADBQMqFBhAMA0GCSqGSIb3DQEBCwUAA4IBAQAqu1QVLa6tATWSSY4nACde
tR3/dUvTzi43aN6Jw4/faPYO7PAed7ZAVt7FEC7rOcDk5Y7OTfWgoAsTptgU6Oo/
TKL5jIvPYJU9bRVU9Y0p9wO+RT+B7ZLzmfg++MCXoCm2Bavq8+RS0k0B2Pg/w9IN
o8YqkBUjLQwbmAZRmAM7oHsFBnFyxg8M2ScatzY3b8vT+XMxeO8NiTlZcLTWwQEv
ahEr5ReKXMvxoIF3lbliVhmtjFejnEO6HfSzuwNoqYl7+RsUssxVETgrOjjQ7WCo
aapQdnfO0RpyBS3TXJ86cE7bd9jwHSxeZkaWECP4SfnscorRZz92zROjG3DLtHcf
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:19 2024 by rpki-client on console-ams.rpki-client.org