Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/XJ5HmXKWy6-DrPdHzAroteuehSM.roa
File:                     XJ5HmXKWy6-DrPdHzAroteuehSM.roa (raw, json)
Hash identifier:          eml8p+dK+r+tHux3nNGDY0e2C4nUTo2WtSlbzEfmQ0E=
Subject key identifier:   5C:9E:47:99:72:96:CB:AF:83:AC:F7:47:CC:0A:E8:B5:EB:9E:85:23
Certificate issuer:       /CN=aa8093354e565ac4838a51f47d2769769c66944e
Certificate serial:       01856D53E420B1AB02F8B1124FEAA363F0FE
Authority key identifier: AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/XJ5HmXKWy6-DrPdHzAroteuehSM.roa
Signing time:             Sun 01 Jan 2023 12:34:52 +0000
ROA not before:           Sun 01 Jan 2023 12:34:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     174
IP address blocks:        2a12:b3c0::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:53:e4:20:b1:ab:02:f8:b1:12:4f:ea:a3:63:f0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa8093354e565ac4838a51f47d2769769c66944e
        Validity
            Not Before: Jan  1 12:34:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c9e47997296cbaf83acf747cc0ae8b5eb9e8523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:97:14:7d:2f:55:36:79:bb:fb:87:46:a6:f6:
                    99:5f:08:5d:ab:27:e2:e7:a0:ea:f9:0d:7a:f1:01:
                    c2:c1:0c:2e:9f:41:b7:f0:32:f0:55:55:0b:48:1f:
                    1f:e7:26:0e:b8:56:e5:13:43:ed:ee:ec:61:dc:0e:
                    ab:93:cc:e2:3f:67:07:1c:27:86:4c:62:ba:d8:6b:
                    b8:1d:93:ac:3a:8b:76:0d:ab:31:38:a1:0b:d6:06:
                    95:13:d9:9d:9e:2c:b0:7d:88:c5:67:57:a7:52:77:
                    d0:80:f1:19:c7:de:47:7e:76:96:0d:65:af:05:0a:
                    35:83:80:f0:5f:94:b6:cf:0d:bf:bd:8b:3e:77:11:
                    9b:52:dc:fb:2d:b4:58:e7:f0:05:04:ab:cb:6a:12:
                    fb:80:a9:70:ac:53:52:1f:7a:c4:e6:53:be:c8:a6:
                    13:98:92:e1:e9:82:44:b5:4c:11:88:16:6f:87:56:
                    cb:61:34:01:db:41:e0:aa:19:03:b4:57:e3:dd:bb:
                    cb:5d:d6:11:19:12:19:7a:d2:89:e2:85:df:c9:d0:
                    5d:98:f2:2c:1b:08:fa:37:19:3d:98:2f:63:69:35:
                    54:84:f7:ad:90:28:ab:43:11:d3:77:74:c0:fb:23:
                    79:1d:c5:5c:44:d9:1b:c7:e7:43:c9:15:b5:f0:8f:
                    82:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:9E:47:99:72:96:CB:AF:83:AC:F7:47:CC:0A:E8:B5:EB:9E:85:23
            X509v3 Authority Key Identifier:
                keyid:AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/XJ5HmXKWy6-DrPdHzAroteuehSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/qoCTNU5WWsSDilH0fSdpdpxmlE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:b3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:4e:8d:fd:30:71:41:2a:4c:ac:4e:4d:c0:4a:ac:4d:2a:14:
         8b:5b:69:05:5b:05:06:8e:c2:9d:41:a7:eb:5f:78:59:00:ff:
         3c:3c:10:1c:e8:6e:32:2a:cb:e9:c0:e6:a0:25:85:00:61:ba:
         10:b4:eb:2a:9c:3e:03:e2:92:bd:2a:51:8a:17:54:f9:dd:30:
         65:72:d9:b7:51:d1:93:66:48:7d:bf:a2:39:14:aa:55:a8:b9:
         ea:9c:a5:c7:17:0e:91:84:7f:6e:fe:39:30:aa:68:a6:68:b2:
         73:17:db:4c:11:35:c4:36:3f:ca:15:0c:04:8f:9f:6c:ea:cb:
         91:25:26:bd:cc:07:c8:d8:a6:4e:39:71:f8:e4:a8:e0:28:01:
         77:78:61:71:54:59:49:6d:47:53:9b:08:e2:66:25:35:34:1f:
         80:b7:b0:b4:fe:40:78:4c:85:2c:8d:60:f5:2b:4e:0d:33:b4:
         8f:da:91:d4:46:9b:4f:01:28:d8:97:94:db:88:fb:15:c2:64:
         a8:6e:bb:04:36:a1:ba:4f:7e:82:07:b6:08:cb:7b:17:96:49:
         c9:af:04:93:1e:19:87:2a:2d:6c:1d:7f:a2:b0:ce:7e:54:17:
         2d:5a:7e:15:ed:7f:af:39:ac:dd:3e:69:13:6a:38:d1:9d:92:
         e1:24:ab:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVtU+QgsasC+LEST+qjY/D+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhODA5MzM1NGU1NjVhYzQ4MzhhNTFmNDdkMjc2OTc2OWM2
Njk0NGUwHhcNMjMwMTAxMTIzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzllNDc5OTcyOTZjYmFmODNhY2Y3NDdjYzBhZThiNWViOWU4NTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJcUfS9VNnm7+4dGpvaZXwhdqyfi
56Dq+Q168QHCwQwun0G38DLwVVULSB8f5yYOuFblE0Pt7uxh3A6rk8ziP2cHHCeG
TGK62Gu4HZOsOot2DasxOKEL1gaVE9mdniywfYjFZ1enUnfQgPEZx95HfnaWDWWv
BQo1g4DwX5S2zw2/vYs+dxGbUtz7LbRY5/AFBKvLahL7gKlwrFNSH3rE5lO+yKYT
mJLh6YJEtUwRiBZvh1bLYTQB20HgqhkDtFfj3bvLXdYRGRIZetKJ4oXfydBdmPIs
Gwj6Nxk9mC9jaTVUhPetkCirQxHTd3TA+yN5HcVcRNkbx+dDyRW18I+C8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFyeR5lylsuvg6z3R8wK6LXrnoUjMB8GA1UdIwQY
MBaAFKqAkzVOVlrEg4pR9H0naXacZpROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9DVE5VNVdXc1NEaWxIMGZTZHBkcHhtbEU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lZTlkZGMtYWNkMC00ODFkLThjMGIt
Nzg4YjQ2ZTEwNDk3LzEvWEo1SG1YS1d5Ni1EclBkSHpBcm90ZXVlaFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lZTlkZGMtYWNkMC00ODFkLThjMGItNzg4YjQ2ZTEwNDk3
LzEvcW9DVE5VNVdXc1NEaWxIMGZTZHBkcHhtbEU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAgk6N/TBxQSpMrE5NwEqsTSoUi1tpBVsFBo7CnUGn
6194WQD/PDwQHOhuMirL6cDmoCWFAGG6ELTrKpw+A+KSvSpRihdU+d0wZXLZt1HR
k2ZIfb+iORSqVai56pylxxcOkYR/bv45MKpopmiycxfbTBE1xDY/yhUMBI+fbOrL
kSUmvcwHyNimTjlx+OSo4CgBd3hhcVRZSW1HU5sI4mYlNTQfgLewtP5AeEyFLI1g
9StODTO0j9qR1EabTwEo2JeU24j7FcJkqG67BDahuk9+gge2CMt7F5ZJya8Ekx4Z
hyotbB1/orDOflQXLVp+Fe1/rzms3T5pE2o40Z2S4SSrWA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:20 2024 by rpki-client on console-ams.rpki-client.org