Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e55563-ccf7-4e79-a3e9-7adbd2136ac1/1/t0DLN423zCjeVOopOoV2lYI_oEw.roa
File:                     t0DLN423zCjeVOopOoV2lYI_oEw.roa (raw, json)
Hash identifier:          GJZIdbeFoojKv7pW797NnFw9pSsRjeii5RtdU1Dqlhs=
Subject key identifier:   B7:40:CB:37:8D:B7:CC:28:DE:54:EA:29:3A:85:76:95:82:3F:A0:4C
Certificate issuer:       /CN=e39176c5a602527533c2b541406ae83f209e620c
Certificate serial:       0182D527259D26E59726C79115606589DB90
Authority key identifier: E3:91:76:C5:A6:02:52:75:33:C2:B5:41:40:6A:E8:3F:20:9E:62:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/45F2xaYCUnUzwrVBQGroPyCeYgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e55563-ccf7-4e79-a3e9-7adbd2136ac1/1/t0DLN423zCjeVOopOoV2lYI_oEw.roa
Signing time:             Thu 25 Aug 2022 13:18:08 +0000
ROA not before:           Thu 25 Aug 2022 13:18:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22773
IP address blocks:        2a12:1b40::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:d5:27:25:9d:26:e5:97:26:c7:91:15:60:65:89:db:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39176c5a602527533c2b541406ae83f209e620c
        Validity
            Not Before: Aug 25 13:18:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b740cb378db7cc28de54ea293a857695823fa04c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b8:42:7d:6c:e7:42:d5:81:ad:96:c0:3c:30:
                    9d:8e:25:fd:e0:2a:82:c7:ae:23:11:53:09:cf:d7:
                    13:19:75:7f:4a:61:b9:a9:8a:01:a6:88:6f:e3:da:
                    be:3f:9f:5c:b2:2a:27:95:ec:32:5f:69:80:93:18:
                    72:7d:ff:0f:b1:70:8e:41:34:65:7a:0c:78:73:4a:
                    7c:93:ff:35:bb:ae:64:29:45:bd:5d:43:29:2e:15:
                    76:1c:2c:73:52:1a:0d:98:2f:4b:c7:cf:2e:b7:f4:
                    ef:69:d6:b6:a0:f1:1d:07:51:39:bd:fe:ff:b0:26:
                    e0:08:26:39:7f:70:1d:9a:40:74:3f:34:fc:d5:a1:
                    a7:bb:0e:93:48:73:0a:4b:ad:dc:5a:3b:37:85:2f:
                    5d:a1:95:8d:bb:94:43:26:8b:23:15:e4:86:26:03:
                    c3:99:92:44:9c:f8:2a:1b:cf:06:8e:91:10:c7:ad:
                    13:81:3f:43:76:b7:fb:7b:ea:c2:55:a4:29:6f:e1:
                    eb:bb:c3:84:7b:26:b7:ae:9a:df:85:f6:3e:16:1c:
                    51:7f:bb:50:d2:b4:c3:6e:15:d3:72:9e:d5:c0:1b:
                    49:0d:15:ea:9c:6a:ab:eb:8a:63:45:a5:3f:f0:61:
                    a0:69:0e:f2:a6:6d:50:aa:af:cc:5a:cc:65:88:4f:
                    8f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:40:CB:37:8D:B7:CC:28:DE:54:EA:29:3A:85:76:95:82:3F:A0:4C
            X509v3 Authority Key Identifier:
                keyid:E3:91:76:C5:A6:02:52:75:33:C2:B5:41:40:6A:E8:3F:20:9E:62:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/45F2xaYCUnUzwrVBQGroPyCeYgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e55563-ccf7-4e79-a3e9-7adbd2136ac1/1/t0DLN423zCjeVOopOoV2lYI_oEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e55563-ccf7-4e79-a3e9-7adbd2136ac1/1/45F2xaYCUnUzwrVBQGroPyCeYgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:52:34:3b:46:41:03:8f:45:2f:73:fb:80:da:f9:d5:e1:c4:
         50:9c:1a:23:86:93:02:1c:00:86:12:7e:f1:8a:8e:12:86:81:
         b2:d6:92:bc:03:f8:57:0c:b5:59:d9:15:76:61:33:9d:a4:27:
         78:a7:e0:e2:63:4c:7e:8f:ec:1b:22:30:35:02:a9:50:48:a6:
         2c:7b:d3:c5:b0:f7:bd:51:3a:61:8d:8d:e5:69:41:a1:a1:9e:
         6f:62:c6:37:e0:df:82:a8:62:0b:fd:a9:3e:8f:08:ff:a6:16:
         9f:18:87:52:4c:f4:b0:69:e6:e6:f7:3d:7f:97:34:f0:3e:9b:
         80:d8:f6:4b:4d:3b:78:69:08:a5:80:a2:d9:3d:07:f4:75:ef:
         0b:dc:1f:4c:9c:3b:00:02:ab:76:5e:fd:a2:90:7e:b0:40:8a:
         1f:4e:7e:dd:4f:fb:cb:3f:83:df:ef:b1:1c:5e:69:f1:d5:dc:
         51:30:ed:e6:9c:b1:0c:6f:9b:f1:da:9d:af:39:1d:69:0a:b7:
         98:d4:b2:2f:01:e3:79:76:2e:ba:de:17:59:c6:0a:21:89:aa:
         a3:f2:60:63:06:de:46:34:2d:00:8a:5e:d4:c1:13:17:92:f0:
         a6:ad:88:01:73:d6:a1:ed:ec:fe:9b:5e:36:ca:ac:75:a9:88:
         4d:1f:c8:70
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYLVJyWdJuWXJseRFWBliduQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOTE3NmM1YTYwMjUyNzUzM2MyYjU0MTQwNmFlODNmMjA5
ZTYyMGMwHhcNMjIwODI1MTMxODA4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQwY2IzNzhkYjdjYzI4ZGU1NGVhMjkzYTg1NzY5NTgyM2ZhMDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobhCfWznQtWBrZbAPDCdjiX94CqC
x64jEVMJz9cTGXV/SmG5qYoBpohv49q+P59csionlewyX2mAkxhyff8PsXCOQTRl
egx4c0p8k/81u65kKUW9XUMpLhV2HCxzUhoNmC9Lx88ut/Tvada2oPEdB1E5vf7/
sCbgCCY5f3AdmkB0PzT81aGnuw6TSHMKS63cWjs3hS9doZWNu5RDJosjFeSGJgPD
mZJEnPgqG88GjpEQx60TgT9Ddrf7e+rCVaQpb+Hru8OEeya3rprfhfY+FhxRf7tQ
0rTDbhXTcp7VwBtJDRXqnGqr64pjRaU/8GGgaQ7ypm1Qqq/MWsxliE+P4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLdAyzeNt8wo3lTqKTqFdpWCP6BMMB8GA1UdIwQY
MBaAFOORdsWmAlJ1M8K1QUBq6D8gnmIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDVGMnhhWUNVblV6d3JWQlFHcm9QeUNlWWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lNTU1NjMtY2NmNy00ZTc5LWEzZTkt
N2FkYmQyMTM2YWMxLzEvdDBETE40MjN6Q2plVk9vcE9vVjJsWUlfb0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lNTU1NjMtY2NmNy00ZTc5LWEzZTktN2FkYmQyMTM2YWMx
LzEvNDVGMnhhWUNVblV6d3JWQlFHcm9QeUNlWWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhIbQDAN
BgkqhkiG9w0BAQsFAAOCAQEAJlI0O0ZBA49FL3P7gNr51eHEUJwaI4aTAhwAhhJ+
8YqOEoaBstaSvAP4Vwy1WdkVdmEznaQneKfg4mNMfo/sGyIwNQKpUEimLHvTxbD3
vVE6YY2N5WlBoaGeb2LGN+DfgqhiC/2pPo8I/6YWnxiHUkz0sGnm5vc9f5c08D6b
gNj2S007eGkIpYCi2T0H9HXvC9wfTJw7AAKrdl79opB+sECKH05+3U/7yz+D3++x
HF5p8dXcUTDt5pyxDG+b8dqdrzkdaQq3mNSyLwHjeXYuut4XWcYKIYmqo/JgYwbe
RjQtAIpe1METF5Lwpq2IAXPWoe3s/pteNsqsdamITR/IcA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:57 2023 by rpki-client on console-fra.rpki-client.org