Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/6LZ7htEDDkXa562lNIuncXVH8fE.roa
File:                     6LZ7htEDDkXa562lNIuncXVH8fE.roa (raw, json)
Hash identifier:          TngKwUrPFfq/crSRs5yUNsgGi5rXy4NSLkGGVMcNKO0=
Subject key identifier:   E8:B6:7B:86:D1:03:0E:45:DA:E7:AD:A5:34:8B:A7:71:75:47:F1:F1
Certificate issuer:       /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial:       01856B6EAAFFC5C0B3C0CB66DBF8239547C8
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/6LZ7htEDDkXa562lNIuncXVH8fE.roa
Signing time:             Sun 01 Jan 2023 03:44:52 +0000
ROA not before:           Sun 01 Jan 2023 03:44:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39554
IP address blocks:        90.184.0.0/15 maxlen: 15
                          2a02:980::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:6e:aa:ff:c5:c0:b3:c0:cb:66:db:f8:23:95:47:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
        Validity
            Not Before: Jan  1 03:44:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e8b67b86d1030e45dae7ada5348ba7717547f1f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3c:e2:db:68:4f:c9:f1:f4:4a:f5:d9:29:8e:
                    f7:d7:fc:b6:16:f5:a1:99:cb:f9:1f:1e:b3:bd:d3:
                    9f:16:d3:b5:12:fa:6d:03:81:02:17:8a:61:55:f9:
                    e7:0c:38:79:54:fd:22:e3:d7:e3:e6:d3:71:63:c1:
                    9b:76:61:e5:fb:df:84:11:dc:cc:3e:07:a0:a9:43:
                    44:a3:14:73:9d:5c:8b:1e:79:18:89:aa:4e:52:8d:
                    ab:20:3c:1a:16:d7:62:c1:2e:54:ff:49:c0:b7:ae:
                    b3:c3:80:cd:7a:bf:a8:6c:49:75:f1:a6:4a:2c:ca:
                    82:4c:92:65:b1:a2:7b:f3:c5:ac:c3:21:99:e2:6b:
                    e9:69:6d:36:0a:f0:0d:35:bc:4d:3e:74:75:c7:65:
                    2a:00:d0:90:80:f8:24:e6:ae:b8:e4:0a:2a:fb:31:
                    9a:e8:21:0e:2e:3f:0e:f9:20:6a:96:1b:71:97:9c:
                    37:e0:cd:2a:0c:af:bc:aa:43:03:de:04:30:5d:12:
                    b2:8e:88:eb:16:81:0c:71:76:66:b1:10:5f:87:94:
                    e4:6b:55:ec:43:56:11:fc:a0:93:85:a8:d1:70:00:
                    1e:a9:78:98:9d:07:37:35:fb:e9:57:7c:d1:5d:e4:
                    44:6c:63:63:fb:6e:b2:93:c2:ad:5c:75:09:49:9d:
                    2d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:B6:7B:86:D1:03:0E:45:DA:E7:AD:A5:34:8B:A7:71:75:47:F1:F1
            X509v3 Authority Key Identifier:
                keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/6LZ7htEDDkXa562lNIuncXVH8fE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.184.0.0/15
                IPv6:
                  2a02:980::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:fe:f0:2d:9e:61:50:e2:a3:19:b8:5f:af:92:14:31:11:81:
         e2:e9:60:53:28:18:8b:5d:7e:3e:7f:51:26:f1:f2:b4:45:4b:
         99:e4:ca:2e:fa:d2:a5:8b:cd:2d:e9:95:d3:cd:98:74:6c:43:
         3b:63:5a:85:b9:b6:8c:28:ff:e4:f6:20:7f:91:29:76:1e:c1:
         22:77:23:c3:dc:9d:29:8e:bf:7c:03:47:74:7e:be:d6:d5:e2:
         c9:53:12:4b:8d:a0:9f:b9:43:ae:b3:99:3d:f1:fb:d5:70:0c:
         73:25:5f:f2:df:37:99:82:0a:63:e2:48:69:52:ba:ac:c7:27:
         ae:33:8d:9a:8f:5a:33:46:b9:27:a0:0e:2b:b6:98:81:be:18:
         42:df:f3:2b:9f:59:e1:4a:67:3e:64:da:07:f9:2a:38:3f:60:
         7d:6b:22:2a:e5:53:66:36:3c:60:50:9b:ba:2f:d8:bb:8f:f4:
         1e:e5:3a:38:3f:c6:dc:ee:83:0a:b3:27:b0:83:29:ab:4c:5c:
         3c:12:a2:49:e8:45:d7:e4:b5:2e:58:2f:56:e5:26:e1:3c:fa:
         12:f2:ef:3c:ad:05:79:a3:12:4e:77:85:ec:50:56:59:1c:54:
         e0:af:e7:8d:e4:47:f5:ff:e7:a0:e7:9f:7b:fa:cd:0b:60:10:
         70:1f:06:b4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVrbqr/xcCzwMtm2/gjlUfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjMwMTAxMDM0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGI2N2I4NmQxMDMwZTQ1ZGFlN2FkYTUzNDhiYTc3MTc1NDdmMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDzi22hPyfH0SvXZKY731/y2FvWh
mcv5Hx6zvdOfFtO1EvptA4ECF4phVfnnDDh5VP0i49fj5tNxY8GbdmHl+9+EEdzM
PgegqUNEoxRznVyLHnkYiapOUo2rIDwaFtdiwS5U/0nAt66zw4DNer+obEl18aZK
LMqCTJJlsaJ788WswyGZ4mvpaW02CvANNbxNPnR1x2UqANCQgPgk5q645Aoq+zGa
6CEOLj8O+SBqlhtxl5w34M0qDK+8qkMD3gQwXRKyjojrFoEMcXZmsRBfh5Tka1Xs
Q1YR/KCThajRcAAeqXiYnQc3NfvpV3zRXeREbGNj+26yk8KtXHUJSZ0t3QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOi2e4bRAw5F2uetpTSLp3F1R/HxMB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvNkxaN2h0RUREa1hhNTYybE5JdW5jWFZIOGZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMBWrgwDQQC
AAIwBwMFACoCCYAwDQYJKoZIhvcNAQELBQADggEBABP+8C2eYVDioxm4X6+SFDER
geLpYFMoGItdfj5/USbx8rRFS5nkyi760qWLzS3pldPNmHRsQztjWoW5towo/+T2
IH+RKXYewSJ3I8PcnSmOv3wDR3R+vtbV4slTEkuNoJ+5Q66zmT3x+9VwDHMlX/Lf
N5mCCmPiSGlSuqzHJ64zjZqPWjNGuSegDiu2mIG+GELf8yufWeFKZz5k2gf5Kjg/
YH1rIirlU2Y2PGBQm7ov2LuP9B7lOjg/xtzugwqzJ7CDKatMXDwSoknoRdfktS5Y
L1blJuE8+hLy7zytBXmjEk53hexQVlkcVOCv543kR/X/56Dnn3v6zQtgEHAfBrQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:00 2024 by rpki-client on console-fra.rpki-client.org