Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/7sDmyM0LLlJG-6yDm4E2Xa_UWX4.roa
File:                     7sDmyM0LLlJG-6yDm4E2Xa_UWX4.roa (raw, json)
Hash identifier:          69G9pIV8hDYyV+daud+mSd69g//Q8P9ybkw25547QC4=
Subject key identifier:   EE:C0:E6:C8:CD:0B:2E:52:46:FB:AC:83:9B:81:36:5D:AF:D4:59:7E
Certificate issuer:       /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial:       018E3C991B6CD92EF25DE44E8C0BDD765053
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/7sDmyM0LLlJG-6yDm4E2Xa_UWX4.roa
Signing time:             Thu 14 Mar 2024 10:54:10 +0000
ROA not before:           Thu 14 Mar 2024 10:54:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39554
IP address blocks:        2a02:980::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3c:99:1b:6c:d9:2e:f2:5d:e4:4e:8c:0b:dd:76:50:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
        Validity
            Not Before: Mar 14 10:54:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eec0e6c8cd0b2e5246fbac839b81365dafd4597e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:88:f0:52:1c:b6:91:df:44:4a:3f:8f:88:b5:
                    81:8c:3a:14:2f:eb:60:b9:ab:d3:ad:ae:ca:01:48:
                    f3:8a:56:01:bb:a8:71:0b:a3:0f:f7:45:6c:d9:e3:
                    0d:22:f4:4a:fd:81:2d:aa:16:8e:ec:b3:1c:00:bd:
                    d8:b4:c8:15:28:7c:7b:d6:0e:da:0b:d1:78:24:e0:
                    5f:ca:55:48:f5:fb:09:3b:00:36:d7:3c:40:b8:ca:
                    8b:d1:6a:25:ff:20:d9:97:91:f4:cf:c2:f1:9f:1e:
                    aa:e5:ae:ec:f1:de:72:26:dd:86:45:f4:c6:ea:bd:
                    20:f7:9f:ef:70:56:64:59:27:58:6d:2c:96:de:e0:
                    ea:7f:22:e8:d2:d6:f9:60:8b:a6:3f:2b:c1:d3:d4:
                    90:12:c3:18:29:ca:b3:db:42:cf:34:45:54:05:b8:
                    fe:f7:62:df:3a:56:50:6a:80:19:6b:da:df:be:8a:
                    d6:29:9f:bf:0e:de:90:00:ec:f7:b5:12:8d:63:02:
                    3a:c6:e1:17:90:7c:1c:3b:ba:a3:78:e9:6d:ff:fc:
                    b2:93:53:bb:cf:d0:d1:0b:0e:b9:05:86:c4:28:71:
                    28:92:96:cc:ea:ab:91:ea:3d:ce:2c:f3:9f:0d:3f:
                    f4:2c:13:67:94:d3:63:2a:4f:0d:f7:73:be:46:85:
                    ec:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C0:E6:C8:CD:0B:2E:52:46:FB:AC:83:9B:81:36:5D:AF:D4:59:7E
            X509v3 Authority Key Identifier:
                keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/7sDmyM0LLlJG-6yDm4E2Xa_UWX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:980::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:15:d3:d1:67:28:c0:fc:c0:dc:88:b6:12:bc:0e:3a:c0:83:
         e7:07:42:3d:28:4e:04:53:24:6f:01:e0:32:7c:a7:21:1a:d7:
         19:cc:e6:7a:69:07:0d:fe:b8:d8:9a:78:93:35:54:b8:cb:11:
         d0:9e:85:0f:dd:32:32:1b:ad:91:0b:bc:45:71:df:9f:c9:c7:
         48:7e:46:77:86:6e:da:7b:01:6b:51:4e:21:25:5d:2f:28:04:
         a3:ee:d8:4c:e1:01:35:85:76:ca:4f:2c:3a:81:8e:51:9d:96:
         ea:40:f5:9a:13:66:4d:08:2b:fc:7f:86:62:ea:f5:45:c6:e5:
         23:b5:ea:2e:ab:c6:be:ad:d5:d5:08:89:96:a7:65:13:3a:a4:
         27:d3:2d:86:03:d7:85:e1:f8:c6:79:b0:c5:86:44:be:85:92:
         c8:b9:4c:0f:51:57:40:69:2d:ea:c6:f2:f7:3a:5e:5d:c8:cc:
         75:19:94:eb:51:57:26:3a:c3:5a:56:d0:90:c4:49:df:39:71:
         c7:e5:88:bc:a7:63:f3:fd:93:47:8b:0c:d4:94:0c:f7:4d:a7:
         ce:4a:50:ed:74:ed:05:78:96:89:47:76:04:df:91:f2:08:59:
         b0:c3:58:6a:54:cf:82:b8:bd:2e:b9:66:6b:f6:21:bd:95:4b:
         4c:0a:02:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY48mRts2S7yXeROjAvddlBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjQwMzE0MTA1NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWMwZTZjOGNkMGIyZTUyNDZmYmFjODM5YjgxMzY1ZGFmZDQ1OTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYjwUhy2kd9ESj+PiLWBjDoUL+tg
uavTra7KAUjzilYBu6hxC6MP90Vs2eMNIvRK/YEtqhaO7LMcAL3YtMgVKHx71g7a
C9F4JOBfylVI9fsJOwA21zxAuMqL0Wol/yDZl5H0z8Lxnx6q5a7s8d5yJt2GRfTG
6r0g95/vcFZkWSdYbSyW3uDqfyLo0tb5YIumPyvB09SQEsMYKcqz20LPNEVUBbj+
92LfOlZQaoAZa9rfvorWKZ+/Dt6QAOz3tRKNYwI6xuEXkHwcO7qjeOlt//yyk1O7
z9DRCw65BYbEKHEokpbM6quR6j3OLPOfDT/0LBNnlNNjKk8N93O+RoXsJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO7A5sjNCy5SRvusg5uBNl2v1Fl+MB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvN3NEbXlNMExMbEpHLTZ5RG00RTJYYV9VV1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIJgDAN
BgkqhkiG9w0BAQsFAAOCAQEAGBXT0WcowPzA3Ii2ErwOOsCD5wdCPShOBFMkbwHg
MnynIRrXGczmemkHDf642Jp4kzVUuMsR0J6FD90yMhutkQu8RXHfn8nHSH5Gd4Zu
2nsBa1FOISVdLygEo+7YTOEBNYV2yk8sOoGOUZ2W6kD1mhNmTQgr/H+GYur1Rcbl
I7XqLqvGvq3V1QiJlqdlEzqkJ9MthgPXheH4xnmwxYZEvoWSyLlMD1FXQGkt6sby
9zpeXcjMdRmU61FXJjrDWlbQkMRJ3zlxx+WIvKdj8/2TR4sM1JQM902nzkpQ7XTt
BXiWiUd2BN+R8ghZsMNYalTPgri9Lrlma/YhvZVLTAoC2Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:52 2024 by rpki-client on console-ams.rpki-client.org