Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/FbhMEDFwHxlZ757lR3rb5ooMPEw.roa
File:                     FbhMEDFwHxlZ757lR3rb5ooMPEw.roa (raw, json)
Hash identifier:          sNptggxvoJVwB6ASLMHEucCNjkoe6DWWcK0BcDPrt0k=
Subject key identifier:   15:B8:4C:10:31:70:1F:19:59:EF:9E:E5:47:7A:DB:E6:8A:0C:3C:4C
Certificate issuer:       /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial:       018CC64B2A51BF540C085918A94B3DEC168F
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/FbhMEDFwHxlZ757lR3rb5ooMPEw.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202118
IP address blocks:        2a12:f8c1:20::/44 maxlen: 44

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2a:51:bf:54:0c:08:59:18:a9:4b:3d:ec:16:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15b84c1031701f1959ef9ee5477adbe68a0c3c4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:73:eb:6f:2b:22:e4:8a:53:ba:72:a1:e2:ea:
                    4d:44:55:f4:4f:fc:ff:e5:69:62:66:df:c0:0a:fd:
                    8b:55:ca:f7:8c:38:98:46:b4:7e:55:01:27:72:1e:
                    d8:a6:3c:46:eb:ef:c0:30:ee:8f:c8:61:bd:c0:82:
                    ec:01:32:a8:6f:c8:2f:c2:e7:5b:c6:11:28:57:5b:
                    b7:5b:08:f4:29:33:fa:16:3c:e2:ea:29:61:ed:9e:
                    89:5c:7b:e3:a0:2a:6b:11:d8:a6:ad:cf:0e:c8:83:
                    d7:ba:18:e4:94:c4:85:88:11:16:7d:b1:58:fb:5c:
                    2d:a7:da:87:31:33:48:5b:e2:ca:1f:a1:92:63:c2:
                    53:09:23:3f:7b:3a:b3:ac:7c:0b:9d:4e:ab:4e:2f:
                    e2:b3:b3:73:bd:0c:b9:3c:1d:2a:64:89:04:3b:58:
                    35:50:32:06:91:3d:a5:8c:27:15:a2:b9:ed:7f:b7:
                    0c:fd:d0:b4:8e:9e:ab:38:a0:69:25:e1:25:f8:ff:
                    ff:9c:b6:23:59:69:23:b3:24:46:2c:07:1e:27:06:
                    75:0c:1c:2f:1f:2d:e1:30:d7:b1:4a:8b:2a:f0:e8:
                    69:a9:5b:04:a0:8f:d5:3f:82:07:6d:96:9e:c8:41:
                    f2:f0:22:7c:9e:45:de:c9:c6:ac:7a:f8:3d:e0:a4:
                    ec:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B8:4C:10:31:70:1F:19:59:EF:9E:E5:47:7A:DB:E6:8A:0C:3C:4C
            X509v3 Authority Key Identifier:
                keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/FbhMEDFwHxlZ757lR3rb5ooMPEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c1:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         40:bb:44:c8:dc:28:d6:50:11:a2:77:74:93:a1:2c:bd:ed:df:
         55:13:d1:a9:bc:0f:62:da:a1:bc:da:9c:17:b0:0b:9a:cc:84:
         72:8e:0e:17:57:15:1c:10:4a:55:35:a7:8b:1d:f3:7e:98:79:
         9c:12:d8:9d:bc:8e:00:8c:50:72:4a:f5:5d:fc:5d:fe:80:5e:
         c1:51:1b:b7:93:08:e7:d6:7d:99:7f:0d:e4:6a:68:a3:0c:b2:
         0a:d6:59:17:c2:45:fd:a3:6a:33:65:f7:d4:63:04:92:7e:31:
         97:47:23:01:8e:73:18:93:6c:5d:3d:db:99:96:e7:a0:d2:9f:
         b9:12:21:64:d4:b4:40:32:12:6e:66:ef:cb:a2:60:56:c7:ee:
         53:29:a4:f6:6a:5b:00:00:20:cc:06:53:1d:3e:e5:14:bc:5a:
         9e:f4:d0:20:81:55:70:3a:9c:9e:98:cc:5b:39:65:dc:34:25:
         51:82:31:fe:8c:47:bc:65:d6:20:24:cf:d2:ac:7a:ee:b0:bc:
         03:cd:c4:d3:33:b5:22:87:e8:50:c5:88:8c:36:c9:2c:93:8c:
         90:84:df:0f:1c:71:c3:7f:4e:a8:0a:1f:df:aa:6a:c5:80:62:
         33:e4:b3:8b:bf:be:a3:1e:e6:80:4a:b9:4b:5a:c7:e1:82:2a:
         ef:17:62:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSypRv1QMCFkYqUs97BaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWI4NGMxMDMxNzAxZjE5NTllZjllZTU0NzdhZGJlNjhhMGMzYzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXPrbysi5IpTunKh4upNRFX0T/z/
5WliZt/ACv2LVcr3jDiYRrR+VQEnch7YpjxG6+/AMO6PyGG9wILsATKob8gvwudb
xhEoV1u3Wwj0KTP6Fjzi6ilh7Z6JXHvjoCprEdimrc8OyIPXuhjklMSFiBEWfbFY
+1wtp9qHMTNIW+LKH6GSY8JTCSM/ezqzrHwLnU6rTi/is7NzvQy5PB0qZIkEO1g1
UDIGkT2ljCcVorntf7cM/dC0jp6rOKBpJeEl+P//nLYjWWkjsyRGLAceJwZ1DBwv
Hy3hMNexSosq8OhpqVsEoI/VP4IHbZaeyEHy8CJ8nkXeycasevg94KTsPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBW4TBAxcB8ZWe+e5Ud62+aKDDxMMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvRmJoTUVERndIeGxaNzU3bFIzcmI1b29NUEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhL4wQAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBAu0TI3CjWUBGid3SToSy97d9VE9GpvA9i2qG8
2pwXsAuazIRyjg4XVxUcEEpVNaeLHfN+mHmcEtidvI4AjFBySvVd/F3+gF7BURu3
kwjn1n2Zfw3kamijDLIK1lkXwkX9o2ozZffUYwSSfjGXRyMBjnMYk2xdPduZlueg
0p+5EiFk1LRAMhJuZu/LomBWx+5TKaT2alsAACDMBlMdPuUUvFqe9NAggVVwOpye
mMxbOWXcNCVRgjH+jEe8ZdYgJM/SrHrusLwDzcTTM7Uih+hQxYiMNsksk4yQhN8P
HHHDf06oCh/fqmrFgGIz5LOLv76jHuaASrlLWsfhgirvF2Is
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:02 2024 by rpki-client on console-fra.rpki-client.org