Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa
File:                     t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa (raw, json)
Hash identifier:          RnPZY1A/xDu8vum757GIH2YD+P7tfUrHYzWiAgVPP40=
Subject key identifier:   B7:C3:E1:63:9C:46:AB:F4:45:3E:19:47:3B:67:4A:22:8E:5C:E6:44
Certificate issuer:       /CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
Certificate serial:       0184574F96EB1935A75B71833EB68F67A93E
Authority key identifier: 4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa
Signing time:             Tue 08 Nov 2022 12:55:44 +0000
ROA not before:           Tue 08 Nov 2022 12:55:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60774
IP address blocks:        194.15.80.0/20 maxlen: 24
                          2a09:2800::/29 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:57:4f:96:eb:19:35:a7:5b:71:83:3e:b6:8f:67:a9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e3fe90f0fad6a25d46bd7c335b922da031b2c78
        Validity
            Not Before: Nov  8 12:55:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b7c3e1639c46abf4453e19473b674a228e5ce644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:24:72:ae:ce:19:6a:08:e2:93:58:5b:1d:55:
                    2b:3f:6e:c2:5b:99:05:82:4d:dd:b7:e4:f2:a0:e0:
                    9d:00:3e:12:03:88:8a:27:6e:38:08:f3:3f:69:99:
                    8f:0f:12:13:70:b1:c4:b5:ae:9f:82:2c:d3:1f:76:
                    48:0f:fe:1a:8d:6b:e4:90:67:78:81:92:cf:d6:dd:
                    c5:77:93:75:3e:c1:bf:70:5c:30:91:86:14:47:99:
                    36:47:ee:fe:96:2e:bb:5d:ca:36:1a:25:99:a6:51:
                    0f:aa:42:6f:19:1c:77:60:23:12:22:c4:7f:0e:86:
                    5b:74:f3:5b:05:75:7a:dd:f6:33:ea:a1:21:d1:5c:
                    8b:85:0a:6a:a1:4e:51:e6:a9:63:63:5a:00:fc:d2:
                    b5:6a:6e:dd:1e:a5:5f:ff:24:05:5f:d7:68:f5:6d:
                    b1:fd:c7:88:14:ab:a5:89:a3:11:74:fe:7e:08:84:
                    99:1b:49:6b:5a:23:ee:d9:59:1f:b6:79:70:cc:26:
                    40:ad:d5:f7:d8:e4:8c:6b:01:a4:72:14:3d:47:c2:
                    21:e5:02:15:25:45:a8:43:58:e8:79:c9:40:9f:2b:
                    32:75:b4:e4:08:9a:ab:24:46:64:87:62:e4:38:7d:
                    d6:b7:c2:b6:40:76:05:99:80:84:e0:27:79:b3:06:
                    1a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C3:E1:63:9C:46:AB:F4:45:3E:19:47:3B:67:4A:22:8E:5C:E6:44
            X509v3 Authority Key Identifier:
                keyid:4E:3F:E9:0F:0F:AD:6A:25:D4:6B:D7:C3:35:B9:22:DA:03:1B:2C:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tj_pDw-taiXUa9fDNbki2gMbLHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/t8PhY5xGq_RFPhlHO2dKIo5c5kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4f943f-d16a-48da-b93a-1487c6020c46/1/Tj_pDw-taiXUa9fDNbki2gMbLHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.80.0/20
                IPv6:
                  2a09:2800::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:b3:92:92:2e:69:e5:ee:b1:46:65:b5:88:f1:d2:8d:4d:c7:
         3c:4d:af:54:f7:1d:7e:33:f8:80:59:f2:25:35:28:79:d7:d3:
         e3:c3:44:cf:3c:f4:d2:f4:48:65:d4:50:d2:30:87:e4:0e:e1:
         3e:f0:27:d4:c3:e8:30:06:d2:1b:09:08:5d:7f:46:6b:cd:72:
         4c:eb:e3:6e:61:e5:32:e2:05:b3:21:b5:ec:85:c2:f6:c9:ca:
         fc:06:34:e1:8a:cc:2d:97:89:bc:e0:b2:78:0d:1d:4c:d1:bb:
         a2:5c:24:1b:40:69:87:e3:45:34:48:56:e6:5c:cc:bf:b8:59:
         17:1c:13:08:9b:54:38:47:fe:c8:97:0f:46:c8:be:33:34:aa:
         9e:f2:c6:03:53:6c:be:dd:e9:23:90:97:de:9b:9b:eb:a7:b0:
         17:26:b3:72:4d:0f:f6:83:98:9f:3d:f6:e4:e4:a3:7a:d9:1e:
         ee:25:9a:c0:2c:ba:64:fa:75:ed:22:bd:f8:1c:05:7f:9d:a8:
         51:db:10:42:33:3f:9d:7f:a0:3d:47:34:30:47:f1:8c:a0:98:
         dc:54:0f:0e:a7:1c:e5:08:eb:43:96:2d:85:91:ed:e5:1a:ae:
         d8:56:5c:ee:18:64:f0:59:29:d3:bf:a5:9e:6d:16:a1:9a:b2:
         45:f6:04:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYRXT5brGTWnW3GDPraPZ6k+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlM2ZlOTBmMGZhZDZhMjVkNDZiZDdjMzM1YjkyMmRhMDMx
YjJjNzgwHhcNMjIxMTA4MTI1NTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2MzZTE2MzljNDZhYmY0NDUzZTE5NDczYjY3NGEyMjhlNWNlNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCRyrs4Zagjik1hbHVUrP27CW5kF
gk3dt+TyoOCdAD4SA4iKJ244CPM/aZmPDxITcLHEta6fgizTH3ZID/4ajWvkkGd4
gZLP1t3Fd5N1PsG/cFwwkYYUR5k2R+7+li67Xco2GiWZplEPqkJvGRx3YCMSIsR/
DoZbdPNbBXV63fYz6qEh0VyLhQpqoU5R5qljY1oA/NK1am7dHqVf/yQFX9do9W2x
/ceIFKuliaMRdP5+CISZG0lrWiPu2VkftnlwzCZArdX32OSMawGkchQ9R8Ih5QIV
JUWoQ1joeclAnysydbTkCJqrJEZkh2LkOH3Wt8K2QHYFmYCE4Cd5swYaZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLfD4WOcRqv0RT4ZRztnSiKOXOZEMB8GA1UdIwQY
MBaAFE4/6Q8PrWol1GvXwzW5ItoDGyx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2Et
MTQ4N2M2MDIwYzQ2LzEvdDhQaFk1eEdxX1JGUGhsSE8yZEtJbzVjNWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80Zjk0M2YtZDE2YS00OGRhLWI5M2EtMTQ4N2M2MDIwYzQ2
LzEvVGpfcER3LXRhaVhVYTlmRE5ia2kyZ01iTEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEwg9QMA0E
AgACMAcDBQMqCSgAMA0GCSqGSIb3DQEBCwUAA4IBAQCWs5KSLmnl7rFGZbWI8dKN
Tcc8Ta9U9x1+M/iAWfIlNSh519Pjw0TPPPTS9Ehl1FDSMIfkDuE+8CfUw+gwBtIb
CQhdf0ZrzXJM6+NuYeUy4gWzIbXshcL2ycr8BjThiswtl4m84LJ4DR1M0buiXCQb
QGmH40U0SFbmXMy/uFkXHBMIm1Q4R/7Ilw9GyL4zNKqe8sYDU2y+3ekjkJfem5vr
p7AXJrNyTQ/2g5ifPfbk5KN62R7uJZrALLpk+nXtIr34HAV/nahR2xBCMz+df6A9
RzQwR/GMoJjcVA8OpxzlCOtDli2Fke3lGq7YVlzuGGTwWSnTv6WebRahmrJF9gRk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:05 2024 by rpki-client on console-ams.rpki-client.org