Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/IqxtWtLwtCwcnENPxTNdzUbGJhY.roa
File:                     IqxtWtLwtCwcnENPxTNdzUbGJhY.roa (raw, json)
Hash identifier:          v3steTUKBO2zhmT7Mr/ohY3rFwPS/n8J2fWmRd+OmBE=
Subject key identifier:   22:AC:6D:5A:D2:F0:B4:2C:1C:9C:43:4F:C5:33:5D:CD:46:C6:26:16
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       01860716031999BEAA7272DC48F9881D786A
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/IqxtWtLwtCwcnENPxTNdzUbGJhY.roa
Signing time:             Tue 31 Jan 2023 09:08:48 +0000
ROA not before:           Tue 31 Jan 2023 09:08:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        2a11:6980::/29 maxlen: 29
                          2a11:fa80::/29 maxlen: 29
                          2a11:6780::/29 maxlen: 29
                          2a11:6880::/29 maxlen: 29
                          2a12:5780::/29 maxlen: 29
                          2a11:f980::/29 maxlen: 29
                          2a11:9080::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:07:16:03:19:99:be:aa:72:72:dc:48:f9:88:1d:78:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan 31 09:08:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=22ac6d5ad2f0b42c1c9c434fc5335dcd46c62616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:54:e3:ad:ff:c9:b5:6d:dd:12:9a:88:af:00:
                    51:dc:a3:f4:10:79:1c:47:bd:99:5c:ee:10:e8:94:
                    f8:9c:63:aa:f9:3e:0f:2e:da:ff:ae:c6:a6:f6:67:
                    44:00:32:d2:a4:b0:bd:e0:ce:f7:f3:9f:21:7f:ac:
                    69:d5:a0:2f:c7:cd:99:68:02:c1:d4:19:cf:fe:6e:
                    2a:09:48:60:c2:3b:02:c6:c0:b5:64:51:09:3f:24:
                    7f:50:d7:50:77:5d:ba:4c:ff:8e:3e:e9:ba:d5:b0:
                    75:63:86:77:af:13:4a:5c:ce:b9:33:36:a3:c4:94:
                    ce:53:88:0b:ca:09:a2:5e:e8:64:b2:0f:d8:e8:55:
                    c6:7f:01:fc:57:d6:08:8f:f0:38:cf:10:03:23:27:
                    d1:db:76:11:c9:1b:91:19:c7:1a:9e:ab:9d:bb:71:
                    94:4f:4a:ea:db:0c:01:0f:88:aa:91:10:42:5c:22:
                    eb:93:ad:0c:7a:a5:9b:ae:03:88:6c:57:88:cf:43:
                    9a:68:8f:10:42:db:87:88:98:1e:bc:0b:d1:1c:11:
                    93:f1:d2:50:a7:a3:1a:cb:e6:1b:58:fc:3e:27:62:
                    e7:37:be:e6:7c:64:1c:57:64:24:92:da:23:e0:ca:
                    7e:51:0a:28:51:7f:bc:75:3a:53:8d:1b:9b:67:c0:
                    ef:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AC:6D:5A:D2:F0:B4:2C:1C:9C:43:4F:C5:33:5D:CD:46:C6:26:16
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/IqxtWtLwtCwcnENPxTNdzUbGJhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6780::/29
                  2a11:6880::/29
                  2a11:6980::/29
                  2a11:9080::/29
                  2a11:f980::/29
                  2a11:fa80::/29
                  2a12:5780::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:b9:8c:27:8b:48:4e:50:b2:60:cf:ec:e6:90:d7:c4:67:0e:
         76:8b:0e:fd:7b:54:8b:38:b6:00:9d:4d:7d:ad:4c:a8:a1:3c:
         11:e6:39:3d:a6:23:e9:e1:50:00:1c:5c:74:4e:fb:e1:16:6d:
         ce:4a:7a:dd:cb:65:f8:7c:1a:3a:22:75:ed:bf:bf:e0:18:e3:
         dd:08:50:c6:12:8d:30:5b:fc:9c:04:94:d9:5f:f7:2c:a1:23:
         89:74:bd:de:91:8e:09:96:f1:4e:a4:c6:de:f3:a1:17:74:23:
         91:a4:f2:8c:8c:e4:c6:97:81:1a:ba:a8:8c:f6:fd:af:e6:46:
         f1:53:13:2e:7c:87:f3:22:aa:58:08:f4:41:36:5d:ff:56:21:
         dc:c2:19:64:b4:5c:7b:68:b4:11:2e:1e:40:79:85:fe:74:2f:
         15:0a:a1:50:6d:de:3b:79:fc:b4:1a:d8:04:3a:40:cb:d7:fe:
         64:cc:44:b7:50:3d:8a:23:0a:a6:82:2e:54:50:54:49:4c:77:
         d2:33:0c:0c:03:3e:e3:5c:51:78:a8:22:08:3a:81:8c:4b:b7:
         94:aa:27:0a:72:8e:79:27:1a:71:0c:66:1d:1d:ea:8f:02:39:
         c5:8b:8b:a2:90:5e:a1:07:a4:9c:13:da:cd:db:a6:75:2b:d5:
         88:d2:57:50
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYYHFgMZmb6qcnLcSPmIHXhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwMTMxMDkwODQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFjNmQ1YWQyZjBiNDJjMWM5YzQzNGZjNTMzNWRjZDQ2YzYyNjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1Tjrf/JtW3dEpqIrwBR3KP0EHkc
R72ZXO4Q6JT4nGOq+T4PLtr/rsam9mdEADLSpLC94M73858hf6xp1aAvx82ZaALB
1BnP/m4qCUhgwjsCxsC1ZFEJPyR/UNdQd126TP+OPum61bB1Y4Z3rxNKXM65Mzaj
xJTOU4gLygmiXuhksg/Y6FXGfwH8V9YIj/A4zxADIyfR23YRyRuRGccanqudu3GU
T0rq2wwBD4iqkRBCXCLrk60MeqWbrgOIbFeIz0OaaI8QQtuHiJgevAvRHBGT8dJQ
p6May+YbWPw+J2LnN77mfGQcV2Qkktoj4Mp+UQooUX+8dTpTjRubZ8Dv1wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFCKsbVrS8LQsHJxDT8UzXc1GxiYWMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvSXF4dFd0THd0Q3djbkVOUHhUTmR6VWJHSmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKhFngAMF
AyoRaIADBQMqEWmAAwUDKhGQgAMFAyoR+YADBQMqEfqAAwUDKhJXgDANBgkqhkiG
9w0BAQsFAAOCAQEATbmMJ4tITlCyYM/s5pDXxGcOdosO/XtUizi2AJ1Nfa1MqKE8
EeY5PaYj6eFQABxcdE774RZtzkp63ctl+HwaOiJ17b+/4Bjj3QhQxhKNMFv8nASU
2V/3LKEjiXS93pGOCZbxTqTG3vOhF3QjkaTyjIzkxpeBGrqojPb9r+ZG8VMTLnyH
8yKqWAj0QTZd/1Yh3MIZZLRce2i0ES4eQHmF/nQvFQqhUG3eO3n8tBrYBDpAy9f+
ZMxEt1A9iiMKpoIuVFBUSUx30jMMDAM+41xReKgiCDqBjEu3lKonCnKOeScacQxm
HR3qjwI5xYuLopBeoQeknBPazdumdSvViNJXUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org