Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/P14v-7hpdPTZwpHDR7Dt_y4jD54.roa
File:                     P14v-7hpdPTZwpHDR7Dt_y4jD54.roa (raw, json)
Hash identifier:          W5G7T07ini3hvkoOy1rlRlCA+Vx5yhOqnUdb5q4W7ss=
Subject key identifier:   3F:5E:2F:FB:B8:69:74:F4:D9:C2:91:C3:47:B0:ED:FF:2E:23:0F:9E
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       01856BCA1D9B3F2A43B59E0AE16E920C7AC9
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/P14v-7hpdPTZwpHDR7Dt_y4jD54.roa
Signing time:             Sun 01 Jan 2023 05:24:45 +0000
ROA not before:           Sun 01 Jan 2023 05:24:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204790
IP address blocks:        2a0e:d780::/29 maxlen: 29
                          2a0e:9bc0::/29 maxlen: 29
                          2a0f:5b80::/29 maxlen: 29
                          2a0e:b3c0::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ca:1d:9b:3f:2a:43:b5:9e:0a:e1:6e:92:0c:7a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 05:24:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f5e2ffbb86974f4d9c291c347b0edff2e230f9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1e:1f:31:8e:ff:2b:10:fb:84:04:f0:02:08:
                    3f:10:32:d0:e1:ea:e0:42:19:b1:fc:25:b0:47:45:
                    32:11:cf:fc:4a:59:b6:6d:d3:de:68:a9:8d:93:d4:
                    d9:41:ae:83:a8:d9:b3:a7:de:7d:6f:ad:2d:32:27:
                    e9:00:56:f4:ce:00:b2:92:31:e3:fc:96:91:a5:c5:
                    8e:e2:35:c2:a1:9a:6b:2e:05:24:9a:b6:b5:9f:a4:
                    6a:41:de:11:13:aa:9d:07:02:a8:c6:b7:c0:41:ca:
                    8c:fb:83:fc:ed:dd:b9:2d:2e:dd:9a:1d:35:9c:22:
                    07:62:b1:72:4c:ee:80:be:39:24:ae:2c:09:ef:fc:
                    b5:93:00:7f:a2:2a:31:8c:17:75:67:d2:13:67:2f:
                    2f:0d:d8:7a:89:8b:1b:12:6f:fd:24:9d:f7:d1:a8:
                    3e:d9:d4:c4:57:1c:72:1f:c0:28:e7:f6:59:f2:8d:
                    dd:b6:1e:a2:02:f6:37:8b:f5:5d:b8:f8:f8:e6:69:
                    86:49:e1:83:e4:7e:ee:aa:a4:8a:df:8b:a1:7b:6c:
                    2b:b8:30:56:19:24:59:0c:94:79:28:59:33:10:df:
                    3e:80:18:93:74:7a:12:8a:29:79:73:2b:27:fe:57:
                    51:f7:7e:35:34:45:3b:58:b2:8d:e0:7b:1b:9e:69:
                    82:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5E:2F:FB:B8:69:74:F4:D9:C2:91:C3:47:B0:ED:FF:2E:23:0F:9E
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/P14v-7hpdPTZwpHDR7Dt_y4jD54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9bc0::/29
                  2a0e:b3c0::/29
                  2a0e:d780::/29
                  2a0f:5b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:f3:11:6c:84:1a:c4:c8:a2:f2:b9:d7:8b:d6:f0:36:14:c5:
         25:1a:98:e7:d2:f0:4b:00:be:b1:c9:a1:f9:a0:ab:16:86:2a:
         96:f7:8f:2d:da:ff:c6:53:0b:0c:67:65:f9:94:94:8e:7c:35:
         08:86:4a:75:cd:56:e2:8d:aa:e4:b7:80:0c:af:cf:7c:72:57:
         06:1f:de:0a:61:74:2f:ba:22:05:eb:76:99:c4:da:13:29:39:
         a5:86:95:6e:df:ed:b4:26:53:78:e9:1b:05:68:f8:90:c7:6c:
         89:07:e0:01:10:79:b0:cb:ce:ec:b9:84:e6:76:ac:72:60:8e:
         74:ba:6c:00:16:db:8b:44:87:d1:38:d0:fb:2b:70:21:9a:9f:
         fa:d4:7d:d7:2b:d2:40:fc:5c:cb:8b:17:b6:10:89:44:fe:b2:
         60:03:38:35:79:94:c5:f6:d4:6f:ba:ba:c5:ae:e7:15:d1:a2:
         cf:45:5c:57:1f:0d:8e:03:8a:dd:ec:ab:1d:ad:23:be:53:7e:
         b3:dc:96:1b:8c:da:50:46:ba:24:78:f9:1a:aa:43:bf:33:56:
         b4:ab:0c:65:2c:7e:be:e4:1b:01:41:8e:17:a3:f8:7f:72:3e:
         68:85:f7:f3:89:08:54:e4:10:79:be:ec:e4:8f:33:aa:39:79:
         4d:1a:05:dc
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVryh2bPypDtZ4K4W6SDHrJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwMTAxMDUyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjVlMmZmYmI4Njk3NGY0ZDljMjkxYzM0N2IwZWRmZjJlMjMwZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB4fMY7/KxD7hATwAgg/EDLQ4erg
Qhmx/CWwR0UyEc/8Slm2bdPeaKmNk9TZQa6DqNmzp959b60tMifpAFb0zgCykjHj
/JaRpcWO4jXCoZprLgUkmra1n6RqQd4RE6qdBwKoxrfAQcqM+4P87d25LS7dmh01
nCIHYrFyTO6AvjkkriwJ7/y1kwB/oioxjBd1Z9ITZy8vDdh6iYsbEm/9JJ330ag+
2dTEVxxyH8Ao5/ZZ8o3dth6iAvY3i/VduPj45mmGSeGD5H7uqqSK34uhe2wruDBW
GSRZDJR5KFkzEN8+gBiTdHoSiil5cysn/ldR9341NEU7WLKN4HsbnmmCGwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFD9eL/u4aXT02cKRw0ew7f8uIw+eMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvUDE0di03aHBkUFRad3BIRFI3RHRfeTRqRDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKg6bwAMF
AyoOs8ADBQMqDteAAwUDKg9bgDANBgkqhkiG9w0BAQsFAAOCAQEARPMRbIQaxMii
8rnXi9bwNhTFJRqY59LwSwC+scmh+aCrFoYqlvePLdr/xlMLDGdl+ZSUjnw1CIZK
dc1W4o2q5LeADK/PfHJXBh/eCmF0L7oiBet2mcTaEyk5pYaVbt/ttCZTeOkbBWj4
kMdsiQfgARB5sMvO7LmE5nascmCOdLpsABbbi0SH0TjQ+ytwIZqf+tR91yvSQPxc
y4sXthCJRP6yYAM4NXmUxfbUb7q6xa7nFdGiz0VcVx8NjgOK3eyrHa0jvlN+s9yW
G4zaUEa6JHj5GqpDvzNWtKsMZSx+vuQbAUGOF6P4f3I+aIX384kIVOQQeb7s5I8z
qjl5TRoF3A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org