Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/RvIpq95jEuyfptx3BfxMN9VHqns.roa
File:                     RvIpq95jEuyfptx3BfxMN9VHqns.roa (raw, json)
Hash identifier:          WQloVXmG8lNCNHgPNHdmMmV+glCegOJb1PnohdwR7Bk=
Subject key identifier:   46:F2:29:AB:DE:63:12:EC:9F:A6:DC:77:05:FC:4C:37:D5:47:AA:7B
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018529184C08D36D528891B71814D37775EA
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/RvIpq95jEuyfptx3BfxMN9VHqns.roa
Signing time:             Mon 19 Dec 2022 06:35:36 +0000
ROA not before:           Mon 19 Dec 2022 06:35:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22773
IP address blocks:        2a11:df80::/29 maxlen: 29
                          2a11:6980::/29 maxlen: 29
                          2a11:fa80::/29 maxlen: 29
                          2a11:9180::/29 maxlen: 29
                          2a11:6780::/29 maxlen: 29
                          2a11:a780::/29 maxlen: 29
                          2a11:6880::/29 maxlen: 29
                          2a11:9280::/29 maxlen: 29
                          2a12:5780::/29 maxlen: 29
                          2a11:f980::/29 maxlen: 29
                          2a11:9080::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:29:18:4c:08:d3:6d:52:88:91:b7:18:14:d3:77:75:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Dec 19 06:35:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=46f229abde6312ec9fa6dc7705fc4c37d547aa7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1c:ca:e0:a9:49:b6:26:a2:0b:9c:c6:61:de:
                    63:cb:27:66:7e:b3:42:d7:0c:aa:28:3e:b9:5c:b7:
                    a3:8e:51:ad:dc:5c:c9:29:ae:3a:07:1c:ee:ee:df:
                    50:f2:e5:20:75:71:aa:f4:9f:f0:b7:55:c2:69:59:
                    6d:18:ec:78:12:6b:da:53:4d:f5:0b:c3:6c:12:88:
                    f2:af:56:c7:9c:10:82:71:ea:2b:cd:48:b4:57:9f:
                    00:62:f5:e2:03:a6:b7:40:46:9e:89:d8:1f:22:92:
                    db:1b:58:c0:1f:ed:c7:d0:3a:ad:a1:b2:a1:67:f0:
                    9a:05:c2:6b:5b:26:a9:e2:d2:bd:c6:f1:e5:f5:c6:
                    3a:9b:7c:ec:a4:68:45:03:96:18:a8:5d:6e:5c:6f:
                    86:47:80:bc:67:59:81:ab:51:06:5e:04:6f:7c:28:
                    b9:83:92:fc:fc:85:99:b5:15:ad:50:11:e6:92:f8:
                    80:a6:b5:7f:db:19:6c:39:1b:9d:5a:85:91:7d:c8:
                    31:91:7e:2a:b1:4f:d9:7c:c5:2b:71:73:5a:bd:6a:
                    4d:ad:c1:d2:d2:40:ba:f6:84:f2:7c:55:2b:7b:77:
                    85:98:77:13:b1:35:19:6d:b8:cc:87:fc:6e:9d:59:
                    c1:a8:3b:6b:f1:a3:f0:56:28:16:aa:43:e0:7b:50:
                    24:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F2:29:AB:DE:63:12:EC:9F:A6:DC:77:05:FC:4C:37:D5:47:AA:7B
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/RvIpq95jEuyfptx3BfxMN9VHqns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6780::/29
                  2a11:6880::/29
                  2a11:6980::/29
                  2a11:9080::/29
                  2a11:9180::/29
                  2a11:9280::/29
                  2a11:a780::/29
                  2a11:df80::/29
                  2a11:f980::/29
                  2a11:fa80::/29
                  2a12:5780::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:99:aa:49:19:3e:43:9a:b5:1d:2d:4b:41:df:b0:3b:ca:af:
         7b:5b:ec:5d:a6:75:46:c6:5e:44:2b:27:95:d5:65:f5:e0:43:
         2c:7c:05:9d:3f:90:d1:0f:2d:39:16:99:3a:b9:5f:27:4a:3e:
         0b:12:3c:df:20:87:86:d7:01:d2:9e:cf:bb:38:b5:93:1f:97:
         85:31:f1:31:7e:69:51:88:05:fc:9f:52:aa:38:d3:88:d3:33:
         3b:34:af:71:b5:49:60:04:e2:14:06:5f:d9:ac:28:72:99:5a:
         43:d4:6d:25:1c:ab:4b:13:8c:b5:da:b4:c8:c1:b1:c7:eb:12:
         c9:bc:46:63:ae:c7:ef:87:90:a0:3e:d5:fd:9e:05:23:6c:43:
         4e:61:16:2f:a0:86:f7:47:1c:db:5d:d4:ac:57:d8:ec:21:43:
         ce:f4:b0:dd:79:ce:fa:eb:12:0c:0a:81:ca:10:af:6f:e8:18:
         35:a7:a2:0b:86:d3:8c:d9:f3:b0:43:9e:ed:73:15:a4:b8:4e:
         37:52:e3:c2:9c:4b:06:a5:eb:a9:89:db:3d:97:75:6b:e2:18:
         2c:5f:d6:6a:89:c0:6c:83:90:8a:83:ed:5f:81:9a:b9:4b:ff:
         9f:cf:d2:99:85:71:46:1d:f1:14:ed:df:4a:c5:d1:ba:bc:7c:
         d4:b9:79:b5
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYUpGEwI021SiJG3GBTTd3XqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjIxMjE5MDYzNTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmYyMjlhYmRlNjMxMmVjOWZhNmRjNzcwNWZjNGMzN2Q1NDdhYTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRzK4KlJtiaiC5zGYd5jyydmfrNC
1wyqKD65XLejjlGt3FzJKa46Bxzu7t9Q8uUgdXGq9J/wt1XCaVltGOx4EmvaU031
C8NsEojyr1bHnBCCceorzUi0V58AYvXiA6a3QEaeidgfIpLbG1jAH+3H0DqtobKh
Z/CaBcJrWyap4tK9xvHl9cY6m3zspGhFA5YYqF1uXG+GR4C8Z1mBq1EGXgRvfCi5
g5L8/IWZtRWtUBHmkviAprV/2xlsORudWoWRfcgxkX4qsU/ZfMUrcXNavWpNrcHS
0kC69oTyfFUre3eFmHcTsTUZbbjMh/xunVnBqDtr8aPwVigWqkPge1Ak4wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFEbyKaveYxLsn6bcdwX8TDfVR6p7MB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvUnZJcHE5NWpFdXlmcHR4M0JmeE1OOVZIcW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKhFngAMF
AyoRaIADBQMqEWmAAwUDKhGQgAMFAyoRkYADBQMqEZKAAwUDKhGngAMFAyoR34AD
BQMqEfmAAwUDKhH6gAMFAyoSV4AwDQYJKoZIhvcNAQELBQADggEBAEuZqkkZPkOa
tR0tS0HfsDvKr3tb7F2mdUbGXkQrJ5XVZfXgQyx8BZ0/kNEPLTkWmTq5XydKPgsS
PN8gh4bXAdKez7s4tZMfl4Ux8TF+aVGIBfyfUqo404jTMzs0r3G1SWAE4hQGX9ms
KHKZWkPUbSUcq0sTjLXatMjBscfrEsm8RmOux++HkKA+1f2eBSNsQ05hFi+ghvdH
HNtd1KxX2OwhQ870sN15zvrrEgwKgcoQr2/oGDWnoguG04zZ87BDnu1zFaS4TjdS
48KcSwal66mJ2z2XdWviGCxf1mqJwGyDkIqD7V+BmrlL/5/P0pmFcUYd8RTt30rF
0bq8fNS5ebU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org