Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/x4xk0GqAJkAP4OoW7-UtThyF3ug.roa
File:                     x4xk0GqAJkAP4OoW7-UtThyF3ug.roa (raw, json)
Hash identifier:          gcy9iSTkxMhC1CaF127hP9CsznQpfYG8pnY7pNHcA+I=
Subject key identifier:   C7:8C:64:D0:6A:80:26:40:0F:E0:EA:16:EF:E5:2D:4E:1C:85:DE:E8
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       01856BCA1888B0D2DC68B68EA5E17801F43F
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/x4xk0GqAJkAP4OoW7-UtThyF3ug.roa
Signing time:             Sun 01 Jan 2023 05:24:44 +0000
ROA not before:           Sun 01 Jan 2023 05:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        2a11:df80::/29 maxlen: 29
                          2a11:6980::/29 maxlen: 29
                          2a11:fa80::/29 maxlen: 29
                          2a11:9180::/29 maxlen: 29
                          2a11:6780::/29 maxlen: 29
                          2a11:a780::/29 maxlen: 29
                          2a11:6880::/29 maxlen: 29
                          2a11:9280::/29 maxlen: 29
                          2a12:5780::/29 maxlen: 29
                          2a11:f980::/29 maxlen: 29
                          2a11:9080::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ca:18:88:b0:d2:dc:68:b6:8e:a5:e1:78:01:f4:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 05:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c78c64d06a8026400fe0ea16efe52d4e1c85dee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8a:3a:be:7e:f1:06:dd:07:14:43:73:b4:ef:
                    ed:b4:c1:b3:40:29:c1:e5:17:c4:c9:7d:1a:a3:0e:
                    d5:4c:db:d5:0b:6d:a2:5f:e1:08:3b:2a:ed:09:53:
                    77:e3:b4:41:c1:14:9d:af:15:b1:cc:40:22:92:42:
                    ea:81:f7:1d:8d:14:8e:1c:d0:5d:52:ff:fe:f5:83:
                    eb:c7:06:1e:d3:fe:5a:90:b2:89:46:d0:39:0f:05:
                    7f:0f:d0:90:71:30:43:a5:5f:c6:85:70:13:83:1a:
                    40:ae:5a:f1:ff:d7:9c:13:9f:16:71:cf:13:3c:4d:
                    58:bf:df:40:95:17:15:27:45:b6:8f:9c:04:75:da:
                    b6:73:58:1a:94:36:a8:23:0e:40:f7:66:72:3b:1b:
                    ce:dd:cd:59:6f:8f:cc:41:aa:ef:18:34:9e:ec:e7:
                    86:23:5b:f1:64:32:36:b1:fc:e9:7f:e5:50:0d:45:
                    8b:81:f6:4f:77:c5:92:a7:4d:e5:52:52:07:e8:30:
                    52:f7:08:e6:3f:8e:2e:f7:1c:62:62:1a:73:eb:dd:
                    9e:02:ed:88:c4:56:2d:d7:a7:86:3d:66:aa:89:49:
                    cd:4a:c5:d5:45:c9:50:7a:f9:2d:42:9e:fc:73:c5:
                    37:14:9b:17:2d:79:a4:1b:a5:79:b0:a3:a7:86:b4:
                    28:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8C:64:D0:6A:80:26:40:0F:E0:EA:16:EF:E5:2D:4E:1C:85:DE:E8
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/x4xk0GqAJkAP4OoW7-UtThyF3ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6780::/29
                  2a11:6880::/29
                  2a11:6980::/29
                  2a11:9080::/29
                  2a11:9180::/29
                  2a11:9280::/29
                  2a11:a780::/29
                  2a11:df80::/29
                  2a11:f980::/29
                  2a11:fa80::/29
                  2a12:5780::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:6f:ef:78:4a:40:1a:54:21:4d:7e:08:5d:a2:09:e5:5b:05:
         c2:cc:69:91:fa:9c:18:49:33:de:d7:e1:a9:7c:72:08:5f:49:
         f0:8f:2e:f5:c5:06:30:42:94:0c:de:36:44:2c:58:26:f0:3c:
         d0:c9:56:fb:49:8d:f8:7c:5d:37:fe:0b:3c:cc:e1:02:f3:03:
         7a:5c:ab:f5:ff:f4:9e:14:5f:29:f8:b8:0a:f9:f1:fe:24:30:
         90:8b:c2:82:7c:7f:09:04:34:3b:2b:b4:c3:28:38:06:b3:71:
         85:90:2c:6e:51:b1:44:33:55:c0:cb:c1:a5:18:3b:f0:2b:07:
         ee:65:cb:5a:44:64:c6:ba:a5:82:1c:c7:8e:2a:e1:51:56:c5:
         0b:dd:f7:5c:8e:85:d5:c4:9c:12:8f:a8:50:a0:a1:b8:27:45:
         d2:18:e3:6f:a3:e9:c0:cb:1a:c3:a8:f3:31:e5:02:e0:3b:a5:
         27:96:19:9b:9d:57:ba:3c:00:a7:82:c8:7b:b7:67:1f:48:21:
         4a:d9:65:7f:a5:21:d8:64:1c:54:da:c5:a0:38:90:8f:2b:a3:
         99:11:fe:f2:76:4f:fb:40:02:ea:60:48:6b:e3:2a:2b:b4:a0:
         19:8f:6e:0e:a1:48:90:0d:54:1e:78:99:17:6d:2c:7f:4e:c8:
         a4:53:77:40
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYVryhiIsNLcaLaOpeF4AfQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwMTAxMDUyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzhjNjRkMDZhODAyNjQwMGZlMGVhMTZlZmU1MmQ0ZTFjODVkZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoo6vn7xBt0HFENztO/ttMGzQCnB
5RfEyX0aow7VTNvVC22iX+EIOyrtCVN347RBwRSdrxWxzEAikkLqgfcdjRSOHNBd
Uv/+9YPrxwYe0/5akLKJRtA5DwV/D9CQcTBDpV/GhXATgxpArlrx/9ecE58Wcc8T
PE1Yv99AlRcVJ0W2j5wEddq2c1galDaoIw5A92ZyOxvO3c1Zb4/MQarvGDSe7OeG
I1vxZDI2sfzpf+VQDUWLgfZPd8WSp03lUlIH6DBS9wjmP44u9xxiYhpz692eAu2I
xFYt16eGPWaqiUnNSsXVRclQevktQp78c8U3FJsXLXmkG6V5sKOnhrQoAQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFMeMZNBqgCZAD+DqFu/lLU4chd7oMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEveDR4azBHcUFKa0FQNE9vVzctVXRUaHlGM3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKhFngAMF
AyoRaIADBQMqEWmAAwUDKhGQgAMFAyoRkYADBQMqEZKAAwUDKhGngAMFAyoR34AD
BQMqEfmAAwUDKhH6gAMFAyoSV4AwDQYJKoZIhvcNAQELBQADggEBAHlv73hKQBpU
IU1+CF2iCeVbBcLMaZH6nBhJM97X4al8cghfSfCPLvXFBjBClAzeNkQsWCbwPNDJ
VvtJjfh8XTf+CzzM4QLzA3pcq/X/9J4UXyn4uAr58f4kMJCLwoJ8fwkENDsrtMMo
OAazcYWQLG5RsUQzVcDLwaUYO/ArB+5ly1pEZMa6pYIcx44q4VFWxQvd91yOhdXE
nBKPqFCgobgnRdIY42+j6cDLGsOo8zHlAuA7pSeWGZudV7o8AKeCyHu3Zx9IIUrZ
ZX+lIdhkHFTaxaA4kI8ro5kR/vJ2T/tAAupgSGvjKiu0oBmPbg6hSJANVB54mRdt
LH9OyKRTd0A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org