Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f9a8ec-f582-475c-8cc9-d5c8635bec88/1/9bcX6anPr91vrL2lkcDv70LiTYk.roa
File:                     9bcX6anPr91vrL2lkcDv70LiTYk.roa (raw, json)
Hash identifier:          L0og5+0XGmrtYxhPJMgksGGNrGeJWmJ2Kx/loZAjHKw=
Subject key identifier:   F5:B7:17:E9:A9:CF:AF:DD:6F:AC:BD:A5:91:C0:EF:EF:42:E2:4D:89
Certificate issuer:       /CN=bd6aa7362d36792cbcfa83609b5d75cc965f3faf
Certificate serial:       018570B083AF1AE45800C526B63B4F15521F
Authority key identifier: BD:6A:A7:36:2D:36:79:2C:BC:FA:83:60:9B:5D:75:CC:96:5F:3F:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vWqnNi02eSy8-oNgm111zJZfP68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f9a8ec-f582-475c-8cc9-d5c8635bec88/1/9bcX6anPr91vrL2lkcDv70LiTYk.roa
Signing time:             Mon 02 Jan 2023 04:14:54 +0000
ROA not before:           Mon 02 Jan 2023 04:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208669
IP address blocks:        85.202.93.0/24 maxlen: 24
                          85.202.95.0/24 maxlen: 24
                          85.202.92.0/24 maxlen: 24
                          85.202.94.0/24 maxlen: 24
                          2a10:1900::/32 maxlen: 32
                          2a10:1906::/32 maxlen: 32
                          2a10:1905::/32 maxlen: 32
                          2a10:1902::/32 maxlen: 32
                          2a10:1901::/32 maxlen: 32
                          2a10:1903::/32 maxlen: 32
                          2a10:1904::/32 maxlen: 32
                          2a10:1907::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:b0:83:af:1a:e4:58:00:c5:26:b6:3b:4f:15:52:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd6aa7362d36792cbcfa83609b5d75cc965f3faf
        Validity
            Not Before: Jan  2 04:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f5b717e9a9cfafdd6facbda591c0efef42e24d89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:cc:72:54:8e:94:23:e3:7e:64:cf:a1:d7:0e:
                    79:0a:00:50:5e:74:9b:ce:0d:e7:fe:c6:fa:98:e9:
                    23:db:b1:cf:e5:17:97:bb:83:e6:e0:f9:16:00:b2:
                    22:cf:9b:23:bc:08:9d:05:c3:c0:59:fb:6a:c8:5f:
                    17:eb:0f:c7:61:2a:bb:e9:0e:48:b9:17:e1:7e:23:
                    6d:1b:5a:d0:3d:fc:80:42:81:43:9f:70:e8:17:e1:
                    3d:81:5b:da:39:be:62:3a:e7:27:47:38:fd:05:cf:
                    74:ea:5d:60:c4:43:ed:e3:23:5c:7c:74:64:20:7b:
                    09:33:68:22:ca:4b:46:a0:de:81:b6:f8:9c:89:97:
                    61:d6:f3:85:81:a6:62:a9:50:c6:bd:7d:c0:a5:5a:
                    a8:36:b1:ef:28:18:26:e6:df:dc:e1:1b:d2:64:e0:
                    ad:9e:97:10:2d:c0:7a:e9:7b:97:61:46:b0:20:2c:
                    a5:42:81:34:7e:86:0b:b7:f5:2c:76:a9:6f:a8:b5:
                    f6:12:73:2c:e4:a6:9d:1b:f4:90:d0:dc:47:c3:4c:
                    c2:b7:47:59:49:e1:79:b2:c2:c7:82:1e:ef:e5:4c:
                    ae:c2:e1:bc:28:88:0e:f1:85:62:16:7a:2b:ba:4f:
                    ba:4a:ff:f0:bf:81:d1:e8:8e:ce:b8:be:c9:2f:3a:
                    3b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B7:17:E9:A9:CF:AF:DD:6F:AC:BD:A5:91:C0:EF:EF:42:E2:4D:89
            X509v3 Authority Key Identifier:
                keyid:BD:6A:A7:36:2D:36:79:2C:BC:FA:83:60:9B:5D:75:CC:96:5F:3F:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vWqnNi02eSy8-oNgm111zJZfP68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f9a8ec-f582-475c-8cc9-d5c8635bec88/1/9bcX6anPr91vrL2lkcDv70LiTYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f9a8ec-f582-475c-8cc9-d5c8635bec88/1/vWqnNi02eSy8-oNgm111zJZfP68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.92.0/22
                IPv6:
                  2a10:1900::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:f2:42:a0:c2:00:66:6d:bb:92:d6:d4:81:f3:ed:48:21:6f:
         db:55:9a:52:d4:f9:99:de:22:b8:d6:ee:75:47:82:75:6d:c5:
         4d:ed:17:ec:97:34:2d:99:52:ba:80:19:3f:2a:ef:5b:46:59:
         99:00:c8:d6:bd:67:90:98:81:22:1a:dd:f6:7e:35:9f:f1:f3:
         2d:20:c5:74:b6:f9:03:57:0b:49:59:1e:b1:aa:66:93:73:29:
         ba:2e:cf:1e:18:ca:27:1f:1f:13:54:08:dc:56:24:a7:54:e2:
         5a:db:b3:9c:fe:a4:49:1d:1c:5e:e9:fc:20:fc:21:7c:f1:a0:
         83:4d:74:54:a1:d0:f6:e1:0b:bd:76:52:f8:c6:a4:82:e0:85:
         d8:12:d3:fa:6d:27:9e:2d:97:0e:2e:5c:1f:6b:bb:13:b5:98:
         1b:75:33:2b:eb:d3:b5:b9:43:45:37:cf:86:a6:b1:88:e5:a4:
         96:9e:ce:cc:2e:3b:5e:c1:64:c5:ab:b7:45:fc:db:90:73:42:
         eb:16:0d:90:e3:53:1b:48:e7:83:41:dd:1a:10:22:1e:be:10:
         64:ee:ae:06:f4:3e:3c:ec:fa:50:6e:11:84:f0:61:12:d1:f6:
         95:59:20:68:b5:e6:5b:32:fa:a8:b8:8c:f3:ab:6c:c7:9d:9a:
         af:2a:4d:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVwsIOvGuRYAMUmtjtPFVIfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNmFhNzM2MmQzNjc5MmNiY2ZhODM2MDliNWQ3NWNjOTY1
ZjNmYWYwHhcNMjMwMTAyMDQxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWI3MTdlOWE5Y2ZhZmRkNmZhY2JkYTU5MWMwZWZlZjQyZTI0ZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18xyVI6UI+N+ZM+h1w55CgBQXnSb
zg3n/sb6mOkj27HP5ReXu4Pm4PkWALIiz5sjvAidBcPAWftqyF8X6w/HYSq76Q5I
uRfhfiNtG1rQPfyAQoFDn3DoF+E9gVvaOb5iOucnRzj9Bc906l1gxEPt4yNcfHRk
IHsJM2giyktGoN6BtviciZdh1vOFgaZiqVDGvX3ApVqoNrHvKBgm5t/c4RvSZOCt
npcQLcB66XuXYUawICylQoE0foYLt/UsdqlvqLX2EnMs5KadG/SQ0NxHw0zCt0dZ
SeF5ssLHgh7v5UyuwuG8KIgO8YViFnoruk+6Sv/wv4HR6I7OuL7JLzo7MQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPW3F+mpz6/db6y9pZHA7+9C4k2JMB8GA1UdIwQY
MBaAFL1qpzYtNnksvPqDYJtddcyWXz+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdldxbk5pMDJlU3k4LW9OZ20xMTF6SlpmUDY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mOWE4ZWMtZjU4Mi00NzVjLThjYzkt
ZDVjODYzNWJlYzg4LzEvOWJjWDZhblByOTF2ckwybGtjRHY3MExpVFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mOWE4ZWMtZjU4Mi00NzVjLThjYzktZDVjODYzNWJlYzg4
LzEvdldxbk5pMDJlU3k4LW9OZ20xMTF6SlpmUDY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVcpcMA0E
AgACMAcDBQMqEBkAMA0GCSqGSIb3DQEBCwUAA4IBAQAL8kKgwgBmbbuS1tSB8+1I
IW/bVZpS1PmZ3iK41u51R4J1bcVN7RfslzQtmVK6gBk/Ku9bRlmZAMjWvWeQmIEi
Gt32fjWf8fMtIMV0tvkDVwtJWR6xqmaTcym6Ls8eGMonHx8TVAjcViSnVOJa27Oc
/qRJHRxe6fwg/CF88aCDTXRUodD24Qu9dlL4xqSC4IXYEtP6bSeeLZcOLlwfa7sT
tZgbdTMr69O1uUNFN8+GprGI5aSWns7MLjtewWTFq7dF/NuQc0LrFg2Q41MbSOeD
Qd0aECIevhBk7q4G9D487PpQbhGE8GES0faVWSBoteZbMvqouIzzq2zHnZqvKk0N
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:40 2024 by rpki-client on console-ams.rpki-client.org