Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/BLZW30JOqWUXhNV1rKoQM8LeYMk.roa
File:                     BLZW30JOqWUXhNV1rKoQM8LeYMk.roa (raw, json)
Hash identifier:          AbXhqCOqQe7PsLrfv9/abBTTJrHV8xvRtdDusnzuNvE=
Subject key identifier:   04:B6:56:DF:42:4E:A9:65:17:84:D5:75:AC:AA:10:33:C2:DE:60:C9
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       04FEED0F
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/BLZW30JOqWUXhNV1rKoQM8LeYMk.roa
Signing time:             Thu 21 Apr 2022 08:33:07 +0000
ROA not before:           Thu 21 Apr 2022 08:33:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     64473
IP address blocks:        91.200.176.0/24 maxlen: 24
                          107.150.174.0/24 maxlen: 24
                          2a07:22c0:c100::/40 maxlen: 40

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83815695 (0x4feed0f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Apr 21 08:33:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=04b656df424ea9651784d575acaa1033c2de60c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:99:a7:0a:dd:51:4f:0d:01:e9:49:e8:0b:ae:
                    01:b8:a0:c5:18:fa:52:94:d0:10:f1:44:8c:c2:16:
                    ad:10:6b:43:48:34:23:ef:42:44:c9:f2:84:cc:40:
                    4a:b7:51:0b:96:0b:b9:e7:d9:60:17:56:04:0c:df:
                    a4:75:b5:cf:53:7f:6e:c1:69:8e:94:a1:e9:d7:58:
                    94:e0:f3:f3:be:38:18:bf:c5:b8:8e:6b:a1:fa:f7:
                    e6:8b:d5:46:f3:29:12:4d:0b:01:6b:8f:b1:1f:18:
                    0c:10:df:ff:80:2b:1f:cc:09:c7:99:eb:6f:f9:eb:
                    01:8a:69:5e:78:f8:1b:bf:f5:db:d1:e8:7a:2d:6b:
                    21:26:83:b4:17:71:47:06:ef:4d:66:dc:f3:1d:c1:
                    ed:4d:ae:5e:29:e2:ff:ff:85:70:17:78:8f:44:9f:
                    3d:36:74:60:4e:30:56:d8:b7:47:a5:7e:ab:ca:48:
                    42:5f:b7:51:a1:f4:86:53:78:4d:e7:48:35:8e:19:
                    ce:11:61:89:c3:58:b9:82:1d:61:57:dd:07:d2:98:
                    f7:68:ba:86:64:dc:a6:af:45:26:7b:40:e9:16:25:
                    6a:ff:61:19:ec:3b:a3:a0:1f:a6:c7:bf:30:ca:5b:
                    de:cb:b1:73:ee:b8:ce:ef:07:36:52:a1:61:3e:9f:
                    da:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B6:56:DF:42:4E:A9:65:17:84:D5:75:AC:AA:10:33:C2:DE:60:C9
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/BLZW30JOqWUXhNV1rKoQM8LeYMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.176.0/24
                  107.150.174.0/24
                IPv6:
                  2a07:22c0:c100::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:c6:05:a8:de:13:f2:61:2e:a5:1d:97:cd:97:e1:b9:d3:b8:
         5e:df:5e:8a:e7:bd:f3:e9:11:c1:60:3a:1e:1c:58:aa:d1:79:
         b5:6b:2a:6c:fc:5c:45:2e:ce:07:49:3a:bb:de:3a:88:50:e3:
         e1:16:e3:5e:50:89:f0:ef:62:ff:2d:cb:54:37:90:d9:84:ef:
         9e:0b:d4:74:dd:78:4a:48:e9:8c:46:eb:ca:c7:19:a2:ca:90:
         db:79:a6:1f:fc:5d:57:2c:5f:8f:30:fc:8d:02:87:af:09:f7:
         65:3a:9e:27:8e:e0:a2:49:e5:a4:93:ae:5a:e8:bf:dc:13:8d:
         e5:d0:c4:4d:13:da:1e:ae:ec:bd:21:0d:e8:c3:61:35:29:b7:
         c7:3f:c5:d6:0d:18:87:5d:d2:bf:22:da:a0:18:49:80:5f:e4:
         4d:12:b4:b5:b2:7f:fe:20:47:3d:04:cc:18:71:0e:f9:e4:56:
         fa:c7:5e:75:46:78:26:fc:3c:32:47:13:99:96:3d:ef:68:1e:
         38:49:45:e1:cd:15:83:a4:a2:10:8e:84:f2:41:95:20:a7:5d:
         47:a2:90:95:01:f9:d5:01:09:69:3a:5c:1d:96:a5:7d:6e:a3:
         ea:81:de:a6:f8:c3:ed:3e:9d:d1:b9:fa:d1:c8:08:55:4a:40:
         0d:fb:4b:9f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIEBP7tDzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YmFiNmMxMWQ0MTE2MmRiMDMwNjg1OGY4M2U1ZTY1MTIxMTMyYTZiMB4XDTIyMDQy
MTA4MzMwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDRiNjU2ZGY0MjRl
YTk2NTE3ODRkNTc1YWNhYTEwMzNjMmRlNjBjOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPCZpwrdUU8NAelJ6AuuAbigxRj6UpTQEPFEjMIWrRBrQ0g0
I+9CRMnyhMxASrdRC5YLuefZYBdWBAzfpHW1z1N/bsFpjpSh6ddYlODz8744GL/F
uI5rofr35ovVRvMpEk0LAWuPsR8YDBDf/4ArH8wJx5nrb/nrAYppXnj4G7/129Ho
ei1rISaDtBdxRwbvTWbc8x3B7U2uXini//+FcBd4j0SfPTZ0YE4wVti3R6V+q8pI
Ql+3UaH0hlN4TedINY4ZzhFhicNYuYIdYVfdB9KY92i6hmTcpq9FJntA6RYlav9h
Gew7o6Afpse/MMpb3suxc+64zu8HNlKhYT6f2ocCAwEAAaOCAh8wggIbMB0GA1Ud
DgQWBBQEtlbfQk6pZReE1XWsqhAzwt5gyTAfBgNVHSMEGDAWgBR7q2wR1BFi2wMG
hY+D5eZRIRMqazAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2U2dHNFZFFSWXRzREJvV1BnLVhtVVNFVEttcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzkvZDMzNGFkLTUyNDAtNGRhYS1hMDUwLTlmNWJmNzM2NzIwZS8x
L0JMWlczMEpPcVdVWGhOVjFyS29RTThMZVlNay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkv
ZDMzNGFkLTUyNDAtNGRhYS1hMDUwLTlmNWJmNzM2NzIwZS8xL2U2dHNFZFFSWXRz
REJvV1BnLVhtVVNFVEttcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1
BggrBgEFBQcBBwEB/wQmMCQwEgQCAAEwDAMEAFvIsAMEAGuWrjAOBAIAAjAIAwYA
KgciwMEwDQYJKoZIhvcNAQELBQADggEBADnGBajeE/JhLqUdl82X4bnTuF7fXorn
vfPpEcFgOh4cWKrRebVrKmz8XEUuzgdJOrveOohQ4+EW415QifDvYv8ty1Q3kNmE
754L1HTdeEpI6YxG68rHGaLKkNt5ph/8XVcsX48w/I0Ch68J92U6nieO4KJJ5aST
rlrov9wTjeXQxE0T2h6u7L0hDejDYTUpt8c/xdYNGIdd0r8i2qAYSYBf5E0StLWy
f/4gRz0EzBhxDvnkVvrHXnVGeCb8PDJHE5mWPe9oHjhJReHNFYOkohCOhPJBlSCn
XUeikJUB+dUBCWk6XB2WpX1uo+qB3qb4w+0+ndG5+tHICFVKQA37S58=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:48 2024 by rpki-client on console-fra.rpki-client.org