Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/XVoFaCZ5DLjwk1iuAAOgkWYFoUE.roa
File:                     XVoFaCZ5DLjwk1iuAAOgkWYFoUE.roa (raw, json)
Hash identifier:          iPYjo4+J//oorefc58JhImJS56nvjBg/cnNMNAZ/AnE=
Subject key identifier:   5D:5A:05:68:26:79:0C:B8:F0:93:58:AE:00:03:A0:91:66:05:A1:41
Certificate issuer:       /CN=07266adfb18b189f3dc4d3be6dc596254be5c9b1
Certificate serial:       018A7FEE83B482EDF929F3011F1D8224CC60
Authority key identifier: 07:26:6A:DF:B1:8B:18:9F:3D:C4:D3:BE:6D:C5:96:25:4B:E5:C9:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ByZq37GLGJ89xNO-bcWWJUvlybE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/XVoFaCZ5DLjwk1iuAAOgkWYFoUE.roa
Signing time:             Sun 10 Sep 2023 16:30:52 +0000
ROA not before:           Sun 10 Sep 2023 16:30:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204106
IP address blocks:        46.20.203.0/24 maxlen: 24
                          46.20.202.0/24 maxlen: 24
                          109.74.72.0/24 maxlen: 24
                          77.247.198.0/24 maxlen: 24
                          2a13:1b00:1::/48 maxlen: 48
                          2a13:1b00::/29 maxlen: 29
                          2a13:1b00:1000::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:7f:ee:83:b4:82:ed:f9:29:f3:01:1f:1d:82:24:cc:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07266adfb18b189f3dc4d3be6dc596254be5c9b1
        Validity
            Not Before: Sep 10 16:30:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d5a056826790cb8f09358ae0003a0916605a141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d9:80:e1:c4:dd:4d:d1:7e:e3:6f:3d:e8:fa:
                    e9:bc:34:77:ba:db:7c:27:0f:d7:34:cd:a0:39:1d:
                    8c:5d:73:fd:c5:4f:4f:76:eb:14:19:3f:7e:64:01:
                    1a:5b:b2:8a:c3:90:c8:25:f2:f9:50:10:c2:51:16:
                    09:1a:70:5a:dd:8a:6c:fb:2b:65:d4:b2:09:24:fa:
                    7a:3f:cd:6c:2e:71:0f:3f:47:01:8d:3a:77:96:8d:
                    b4:a8:d5:78:bc:01:80:55:d8:49:10:29:54:88:ef:
                    35:ea:14:48:24:05:85:9f:35:02:03:8e:bc:51:87:
                    28:62:fd:db:63:cf:e6:4b:cd:78:51:03:0a:c6:53:
                    71:20:64:83:33:e2:20:d3:24:6c:04:28:d7:66:99:
                    74:87:54:64:75:cd:d9:bb:06:21:fd:38:bb:fc:03:
                    d6:42:f6:bc:85:73:4a:d0:db:60:09:e5:94:0a:aa:
                    91:06:2a:8a:94:b4:ce:1f:4d:0a:f4:9a:eb:67:04:
                    3e:a5:7f:df:d0:b7:20:b2:cc:f8:f0:75:47:b7:98:
                    cd:f9:ad:3b:32:d6:c5:0b:c0:f7:ba:6e:19:63:35:
                    13:f0:68:c4:40:ed:a5:e6:5c:5b:6a:45:0e:2b:5f:
                    7d:06:0a:c4:ce:0d:34:70:52:3a:10:f3:32:29:dc:
                    db:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:5A:05:68:26:79:0C:B8:F0:93:58:AE:00:03:A0:91:66:05:A1:41
            X509v3 Authority Key Identifier:
                keyid:07:26:6A:DF:B1:8B:18:9F:3D:C4:D3:BE:6D:C5:96:25:4B:E5:C9:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ByZq37GLGJ89xNO-bcWWJUvlybE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/XVoFaCZ5DLjwk1iuAAOgkWYFoUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/ByZq37GLGJ89xNO-bcWWJUvlybE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.202.0/23
                  77.247.198.0/24
                  109.74.72.0/24
                IPv6:
                  2a13:1b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:6a:23:d5:21:fd:99:f4:05:8f:2e:15:d6:87:2a:72:26:5c:
         cc:5f:08:f6:30:75:95:34:b9:29:e8:6c:9b:d6:65:90:9e:c1:
         8e:dc:d0:92:54:20:5c:c8:f0:ca:f9:5c:f6:9a:7d:b6:54:7c:
         17:8b:bf:3c:7d:1a:1a:97:a9:08:7c:4f:da:9e:e2:ae:f7:60:
         31:ba:89:05:37:d0:ba:fd:77:1c:f7:82:56:65:ce:be:25:5c:
         60:bd:00:ac:a9:f5:75:09:0c:d6:61:c2:d2:f7:ff:19:f6:a7:
         21:03:41:a0:30:bd:33:f3:cd:2c:0c:a1:5e:96:e4:74:3e:a3:
         43:85:c1:1f:99:cb:80:40:1b:77:6e:a7:1b:b6:c4:1f:d2:4f:
         51:aa:c5:58:ea:1f:c5:b4:ec:a9:80:e9:60:a6:0d:df:78:20:
         dd:5b:9b:3a:33:ae:95:f6:90:08:8b:e3:c0:dc:41:c4:f4:37:
         fc:e9:01:86:3f:6a:32:9b:80:b8:16:dc:a5:b3:54:be:7d:fa:
         27:cb:0b:d6:24:b2:3f:87:36:09:11:d6:06:a0:8c:1c:d1:78:
         5f:28:20:b5:81:33:67:a8:78:b3:eb:1d:e5:7b:8e:74:e1:8d:
         dc:4a:2c:36:36:9d:b4:eb:8f:d6:d3:71:8f:85:cb:fd:61:5a:
         ce:17:07:2b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYp/7oO0gu35KfMBHx2CJMxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MjY2YWRmYjE4YjE4OWYzZGM0ZDNiZTZkYzU5NjI1NGJl
NWM5YjEwHhcNMjMwOTEwMTYzMDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDVhMDU2ODI2NzkwY2I4ZjA5MzU4YWUwMDAzYTA5MTY2MDVhMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNmA4cTdTdF+42896PrpvDR3utt8
Jw/XNM2gOR2MXXP9xU9PdusUGT9+ZAEaW7KKw5DIJfL5UBDCURYJGnBa3Yps+ytl
1LIJJPp6P81sLnEPP0cBjTp3lo20qNV4vAGAVdhJEClUiO816hRIJAWFnzUCA468
UYcoYv3bY8/mS814UQMKxlNxIGSDM+Ig0yRsBCjXZpl0h1Rkdc3ZuwYh/Ti7/APW
Qva8hXNK0NtgCeWUCqqRBiqKlLTOH00K9JrrZwQ+pX/f0Lcgssz48HVHt5jN+a07
MtbFC8D3um4ZYzUT8GjEQO2l5lxbakUOK199BgrEzg00cFI6EPMyKdzbkQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFF1aBWgmeQy48JNYrgADoJFmBaFBMB8GA1UdIwQY
MBaAFAcmat+xixifPcTTvm3FliVL5cmxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnlacTM3R0xHSjg5eE5PLWJjV1dKVXZseWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9mNTdjYTMtNGZmMS00MDY0LTlkZjct
M2RhMDUzODhlOWFlLzEvWFZvRmFDWjVETGp3azFpdUFBT2drV1lGb1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9mNTdjYTMtNGZmMS00MDY0LTlkZjctM2RhMDUzODhlOWFl
LzEvQnlacTM3R0xHSjg5eE5PLWJjV1dKVXZseWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBLhTKAwQA
TffGAwQAbUpIMA0EAgACMAcDBQMqExsAMA0GCSqGSIb3DQEBCwUAA4IBAQB7aiPV
If2Z9AWPLhXWhypyJlzMXwj2MHWVNLkp6Gyb1mWQnsGO3NCSVCBcyPDK+Vz2mn22
VHwXi788fRoal6kIfE/anuKu92AxuokFN9C6/Xcc94JWZc6+JVxgvQCsqfV1CQzW
YcLS9/8Z9qchA0GgML0z880sDKFeluR0PqNDhcEfmcuAQBt3bqcbtsQf0k9RqsVY
6h/FtOypgOlgpg3feCDdW5s6M66V9pAIi+PA3EHE9Df86QGGP2oym4C4Ftyls1S+
ffonywvWJLI/hzYJEdYGoIwc0XhfKCC1gTNnqHiz6x3le4504Y3cSiw2Np2064/W
03GPhcv9YVrOFwcr
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:40 2024 by rpki-client on console-fra.rpki-client.org