Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/P3DuhbyOPP78zrkmkvoHgJsl7kc.roa
File:                     P3DuhbyOPP78zrkmkvoHgJsl7kc.roa (raw, json)
Hash identifier:          ZH/Saq3r+Y72asvM2dDqYfga4I99MqtVq9FtzVpbzy4=
Subject key identifier:   3F:70:EE:85:BC:8E:3C:FE:FC:CE:B9:26:92:FA:07:80:9B:25:EE:47
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC79448E1700D7352A8D0465F99F03CCC
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/P3DuhbyOPP78zrkmkvoHgJsl7kc.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57304
IP address blocks:        2a02:2d9::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:48:e1:70:0d:73:52:a8:d0:46:5f:99:f0:3c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f70ee85bc8e3cfefcceb92692fa07809b25ee47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e1:c5:f2:46:56:db:85:82:2b:54:2e:3e:62:
                    17:9c:e8:1b:8b:ef:f8:0b:a2:f6:2b:c4:53:f4:33:
                    6b:11:53:9f:23:9b:5e:f1:83:a3:d3:02:1d:e0:9b:
                    d6:03:e8:bc:cf:be:3c:da:9d:7f:1f:5c:56:39:a5:
                    5d:8d:ef:28:96:84:2f:2b:ff:07:cf:ed:30:0c:68:
                    78:1b:9e:7c:3c:50:e3:33:ca:00:f1:c9:68:c4:45:
                    8e:e4:c4:09:1d:dd:92:9e:a1:bd:55:54:34:c5:72:
                    45:3a:00:19:fc:ef:2c:c4:3c:5c:f7:5d:1e:d6:84:
                    ee:6c:bb:52:f0:74:bd:73:43:33:05:95:f1:a3:cb:
                    d1:b4:ca:ef:c7:6b:43:fb:a6:0f:4f:18:36:fb:be:
                    92:98:66:93:33:a3:bf:29:ae:e8:e3:9e:ac:f5:8e:
                    71:6e:71:a2:ce:f3:18:b1:7a:99:e0:d5:de:b1:15:
                    03:07:96:d6:29:52:9c:a8:44:2d:f6:88:59:f5:3f:
                    68:40:fa:f2:d6:66:2c:52:3d:f3:39:a1:a6:77:6f:
                    25:ad:e2:59:82:5e:3e:98:28:9c:4f:95:a3:06:1d:
                    b9:bb:91:bd:6d:99:cb:6b:b6:4c:a8:33:82:74:e5:
                    d8:34:5f:bd:b7:92:dd:3a:94:e4:ce:2c:92:77:1a:
                    c1:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:70:EE:85:BC:8E:3C:FE:FC:CE:B9:26:92:FA:07:80:9B:25:EE:47
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/P3DuhbyOPP78zrkmkvoHgJsl7kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2d9::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:23:e8:ba:56:cc:43:0a:0a:0c:4f:be:c7:26:a8:43:4d:83:
         0d:df:33:96:39:40:40:75:41:11:32:c1:f5:7f:50:b5:ea:ba:
         71:29:d7:51:bb:79:d4:1d:20:00:73:a9:9e:36:8e:0e:ac:c8:
         62:22:2e:cf:89:80:58:db:32:7d:ae:3f:7a:4b:81:54:b3:27:
         df:df:e4:71:72:67:2e:70:d9:e7:1b:20:0f:ff:53:54:ee:ed:
         f1:5b:84:22:1b:b3:4c:7f:2a:0d:31:a1:8c:ff:f5:e3:85:e9:
         72:c7:fc:dd:bb:70:3a:34:ac:07:fd:0e:81:47:04:42:82:b4:
         af:f4:d0:62:e1:bc:13:f2:fd:dc:89:09:81:1c:98:1e:ea:37:
         52:b6:b4:9e:8c:b8:f4:6c:ba:4e:e6:21:c8:91:a8:d2:87:4e:
         3c:79:04:04:b1:9e:33:00:f9:da:10:d3:91:cd:27:0b:79:bc:
         50:a8:48:ef:6a:43:0b:30:3c:56:d4:83:73:7d:20:af:ad:03:
         66:8f:c7:91:05:13:39:58:c2:9c:cc:c7:81:ac:95:98:b2:d8:
         08:46:e6:9a:d5:27:e9:63:b6:b1:59:2c:a4:5e:83:5d:5f:a4:
         b0:4e:30:d9:dc:9e:61:3e:70:24:7a:4d:da:d6:ae:50:5b:e0:
         74:48:e1:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlEjhcA1zUqjQRl+Z8DzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjcwZWU4NWJjOGUzY2ZlZmNjZWI5MjY5MmZhMDc4MDliMjVlZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneHF8kZW24WCK1QuPmIXnOgbi+/4
C6L2K8RT9DNrEVOfI5te8YOj0wId4JvWA+i8z7482p1/H1xWOaVdje8oloQvK/8H
z+0wDGh4G558PFDjM8oA8cloxEWO5MQJHd2SnqG9VVQ0xXJFOgAZ/O8sxDxc910e
1oTubLtS8HS9c0MzBZXxo8vRtMrvx2tD+6YPTxg2+76SmGaTM6O/Ka7o456s9Y5x
bnGizvMYsXqZ4NXesRUDB5bWKVKcqEQt9ohZ9T9oQPry1mYsUj3zOaGmd28lreJZ
gl4+mCicT5WjBh25u5G9bZnLa7ZMqDOCdOXYNF+9t5LdOpTkziySdxrBiQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD9w7oW8jjz+/M65JpL6B4CbJe5HMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvUDNEdWhieU9QUDc4enJrbWt2b0hnSnNsN2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIC2TAN
BgkqhkiG9w0BAQsFAAOCAQEAnSPoulbMQwoKDE++xyaoQ02DDd8zljlAQHVBETLB
9X9Qteq6cSnXUbt51B0gAHOpnjaODqzIYiIuz4mAWNsyfa4/ekuBVLMn39/kcXJn
LnDZ5xsgD/9TVO7t8VuEIhuzTH8qDTGhjP/144Xpcsf83btwOjSsB/0OgUcEQoK0
r/TQYuG8E/L93IkJgRyYHuo3Ura0noy49Gy6TuYhyJGo0odOPHkEBLGeMwD52hDT
kc0nC3m8UKhI72pDCzA8VtSDc30gr60DZo/HkQUTOVjCnMzHgayVmLLYCEbmmtUn
6WO2sVkspF6DXV+ksE4w2dyeYT5wJHpN2tauUFvgdEjhSw==
-----END CERTIFICATE-----
Generated at Thu Jul 11 12:24:02 2024 by rpki-client on console-ams.rpki-client.org