Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/yoS9ZIl_pjKvvwA5yIkpPjVqqKo.roa
File:                     yoS9ZIl_pjKvvwA5yIkpPjVqqKo.roa (raw, json)
Hash identifier:          tzARHg7Nc6scpKxoS/McVm+mCm4xh6YvDkrV4mCJikk=
Subject key identifier:   CA:84:BD:64:89:7F:A6:32:AF:BF:00:39:C8:89:29:3E:35:6A:A8:AA
Certificate issuer:       /CN=331e7784f60ac8d969b81cf5231cd9dc087ced32
Certificate serial:       018225CA7B8E130F51D056F2788D4BE29AA2
Authority key identifier: 33:1E:77:84:F6:0A:C8:D9:69:B8:1C:F5:23:1C:D9:DC:08:7C:ED:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/yoS9ZIl_pjKvvwA5yIkpPjVqqKo.roa
Signing time:             Fri 22 Jul 2022 12:03:23 +0000
ROA not before:           Fri 22 Jul 2022 12:03:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39545
IP address blocks:        77.89.128.0/18 maxlen: 18
                          46.247.0.0/17 maxlen: 17
                          89.105.96.0/19 maxlen: 19
                          2a00:f18::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:25:ca:7b:8e:13:0f:51:d0:56:f2:78:8d:4b:e2:9a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331e7784f60ac8d969b81cf5231cd9dc087ced32
        Validity
            Not Before: Jul 22 12:03:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca84bd64897fa632afbf0039c889293e356aa8aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:e7:a5:73:3b:8f:e6:6b:48:83:5d:73:d3:75:
                    78:76:37:5b:ff:46:e4:ab:80:7a:5b:0d:37:41:b5:
                    13:76:29:75:f2:6b:a5:2d:05:75:84:47:dd:fe:99:
                    5c:4a:a0:52:be:57:21:bb:fd:35:95:3f:91:63:92:
                    6b:69:95:12:a2:75:83:66:cd:57:3f:2e:c0:38:eb:
                    e0:18:1d:3a:f3:7d:f7:10:1c:65:91:e9:55:1d:98:
                    42:d3:9e:a5:e9:c1:62:c4:82:8e:1e:1c:7d:7a:0c:
                    fc:c1:15:a3:4d:7b:de:2b:08:12:41:0d:1b:90:ca:
                    fd:7a:a1:88:ec:7f:a0:57:08:a5:9d:10:1d:d0:cf:
                    1a:6a:d0:3a:71:6f:f8:5b:3f:7a:37:0d:42:cb:89:
                    45:c5:e5:dc:af:02:cd:6b:85:d7:55:4f:2d:81:c1:
                    5a:9d:cf:20:60:9a:bc:a9:05:4b:93:e8:38:64:e4:
                    8c:d9:93:18:75:8c:7b:98:84:6c:2f:5b:79:ee:15:
                    f2:2d:30:72:d8:c3:c6:79:a2:32:5b:f0:2f:95:14:
                    61:a2:2c:ab:c3:fa:fe:7b:d0:cd:cc:0c:67:a0:a6:
                    bb:e9:c1:e7:87:f2:cf:dd:44:bf:e2:eb:e5:87:9c:
                    58:68:0d:01:6d:3b:b5:b8:59:0b:1e:2b:06:40:c2:
                    10:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:84:BD:64:89:7F:A6:32:AF:BF:00:39:C8:89:29:3E:35:6A:A8:AA
            X509v3 Authority Key Identifier:
                keyid:33:1E:77:84:F6:0A:C8:D9:69:B8:1C:F5:23:1C:D9:DC:08:7C:ED:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/yoS9ZIl_pjKvvwA5yIkpPjVqqKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.247.0.0/17
                  77.89.128.0/18
                  89.105.96.0/19
                IPv6:
                  2a00:f18::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:9f:ca:27:a3:ab:32:53:22:6a:03:a5:cc:6f:04:2b:bf:93:
         4a:90:46:e5:18:02:73:66:53:98:80:cf:72:3f:8d:2c:45:be:
         c3:af:f7:98:69:bf:3a:ef:6d:a3:5a:d5:89:f1:27:19:10:10:
         2d:a9:32:60:a1:6a:7d:ba:7c:8a:3f:b0:71:7f:e8:8b:aa:3b:
         58:6a:60:29:b0:83:70:3d:2a:93:de:a8:bd:a8:c0:35:71:a7:
         51:17:06:17:49:71:68:f8:93:5f:16:8c:6d:e7:4f:16:70:ea:
         2e:16:d8:af:dd:50:7e:92:c5:32:9d:eb:b0:d9:99:cb:11:d1:
         3c:00:91:4e:8e:03:9e:5e:31:cb:24:61:3c:90:5a:74:0c:95:
         a2:56:96:f1:4c:e3:7c:c1:e0:3b:3a:c0:16:1d:d4:9a:ff:37:
         a1:6b:4c:69:e8:7a:ed:a4:e2:38:cb:5f:10:ff:a6:af:25:e5:
         0b:53:f5:33:77:f8:65:f9:82:bc:b9:5c:c0:26:95:97:dc:d4:
         0a:85:e3:fa:5d:2d:09:4d:27:e1:11:07:76:2f:03:e2:1b:63:
         92:fb:d0:22:2d:b9:a3:7c:f4:93:7c:30:44:c0:0b:4f:9b:ca:
         8f:b2:d6:5e:05:5d:92:a2:ee:63:8b:82:e5:d6:e0:a7:8b:5f:
         a5:76:70:74
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYIlynuOEw9R0FbyeI1L4pqiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWU3Nzg0ZjYwYWM4ZDk2OWI4MWNmNTIzMWNkOWRjMDg3
Y2VkMzIwHhcNMjIwNzIyMTIwMzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg0YmQ2NDg5N2ZhNjMyYWZiZjAwMzljODg5MjkzZTM1NmFhOGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OelczuP5mtIg11z03V4djdb/0bk
q4B6Ww03QbUTdil18mulLQV1hEfd/plcSqBSvlchu/01lT+RY5JraZUSonWDZs1X
Py7AOOvgGB068333EBxlkelVHZhC056l6cFixIKOHhx9egz8wRWjTXveKwgSQQ0b
kMr9eqGI7H+gVwilnRAd0M8aatA6cW/4Wz96Nw1Cy4lFxeXcrwLNa4XXVU8tgcFa
nc8gYJq8qQVLk+g4ZOSM2ZMYdYx7mIRsL1t57hXyLTBy2MPGeaIyW/AvlRRhoiyr
w/r+e9DNzAxnoKa76cHnh/LP3US/4uvlh5xYaA0BbTu1uFkLHisGQMIQ/wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMqEvWSJf6Yyr78AOciJKT41aqiqMB8GA1UdIwQY
MBaAFDMed4T2CsjZabgc9SMc2dwIfO0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg1M2hQWUt5TmxwdUJ6MUl4elozQWg4N1RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lMDkyNWUtNDdiZi00OTA3LWJjYmMt
ZmQ5ZjM2YThiYTZlLzEveW9TOVpJbF9wakt2dndBNXlJa3BQalZxcUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lMDkyNWUtNDdiZi00OTA3LWJjYmMtZmQ5ZjM2YThiYTZl
LzEvTXg1M2hQWUt5TmxwdUJ6MUl4elozQWg4N1RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQHLvcAAwQG
TVmAAwQFWWlgMA0EAgACMAcDBQAqAA8YMA0GCSqGSIb3DQEBCwUAA4IBAQCCn8on
o6syUyJqA6XMbwQrv5NKkEblGAJzZlOYgM9yP40sRb7Dr/eYab86722jWtWJ8ScZ
EBAtqTJgoWp9unyKP7Bxf+iLqjtYamApsINwPSqT3qi9qMA1cadRFwYXSXFo+JNf
Foxt508WcOouFtiv3VB+ksUyneuw2ZnLEdE8AJFOjgOeXjHLJGE8kFp0DJWiVpbx
TON8weA7OsAWHdSa/zeha0xp6HrtpOI4y18Q/6avJeULU/Uzd/hl+YK8uVzAJpWX
3NQKheP6XS0JTSfhEQd2LwPiG2OS+9AiLbmjfPSTfDBEwAtPm8qPstZeBV2Sou5j
i4Ll1uCni1+ldnB0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:06 2024 by rpki-client on console-fra.rpki-client.org