Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/hcbYAvv9wkTtVkEXn4ET_oVCDxs.roa
File:                     hcbYAvv9wkTtVkEXn4ET_oVCDxs.roa (raw, json)
Hash identifier:          CUxf44vRWjKRV+lwFyXhmL6gT9raynyk9Nb8m7aYJHY=
Subject key identifier:   85:C6:D8:02:FB:FD:C2:44:ED:56:41:17:9F:81:13:FE:85:42:0F:1B
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018570D5507D66D404AD3ED2FE33BFD8E8E1
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/hcbYAvv9wkTtVkEXn4ET_oVCDxs.roa
Signing time:             Mon 02 Jan 2023 04:55:05 +0000
ROA not before:           Mon 02 Jan 2023 04:55:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12608
IP address blocks:        2a0e:e680::/32 maxlen: 32
                          2a09:4304::/30 maxlen: 30
                          2a0d:f140::/30 maxlen: 30
                          2a0d:c100::/30 maxlen: 30
                          2a09:e04::/30 maxlen: 30
                          2a09:2d04::/30 maxlen: 30
                          2a0d:afc0::/30 maxlen: 30
                          2a09:4281::/32 maxlen: 32
                          2a06:77c1::/32 maxlen: 32
                          2a09:2d00::/30 maxlen: 30
                          2a0d:e344::/30 maxlen: 30
                          2a09:e701::/32 maxlen: 32
                          2a09:4481::/32 maxlen: 32
                          2a0d:b840::/30 maxlen: 30
                          2a09:3a81::/32 maxlen: 32
                          2a09:e700::/32 maxlen: 32
                          2a09:4480::/32 maxlen: 32
                          2a09:9981::/32 maxlen: 32
                          2a0f:b741::/32 maxlen: 32
                          2a09:af81::/32 maxlen: 32
                          2a09:4280::/32 maxlen: 32
                          2a0d:f5c4::/30 maxlen: 30
                          2a0d:d3c0::/30 maxlen: 30
                          2a06:77c0::/32 maxlen: 32
                          2a0e:19c0::/32 maxlen: 32
                          2a0e:c480::/32 maxlen: 32
                          2a09:7b80::/32 maxlen: 32
                          2a09:5404::/30 maxlen: 30
                          2a0e:e681::/32 maxlen: 32
                          2a0d:b844::/30 maxlen: 30
                          2a09:9380::/32 maxlen: 32
                          2a09:9604::/30 maxlen: 30
                          2a09:5400::/30 maxlen: 30
                          2a09:1804::/30 maxlen: 30
                          2a0e:4b40::/32 maxlen: 32
                          2a09:7881::/32 maxlen: 32
                          2a0d:d3c4::/30 maxlen: 30
                          2a09:9600::/30 maxlen: 30
                          2a09:1800::/30 maxlen: 30
                          2a09:7880::/32 maxlen: 32
                          2a09:4300::/30 maxlen: 30
                          2a09:e00::/30 maxlen: 30
                          2a0d:f144::/30 maxlen: 30
                          2a09:3a80::/32 maxlen: 32
                          2a0e:19c1::/32 maxlen: 32
                          2a0d:e340::/30 maxlen: 30
                          2a0e:c481::/32 maxlen: 32
                          2a09:7b81::/32 maxlen: 32
                          2a09:af80::/32 maxlen: 32
                          2a0d:afc4::/30 maxlen: 30
                          2a09:9980::/32 maxlen: 32
                          2a0e:4b41::/32 maxlen: 32
                          2a0f:b740::/32 maxlen: 32
                          2a09:9381::/32 maxlen: 32
                          2a0d:c104::/30 maxlen: 30

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:d5:50:7d:66:d4:04:ad:3e:d2:fe:33:bf:d8:e8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 04:55:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=85c6d802fbfdc244ed5641179f8113fe85420f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7d:fa:f5:1b:f4:1a:73:8c:dd:b3:de:eb:9e:
                    bc:9d:c7:16:7c:6d:7c:99:aa:6b:57:a8:04:d8:90:
                    b1:fa:9c:6f:16:6a:4e:16:b6:73:ea:b3:3c:42:a2:
                    db:fa:66:4b:58:0f:e0:41:09:e3:25:1c:79:28:60:
                    00:ed:2b:17:16:58:2f:99:12:ff:66:26:18:65:06:
                    4e:63:32:77:3b:56:83:a2:d9:25:92:15:1b:03:be:
                    f0:3b:3a:74:ed:59:d6:57:b2:52:0f:1b:21:b3:bf:
                    a1:a2:69:20:78:88:86:22:b9:ac:1a:3c:90:b2:37:
                    1b:c7:98:5a:42:3b:95:97:5b:4e:f9:48:d9:dd:57:
                    3d:48:0f:7d:39:a3:4a:fd:10:fc:04:7a:c2:ca:6e:
                    2a:e6:d4:da:55:ec:41:ed:73:e5:48:85:c2:f7:61:
                    a0:c2:af:1e:95:26:b2:a9:78:a6:ec:3f:1d:89:b4:
                    b6:ab:54:9d:e3:55:66:ce:35:03:b0:17:10:8e:72:
                    51:46:68:a3:ff:ca:4e:fd:23:d2:3a:13:28:68:11:
                    7b:8a:6b:4b:a2:52:77:37:ae:60:e8:a5:ea:44:9d:
                    51:93:c7:76:02:c1:6e:02:17:3a:85:f6:2a:3b:b0:
                    f5:ae:92:f7:dd:f5:2e:64:22:15:16:cb:f8:e2:af:
                    25:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C6:D8:02:FB:FD:C2:44:ED:56:41:17:9F:81:13:FE:85:42:0F:1B
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/hcbYAvv9wkTtVkEXn4ET_oVCDxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:77c0::/31
                  2a09:e00::/29
                  2a09:1800::/29
                  2a09:2d00::/29
                  2a09:3a80::/31
                  2a09:4280::/31
                  2a09:4300::/29
                  2a09:4480::/31
                  2a09:5400::/29
                  2a09:7880::/31
                  2a09:7b80::/31
                  2a09:9380::/31
                  2a09:9600::/29
                  2a09:9980::/31
                  2a09:af80::/31
                  2a09:e700::/31
                  2a0d:afc0::/29
                  2a0d:b840::/29
                  2a0d:c100::/29
                  2a0d:d3c0::/29
                  2a0d:e340::/29
                  2a0d:f140::/29
                  2a0d:f5c4::/30
                  2a0e:19c0::/31
                  2a0e:4b40::/31
                  2a0e:c480::/31
                  2a0e:e680::/31
                  2a0f:b740::/31

    Signature Algorithm: sha256WithRSAEncryption
         26:d0:1c:2e:79:83:2f:4f:56:11:d9:b0:36:a3:97:09:f6:19:
         9e:33:8b:00:49:53:af:88:be:14:ef:e2:56:59:6d:e2:18:cd:
         ff:a1:73:61:4f:96:34:5c:13:43:cc:8e:20:1d:69:d2:61:d0:
         4a:31:ff:42:b4:fb:fe:d2:32:04:1c:30:d1:52:23:d8:a0:a5:
         81:ad:d6:ca:e7:41:cb:65:65:a0:00:a1:ab:77:22:e6:b5:43:
         4b:27:62:59:e6:88:38:47:0a:f3:6a:43:85:d9:72:d3:97:ee:
         2e:02:d8:f0:78:5a:90:98:ea:6b:df:17:ff:90:2a:3b:b6:62:
         b4:92:14:d8:2b:f5:53:82:60:fc:a2:ff:9d:66:1f:b0:d8:12:
         6c:86:b2:cd:b9:79:81:67:bb:0e:90:6e:30:1c:c2:d7:9a:1e:
         2f:9a:c3:5d:de:e2:2e:a2:c1:18:68:61:42:b2:80:21:60:8f:
         22:57:6f:1b:15:50:44:55:f5:71:57:fc:01:72:93:c5:e1:b9:
         b5:7b:0f:13:d8:43:3d:d9:e2:c4:eb:b0:1c:eb:e8:f2:44:da:
         56:50:fb:09:b2:a6:1d:27:ea:0a:c4:36:75:85:7a:ed:ea:a9:
         49:86:71:55:fd:94:af:40:cb:6c:52:b4:24:d0:98:8b:b2:dc:
         ce:cd:40:e0
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAYVw1VB9ZtQErT7S/jO/2OjhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwMTAyMDQ1NTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWM2ZDgwMmZiZmRjMjQ0ZWQ1NjQxMTc5ZjgxMTNmZTg1NDIwZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3369Rv0GnOM3bPe6568nccWfG18
maprV6gE2JCx+pxvFmpOFrZz6rM8QqLb+mZLWA/gQQnjJRx5KGAA7SsXFlgvmRL/
ZiYYZQZOYzJ3O1aDotklkhUbA77wOzp07VnWV7JSDxshs7+homkgeIiGIrmsGjyQ
sjcbx5haQjuVl1tO+UjZ3Vc9SA99OaNK/RD8BHrCym4q5tTaVexB7XPlSIXC92Gg
wq8elSayqXim7D8dibS2q1Sd41VmzjUDsBcQjnJRRmij/8pO/SPSOhMoaBF7imtL
olJ3N65g6KXqRJ1Rk8d2AsFuAhc6hfYqO7D1rpL33fUuZCIVFsv44q8l+wIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFIXG2AL7/cJE7VZBF5+BE/6FQg8bMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvaGNiWUF2djl3a1R0VmtFWG40RVRfb1ZDRHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBywQCAAIwgcQDBQEq
BnfAAwUDKgkOAAMFAyoJGAADBQMqCS0AAwUBKgk6gAMFASoJQoADBQMqCUMAAwUB
KglEgAMFAyoJVAADBQEqCXiAAwUBKgl7gAMFASoJk4ADBQMqCZYAAwUBKgmZgAMF
ASoJr4ADBQEqCecAAwUDKg2vwAMFAyoNuEADBQMqDcEAAwUDKg3TwAMFAyoN40AD
BQMqDfFAAwUCKg31xAMFASoOGcADBQEqDktAAwUBKg7EgAMFASoO5oADBQEqD7dA
MA0GCSqGSIb3DQEBCwUAA4IBAQAm0BwueYMvT1YR2bA2o5cJ9hmeM4sASVOviL4U
7+JWWW3iGM3/oXNhT5Y0XBNDzI4gHWnSYdBKMf9CtPv+0jIEHDDRUiPYoKWBrdbK
50HLZWWgAKGrdyLmtUNLJ2JZ5og4RwrzakOF2XLTl+4uAtjweFqQmOpr3xf/kCo7
tmK0khTYK/VTgmD8ov+dZh+w2BJshrLNuXmBZ7sOkG4wHMLXmh4vmsNd3uIuosEY
aGFCsoAhYI8iV28bFVBEVfVxV/wBcpPF4bm1ew8T2EM92eLE67Ac6+jyRNpWUPsJ
sqYdJ+oKxDZ1hXrt6qlJhnFV/ZSvQMtsUrQk0JiLstzOzUDg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org