Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/YVRwZAVAGx1-n_FJe6_3MHOohMg.roa
File:                     YVRwZAVAGx1-n_FJe6_3MHOohMg.roa (raw, json)
Hash identifier:          W+Kgp6Ly3e2E0y3eTbJ+opHsz7cASaSJ9ux7HK8EdpU=
Subject key identifier:   61:54:70:64:05:40:1B:1D:7E:9F:F1:49:7B:AF:F7:30:73:A8:84:C8
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       0187D791537E246DCD0626C0BB3A7C165C8C
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/YVRwZAVAGx1-n_FJe6_3MHOohMg.roa
Signing time:             Mon 01 May 2023 13:47:18 +0000
ROA not before:           Mon 01 May 2023 13:47:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8612
IP address blocks:        84.220.0.0/14 maxlen: 24
                          195.130.224.0/19 maxlen: 19
                          193.43.3.180/30 maxlen: 30
                          213.205.0.0/18 maxlen: 18
                          193.43.3.192/26 maxlen: 26
                          193.43.2.0/24 maxlen: 24
                          82.85.26.128/26 maxlen: 26
                          82.85.53.64/26 maxlen: 26
                          82.85.53.0/26 maxlen: 26
                          82.84.0.0/15 maxlen: 24
                          193.207.24.0/21 maxlen: 24
                          62.10.0.0/15 maxlen: 24
                          217.133.0.0/16 maxlen: 16
                          193.207.32.0/19 maxlen: 24
                          217.73.208.0/20 maxlen: 20
                          193.207.96.0/20 maxlen: 21
                          193.43.3.184/29 maxlen: 29
                          212.123.64.0/19 maxlen: 19
                          193.207.128.0/17 maxlen: 22
                          193.207.64.0/18 maxlen: 24
                          94.32.0.0/14 maxlen: 14
                          213.205.0.251/32 maxlen: 32
                          217.133.170.0/24 maxlen: 24
                          2a01:7d0:4800:1::/64 maxlen: 64
                          2a01:7d0::/32 maxlen: 32
                          2a01:7d0:4811::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d7:91:53:7e:24:6d:cd:06:26:c0:bb:3a:7c:16:5c:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: May  1 13:47:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6154706405401b1d7e9ff1497baff73073a884c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7d:4e:61:bf:49:db:15:3a:f0:1b:f2:8f:00:
                    80:fc:80:15:c5:ee:98:a5:31:94:c6:b8:8b:d5:03:
                    1f:17:fc:f7:f5:87:83:8e:e1:0f:f8:1b:c1:4e:a4:
                    52:56:67:2a:85:6c:07:9e:74:f8:de:36:7d:77:9c:
                    b4:2c:c1:4d:33:24:35:36:b3:b4:dd:7d:0b:a0:2c:
                    17:00:e2:3f:c1:ce:3a:8b:a0:fa:cb:f2:e6:5d:d2:
                    12:5c:db:3e:31:e5:e0:3c:f3:4b:5a:03:1b:54:a0:
                    08:72:ae:8a:11:c4:8c:84:d9:3e:ac:b1:8c:a1:3f:
                    86:a1:0b:a2:ac:92:6e:1f:84:40:d8:8f:84:6c:68:
                    76:46:f0:d6:2d:5e:62:1b:d4:02:ad:14:1e:df:79:
                    0e:50:f9:f1:68:2a:e5:39:b7:33:27:40:16:4b:bf:
                    b4:c5:81:98:6c:a9:9f:08:be:a1:94:9c:7a:d6:e2:
                    1b:58:c1:1d:33:bf:e8:c3:ed:58:3c:91:a4:b5:73:
                    0b:76:98:b1:e2:c0:83:54:76:b0:65:73:77:2d:d6:
                    04:a2:3b:3f:c0:7b:1d:55:47:e2:e4:8e:cd:e2:03:
                    c1:36:f9:58:4d:47:62:10:48:60:e2:57:fd:90:44:
                    5c:27:20:f8:51:25:55:56:00:b5:76:ff:6f:0e:ee:
                    9d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:54:70:64:05:40:1B:1D:7E:9F:F1:49:7B:AF:F7:30:73:A8:84:C8
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/YVRwZAVAGx1-n_FJe6_3MHOohMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.10.0.0/15
                  82.84.0.0/15
                  84.220.0.0/14
                  94.32.0.0/14
                  193.43.2.0/24
                  193.43.3.180-193.43.3.255
                  193.207.24.0-193.207.255.255
                  195.130.224.0/19
                  212.123.64.0/19
                  213.205.0.0/18
                  217.73.208.0/20
                  217.133.0.0/16
                IPv6:
                  2a01:7d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:a7:fd:a3:ad:6d:e3:8b:96:cb:2b:9f:a7:27:a4:28:19:d1:
         d2:36:59:3a:30:22:53:05:58:05:f3:7a:32:24:40:4b:70:fe:
         39:2f:a6:6b:0b:8a:27:bc:3f:c7:de:6e:2b:62:04:b2:32:89:
         2e:96:07:ce:81:e4:bd:64:ce:f6:30:a0:90:0f:04:3a:70:f0:
         4b:97:57:af:e7:7f:9f:b2:f8:82:d7:39:e7:86:90:c3:58:19:
         41:85:b7:60:7a:af:c8:04:46:33:e5:03:b9:5b:7f:43:e7:be:
         c5:35:ef:33:78:da:cc:a3:96:f8:f4:7b:fd:ff:93:7e:b0:a5:
         d1:f4:e8:94:0a:63:8d:34:60:4c:28:6f:a0:b4:7f:ca:5d:76:
         e4:e5:3c:c2:3c:1c:b7:56:b2:ec:ed:81:47:a2:31:a4:c4:da:
         2c:56:5c:4a:b7:69:e1:46:17:3f:78:77:51:c7:8b:c7:57:38:
         e2:74:8e:8e:5b:67:d4:a8:3d:26:f0:a9:1a:74:37:8c:99:61:
         4a:02:98:ea:14:93:f8:c4:1b:0c:10:e5:c4:e9:45:b0:40:f6:
         3b:38:38:8d:27:1a:9f:ab:5b:03:35:96:dc:c9:31:f8:05:2a:
         c7:5e:bb:88:44:64:2f:35:1a:a7:74:aa:5d:6b:ee:35:17:09:
         35:5d:6f:40
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYfXkVN+JG3NBibAuzp8FlyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwNTAxMTM0NzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTU0NzA2NDA1NDAxYjFkN2U5ZmYxNDk3YmFmZjczMDczYTg4NGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn1OYb9J2xU68BvyjwCA/IAVxe6Y
pTGUxriL1QMfF/z39YeDjuEP+BvBTqRSVmcqhWwHnnT43jZ9d5y0LMFNMyQ1NrO0
3X0LoCwXAOI/wc46i6D6y/LmXdISXNs+MeXgPPNLWgMbVKAIcq6KEcSMhNk+rLGM
oT+GoQuirJJuH4RA2I+EbGh2RvDWLV5iG9QCrRQe33kOUPnxaCrlObczJ0AWS7+0
xYGYbKmfCL6hlJx61uIbWMEdM7/ow+1YPJGktXMLdpix4sCDVHawZXN3LdYEojs/
wHsdVUfi5I7N4gPBNvlYTUdiEEhg4lf9kERcJyD4USVVVgC1dv9vDu6dMQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFGFUcGQFQBsdfp/xSXuv9zBzqITIMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvWVZSd1pBVkFHeDEtbl9GSmU2XzNNSE9vaE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBZBAIAATBTAwMBPgoDAwFS
VAMDAlTcAwMCXiADBADBKwIwDQMFAsErA7QDBALBKwAwCwMEA8HPGAMDBMHAAwQF
w4LgAwQF1HtAAwQG1c0AAwQE2UnQAwMA2YUwDQQCAAIwBwMFACoBB9AwDQYJKoZI
hvcNAQELBQADggEBAE6n/aOtbeOLlssrn6cnpCgZ0dI2WTowIlMFWAXzejIkQEtw
/jkvpmsLiie8P8febitiBLIyiS6WB86B5L1kzvYwoJAPBDpw8EuXV6/nf5+y+ILX
OeeGkMNYGUGFt2B6r8gERjPlA7lbf0PnvsU17zN42syjlvj0e/3/k36wpdH06JQK
Y400YEwob6C0f8pdduTlPMI8HLdWsuztgUeiMaTE2ixWXEq3aeFGFz94d1HHi8dX
OOJ0jo5bZ9SoPSbwqRp0N4yZYUoCmOoUk/jEGwwQ5cTpRbBA9js4OI0nGp+rWwM1
ltzJMfgFKsdeu4hEZC81Gqd0ql1r7jUXCTVdb0A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:42 2024 by rpki-client on console-ams.rpki-client.org