Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/yH8mfUjxn7L2HmqcOlEVx79sLpc.roa
File:                     yH8mfUjxn7L2HmqcOlEVx79sLpc.roa (raw, json)
Hash identifier:          j22KAK2YZITjkj/9S8kg9rWc3Z3Gh0zuJNl9z6xQO/s=
Subject key identifier:   C8:7F:26:7D:48:F1:9F:B2:F6:1E:6A:9C:3A:51:15:C7:BF:6C:2E:97
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       0186C1812B93B54EE590FABE1A0FAA5359B9
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/yH8mfUjxn7L2HmqcOlEVx79sLpc.roa
Signing time:             Wed 08 Mar 2023 13:55:13 +0000
ROA not before:           Wed 08 Mar 2023 13:55:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8612
IP address blocks:        84.220.0.0/14 maxlen: 24
                          195.130.224.0/19 maxlen: 19
                          193.43.3.180/30 maxlen: 30
                          213.205.0.0/18 maxlen: 18
                          193.43.3.192/26 maxlen: 26
                          193.43.2.0/24 maxlen: 24
                          82.85.26.128/26 maxlen: 26
                          94.38.0.0/15 maxlen: 15
                          82.85.53.64/26 maxlen: 26
                          82.85.53.0/26 maxlen: 26
                          82.84.0.0/15 maxlen: 24
                          193.207.24.0/21 maxlen: 24
                          62.10.0.0/15 maxlen: 24
                          217.133.0.0/16 maxlen: 16
                          193.207.32.0/19 maxlen: 24
                          217.73.208.0/20 maxlen: 20
                          94.32.0.0/13 maxlen: 24
                          193.207.96.0/20 maxlen: 21
                          193.43.3.184/29 maxlen: 29
                          212.123.64.0/19 maxlen: 19
                          94.199.8.0/24 maxlen: 24
                          193.207.128.0/17 maxlen: 22
                          193.207.64.0/18 maxlen: 24
                          94.32.0.0/14 maxlen: 14
                          94.36.0.0/14 maxlen: 14
                          213.205.0.251/32 maxlen: 32
                          217.133.170.0/24 maxlen: 24
                          2a01:7d0:4800:1::/64 maxlen: 64
                          2a01:7d0::/32 maxlen: 32
                          2a01:7d0:4811::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c1:81:2b:93:b5:4e:e5:90:fa:be:1a:0f:aa:53:59:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Mar  8 13:55:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c87f267d48f19fb2f61e6a9c3a5115c7bf6c2e97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:af:93:9b:ec:d2:c3:b2:fa:5a:dd:cc:fc:54:
                    f7:60:b4:d5:40:c2:41:a1:e8:e1:14:d7:36:60:af:
                    3c:e4:41:77:00:5f:72:00:9e:77:8f:3b:34:de:d8:
                    81:52:7d:31:b3:92:e7:36:10:cc:63:f9:b3:23:76:
                    8e:5d:e2:54:c2:66:82:93:8c:e0:f2:b4:45:b9:57:
                    8b:03:27:45:51:0c:6f:a4:0e:69:47:4b:83:f8:a1:
                    47:31:e0:45:27:00:6a:8c:1e:ce:18:5e:71:b4:fd:
                    33:a1:7f:38:2f:af:ab:95:c5:ce:7e:ba:b4:36:d2:
                    79:79:8c:18:98:80:2d:d2:06:ed:83:19:3c:58:c1:
                    11:9b:80:b8:d8:0d:b3:3a:e2:0c:86:32:80:96:1e:
                    64:2a:5c:8b:af:66:b9:ad:78:ff:17:cf:58:27:75:
                    99:a5:92:c3:93:b5:e6:be:3f:15:77:cf:99:24:66:
                    0e:8a:fb:eb:f9:dd:a6:69:df:9b:46:02:5c:c3:dd:
                    ba:df:4c:7a:64:10:40:65:55:14:58:32:18:40:45:
                    0a:61:3e:d4:e7:45:f6:a5:6c:47:ce:2f:3a:63:a3:
                    1b:a6:05:d9:33:70:0a:9f:a1:9b:ad:e3:35:6e:07:
                    5f:07:06:06:aa:0e:52:df:a0:45:08:6f:f3:1a:c0:
                    61:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:7F:26:7D:48:F1:9F:B2:F6:1E:6A:9C:3A:51:15:C7:BF:6C:2E:97
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/yH8mfUjxn7L2HmqcOlEVx79sLpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.10.0.0/15
                  82.84.0.0/15
                  84.220.0.0/14
                  94.32.0.0/13
                  94.199.8.0/24
                  193.43.2.0/24
                  193.43.3.180-193.43.3.255
                  193.207.24.0-193.207.255.255
                  195.130.224.0/19
                  212.123.64.0/19
                  213.205.0.0/18
                  217.73.208.0/20
                  217.133.0.0/16
                IPv6:
                  2a01:7d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:c2:64:18:5a:ac:ff:90:d0:a8:61:53:cf:d2:3c:8f:9c:94:
         1b:09:f3:88:81:41:1f:5c:d1:70:01:c0:87:e2:ef:37:cb:96:
         9b:2b:e9:56:bf:88:f3:83:5d:5f:7a:d0:93:6a:45:21:de:fd:
         fd:d7:be:5e:d9:fe:94:e9:98:74:75:01:17:de:f7:07:d2:24:
         7d:a5:7e:c3:da:65:5b:0b:ae:54:c4:7f:82:57:7c:6b:af:16:
         df:30:d9:0b:ee:f9:04:ad:2f:ee:a3:eb:35:d6:c1:60:fd:55:
         af:66:c0:e2:8f:19:bc:67:54:d0:2a:56:a5:9c:37:bc:a8:3c:
         9d:ec:88:6b:71:61:7d:d1:1c:b6:eb:9a:57:bb:a4:86:6e:4b:
         35:8e:2f:ad:40:da:dd:a6:9e:33:9d:bf:cf:24:2d:10:bc:bd:
         76:83:55:78:59:a2:0d:2b:6c:e2:4d:c9:e9:e0:73:aa:ec:d6:
         ba:00:b3:d1:28:c8:ff:52:24:1c:54:25:5d:8a:1b:35:a7:fe:
         b5:6c:a1:95:f0:27:c1:aa:6f:dc:a6:58:8e:8c:fe:ac:24:8f:
         3d:41:6a:bb:e7:cb:08:ea:4e:ec:ba:2d:40:0d:5a:42:b8:9b:
         1a:ac:4e:af:d2:2e:22:ca:8b:51:6c:9d:a8:0e:a2:ce:ea:8b:
         58:55:e0:0b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYbBgSuTtU7lkPq+Gg+qU1m5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwMzA4MTM1NTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODdmMjY3ZDQ4ZjE5ZmIyZjYxZTZhOWMzYTUxMTVjN2JmNmMyZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6+Tm+zSw7L6Wt3M/FT3YLTVQMJB
oejhFNc2YK885EF3AF9yAJ53jzs03tiBUn0xs5LnNhDMY/mzI3aOXeJUwmaCk4zg
8rRFuVeLAydFUQxvpA5pR0uD+KFHMeBFJwBqjB7OGF5xtP0zoX84L6+rlcXOfrq0
NtJ5eYwYmIAt0gbtgxk8WMERm4C42A2zOuIMhjKAlh5kKlyLr2a5rXj/F89YJ3WZ
pZLDk7Xmvj8Vd8+ZJGYOivvr+d2mad+bRgJcw92630x6ZBBAZVUUWDIYQEUKYT7U
50X2pWxHzi86Y6MbpgXZM3AKn6GbreM1bgdfBwYGqg5S36BFCG/zGsBhUQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFMh/Jn1I8Z+y9h5qnDpRFce/bC6XMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEveUg4bWZVanhuN0wySG1xY09sRVZ4NzlzTHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwXwQCAAEwWQMDAT4KAwMB
UlQDAwJU3AMDA14gAwQAXscIAwQAwSsCMA0DBQLBKwO0AwQCwSsAMAsDBAPBzxgD
AwTBwAMEBcOC4AMEBdR7QAMEBtXNAAMEBNlJ0AMDANmFMA0EAgACMAcDBQAqAQfQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCGwmQYWqz/kNCoYVPP0jyPnJQbCfOIgUEfXNFw
AcCH4u83y5abK+lWv4jzg11fetCTakUh3v39175e2f6U6Zh0dQEX3vcH0iR9pX7D
2mVbC65UxH+CV3xrrxbfMNkL7vkErS/uo+s11sFg/VWvZsDijxm8Z1TQKlalnDe8
qDyd7IhrcWF90Ry265pXu6SGbks1ji+tQNrdpp4znb/PJC0QvL12g1V4WaINK2zi
Tcnp4HOq7Na6ALPRKMj/UiQcVCVdihs1p/61bKGV8CfBqm/cpliOjP6sJI89QWq7
58sI6k7sui1ADVpCuJsarE6v0i4iyotRbJ2oDqLO6otYVeAL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:45 2024 by rpki-client on console-fra.rpki-client.org