Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/ystsCxX49AHHrF_VCjB6sH8w8nY.roa
File:                     ystsCxX49AHHrF_VCjB6sH8w8nY.roa (raw, json)
Hash identifier:          n0nMuOCjOeJLz/ydva4X3B3CqLWppl5ICMrRx0lmj+g=
Subject key identifier:   CA:CB:6C:0B:15:F8:F4:01:C7:AC:5F:D5:0A:30:7A:B0:7F:30:F2:76
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       018AD5EEBB00B15B76572602335DAE60D3E6
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/ystsCxX49AHHrF_VCjB6sH8w8nY.roa
Signing time:             Wed 27 Sep 2023 09:18:27 +0000
ROA not before:           Wed 27 Sep 2023 09:18:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8612
IP address blocks:        84.220.0.0/14 maxlen: 24
                          195.130.224.0/19 maxlen: 19
                          193.43.3.180/30 maxlen: 30
                          213.205.0.0/18 maxlen: 18
                          193.43.3.192/26 maxlen: 26
                          193.43.2.0/24 maxlen: 24
                          82.85.26.128/26 maxlen: 26
                          82.85.53.64/26 maxlen: 26
                          82.85.53.0/26 maxlen: 26
                          82.84.0.0/15 maxlen: 24
                          193.207.24.0/21 maxlen: 24
                          217.133.0.0/16 maxlen: 16
                          193.207.32.0/19 maxlen: 24
                          217.73.208.0/20 maxlen: 20
                          193.207.96.0/20 maxlen: 21
                          193.43.3.184/29 maxlen: 29
                          212.123.64.0/19 maxlen: 19
                          193.207.128.0/17 maxlen: 22
                          193.207.64.0/18 maxlen: 24
                          94.32.0.0/14 maxlen: 14
                          213.205.0.251/32 maxlen: 32
                          94.32.115.0/24 maxlen: 24
                          217.133.170.0/24 maxlen: 24
                          2a01:7d0:4800:1::/64 maxlen: 64
                          2a01:7d0::/32 maxlen: 32
                          2a01:7d0:4811::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d5:ee:bb:00:b1:5b:76:57:26:02:33:5d:ae:60:d3:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Sep 27 09:18:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cacb6c0b15f8f401c7ac5fd50a307ab07f30f276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:ff:73:a4:9e:b7:e3:f9:07:07:1c:ae:df:
                    aa:ce:a3:60:4f:ce:08:21:30:a8:a0:e5:cd:9b:a1:
                    6e:db:e4:85:74:f4:98:33:e5:0f:58:89:05:56:c9:
                    ca:19:ff:31:0f:a2:c0:87:bc:f7:f0:e2:34:c8:9d:
                    ca:33:da:94:a5:4a:df:f0:5f:d7:4c:75:63:1f:62:
                    c7:24:76:bc:01:dc:58:3b:10:e2:69:f0:23:7b:a5:
                    98:38:ca:26:72:9e:c4:80:1f:02:5d:3a:20:ff:19:
                    c8:25:cb:f5:20:90:99:24:bc:6e:6d:16:16:98:86:
                    d0:e7:c5:9e:c3:52:4b:a9:eb:62:18:21:9b:bc:49:
                    27:2a:87:ca:74:9c:5f:b8:7c:cf:39:dc:92:22:11:
                    c7:82:d0:f7:7a:8d:c7:f3:c4:0e:09:13:30:d8:19:
                    fd:52:bf:29:b9:68:f1:a7:ff:20:d7:a4:16:be:ef:
                    c1:50:95:53:79:d5:f2:d5:52:b0:17:1d:19:a0:83:
                    70:e1:94:7d:ce:c1:2b:db:cf:e7:9b:07:81:d3:d5:
                    53:c4:60:f5:26:53:6d:ff:e8:69:6a:44:18:ea:f2:
                    32:17:e9:3b:69:98:78:6c:7a:35:a6:cc:dd:37:c2:
                    65:9f:f0:9b:60:76:40:0e:d4:5d:f0:1b:1c:be:d5:
                    c3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CB:6C:0B:15:F8:F4:01:C7:AC:5F:D5:0A:30:7A:B0:7F:30:F2:76
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/ystsCxX49AHHrF_VCjB6sH8w8nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.84.0.0/15
                  84.220.0.0/14
                  94.32.0.0/14
                  193.43.2.0/24
                  193.43.3.180-193.43.3.255
                  193.207.24.0-193.207.255.255
                  195.130.224.0/19
                  212.123.64.0/19
                  213.205.0.0/18
                  217.73.208.0/20
                  217.133.0.0/16
                IPv6:
                  2a01:7d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:59:bb:cc:ec:23:dd:0a:64:54:3d:c3:27:9a:c6:27:a9:5a:
         f8:a5:67:20:7f:0a:28:b1:f2:00:9f:08:82:d8:b0:fc:59:57:
         5a:02:a6:03:15:49:15:96:1a:b5:ce:ad:04:fe:17:4d:e9:ea:
         d3:70:bc:48:9b:d9:78:c1:4e:22:46:07:93:fb:4c:1f:b0:bb:
         85:7e:b1:a9:6c:be:34:a4:fa:4c:2b:ea:15:f8:b0:59:a7:38:
         51:50:0f:f5:d9:60:38:32:4f:51:10:c0:36:0b:f6:bd:de:0b:
         4a:58:47:3b:6a:8c:45:4a:f1:de:32:d4:7b:3b:9a:2d:f0:c1:
         b4:fa:fb:e2:32:39:6d:19:7b:2e:06:a1:7e:2e:02:a3:02:eb:
         d7:36:44:7b:c5:8c:3a:83:2a:ad:33:28:2a:5e:ac:de:87:23:
         7c:ff:b2:5c:70:dd:bf:07:19:ff:43:8f:12:f0:2e:37:85:ff:
         69:42:d1:3e:f3:09:5a:0d:6b:cf:2c:c2:35:41:0b:50:c9:fc:
         ed:7c:29:a0:79:60:24:b4:56:c3:5e:6e:e3:e8:72:61:39:52:
         8a:f5:7f:49:3b:71:f7:13:b7:04:cc:bd:54:52:6c:b7:87:e2:
         34:94:fd:c2:36:d5:64:17:63:a7:4b:ca:a4:3e:2e:27:c2:1f:
         7a:ac:b4:ec
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYrV7rsAsVt2VyYCM12uYNPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwOTI3MDkxODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWNiNmMwYjE1ZjhmNDAxYzdhYzVmZDUwYTMwN2FiMDdmMzBmMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdf/c6Set+P5Bwccrt+qzqNgT84I
ITCooOXNm6Fu2+SFdPSYM+UPWIkFVsnKGf8xD6LAh7z38OI0yJ3KM9qUpUrf8F/X
THVjH2LHJHa8AdxYOxDiafAje6WYOMomcp7EgB8CXTog/xnIJcv1IJCZJLxubRYW
mIbQ58Wew1JLqetiGCGbvEknKofKdJxfuHzPOdySIhHHgtD3eo3H88QOCRMw2Bn9
Ur8puWjxp/8g16QWvu/BUJVTedXy1VKwFx0ZoINw4ZR9zsEr28/nmweB09VTxGD1
JlNt/+hpakQY6vIyF+k7aZh4bHo1pszdN8Jln/CbYHZADtRd8BscvtXDjwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFMrLbAsV+PQBx6xf1QowerB/MPJ2MB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEveXN0c0N4WDQ5QUhIckZfVkNqQjZzSDh3OG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwMBUlQDAwJU
3AMDAl4gAwQAwSsCMA0DBQLBKwO0AwQCwSsAMAsDBAPBzxgDAwTBwAMEBcOC4AME
BdR7QAMEBtXNAAMEBNlJ0AMDANmFMA0EAgACMAcDBQAqAQfQMA0GCSqGSIb3DQEB
CwUAA4IBAQAZWbvM7CPdCmRUPcMnmsYnqVr4pWcgfwoosfIAnwiC2LD8WVdaAqYD
FUkVlhq1zq0E/hdN6erTcLxIm9l4wU4iRgeT+0wfsLuFfrGpbL40pPpMK+oV+LBZ
pzhRUA/12WA4Mk9REMA2C/a93gtKWEc7aoxFSvHeMtR7O5ot8MG0+vviMjltGXsu
BqF+LgKjAuvXNkR7xYw6gyqtMygqXqzehyN8/7JccN2/Bxn/Q48S8C43hf9pQtE+
8wlaDWvPLMI1QQtQyfztfCmgeWAktFbDXm7j6HJhOVKK9X9JO3H3E7cEzL1UUmy3
h+I0lP3CNtVkF2OnS8qkPi4nwh96rLTs
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:45 2024 by rpki-client on console-fra.rpki-client.org