Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/j7ErrOqc8zLYaaZhae22awprqUU.roa
File:                     j7ErrOqc8zLYaaZhae22awprqUU.roa (raw, json)
Hash identifier:          QIxrSntxa/p4yQWBStYdLj6dSQQZfosptQNDPNz9lvQ=
Subject key identifier:   8F:B1:2B:AC:EA:9C:F3:32:D8:69:A6:61:69:ED:B6:6B:0A:6B:A9:45
Certificate issuer:       /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial:       01856DB892F0BFA8A92A03377164CF1F7502
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/j7ErrOqc8zLYaaZhae22awprqUU.roa
Signing time:             Sun 01 Jan 2023 14:24:50 +0000
ROA not before:           Sun 01 Jan 2023 14:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51074
IP address blocks:        185.115.148.0/22 maxlen: 24
                          37.130.204.0/23 maxlen: 23
                          37.130.200.0/21 maxlen: 24
                          37.130.202.0/23 maxlen: 23
                          178.252.128.0/18 maxlen: 24
                          5.220.0.0/14 maxlen: 24
                          5.221.0.0/16 maxlen: 16
                          178.252.178.0/24 maxlen: 24
                          178.252.179.0/24 maxlen: 24
                          31.184.128.0/18 maxlen: 24
                          2a02:2b58::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:b8:92:f0:bf:a8:a9:2a:03:37:71:64:cf:1f:75:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
        Validity
            Not Before: Jan  1 14:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8fb12bacea9cf332d869a66169edb66b0a6ba945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c7:51:0b:76:70:8b:d5:76:7b:c1:58:cb:36:
                    f3:0c:06:f4:d9:75:48:f0:64:ad:a1:67:d4:33:41:
                    ef:80:6c:69:ca:c1:d0:d0:8a:2f:aa:ff:b5:66:bd:
                    a1:33:1f:01:f8:34:39:62:f0:e8:9d:4d:43:77:88:
                    fd:a9:f7:ad:95:f0:9b:d1:d8:3b:3a:be:e8:84:9b:
                    68:8f:80:12:03:f7:77:31:7d:51:6f:c2:ad:a9:8f:
                    da:77:04:8d:fe:b7:2e:f8:c2:b4:9a:b2:0b:50:c5:
                    0a:92:fb:b6:70:f7:f6:30:9c:7e:3a:e2:e1:f0:da:
                    04:c1:a7:f8:b1:f2:32:c8:28:86:f3:72:15:6b:6d:
                    88:09:39:86:3b:53:b3:ba:74:65:1b:ef:1f:2d:00:
                    d0:54:69:3c:b3:39:c7:49:b1:5c:25:f8:4f:75:9c:
                    d9:07:b9:5b:e9:08:65:8e:ca:49:9c:f2:02:75:ae:
                    10:00:27:9b:ef:54:d3:64:eb:12:82:22:e7:0c:b2:
                    58:97:83:fb:54:08:6a:c8:ea:a1:6a:22:bc:a7:2e:
                    58:64:61:1e:d4:da:6e:93:59:75:21:8c:2c:6c:f7:
                    36:fd:e1:8e:65:8a:5a:4e:2d:f7:23:c0:8c:5d:67:
                    f6:68:97:ca:3f:eb:80:bc:28:53:b9:30:bb:9b:5e:
                    84:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B1:2B:AC:EA:9C:F3:32:D8:69:A6:61:69:ED:B6:6B:0A:6B:A9:45
            X509v3 Authority Key Identifier:
                keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/j7ErrOqc8zLYaaZhae22awprqUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.220.0.0/14
                  31.184.128.0/18
                  37.130.200.0/21
                  178.252.128.0/18
                  185.115.148.0/22
                IPv6:
                  2a02:2b58::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:7e:d3:47:d8:07:df:58:c0:44:2e:9a:00:0e:bb:ca:63:bc:
         a4:f8:36:61:97:9b:a6:72:d4:d1:5d:c5:49:4c:32:76:58:00:
         dd:9a:32:98:6e:55:81:79:37:1a:b7:47:51:d2:b7:6a:72:a9:
         15:3a:e7:2b:03:03:e8:e2:1a:33:c0:da:fd:2c:d5:1f:c3:df:
         c4:b2:fd:b9:aa:10:a9:07:26:35:91:96:13:58:4a:7a:36:19:
         86:8e:37:43:c6:94:73:1e:75:46:c1:73:6b:59:eb:e3:a7:be:
         e5:10:1f:bd:41:3f:c0:89:36:f5:ff:ec:47:65:4b:8f:b5:02:
         92:7e:b8:fc:46:12:4e:b2:0f:21:be:14:2f:ab:87:9a:5b:1a:
         9b:75:ef:d2:5c:7b:e2:84:e7:78:68:dd:a5:88:ad:ed:da:5b:
         5b:9c:52:a0:f2:d1:9c:ce:55:c3:da:07:7e:41:f5:71:2f:29:
         a9:19:95:24:81:47:b5:c3:59:14:66:d1:f1:ba:4a:f3:2d:66:
         8f:e0:63:c4:09:99:79:7c:85:fe:54:8e:f7:6b:a5:90:ba:b2:
         11:03:71:63:bd:24:c7:18:f9:06:d2:84:51:3b:4a:e0:a8:9e:
         b4:9d:a3:b2:25:31:81:8a:6d:41:7b:f7:ae:15:44:fb:fc:d1:
         05:46:13:86
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVtuJLwv6ipKgM3cWTPH3UCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjMwMTAxMTQyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIxMmJhY2VhOWNmMzMyZDg2OWE2NjE2OWVkYjY2YjBhNmJhOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcdRC3Zwi9V2e8FYyzbzDAb02XVI
8GStoWfUM0HvgGxpysHQ0Iovqv+1Zr2hMx8B+DQ5YvDonU1Dd4j9qfetlfCb0dg7
Or7ohJtoj4ASA/d3MX1Rb8KtqY/adwSN/rcu+MK0mrILUMUKkvu2cPf2MJx+OuLh
8NoEwaf4sfIyyCiG83IVa22ICTmGO1OzunRlG+8fLQDQVGk8sznHSbFcJfhPdZzZ
B7lb6QhljspJnPICda4QACeb71TTZOsSgiLnDLJYl4P7VAhqyOqhaiK8py5YZGEe
1Npuk1l1IYwsbPc2/eGOZYpaTi33I8CMXWf2aJfKP+uAvChTuTC7m16EhQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFI+xK6zqnPMy2GmmYWnttmsKa6lFMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvajdFcnJPcWM4ekxZYWFaaGFlMjJhd3BycVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwMCBdwDBAYf
uIADBAMlgsgDBAay/IADBAK5c5QwDQQCAAIwBwMFAyoCK1gwDQYJKoZIhvcNAQEL
BQADggEBAC9+00fYB99YwEQumgAOu8pjvKT4NmGXm6Zy1NFdxUlMMnZYAN2aMphu
VYF5Nxq3R1HSt2pyqRU65ysDA+jiGjPA2v0s1R/D38Sy/bmqEKkHJjWRlhNYSno2
GYaON0PGlHMedUbBc2tZ6+OnvuUQH71BP8CJNvX/7EdlS4+1ApJ+uPxGEk6yDyG+
FC+rh5pbGpt179Jce+KE53ho3aWIre3aW1ucUqDy0ZzOVcPaB35B9XEvKakZlSSB
R7XDWRRm0fG6SvMtZo/gY8QJmXl8hf5UjvdrpZC6shEDcWO9JMcY+QbShFE7SuCo
nrSdo7IlMYGKbUF7964VRPv80QVGE4Y=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:47 2024 by rpki-client on console-ams.rpki-client.org