Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ymnzMYR89vHHXmkf8tF7wmZTo8Y.roa
File:                     ymnzMYR89vHHXmkf8tF7wmZTo8Y.roa (raw, json)
Hash identifier:          YtjUB4jxVHIYbFt/N77C+x/bFI5zbFuN6RIoC22BCJA=
Subject key identifier:   CA:69:F3:31:84:7C:F6:F1:C7:5E:69:1F:F2:D1:7B:C2:66:53:A3:C6
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0184FC5A8009B0AB320C0470DDA691DC3444
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ymnzMYR89vHHXmkf8tF7wmZTo8Y.roa
Signing time:             Sat 10 Dec 2022 14:05:00 +0000
ROA not before:           Sat 10 Dec 2022 14:05:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39650
IP address blocks:        188.240.196.0/24 maxlen: 24
                          185.3.200.0/24 maxlen: 24
                          45.94.213.0/24 maxlen: 24
                          89.38.212.0/24 maxlen: 24
                          89.38.213.0/24 maxlen: 24
                          45.94.215.0/24 maxlen: 24
                          89.46.217.0/24 maxlen: 24
                          89.38.214.0/24 maxlen: 24
                          89.38.215.0/24 maxlen: 24
                          188.212.96.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:fc:5a:80:09:b0:ab:32:0c:04:70:dd:a6:91:dc:34:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Dec 10 14:05:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca69f331847cf6f1c75e691ff2d17bc26653a3c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:46:d7:0f:bc:05:2e:b6:82:b0:5d:01:6b:7d:
                    3c:37:11:17:17:a5:e6:cb:58:02:1d:01:22:4e:f9:
                    1f:d6:78:0a:39:b2:73:b0:a4:25:fe:13:8d:6c:1d:
                    93:5b:ff:c6:8a:61:0f:81:4b:80:93:8b:8e:fc:4c:
                    11:70:67:54:d5:0f:e0:73:99:e7:90:3c:ba:2f:2a:
                    73:d7:de:34:55:aa:31:59:0f:d0:6b:be:2b:72:a1:
                    8a:cf:86:29:8a:65:20:b0:12:32:f8:9a:95:22:cc:
                    7e:5f:eb:c5:4d:db:f9:55:83:15:4b:20:6a:1c:5e:
                    d4:48:d7:78:93:44:35:a4:84:fc:83:bc:a1:72:5c:
                    a3:6c:3e:a5:73:b5:21:16:21:32:d6:24:5f:d7:68:
                    1b:62:32:03:6f:ea:21:f9:48:27:5a:b8:a6:95:ac:
                    ef:39:09:c9:05:33:9c:7d:36:2a:a4:ff:70:34:15:
                    34:c3:a9:b5:99:38:7b:09:3b:aa:06:b8:4c:13:41:
                    77:ab:d6:27:01:8c:8e:9d:cf:25:0a:e9:40:d1:02:
                    2b:3a:2a:64:b8:ba:88:bf:34:3c:7f:86:c5:10:c4:
                    e8:31:eb:8c:8c:8b:3d:27:ae:15:b9:2a:62:6c:b3:
                    f7:1a:2b:45:a1:aa:e6:32:ac:2f:74:b6:0d:b6:69:
                    26:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:69:F3:31:84:7C:F6:F1:C7:5E:69:1F:F2:D1:7B:C2:66:53:A3:C6
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ymnzMYR89vHHXmkf8tF7wmZTo8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.213.0/24
                  45.94.215.0/24
                  89.38.212.0/22
                  89.46.217.0/24
                  185.3.200.0/24
                  188.212.96.0/22
                  188.240.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:4a:48:46:b8:29:53:59:56:d6:b5:f6:76:34:b5:fd:63:87:
         3b:4f:d6:91:70:b3:de:84:b9:08:e8:e2:c4:88:97:fa:8b:3b:
         f1:aa:9d:9a:7c:9c:43:f7:87:39:16:69:8b:1d:49:91:93:2d:
         80:5d:24:b0:a3:52:e8:84:80:8f:fd:d9:d1:bf:dd:8d:37:f4:
         0b:1c:98:6e:4f:bd:e7:6e:40:f2:8e:0f:4a:e3:7d:09:59:6c:
         2e:ec:67:94:99:96:55:f6:b4:18:7e:4a:ab:39:ef:14:27:62:
         2f:76:14:dc:48:66:a3:c4:2f:78:52:29:a0:f1:64:e2:41:0c:
         98:87:26:55:8d:a4:51:1b:97:03:7f:d6:2b:bd:33:ad:c9:46:
         7b:d7:93:a2:12:f2:1d:4b:aa:11:38:40:47:6d:a0:3a:ac:b5:
         e3:95:b5:56:8e:a4:71:50:c0:e6:be:19:45:40:75:5f:13:a1:
         67:23:e2:f8:54:03:22:c2:3b:5a:1b:e0:da:25:c1:c1:87:97:
         80:89:a6:2d:ed:9d:47:56:32:c2:57:86:cc:f9:92:ac:35:c2:
         dc:f5:cc:c0:99:9d:ef:c4:ca:fb:93:66:32:97:05:88:cf:89:
         a7:3d:90:7d:a1:cd:b1:44:02:03:36:e8:78:dc:3e:4f:e0:35:
         59:50:24:20
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYT8WoAJsKsyDARw3aaR3DREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjIxMjEwMTQwNTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTY5ZjMzMTg0N2NmNmYxYzc1ZTY5MWZmMmQxN2JjMjY2NTNhM2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0bXD7wFLraCsF0Ba308NxEXF6Xm
y1gCHQEiTvkf1ngKObJzsKQl/hONbB2TW//GimEPgUuAk4uO/EwRcGdU1Q/gc5nn
kDy6Lypz1940VaoxWQ/Qa74rcqGKz4YpimUgsBIy+JqVIsx+X+vFTdv5VYMVSyBq
HF7USNd4k0Q1pIT8g7yhclyjbD6lc7UhFiEy1iRf12gbYjIDb+oh+UgnWrimlazv
OQnJBTOcfTYqpP9wNBU0w6m1mTh7CTuqBrhME0F3q9YnAYyOnc8lCulA0QIrOipk
uLqIvzQ8f4bFEMToMeuMjIs9J64VuSpibLP3GitFoarmMqwvdLYNtmkmRwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMpp8zGEfPbxx15pH/LRe8JmU6PGMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEveW1uek1ZUjg5dkhIWG1rZjh0Rjd3bVpUbzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALV7VAwQA
LV7XAwQCWSbUAwQAWS7ZAwQAuQPIAwQCvNRgAwQAvPDEMA0GCSqGSIb3DQEBCwUA
A4IBAQAXSkhGuClTWVbWtfZ2NLX9Y4c7T9aRcLPehLkI6OLEiJf6izvxqp2afJxD
94c5FmmLHUmRky2AXSSwo1LohICP/dnRv92NN/QLHJhuT73nbkDyjg9K430JWWwu
7GeUmZZV9rQYfkqrOe8UJ2IvdhTcSGajxC94Uimg8WTiQQyYhyZVjaRRG5cDf9Yr
vTOtyUZ715OiEvIdS6oROEBHbaA6rLXjlbVWjqRxUMDmvhlFQHVfE6FnI+L4VAMi
wjtaG+DaJcHBh5eAiaYt7Z1HVjLCV4bM+ZKsNcLc9czAmZ3vxMr7k2YylwWIz4mn
PZB9oc2xRAIDNuh43D5P4DVZUCQg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:49 2024 by rpki-client on console-ams.rpki-client.org