Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/KyT6pSWpg5na73vNZq13dFEXOBc.roa
File:                     KyT6pSWpg5na73vNZq13dFEXOBc.roa (raw, json)
Hash identifier:          iUKVT09dZ/To+GPTzrY5Q0lnMTZrsQG+bN01V+7dGSU=
Subject key identifier:   2B:24:FA:A5:25:A9:83:99:DA:EF:7B:CD:66:AD:77:74:51:17:38:17
Certificate issuer:       /CN=1ae9db29aa9308e1751b03d0d6999bb868805886
Certificate serial:       0DF77304
Authority key identifier: 1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/KyT6pSWpg5na73vNZq13dFEXOBc.roa
Signing time:             Thu 17 Feb 2022 13:41:08 +0000
ROA not before:           Thu 17 Feb 2022 13:41:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199939
IP address blocks:        87.121.16.0/23 maxlen: 24
                          87.120.160.0/23 maxlen: 24
                          89.19.60.0/22 maxlen: 24
                          141.98.2.0/23 maxlen: 24
                          185.42.8.0/22 maxlen: 24
                          185.156.160.0/22 maxlen: 24
                          45.133.248.0/23 maxlen: 24
                          212.237.253.0/24 maxlen: 24
                          45.139.120.0/23 maxlen: 24
                          2a0d:bb40::/32 maxlen: 48
                          2a01:5860::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 234320644 (0xdf77304)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ae9db29aa9308e1751b03d0d6999bb868805886
        Validity
            Not Before: Feb 17 13:41:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2b24faa525a98399daef7bcd66ad777451173817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:2b:63:d4:2a:0f:9a:85:d8:c9:a3:01:80:af:
                    0c:f6:7b:eb:89:d1:f8:f5:58:2a:a2:f4:56:26:eb:
                    4c:66:96:3c:14:b2:f6:6f:41:44:03:0e:07:0f:14:
                    f0:12:c0:3e:b4:9d:55:e5:e6:24:32:4b:ff:e4:f0:
                    82:a0:28:a5:8a:c8:e8:1b:f0:13:d4:f3:e4:de:f0:
                    69:75:85:40:dc:21:07:b7:e8:ad:3e:af:f9:58:51:
                    dd:e0:ec:1c:3f:84:2c:8b:9c:4c:8b:fd:ed:24:ab:
                    29:67:7c:0a:1e:a6:8a:b1:7e:59:a4:0d:98:88:44:
                    6b:4b:a0:d0:7a:ed:f0:34:f8:e2:bb:b9:8b:b5:7e:
                    2d:9b:d1:d3:ce:99:ee:c5:32:6c:52:12:c7:13:e5:
                    0e:12:63:03:32:61:6a:83:4d:94:32:6a:ac:d3:44:
                    98:9a:dc:c8:19:36:13:73:ab:7e:a7:23:dc:ce:75:
                    7a:57:5b:91:72:dd:43:dd:6d:56:b8:10:f8:b2:09:
                    87:1f:36:40:f7:51:f3:1b:12:8c:4d:ae:d1:5b:60:
                    18:75:64:0d:26:31:78:1d:0e:8f:d0:cb:0a:04:9b:
                    a9:4e:44:c2:a2:81:f6:fe:19:4a:86:3d:22:08:15:
                    6d:4e:1a:fd:9c:53:97:72:b4:88:c7:3e:d3:2a:7f:
                    7b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:24:FA:A5:25:A9:83:99:DA:EF:7B:CD:66:AD:77:74:51:17:38:17
            X509v3 Authority Key Identifier:
                keyid:1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/KyT6pSWpg5na73vNZq13dFEXOBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/GunbKaqTCOF1GwPQ1pmbuGiAWIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.248.0/23
                  45.139.120.0/23
                  87.120.160.0/23
                  87.121.16.0/23
                  89.19.60.0/22
                  141.98.2.0/23
                  185.42.8.0/22
                  185.156.160.0/22
                  212.237.253.0/24
                IPv6:
                  2a01:5860::/32
                  2a0d:bb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         e6:a4:55:e4:26:f4:70:dd:d3:4c:9a:96:76:3b:89:7a:16:96:
         9e:0f:92:3e:7f:08:81:c0:3b:e1:0b:19:e2:1f:6f:fd:8b:49:
         8d:94:30:84:c9:12:04:36:fc:2e:1f:ad:15:ee:d2:ad:06:52:
         25:da:ec:1a:d7:40:be:cb:9b:af:a3:91:34:2a:19:2d:21:d8:
         b1:b3:92:34:c4:cb:c4:70:43:0c:39:ef:77:f0:66:5c:d9:24:
         26:59:e0:67:12:51:19:43:52:cb:ee:ab:f1:97:00:6d:59:22:
         ef:de:46:25:d0:dd:f4:fa:0f:8e:37:66:77:6f:24:be:5d:7b:
         db:40:38:27:24:75:37:a8:b7:94:06:fc:a0:46:9c:20:8f:0a:
         4f:28:c1:02:80:a8:eb:62:a2:e8:e1:0d:a7:15:b4:8e:f6:d3:
         e7:93:b5:df:69:a1:51:76:b7:35:6d:37:c9:ce:44:93:d0:a6:
         f0:b2:ca:8c:49:61:f6:ce:56:ab:58:b8:12:99:21:86:37:26:
         83:00:e0:2e:97:ce:d3:d4:a5:32:ec:ce:e8:65:a9:33:2f:72:
         e5:11:94:36:d1:13:ba:b2:83:17:bf:f6:16:f1:6a:17:8c:21:
         5b:32:90:3c:40:2f:43:32:6f:f5:f4:0b:c7:8b:a7:3b:45:88:
         60:d6:6f:ec
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEDfdzBDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWU5ZGIyOWFhOTMwOGUxNzUxYjAzZDBkNjk5OWJiODY4ODA1ODg2MB4XDTIyMDIx
NzEzNDEwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmIyNGZhYTUyNWE5
ODM5OWRhZWY3YmNkNjZhZDc3NzQ1MTE3MzgxNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPIrY9QqD5qF2MmjAYCvDPZ764nR+PVYKqL0VibrTGaWPBSy
9m9BRAMOBw8U8BLAPrSdVeXmJDJL/+TwgqAopYrI6BvwE9Tz5N7waXWFQNwhB7fo
rT6v+VhR3eDsHD+ELIucTIv97SSrKWd8Ch6mirF+WaQNmIhEa0ug0Hrt8DT44ru5
i7V+LZvR086Z7sUybFISxxPlDhJjAzJhaoNNlDJqrNNEmJrcyBk2E3Orfqcj3M51
eldbkXLdQ91tVrgQ+LIJhx82QPdR8xsSjE2u0VtgGHVkDSYxeB0Oj9DLCgSbqU5E
wqKB9v4ZSoY9IggVbU4a/ZxTl3K0iMc+0yp/ezECAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBQrJPqlJamDmdrve81mrXd0URc4FzAfBgNVHSMEGDAWgBQa6dspqpMI4XUb
A9DWmZu4aIBYhjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0d1bmJLYXFUQ09GMUd3UFExcG1idUdpQVdJWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWUvZWI3ODM1LWQzNjQtNGUyOC05YTgyLWVkOTIzMWZiYWVkMS8x
L0t5VDZwU1dwZzVuYTczdk5acTEzZEZFWE9CYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUv
ZWI3ODM1LWQzNjQtNGUyOC05YTgyLWVkOTIzMWZiYWVkMS8xL0d1bmJLYXFUQ09G
MUd3UFExcG1idUdpQVdJWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwPAQCAAEwNgMEAS2F+AMEAS2LeAMEAVd4oAMEAVd5
EAMEAlkTPAMEAY1iAgMEArkqCAMEArmcoAMEANTt/TAUBAIAAjAOAwUAKgFYYAMF
ACoNu0AwDQYJKoZIhvcNAQELBQADggEBAOakVeQm9HDd00yalnY7iXoWlp4Pkj5/
CIHAO+ELGeIfb/2LSY2UMITJEgQ2/C4frRXu0q0GUiXa7BrXQL7Lm6+jkTQqGS0h
2LGzkjTEy8RwQww573fwZlzZJCZZ4GcSURlDUsvuq/GXAG1ZIu/eRiXQ3fT6D443
ZndvJL5de9tAOCckdTeot5QG/KBGnCCPCk8owQKAqOtioujhDacVtI720+eTtd9p
oVF2tzVtN8nORJPQpvCyyoxJYfbOVqtYuBKZIYY3JoMA4C6XztPUpTLszuhlqTMv
cuURlDbRE7qygxe/9hbxaheMIVsykDxAL0Myb/X0C8eLpztFiGDWb+w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:58 2024 by rpki-client on console-fra.rpki-client.org