Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/anL6Jtht-FB3keUwlsIzsl1OaGM.roa
File:                     anL6Jtht-FB3keUwlsIzsl1OaGM.roa (raw, json)
Hash identifier:          9rpQQasKhALsOBT5PLKOrxV8mVZS/FPQPIv2D2TETSk=
Subject key identifier:   6A:72:FA:26:D8:6D:F8:50:77:91:E5:30:96:C2:33:B2:5D:4E:68:63
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01833408B8C4E1A8162BA470C88142C29E49
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/anL6Jtht-FB3keUwlsIzsl1OaGM.roa
Signing time:             Mon 12 Sep 2022 23:28:50 +0000
ROA not before:           Mon 12 Sep 2022 23:28:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30738
IP address blocks:        195.211.53.0/24 maxlen: 24
                          195.2.226.0/23 maxlen: 23
                          188.130.254.0/24 maxlen: 24
                          188.130.182.0/24 maxlen: 24
                          2001:1468:8000::/36 maxlen: 36
                          2001:1468::/32 maxlen: 33

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:34:08:b8:c4:e1:a8:16:2b:a4:70:c8:81:42:c2:9e:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Sep 12 23:28:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6a72fa26d86df8507791e53096c233b25d4e6863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ca:2b:de:2f:b0:4c:94:90:06:e6:9e:21:69:
                    8b:6f:a3:c0:ad:4d:a1:da:6c:d9:a9:a9:56:86:b5:
                    38:43:74:ba:36:d0:48:e6:0b:e2:63:f8:e2:6f:07:
                    a9:ef:3f:bf:8a:d2:e9:43:da:e6:da:40:d2:cb:a8:
                    cd:59:ee:c2:41:8b:1f:69:be:d8:fb:e6:88:56:bf:
                    ba:e0:bc:05:8f:1f:28:25:ed:5e:55:32:aa:ba:3d:
                    1f:3d:4a:19:fa:8d:f1:70:67:78:fd:17:db:58:6a:
                    e9:e2:fd:4b:ba:81:d6:c1:ae:d6:f3:89:06:10:20:
                    4c:3f:b0:08:5f:65:95:6c:71:61:f1:5e:ea:e7:51:
                    68:a5:96:4c:d9:30:63:93:25:ca:5c:eb:94:49:d7:
                    fe:99:16:e2:00:73:1f:ab:1b:16:43:6f:87:fd:4d:
                    f5:96:64:18:83:8a:10:59:9f:17:76:38:da:74:ad:
                    89:9c:ab:9d:7f:a6:82:0b:ff:61:43:43:67:9c:97:
                    6a:da:c9:c7:a6:ed:08:69:81:7e:f8:1a:01:1a:57:
                    03:d6:31:f7:30:ee:f6:df:b1:9f:57:64:ae:e7:6c:
                    bd:5b:f2:79:01:87:93:7c:4e:f7:8d:83:35:6a:6d:
                    c5:71:00:29:41:aa:28:3c:20:d0:90:8c:96:11:90:
                    5c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:72:FA:26:D8:6D:F8:50:77:91:E5:30:96:C2:33:B2:5D:4E:68:63
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/anL6Jtht-FB3keUwlsIzsl1OaGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.182.0/24
                  188.130.254.0/24
                  195.2.226.0/23
                  195.211.53.0/24
                IPv6:
                  2001:1468::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:c3:ee:d1:b0:51:38:25:10:1c:0c:d4:10:37:f1:ec:8f:7e:
         5b:e5:5e:19:7e:3c:a2:75:58:6c:66:71:63:50:73:23:b8:6c:
         b8:64:56:7f:f2:1f:10:6b:8a:38:cf:6f:1b:76:d2:e7:e1:39:
         79:ac:31:23:9b:40:0b:28:39:5c:41:e3:e8:53:e2:da:66:bc:
         5d:de:9c:47:5a:cb:ec:87:55:84:cf:65:6c:8c:97:ae:03:fa:
         4d:7c:3b:12:86:ac:0b:bb:c5:a4:bd:e7:68:e4:5d:67:bb:91:
         8f:b4:b9:36:09:0f:ef:c9:5d:9c:ad:e6:74:0e:f3:36:b4:e2:
         e3:5f:33:11:dc:02:c7:20:c0:82:0b:bc:74:9c:d2:61:bd:e9:
         a4:06:bc:70:51:2c:80:55:2a:dd:90:8e:0b:94:d5:02:4b:41:
         b6:b6:09:99:7b:a2:ce:84:bc:18:f6:d6:e2:06:83:07:e2:e9:
         f3:2d:6f:8c:77:90:e6:77:d8:70:c0:42:4c:7d:d9:96:3f:b2:
         5e:3e:60:53:58:8f:a4:d0:21:14:1b:51:0b:9a:9d:8c:2f:c1:
         8d:92:0f:30:fd:40:38:51:7c:91:91:3c:1a:a7:9a:65:46:7a:
         2f:d7:2f:f8:79:bc:9f:60:32:2a:4b:54:c3:01:87:80:be:08:
         4f:15:95:a1
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYM0CLjE4agWK6RwyIFCwp5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjIwOTEyMjMyODUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTcyZmEyNmQ4NmRmODUwNzc5MWU1MzA5NmMyMzNiMjVkNGU2ODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cor3i+wTJSQBuaeIWmLb6PArU2h
2mzZqalWhrU4Q3S6NtBI5gviY/jibwep7z+/itLpQ9rm2kDSy6jNWe7CQYsfab7Y
++aIVr+64LwFjx8oJe1eVTKquj0fPUoZ+o3xcGd4/RfbWGrp4v1LuoHWwa7W84kG
ECBMP7AIX2WVbHFh8V7q51FopZZM2TBjkyXKXOuUSdf+mRbiAHMfqxsWQ2+H/U31
lmQYg4oQWZ8XdjjadK2JnKudf6aCC/9hQ0NnnJdq2snHpu0IaYF++BoBGlcD1jH3
MO7237GfV2Su52y9W/J5AYeTfE73jYM1am3FcQApQaooPCDQkIyWEZBcswIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFGpy+ibYbfhQd5HlMJbCM7JdTmhjMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvYW5MNkp0aHQtRkIza2VVd2xzSXpzbDFPYUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAvIK2AwQA
vIL+AwQBwwLiAwQAw9M1MA0EAgACMAcDBQAgARRoMA0GCSqGSIb3DQEBCwUAA4IB
AQAVw+7RsFE4JRAcDNQQN/Hsj35b5V4ZfjyidVhsZnFjUHMjuGy4ZFZ/8h8Qa4o4
z28bdtLn4Tl5rDEjm0ALKDlcQePoU+LaZrxd3pxHWsvsh1WEz2VsjJeuA/pNfDsS
hqwLu8Wkvedo5F1nu5GPtLk2CQ/vyV2creZ0DvM2tOLjXzMR3ALHIMCCC7x0nNJh
vemkBrxwUSyAVSrdkI4LlNUCS0G2tgmZe6LOhLwY9tbiBoMH4unzLW+Md5Dmd9hw
wEJMfdmWP7JePmBTWI+k0CEUG1ELmp2ML8GNkg8w/UA4UXyRkTwap5plRnov1y/4
ebyfYDIqS1TDAYeAvghPFZWh
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:00 2024 by rpki-client on console-ams.rpki-client.org