Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/YE7DMkKHAGsc30fA_DGU_Yj1OYE.roa
File:                     YE7DMkKHAGsc30fA_DGU_Yj1OYE.roa (raw, json)
Hash identifier:          UuBQqcol6VDCtdXrUGR6fW1L/oikjlDzIXroJp26iLc=
Subject key identifier:   60:4E:C3:32:42:87:00:6B:1C:DF:47:C0:FC:31:94:FD:88:F5:39:81
Certificate issuer:       /CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
Certificate serial:       18EEACF7
Authority key identifier: A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/YE7DMkKHAGsc30fA_DGU_Yj1OYE.roa
Signing time:             Sat 01 Jan 2022 08:55:20 +0000
ROA not before:           Sat 01 Jan 2022 08:55:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60198
IP address blocks:        185.61.140.0/22 maxlen: 22
                          46.17.216.0/21 maxlen: 21
                          2a02:4f63::/32 maxlen: 32
                          2a02:4f61::/32 maxlen: 32
                          2a02:4f64::/32 maxlen: 32
                          2a02:4f67::/32 maxlen: 32
                          2a02:4f60::/32 maxlen: 32
                          2a02:4f66::/32 maxlen: 32
                          2a02:4f65::/32 maxlen: 32
                          2a02:4f62::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 418295031 (0x18eeacf7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
        Validity
            Not Before: Jan  1 08:55:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=604ec3324287006b1cdf47c0fc3194fd88f53981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c9:6b:59:65:d7:32:9d:75:a5:fb:bd:97:84:
                    33:c3:7c:dd:a3:27:05:67:39:5a:31:6c:b9:78:68:
                    8e:de:2f:b9:20:35:2d:dc:55:a0:8d:17:3a:e1:c1:
                    fb:ef:b3:c5:50:da:04:89:cb:e7:28:e1:c5:50:1c:
                    69:c4:cd:ed:11:a9:e8:68:29:e2:6d:8d:d9:34:5f:
                    6a:3c:b1:d5:d6:dc:a2:13:ee:37:53:4f:d3:b2:ce:
                    80:30:00:a9:d2:02:54:45:c3:7b:fe:9b:d9:bb:da:
                    c0:0b:ab:c6:f1:12:70:41:ae:41:44:b7:d4:74:2a:
                    a7:6b:b3:e5:e0:38:06:04:31:a0:dd:4b:fa:f7:61:
                    10:7f:62:41:c6:ba:07:f4:15:97:f9:81:3d:26:10:
                    dd:3e:e2:5c:c5:34:26:36:72:a1:2b:1d:0a:aa:d7:
                    ea:58:9c:4a:00:3e:c8:53:c5:ff:3a:11:2a:7b:68:
                    12:8b:96:f2:88:e7:ec:f2:95:86:42:a2:05:77:e4:
                    1e:0d:b5:41:b7:6d:ab:52:3a:f9:f4:8f:28:bb:6b:
                    c4:77:fc:4d:9c:69:c2:67:9a:fb:8a:48:f3:7f:09:
                    c7:57:2c:cd:62:13:77:97:39:cb:a6:cd:2d:f4:bb:
                    10:ce:69:0e:3c:fe:d7:6a:e7:17:12:c7:f3:82:51:
                    6d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:4E:C3:32:42:87:00:6B:1C:DF:47:C0:FC:31:94:FD:88:F5:39:81
            X509v3 Authority Key Identifier:
                keyid:A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/YE7DMkKHAGsc30fA_DGU_Yj1OYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/oKhjHm5aesZtpPsWD9W0_Kk3iAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.216.0/21
                  185.61.140.0/22
                IPv6:
                  2a02:4f60::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:5a:27:f1:21:85:ce:c4:0e:3d:01:46:fd:7c:5d:56:52:5a:
         9e:27:3b:cf:23:26:2a:72:56:00:6e:f0:e0:b6:ba:92:18:4f:
         40:bd:93:17:36:06:48:7e:4d:37:56:8f:fb:8e:d3:74:d8:ec:
         22:ec:99:6a:94:2c:05:0c:d5:69:a3:86:ef:ae:ec:c3:1f:fe:
         89:ed:32:27:d4:dc:ed:9f:56:84:d6:03:f6:c9:08:ff:1c:7b:
         5e:98:b9:cd:1c:02:0a:d0:d7:46:2a:72:30:73:d7:63:20:a5:
         58:63:5a:12:b1:0b:d8:94:0e:f8:6d:78:f2:b6:48:d0:85:83:
         61:fa:48:fd:bb:8a:93:1c:72:f4:cc:33:ce:36:d1:21:79:08:
         9f:e6:28:0a:15:7e:f3:5c:fc:a9:21:ba:d6:d3:7e:d2:8f:d9:
         f1:b5:ac:9d:48:3e:1b:60:94:a5:29:38:13:df:07:d0:ef:df:
         bb:74:86:66:63:ca:d4:89:fa:6f:a8:3d:de:d8:db:38:4d:ca:
         12:9e:d7:da:44:54:2f:69:1f:07:fa:26:1d:9a:87:df:f8:23:
         5c:95:e1:96:1c:63:89:3b:30:ef:f5:63:94:69:73:7a:e7:b5:
         90:77:d3:be:a1:3b:98:80:93:6b:e2:d1:9b:bb:57:3f:24:51:
         8f:c1:6c:cc
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEGO6s9zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MGE4NjMxZTZlNWE3YWM2NmRhNGZiMTYwZmQ1YjRmY2E5Mzc4ODA1MB4XDTIyMDEw
MTA4NTUyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjA0ZWMzMzI0Mjg3
MDA2YjFjZGY0N2MwZmMzMTk0ZmQ4OGY1Mzk4MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ3Ja1ll1zKddaX7vZeEM8N83aMnBWc5WjFsuXhojt4vuSA1
LdxVoI0XOuHB+++zxVDaBInL5yjhxVAcacTN7RGp6Ggp4m2N2TRfajyx1dbcohPu
N1NP07LOgDAAqdICVEXDe/6b2bvawAurxvEScEGuQUS31HQqp2uz5eA4BgQxoN1L
+vdhEH9iQca6B/QVl/mBPSYQ3T7iXMU0JjZyoSsdCqrX6licSgA+yFPF/zoRKnto
EouW8ojn7PKVhkKiBXfkHg21Qbdtq1I6+fSPKLtrxHf8TZxpwmea+4pI838Jx1cs
zWITd5c5y6bNLfS7EM5pDjz+12rnFxLH84JRbZ8CAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBRgTsMyQocAaxzfR8D8MZT9iPU5gTAfBgNVHSMEGDAWgBSgqGMeblp6xm2k
+xYP1bT8qTeIBTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29LaGpIbTVhZXNadHBQc1dEOVcwX0trM2lBVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjYvZGZmYTliLTFkNjktNDg2OS05ZGM0LTg2N2QxZDg3NzE0MC8x
L1lFN0RNa0tIQUdzYzMwZkFfREdVX1lqMU9ZRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYv
ZGZmYTliLTFkNjktNDg2OS05ZGM0LTg2N2QxZDg3NzE0MC8xL29LaGpIbTVhZXNa
dHBQc1dEOVcwX0trM2lBVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAy4R2AMEArk9jDANBAIAAjAHAwUD
KgJPYDANBgkqhkiG9w0BAQsFAAOCAQEAXFon8SGFzsQOPQFG/XxdVlJanic7zyMm
KnJWAG7w4La6khhPQL2TFzYGSH5NN1aP+47TdNjsIuyZapQsBQzVaaOG767swx/+
ie0yJ9Tc7Z9WhNYD9skI/xx7Xpi5zRwCCtDXRipyMHPXYyClWGNaErEL2JQO+G14
8rZI0IWDYfpI/buKkxxy9MwzzjbRIXkIn+YoChV+81z8qSG61tN+0o/Z8bWsnUg+
G2CUpSk4E98H0O/fu3SGZmPK1In6b6g93tjbOE3KEp7X2kRUL2kfB/omHZqH3/gj
XJXhlhxjiTsw7/VjlGlzeue1kHfTvqE7mICTa+LRm7tXPyRRj8FszA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:15 2024 by rpki-client on console-fra.rpki-client.org