Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/V-pb2aQNyw0kPswhd9L7wvPcWWY.roa
File:                     V-pb2aQNyw0kPswhd9L7wvPcWWY.roa (raw, json)
Hash identifier:          QB7OxYGxDXl3LcX6fdjlShgLU9oxpRV/Ms3BIb5Jhbw=
Subject key identifier:   57:EA:5B:D9:A4:0D:CB:0D:24:3E:CC:21:77:D2:FB:C2:F3:DC:59:66
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       09C06B5C
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/V-pb2aQNyw0kPswhd9L7wvPcWWY.roa
Signing time:             Sat 01 Jan 2022 14:57:53 +0000
ROA not before:           Sat 01 Jan 2022 14:57:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     36351
IP address blocks:        109.199.96.0/19 maxlen: 24
                          37.60.224.0/19 maxlen: 24
                          185.225.236.0/22 maxlen: 24
                          185.56.84.0/22 maxlen: 24
                          77.104.128.0/18 maxlen: 24
                          146.66.64.0/18 maxlen: 24
                          93.187.136.0/21 maxlen: 24
                          109.73.224.0/20 maxlen: 24
                          185.62.236.0/22 maxlen: 24
                          2a04:f280::/40 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 163605340 (0x9c06b5c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 14:57:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=57ea5bd9a40dcb0d243ecc2177d2fbc2f3dc5966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:26:6b:1f:90:92:9d:42:29:dd:dc:ae:d4:3f:
                    b4:8f:da:e5:3a:73:44:8e:8e:59:19:f4:6e:cb:a6:
                    65:cc:e5:d3:e8:09:13:8c:ac:75:33:75:6b:22:9e:
                    f5:38:1d:2e:1c:ff:00:2f:43:00:f9:bd:e1:ad:56:
                    d7:ab:b0:7f:20:01:ee:a5:72:a3:b8:c7:e5:78:21:
                    a1:15:49:45:ac:3b:8a:db:1b:20:cc:d1:37:3d:20:
                    2d:f3:5f:31:e3:b7:0f:dc:16:59:81:75:b1:46:a7:
                    85:86:a0:d6:02:cf:60:99:13:1c:07:6b:66:29:0e:
                    1f:53:3d:4e:30:4b:c6:4e:ed:0c:71:c9:70:29:7e:
                    7f:d1:05:14:e6:66:26:78:f5:d3:86:41:8c:8b:39:
                    be:c5:4e:56:26:c9:dc:34:88:60:5a:18:6d:d7:05:
                    bc:05:7d:50:5a:f7:1d:f7:9c:40:4a:95:b6:0c:4f:
                    83:fb:19:38:ef:94:91:30:10:18:f1:c3:98:c3:6e:
                    d0:58:e8:07:55:7e:0c:95:21:0e:9c:a1:0e:91:ec:
                    31:4f:3d:fe:b4:ae:74:89:d8:b0:ec:ba:72:30:be:
                    b8:15:7a:84:22:3a:16:4e:c9:2c:c3:b8:15:4f:1b:
                    23:54:70:de:03:a2:da:2e:dd:2e:79:83:76:98:39:
                    40:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EA:5B:D9:A4:0D:CB:0D:24:3E:CC:21:77:D2:FB:C2:F3:DC:59:66
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/V-pb2aQNyw0kPswhd9L7wvPcWWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.224.0/19
                  77.104.128.0/18
                  93.187.136.0/21
                  109.73.224.0/20
                  109.199.96.0/19
                  146.66.64.0/18
                  185.56.84.0/22
                  185.62.236.0/22
                  185.225.236.0/22
                IPv6:
                  2a04:f280::/40

    Signature Algorithm: sha256WithRSAEncryption
         26:07:f0:92:00:05:a4:77:ef:23:7e:71:b9:fe:ea:11:bb:2b:
         51:6a:85:da:41:34:43:ad:50:32:c8:67:ad:10:4d:c2:81:c0:
         7a:b6:3c:32:5c:2d:5a:c2:30:04:32:35:8d:3d:c1:e0:7e:02:
         f3:f0:bb:1a:98:b4:ad:a1:bb:bc:11:b1:70:4f:92:9f:ba:dc:
         d2:b3:f6:0d:2a:ac:ef:a4:e6:8f:7c:36:ea:00:ce:47:aa:da:
         49:ec:bf:f4:5b:6b:c5:66:88:50:2a:2d:0c:31:4a:b7:f2:aa:
         b3:9a:c5:7b:1c:5f:40:2a:06:80:86:25:06:5a:f6:fb:c2:aa:
         38:46:f6:6c:e7:3a:d9:db:70:fb:d8:2f:df:d1:6b:1b:9a:91:
         4a:61:f9:f8:c0:05:de:67:a7:b6:a3:18:d6:9a:73:ee:1b:12:
         0a:44:79:c9:cb:c5:1c:09:59:b8:46:15:d5:ac:84:29:5f:a5:
         e6:87:26:9f:3f:bd:13:f6:b9:e0:04:60:6f:f5:2d:0a:f3:f5:
         97:3f:ee:d2:6f:54:bf:3c:b6:4d:2a:72:c5:e7:70:bf:20:ba:
         5b:e1:7a:c4:00:26:87:a4:91:63:57:1b:aa:5f:39:0b:1b:5c:
         52:0c:5d:09:05:8c:6c:ab:47:8c:fe:4a:35:53:03:ed:94:1c:
         7c:10:0b:2e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIECcBrXDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZDg4ZWI3MzBhYjFhNTAxZWEzNmVhMzQ4MmQ3NjQ1NDRlMTQxMTExMB4XDTIyMDEw
MTE0NTc1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTdlYTViZDlhNDBk
Y2IwZDI0M2VjYzIxNzdkMmZiYzJmM2RjNTk2NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL4max+Qkp1CKd3crtQ/tI/a5TpzRI6OWRn0bsumZczl0+gJ
E4ysdTN1ayKe9TgdLhz/AC9DAPm94a1W16uwfyAB7qVyo7jH5XghoRVJRaw7itsb
IMzRNz0gLfNfMeO3D9wWWYF1sUanhYag1gLPYJkTHAdrZikOH1M9TjBLxk7tDHHJ
cCl+f9EFFOZmJnj104ZBjIs5vsVOVibJ3DSIYFoYbdcFvAV9UFr3HfecQEqVtgxP
g/sZOO+UkTAQGPHDmMNu0FjoB1V+DJUhDpyhDpHsMU89/rSudInYsOy6cjC+uBV6
hCI6Fk7JLMO4FU8bI1Rw3gOi2i7dLnmDdpg5QK0CAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBRX6lvZpA3LDSQ+zCF30vvC89xZZjAfBgNVHSMEGDAWgBRNiOtzCrGlAeo2
6jSC12RUThQRETAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RZanJjd3F4cFFIcU51bzBndGRrVkU0VUVSRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmEvYzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8x
L1YtcGIyYVFOeXcwa1Bzd2hkOUw3d3ZQY1dXWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEv
YzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8xL1RZanJjd3F4cFFI
cU51bzBndGRrVkU0VUVSRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wPAQCAAEwNgMEBSU84AMEBk1ogAMEA127iAMEBG1J
4AMEBW3HYAMEBpJCQAMEArk4VAMEArk+7AMEArnh7DAOBAIAAjAIAwYAKgTygAAw
DQYJKoZIhvcNAQELBQADggEBACYH8JIABaR37yN+cbn+6hG7K1FqhdpBNEOtUDLI
Z60QTcKBwHq2PDJcLVrCMAQyNY09weB+AvPwuxqYtK2hu7wRsXBPkp+63NKz9g0q
rO+k5o98NuoAzkeq2knsv/Rba8VmiFAqLQwxSrfyqrOaxXscX0AqBoCGJQZa9vvC
qjhG9mznOtnbcPvYL9/RaxuakUph+fjABd5np7ajGNaac+4bEgpEecnLxRwJWbhG
FdWshClfpeaHJp8/vRP2ueAEYG/1LQrz9Zc/7tJvVL88tk0qcsXncL8gulvhesQA
JoekkWNXG6pfOQsbXFIMXQkFjGyrR4z+SjVTA+2UHHwQCy4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org