Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/b2zm2-cbE-uuv-zY1dME7m4_GYw.roa
File:                     b2zm2-cbE-uuv-zY1dME7m4_GYw.roa (raw, json)
Hash identifier:          mnji5pAm9asABa74KSne03J4nNxZu/6IgzDJIeAleac=
Subject key identifier:   6F:6C:E6:DB:E7:1B:13:EB:AE:BF:EC:D8:D5:D3:04:EE:6E:3F:19:8C
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       01880BFC1326D8CC8CF63FB04D974E2DE655
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/b2zm2-cbE-uuv-zY1dME7m4_GYw.roa
Signing time:             Thu 11 May 2023 18:04:09 +0000
ROA not before:           Thu 11 May 2023 18:04:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6079
IP address blocks:        155.193.16.0/20 maxlen: 20
                          155.193.56.0/21 maxlen: 21
                          192.46.184.0/22 maxlen: 22
                          192.46.184.0/21 maxlen: 21
                          158.120.53.0/24 maxlen: 24
                          158.120.57.0/24 maxlen: 24
                          158.120.55.0/24 maxlen: 24
                          158.120.61.0/24 maxlen: 24
                          158.120.59.0/24 maxlen: 24
                          158.120.63.0/24 maxlen: 24
                          155.193.128.0/17 maxlen: 17
                          192.46.188.0/24 maxlen: 24
                          192.46.200.0/22 maxlen: 22
                          158.120.51.0/24 maxlen: 24
                          158.120.49.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0b:fc:13:26:d8:cc:8c:f6:3f:b0:4d:97:4e:2d:e6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: May 11 18:04:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6f6ce6dbe71b13ebaebfecd8d5d304ee6e3f198c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c8:7a:4d:76:c5:1d:d0:57:f8:4f:b4:d8:a7:
                    5e:e7:51:0b:a6:a3:68:dc:c7:d7:76:52:c5:7e:7c:
                    d0:db:75:94:8c:35:90:34:6a:00:d2:d9:0c:5f:c9:
                    03:80:36:39:cf:8a:8a:1c:02:1e:fb:0f:54:99:8b:
                    a3:af:97:40:af:70:db:36:97:12:40:3d:9b:89:54:
                    1b:b1:8a:b2:33:b2:63:6c:bd:7a:10:f3:24:a5:bf:
                    f9:9f:94:93:3f:c8:0f:9a:64:5f:55:b1:e3:bf:f4:
                    43:cd:23:1a:03:a3:eb:72:47:8b:57:72:01:71:58:
                    01:47:38:cd:d8:f9:48:a4:c6:73:f6:30:45:be:4e:
                    c9:09:25:5a:7e:82:99:f9:7b:7e:9c:26:61:c8:1c:
                    8e:54:81:e7:2a:7d:b7:63:b5:7d:62:ba:57:f7:77:
                    42:18:a0:f2:80:ba:0b:f6:a7:54:74:3e:2d:82:7e:
                    bf:0d:2c:36:f1:5f:f9:e5:e0:e6:e7:8b:ff:f6:cb:
                    7f:18:cc:51:b6:06:6c:62:c4:ec:f1:d7:d4:56:be:
                    50:dd:a8:8e:3b:6e:c6:8d:5e:57:96:85:7c:42:e1:
                    ca:e5:b2:76:04:49:2e:f7:ce:70:15:91:fd:fa:f8:
                    bc:19:49:89:96:80:c0:a7:15:f2:cb:0c:0b:02:bf:
                    e7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6C:E6:DB:E7:1B:13:EB:AE:BF:EC:D8:D5:D3:04:EE:6E:3F:19:8C
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/b2zm2-cbE-uuv-zY1dME7m4_GYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.16.0/20
                  155.193.56.0/21
                  155.193.128.0/17
                  158.120.49.0/24
                  158.120.51.0/24
                  158.120.53.0/24
                  158.120.55.0/24
                  158.120.57.0/24
                  158.120.59.0/24
                  158.120.61.0/24
                  158.120.63.0/24
                  192.46.184.0/21
                  192.46.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:dd:a3:f1:2d:12:5a:f4:42:a9:85:5d:ae:9b:50:07:f8:8d:
         a3:97:63:21:44:03:33:c0:34:c7:e3:2d:60:f5:85:42:b3:40:
         8e:58:84:07:48:7b:94:3e:e1:a0:4d:a5:0c:b1:27:1e:52:48:
         bd:f1:58:ae:e4:05:6e:1e:91:ed:62:e1:73:49:ad:5f:47:be:
         f5:be:7a:80:b4:20:3f:a4:09:6c:79:87:23:42:8f:53:fc:1d:
         f8:95:53:a6:66:36:0c:92:1a:c7:2b:b7:56:bc:da:e7:e8:ad:
         5a:ec:fe:d4:fc:c5:1a:c5:72:23:97:91:fa:48:02:37:34:99:
         d4:0c:2f:2b:ff:99:7c:d8:c8:90:d4:98:02:04:9a:5d:79:2e:
         ee:4c:09:f3:f2:db:49:15:5c:cc:f8:f0:9a:dc:e0:31:f2:8e:
         76:3a:13:ab:79:25:87:72:9c:0c:dc:e0:d9:47:34:01:05:6e:
         1d:ef:b8:de:46:33:e4:c2:c3:2e:1d:7d:e4:7e:6b:47:f1:3c:
         cc:ef:a8:d1:d9:0b:c6:ec:f0:5f:43:77:1a:69:4e:9f:50:c8:
         db:47:b0:58:39:6e:3e:73:04:83:eb:f0:bc:59:67:d3:a7:c1:
         6e:db:9c:b6:32:18:ef:24:0e:ee:10:67:b7:25:83:c2:cd:29:
         48:2c:8b:eb
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYgL/BMm2MyM9j+wTZdOLeZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwNTExMTgwNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZjZTZkYmU3MWIxM2ViYWViZmVjZDhkNWQzMDRlZTZlM2YxOThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtch6TXbFHdBX+E+02Kde51ELpqNo
3MfXdlLFfnzQ23WUjDWQNGoA0tkMX8kDgDY5z4qKHAIe+w9UmYujr5dAr3DbNpcS
QD2biVQbsYqyM7JjbL16EPMkpb/5n5STP8gPmmRfVbHjv/RDzSMaA6PrckeLV3IB
cVgBRzjN2PlIpMZz9jBFvk7JCSVafoKZ+Xt+nCZhyByOVIHnKn23Y7V9YrpX93dC
GKDygLoL9qdUdD4tgn6/DSw28V/55eDm54v/9st/GMxRtgZsYsTs8dfUVr5Q3aiO
O27GjV5XloV8QuHK5bJ2BEku985wFZH9+vi8GUmJloDApxXyywwLAr/nHQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFG9s5tvnGxPrrr/s2NXTBO5uPxmMMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvYjJ6bTItY2JFLXV1di16WTFkTUU3bTRfR1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQEm8EQAwQD
m8E4AwQHm8GAAwQAnngxAwQAnngzAwQAnng1AwQAnng3AwQAnng5AwQAnng7AwQA
nng9AwQAnng/AwQDwC64AwQCwC7IMA0GCSqGSIb3DQEBCwUAA4IBAQBQ3aPxLRJa
9EKphV2um1AH+I2jl2MhRAMzwDTH4y1g9YVCs0COWIQHSHuUPuGgTaUMsSceUki9
8Viu5AVuHpHtYuFzSa1fR771vnqAtCA/pAlseYcjQo9T/B34lVOmZjYMkhrHK7dW
vNrn6K1a7P7U/MUaxXIjl5H6SAI3NJnUDC8r/5l82MiQ1JgCBJpdeS7uTAnz8ttJ
FVzM+PCa3OAx8o52OhOreSWHcpwM3ODZRzQBBW4d77jeRjPkwsMuHX3kfmtH8TzM
76jR2QvG7PBfQ3caaU6fUMjbR7BYOW4+cwSD6/C8WWfTp8Fu25y2MhjvJA7uEGe3
JYPCzSlILIvr
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org