Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/T2AirTJ7RHhdMSnXIRp8kzDpfTc.roa
File:                     T2AirTJ7RHhdMSnXIRp8kzDpfTc.roa (raw, json)
Hash identifier:          8A3R+4n15GeysqKICxlqP9KTmSMseLKLmMagBRsSWQ4=
Subject key identifier:   4F:60:22:AD:32:7B:44:78:5D:31:29:D7:21:1A:7C:93:30:E9:7D:37
Certificate issuer:       /CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Certificate serial:       01835ACC5D501DCE0384755BF08C9C2FF3C0
Authority key identifier: E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/T2AirTJ7RHhdMSnXIRp8kzDpfTc.roa
Signing time:             Tue 20 Sep 2022 12:08:06 +0000
ROA not before:           Tue 20 Sep 2022 12:08:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3261
IP address blocks:        5.153.128.0/18 maxlen: 24
                          2a02:300::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:5a:cc:5d:50:1d:ce:03:84:75:5b:f0:8c:9c:2f:f3:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
        Validity
            Not Before: Sep 20 12:08:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4f6022ad327b44785d3129d7211a7c9330e97d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:19:8d:98:aa:d0:94:8f:83:76:89:45:1d:a2:
                    3a:f4:58:31:25:e7:da:ea:78:64:d5:66:78:ec:4c:
                    01:ca:47:88:a2:6d:e1:19:3a:60:36:64:bf:5a:ca:
                    4e:e1:57:b4:39:6a:5a:d3:84:be:23:ce:e7:5c:d0:
                    1b:20:7a:67:18:9f:aa:67:f8:a9:97:41:59:8b:1d:
                    e5:8f:34:fd:31:12:eb:1e:55:10:fc:bb:f4:50:11:
                    52:40:0d:1b:fc:ef:9a:29:88:1b:96:10:3f:2a:a7:
                    4e:e9:3c:60:06:05:f5:c8:f7:5d:a6:e1:1f:50:f7:
                    00:c5:21:a7:a7:53:c2:e1:31:6a:25:e9:38:58:7d:
                    fc:4b:47:98:15:ff:0a:7a:b3:bf:f8:8f:59:03:66:
                    65:2b:55:e6:dd:ab:65:95:d7:5c:be:65:bd:df:72:
                    e3:c1:fe:ef:d1:59:61:6f:85:e5:93:74:7d:c3:63:
                    5b:51:5e:71:09:9e:3f:cb:e4:28:59:96:cd:91:67:
                    11:de:7d:4f:dd:74:33:f1:82:95:74:f8:27:e2:15:
                    39:ff:58:c0:c0:e9:f8:73:e4:56:94:89:db:de:f8:
                    bf:6d:4f:86:42:86:05:91:da:a4:6a:77:20:57:05:
                    1c:9e:ac:7f:5f:23:51:d5:fd:7b:e1:e4:3f:28:f4:
                    17:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:60:22:AD:32:7B:44:78:5D:31:29:D7:21:1A:7C:93:30:E9:7D:37
            X509v3 Authority Key Identifier:
                keyid:E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/T2AirTJ7RHhdMSnXIRp8kzDpfTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.128.0/18
                IPv6:
                  2a02:300::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:1b:3c:b9:11:5d:06:8b:a9:fb:a2:86:ac:48:1a:76:a9:be:
         a0:ec:f7:db:66:0d:3b:46:a8:19:0e:72:30:eb:80:2a:58:3a:
         27:44:79:bd:43:70:4b:64:af:df:f8:52:79:b9:6e:ec:db:20:
         58:4a:3f:3a:a6:4c:fe:52:ed:68:0f:76:b7:b7:67:c0:3b:16:
         a7:45:8c:90:82:e0:78:29:a5:45:8a:f1:8c:a7:6b:b9:1b:60:
         6b:dd:3a:0c:8e:2f:be:0a:e7:ba:e9:4c:d1:65:21:e8:a8:fe:
         3f:28:9e:39:64:5a:1a:e1:10:b2:b6:59:a8:9d:14:ae:4c:b3:
         b1:e7:a9:8e:0c:c9:0f:15:f9:e6:26:f1:bf:bd:05:ec:c4:da:
         cf:fe:2e:9d:ac:e4:a1:23:a1:e6:54:bd:85:a9:23:86:f1:f2:
         df:2c:63:b5:cf:c8:88:c6:c7:4a:07:aa:0c:7f:6b:26:af:c9:
         20:25:fa:da:ce:b2:c7:b7:36:2c:74:ab:2f:be:1c:d7:a5:ad:
         f0:ef:09:76:f4:d5:b4:f3:8f:cc:8e:23:b9:c7:00:0b:7d:24:
         de:c1:00:e7:22:63:a8:73:ad:de:83:b0:97:03:3c:3d:72:86:
         f9:d1:7f:cd:eb:b9:1b:30:2f:8b:ce:50:03:a7:ca:3b:52:1d:
         26:9b:9a:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYNazF1QHc4DhHVb8IycL/PAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDc5OWFlMGVmZGQ5ODZkZGU3N2ZiMzVhZDBhMTA4MjNj
Yjk3MmYwHhcNMjIwOTIwMTIwODA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjYwMjJhZDMyN2I0NDc4NWQzMTI5ZDcyMTFhN2M5MzMwZTk3ZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBmNmKrQlI+DdolFHaI69FgxJefa
6nhk1WZ47EwBykeIom3hGTpgNmS/WspO4Ve0OWpa04S+I87nXNAbIHpnGJ+qZ/ip
l0FZix3ljzT9MRLrHlUQ/Lv0UBFSQA0b/O+aKYgblhA/KqdO6TxgBgX1yPddpuEf
UPcAxSGnp1PC4TFqJek4WH38S0eYFf8KerO/+I9ZA2ZlK1Xm3atllddcvmW933Lj
wf7v0Vlhb4Xlk3R9w2NbUV5xCZ4/y+QoWZbNkWcR3n1P3XQz8YKVdPgn4hU5/1jA
wOn4c+RWlInb3vi/bU+GQoYFkdqkancgVwUcnqx/XyNR1f174eQ/KPQX2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE9gIq0ye0R4XTEp1yEafJMw6X03MB8GA1UdIwQY
MBaAFOfXma4O/dmG3ed/s1rQoQgjy5cvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMt
Mjg3OTM3OTQwZDdiLzEvVDJBaXJUSjdSSGhkTVNuWElScDhrekRwZlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMtMjg3OTM3OTQwZDdi
LzEvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGBZmAMA0E
AgACMAcDBQAqAgMAMA0GCSqGSIb3DQEBCwUAA4IBAQCUGzy5EV0Gi6n7ooasSBp2
qb6g7PfbZg07RqgZDnIw64AqWDonRHm9Q3BLZK/f+FJ5uW7s2yBYSj86pkz+Uu1o
D3a3t2fAOxanRYyQguB4KaVFivGMp2u5G2Br3ToMji++Cue66UzRZSHoqP4/KJ45
ZFoa4RCytlmonRSuTLOx56mODMkPFfnmJvG/vQXsxNrP/i6drOShI6HmVL2FqSOG
8fLfLGO1z8iIxsdKB6oMf2smr8kgJfrazrLHtzYsdKsvvhzXpa3w7wl29NW084/M
jiO5xwALfSTewQDnImOoc63eg7CXAzw9cob50X/N67kbMC+LzlADp8o7Uh0mm5qH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:55 2024 by rpki-client on console-ams.rpki-client.org