Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/f378d3-3947-47f9-805d-829acebc1169/1/Ou-b-RO7oQk4-LIy3jV20uxHAaw.roa
File:                     Ou-b-RO7oQk4-LIy3jV20uxHAaw.roa (raw, json)
Hash identifier:          csVOSvHgxVBHUPksl6QMYkfq9gV6YRhtszWUeaCQnEk=
Subject key identifier:   3A:EF:9B:F9:13:BB:A1:09:38:F8:B2:32:DE:35:76:D2:EC:47:01:AC
Certificate issuer:       /CN=81069c09551b3fe3ba2c9a6e55d8e059bba0b186
Certificate serial:       0FBB0FA7
Authority key identifier: 81:06:9C:09:55:1B:3F:E3:BA:2C:9A:6E:55:D8:E0:59:BB:A0:B1:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQacCVUbP-O6LJpuVdjgWbugsYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/f378d3-3947-47f9-805d-829acebc1169/1/Ou-b-RO7oQk4-LIy3jV20uxHAaw.roa
Signing time:             Sat 01 Jan 2022 06:57:46 +0000
ROA not before:           Sat 01 Jan 2022 06:57:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21221
IP address blocks:        84.35.0.0/16 maxlen: 24
                          82.210.64.0/18 maxlen: 24
                          212.29.160.0/19 maxlen: 24
                          2001:15b0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 263917479 (0xfbb0fa7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81069c09551b3fe3ba2c9a6e55d8e059bba0b186
        Validity
            Not Before: Jan  1 06:57:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3aef9bf913bba10938f8b232de3576d2ec4701ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c9:00:23:1a:1e:45:75:09:95:27:a0:d9:ed:
                    9a:99:f1:ea:e8:8e:6e:8f:f9:9e:36:84:48:01:c2:
                    a1:f6:b9:45:09:dd:ef:94:32:8c:25:f3:67:0c:1b:
                    99:24:45:da:a9:6f:2b:fd:05:65:27:f4:cf:65:03:
                    e8:f0:9b:94:9d:87:2d:6e:ce:48:95:f8:0d:0d:d1:
                    9a:62:93:24:e9:9c:cc:93:b3:cc:c3:4f:f0:54:25:
                    ae:af:dc:1c:c7:7d:cf:f5:6c:ee:28:0b:c1:18:04:
                    b2:70:b0:70:82:f9:22:f5:79:e6:2e:a4:9f:5f:f7:
                    ee:54:13:9d:34:11:04:b8:06:54:72:36:95:ff:eb:
                    2e:be:af:c2:a5:d1:d2:b8:13:26:44:b1:b2:90:50:
                    26:0d:92:33:2d:e7:f4:9b:4c:2f:61:13:d7:3f:36:
                    db:5e:7b:ca:ef:ea:39:13:1f:26:cf:ec:ef:83:46:
                    2d:4a:fc:ad:97:f2:da:5d:fe:29:f8:6b:85:0f:dc:
                    12:2b:2f:86:c2:73:ae:43:93:74:0d:87:63:f8:0c:
                    fd:ce:56:14:e6:a3:cf:58:66:13:f4:64:a4:d6:25:
                    ec:a7:ec:c1:ff:09:97:18:5c:be:16:0f:39:70:d1:
                    58:4a:a8:69:a0:ba:4e:ae:61:b9:2e:a6:79:6d:f1:
                    6a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:EF:9B:F9:13:BB:A1:09:38:F8:B2:32:DE:35:76:D2:EC:47:01:AC
            X509v3 Authority Key Identifier:
                keyid:81:06:9C:09:55:1B:3F:E3:BA:2C:9A:6E:55:D8:E0:59:BB:A0:B1:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQacCVUbP-O6LJpuVdjgWbugsYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/f378d3-3947-47f9-805d-829acebc1169/1/Ou-b-RO7oQk4-LIy3jV20uxHAaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/f378d3-3947-47f9-805d-829acebc1169/1/gQacCVUbP-O6LJpuVdjgWbugsYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.210.64.0/18
                  84.35.0.0/16
                  212.29.160.0/19
                IPv6:
                  2001:15b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:29:af:1a:a6:b0:c7:01:e8:1f:19:41:55:50:44:79:9f:0b:
         41:f7:a7:45:f7:0a:4f:0b:4c:c1:55:c6:f8:27:73:b1:e6:e7:
         b6:56:6e:c5:a4:53:ae:f1:ad:eb:e7:2f:f8:7e:b7:10:fa:b0:
         4c:54:e5:20:18:fb:09:69:2d:9b:6a:45:3e:3f:7f:29:97:75:
         eb:48:1c:25:93:7e:aa:37:f4:aa:16:fa:7b:36:d3:2a:3d:bf:
         d5:70:e5:1e:bd:4c:a7:93:36:da:74:3c:7c:0a:86:1c:2e:aa:
         42:f8:71:7d:91:89:d2:b4:6e:45:39:9b:ee:a2:5d:c6:e9:2b:
         27:5f:6f:81:13:fd:55:ff:5b:3f:f0:c0:f4:63:4c:fa:21:ca:
         00:dd:f4:ad:07:d3:65:1a:7d:f3:d3:3f:4d:5d:99:ca:1b:5f:
         0b:04:d3:04:16:c1:5b:12:5f:d9:51:57:fd:4a:48:25:0c:5a:
         b1:9e:10:94:3e:1f:ad:ac:57:f7:86:a4:56:8a:41:b2:2f:21:
         24:e1:75:77:84:e5:7e:15:5a:bb:8b:d1:6f:2a:c7:15:a3:dc:
         49:a0:64:ca:6b:93:38:5c:b5:1f:1c:31:fb:21:11:c1:36:11:
         02:4d:26:af:f1:fa:aa:fa:39:c0:04:2c:09:02:9b:33:95:3e:
         71:21:2b:b0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIED7sPpzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MTA2OWMwOTU1MWIzZmUzYmEyYzlhNmU1NWQ4ZTA1OWJiYTBiMTg2MB4XDTIyMDEw
MTA2NTc0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2FlZjliZjkxM2Ji
YTEwOTM4ZjhiMjMyZGUzNTc2ZDJlYzQ3MDFhYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMTJACMaHkV1CZUnoNntmpnx6uiObo/5njaESAHCofa5RQnd
75QyjCXzZwwbmSRF2qlvK/0FZSf0z2UD6PCblJ2HLW7OSJX4DQ3RmmKTJOmczJOz
zMNP8FQlrq/cHMd9z/Vs7igLwRgEsnCwcIL5IvV55i6kn1/37lQTnTQRBLgGVHI2
lf/rLr6vwqXR0rgTJkSxspBQJg2SMy3n9JtML2ET1z822157yu/qORMfJs/s74NG
LUr8rZfy2l3+KfhrhQ/cEisvhsJzrkOTdA2HY/gM/c5WFOajz1hmE/RkpNYl7Kfs
wf8JlxhcvhYPOXDRWEqoaaC6Tq5huS6meW3xavECAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBQ675v5E7uhCTj4sjLeNXbS7EcBrDAfBgNVHSMEGDAWgBSBBpwJVRs/47os
mm5V2OBZu6CxhjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dRYWNDVlViUC1PNkxKcHVWZGpnV2J1Z3NZWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2YvZjM3OGQzLTM5NDctNDdmOS04MDVkLTgyOWFjZWJjMTE2OS8x
L091LWItUk83b1FrNC1MSXkzalYyMHV4SEFhdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Yv
ZjM3OGQzLTM5NDctNDdmOS04MDVkLTgyOWFjZWJjMTE2OS8xL2dRYWNDVlViUC1P
NkxKcHVWZGpnV2J1Z3NZWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwFwQCAAEwEQMEBlLSQAMDAFQjAwQF1B2gMA0EAgAC
MAcDBQAgARWwMA0GCSqGSIb3DQEBCwUAA4IBAQAGKa8aprDHAegfGUFVUER5nwtB
96dF9wpPC0zBVcb4J3Ox5ue2Vm7FpFOu8a3r5y/4frcQ+rBMVOUgGPsJaS2bakU+
P38pl3XrSBwlk36qN/SqFvp7NtMqPb/VcOUevUynkzbadDx8CoYcLqpC+HF9kYnS
tG5FOZvuol3G6SsnX2+BE/1V/1s/8MD0Y0z6IcoA3fStB9NlGn3z0z9NXZnKG18L
BNMEFsFbEl/ZUVf9SkglDFqxnhCUPh+trFf3hqRWikGyLyEk4XV3hOV+FVq7i9Fv
KscVo9xJoGTKa5M4XLUfHDH7IRHBNhECTSav8fqq+jnABCwJApszlT5xISuw
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:40 2024 by rpki-client on console-fra.rpki-client.org