Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/sVh-cfwa0nLAAsQ3QS9xnXR2oKA.roa
File:                     sVh-cfwa0nLAAsQ3QS9xnXR2oKA.roa (raw, json)
Hash identifier:          VSsfda4600BeIROmOnni8GvuMZ6iH1BVHw4UZOP/mA4=
Subject key identifier:   B1:58:7E:71:FC:1A:D2:72:C0:02:C4:37:41:2F:71:9D:74:76:A0:A0
Certificate issuer:       /CN=e8206aa3252e3ea8d684eaec7a2993513b5d2307
Certificate serial:       018CC49307F623156FEAFC3FF77DD852797A
Authority key identifier: E8:20:6A:A3:25:2E:3E:A8:D6:84:EA:EC:7A:29:93:51:3B:5D:23:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6CBqoyUuPqjWhOrseimTUTtdIwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/sVh-cfwa0nLAAsQ3QS9xnXR2oKA.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15738
IP address blocks:        89.21.84.0/22 maxlen: 22
                          89.21.88.0/22 maxlen: 22
                          89.21.93.0/24 maxlen: 24
                          89.21.94.0/24 maxlen: 24
                          80.84.176.0/20 maxlen: 20
                          80.254.0.0/20 maxlen: 20
                          2a06:ff40::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:07:f6:23:15:6f:ea:fc:3f:f7:7d:d8:52:79:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8206aa3252e3ea8d684eaec7a2993513b5d2307
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1587e71fc1ad272c002c437412f719d7476a0a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:da:ae:e3:02:4e:e4:cd:59:e3:6c:bc:96:27:
                    e7:fc:f8:9f:54:37:45:f7:41:e0:79:11:d0:a0:49:
                    6e:3d:2a:6b:7c:d9:bc:23:8d:f5:c0:c5:9d:6a:09:
                    a6:62:60:18:4b:74:18:a8:df:23:c7:49:ab:07:88:
                    ac:d0:2a:66:e0:39:59:07:cb:06:19:38:2a:46:0d:
                    bb:19:b7:ae:73:62:66:97:3d:2f:4b:8d:cf:9e:5b:
                    da:88:2a:26:44:13:c3:57:01:9e:12:34:c9:1d:4a:
                    af:db:9c:b2:88:bf:53:41:35:01:f8:28:5b:7f:03:
                    48:3b:56:65:17:58:09:70:c3:7d:c0:97:2e:c6:42:
                    49:f3:96:89:6b:ba:c8:e1:52:bb:c1:fa:3c:0d:b2:
                    fd:0a:6f:e1:6c:1f:a0:e7:0f:34:5e:06:13:3f:8b:
                    d7:23:5f:21:14:e2:3f:e5:03:d1:0d:a4:53:4f:80:
                    b7:96:93:7c:e5:c3:98:e3:73:c9:ac:ad:0a:a0:f2:
                    c4:6d:5b:c1:83:01:57:8e:43:f5:51:63:de:a7:da:
                    a3:6d:f1:48:44:e2:b8:09:c6:b8:0e:c4:ac:be:4c:
                    d9:8b:3a:03:86:76:2c:cf:55:b9:c7:b8:c8:68:f1:
                    65:ad:b8:61:12:ee:89:07:f0:c8:43:f6:ba:1f:42:
                    42:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:58:7E:71:FC:1A:D2:72:C0:02:C4:37:41:2F:71:9D:74:76:A0:A0
            X509v3 Authority Key Identifier:
                keyid:E8:20:6A:A3:25:2E:3E:A8:D6:84:EA:EC:7A:29:93:51:3B:5D:23:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6CBqoyUuPqjWhOrseimTUTtdIwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/sVh-cfwa0nLAAsQ3QS9xnXR2oKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/6CBqoyUuPqjWhOrseimTUTtdIwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.176.0/20
                  80.254.0.0/20
                  89.21.84.0-89.21.91.255
                  89.21.93.0-89.21.94.255
                IPv6:
                  2a06:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         d2:b3:94:1e:18:b2:17:9d:bd:05:a4:50:e1:67:89:91:c5:f4:
         7a:73:8c:22:38:df:73:db:93:e0:53:d5:5c:69:ee:a7:45:f1:
         8a:0d:97:ee:3b:66:ac:d4:3f:5f:f3:b1:3b:0b:48:0c:b6:ee:
         79:3c:00:f0:1c:78:87:78:13:cf:20:8f:07:64:81:3b:be:0a:
         ca:6d:28:df:3e:c2:ae:b0:ee:f5:27:dd:f2:c0:95:8e:01:63:
         69:19:00:ee:cf:99:59:46:a8:c9:6b:dc:b8:b9:9d:10:1b:7b:
         3e:4c:5e:49:99:a4:2c:84:60:fc:cc:49:8f:0d:0c:ae:32:29:
         96:86:49:cc:27:1c:07:27:48:20:23:14:ef:46:00:6a:77:10:
         de:d0:e1:b7:62:f6:d7:1d:01:6f:26:3b:65:2d:1c:1b:d4:7c:
         2b:38:9e:ec:e2:7f:08:1f:9e:8a:88:e1:da:85:a9:f8:49:72:
         62:aa:ff:c2:a5:94:71:4e:fb:6a:65:3f:db:df:f9:96:6f:ff:
         59:16:55:43:29:ef:66:ad:54:c6:b6:19:ca:fa:54:5e:e3:e3:
         8b:e0:e0:3a:fb:60:24:64:34:2a:6f:0b:65:a9:4f:e8:3b:f4:
         dc:05:e3:95:04:c8:8e:ba:f8:98:a2:fc:79:9c:8d:eb:9d:06:
         cb:68:f3:bd
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYzEkwf2IxVv6vw/933YUnl6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MjA2YWEzMjUyZTNlYThkNjg0ZWFlYzdhMjk5MzUxM2I1
ZDIzMDcwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTU4N2U3MWZjMWFkMjcyYzAwMmM0Mzc0MTJmNzE5ZDc0NzZhMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttqu4wJO5M1Z42y8lifn/PifVDdF
90HgeRHQoEluPSprfNm8I431wMWdagmmYmAYS3QYqN8jx0mrB4is0Cpm4DlZB8sG
GTgqRg27Gbeuc2Jmlz0vS43PnlvaiComRBPDVwGeEjTJHUqv25yyiL9TQTUB+Chb
fwNIO1ZlF1gJcMN9wJcuxkJJ85aJa7rI4VK7wfo8DbL9Cm/hbB+g5w80XgYTP4vX
I18hFOI/5QPRDaRTT4C3lpN85cOY43PJrK0KoPLEbVvBgwFXjkP1UWPep9qjbfFI
ROK4Cca4DsSsvkzZizoDhnYsz1W5x7jIaPFlrbhhEu6JB/DIQ/a6H0JCwQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFLFYfnH8GtJywALEN0EvcZ10dqCgMB8GA1UdIwQY
MBaAFOggaqMlLj6o1oTq7Hopk1E7XSMHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkNCcW95VXVQcWpXaE9yc2VpbVRVVHRkSXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80N2FjY2ItNmYzYy00YzZjLTlmZDAt
NTg1ZWI4NDU1OGY5LzEvc1ZoLWNmd2EwbkxBQXNRM1FTOXhuWFIyb0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80N2FjY2ItNmYzYy00YzZjLTlmZDAtNTg1ZWI4NDU1OGY5
LzEvNkNCcW95VXVQcWpXaE9yc2VpbVRVVHRkSXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwQEUFSwAwQE
UP4AMAwDBAJZFVQDBAJZFVgwDAMEAFkVXQMEAFkVXjANBAIAAjAHAwUDKgb/QDAN
BgkqhkiG9w0BAQsFAAOCAQEA0rOUHhiyF529BaRQ4WeJkcX0enOMIjjfc9uT4FPV
XGnup0Xxig2X7jtmrNQ/X/OxOwtIDLbueTwA8Bx4h3gTzyCPB2SBO74Kym0o3z7C
rrDu9Sfd8sCVjgFjaRkA7s+ZWUaoyWvcuLmdEBt7PkxeSZmkLIRg/MxJjw0MrjIp
loZJzCccBydIICMU70YAancQ3tDht2L21x0BbyY7ZS0cG9R8Kzie7OJ/CB+eiojh
2oWp+ElyYqr/wqWUcU77amU/29/5lm//WRZVQynvZq1UxrYZyvpUXuPji+DgOvtg
JGQ0Km8LZalP6Dv03AXjlQTIjrr4mKL8eZyN650Gy2jzvQ==
-----END CERTIFICATE-----
Generated at Thu Sep 12 09:32:12 2024 by rpki-client on console-ams.rpki-client.org