Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/6WhrL1Fhj8Dki9aku_NXza4Wrd8.roa
File:                     6WhrL1Fhj8Dki9aku_NXza4Wrd8.roa (raw, json)
Hash identifier:          BJhRuptefJVzfs/esTgzlGUJyReIZpSAT/FGIEyK/64=
Subject key identifier:   E9:68:6B:2F:51:61:8F:C0:E4:8B:D6:A4:BB:F3:57:CD:AE:16:AD:DF
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       01856EC2272D8524BF4044FEBB0D33731F56
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/6WhrL1Fhj8Dki9aku_NXza4Wrd8.roa
Signing time:             Sun 01 Jan 2023 19:14:55 +0000
ROA not before:           Sun 01 Jan 2023 19:14:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        2a12:7d80::/29 maxlen: 29
                          2a10:5c80::/29 maxlen: 29
                          2a12:7e80::/29 maxlen: 29
                          2a10:5a80::/29 maxlen: 29
                          2a12:1b40::/29 maxlen: 29
                          2a10:5880::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:c2:27:2d:85:24:bf:40:44:fe:bb:0d:33:73:1f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  1 19:14:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9686b2f51618fc0e48bd6a4bbf357cdae16addf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:97:c4:6e:ee:a4:4f:79:61:21:c7:fb:b9:b5:
                    f7:0c:d0:64:ee:4a:5c:46:b5:51:24:96:47:3c:5d:
                    1e:a7:c3:e8:6a:04:14:da:15:9a:31:9d:42:aa:57:
                    49:37:37:02:c6:8c:09:32:2f:79:97:58:4a:cb:42:
                    2d:cc:13:37:99:d0:dd:3a:0c:8e:a5:fb:1e:ab:57:
                    da:43:74:b7:db:54:b4:5f:1f:27:d8:df:96:10:1a:
                    48:5f:93:33:7b:3a:98:76:a0:26:c2:a4:c5:da:18:
                    24:23:4e:6c:e6:e9:dc:41:05:39:c7:06:63:2e:cb:
                    d5:89:e7:02:a5:d3:e9:af:d4:8d:76:ac:2b:55:16:
                    56:66:00:7d:61:9a:d9:02:c8:1f:0b:b9:ec:3a:e8:
                    4f:67:ef:80:a8:60:91:51:40:12:42:a2:1e:2f:97:
                    d6:43:24:e6:72:2f:5a:11:5d:5c:9e:4b:4d:94:9a:
                    ce:9d:48:eb:57:43:8d:1a:44:be:82:e7:fe:ba:49:
                    43:de:f2:98:e2:68:2a:45:d9:8b:e6:98:f5:fb:1f:
                    3e:67:bb:f9:21:04:eb:14:57:d3:88:ba:5c:13:99:
                    7e:c6:a4:b5:e7:85:3d:a6:33:39:7d:d0:94:b6:8a:
                    0c:cf:8f:b1:31:7f:21:45:b0:32:c5:da:96:2e:43:
                    77:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:68:6B:2F:51:61:8F:C0:E4:8B:D6:A4:BB:F3:57:CD:AE:16:AD:DF
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/6WhrL1Fhj8Dki9aku_NXza4Wrd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:5880::/29
                  2a10:5a80::/29
                  2a10:5c80::/29
                  2a12:1b40::/29
                  2a12:7d80::/29
                  2a12:7e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:c0:fe:7d:23:16:61:e9:26:55:a8:7a:2c:3c:15:92:88:f6:
         10:ad:00:9d:37:d9:a4:52:b8:95:06:53:70:4a:36:7f:2f:cb:
         13:44:36:3b:cd:46:65:6a:3c:da:72:e3:e2:2e:fc:70:ab:d2:
         23:17:24:85:00:9f:e2:6a:9b:b4:9b:00:a4:c6:f6:e6:9f:a6:
         84:8b:88:c4:17:5c:43:d7:bc:72:d4:e2:1c:a7:a5:80:91:e7:
         d8:74:17:a1:c3:bb:e9:d5:0f:5b:c0:05:d2:64:bd:39:f6:3c:
         e4:4c:1e:9e:2f:a8:71:d5:2b:a0:39:35:8a:4a:08:98:a9:5f:
         e6:d5:41:1a:57:c3:f1:df:f9:7e:f4:d5:68:26:2e:60:db:69:
         3a:85:52:07:5d:f7:d4:45:5d:64:3c:a2:54:43:40:39:43:a9:
         d0:07:c8:bc:dd:d4:18:b8:de:80:46:6d:93:eb:a8:75:28:e8:
         3f:93:ef:89:d7:e6:8f:19:26:6c:2f:cf:66:16:95:5c:60:a8:
         ee:d0:49:62:02:76:07:5e:41:0a:91:2f:2c:3b:74:86:0b:bc:
         f0:85:c8:55:f6:d7:67:dc:48:c2:69:d0:29:2e:eb:65:32:f1:
         8b:30:c1:f0:1c:da:35:f3:6d:fe:4e:93:b4:fc:91:d2:6a:2b:
         35:9f:c7:d3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVuwicthSS/QET+uw0zcx9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjMwMTAxMTkxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTY4NmIyZjUxNjE4ZmMwZTQ4YmQ2YTRiYmYzNTdjZGFlMTZhZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpfEbu6kT3lhIcf7ubX3DNBk7kpc
RrVRJJZHPF0ep8PoagQU2hWaMZ1CqldJNzcCxowJMi95l1hKy0ItzBM3mdDdOgyO
pfseq1faQ3S321S0Xx8n2N+WEBpIX5MzezqYdqAmwqTF2hgkI05s5uncQQU5xwZj
LsvViecCpdPpr9SNdqwrVRZWZgB9YZrZAsgfC7nsOuhPZ++AqGCRUUASQqIeL5fW
QyTmci9aEV1cnktNlJrOnUjrV0ONGkS+guf+uklD3vKY4mgqRdmL5pj1+x8+Z7v5
IQTrFFfTiLpcE5l+xqS154U9pjM5fdCUtooMz4+xMX8hRbAyxdqWLkN32wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFOloay9RYY/A5IvWpLvzV82uFq3fMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvNldockwxRmhqOERraTlha3VfTlh6YTRXcmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKhBYgAMF
AyoQWoADBQMqEFyAAwUDKhIbQAMFAyoSfYADBQMqEn6AMA0GCSqGSIb3DQEBCwUA
A4IBAQBHwP59IxZh6SZVqHosPBWSiPYQrQCdN9mkUriVBlNwSjZ/L8sTRDY7zUZl
ajzacuPiLvxwq9IjFySFAJ/iapu0mwCkxvbmn6aEi4jEF1xD17xy1OIcp6WAkefY
dBehw7vp1Q9bwAXSZL059jzkTB6eL6hx1SugOTWKSgiYqV/m1UEaV8Px3/l+9NVo
Ji5g22k6hVIHXffURV1kPKJUQ0A5Q6nQB8i83dQYuN6ARm2T66h1KOg/k++J1+aP
GSZsL89mFpVcYKju0EliAnYHXkEKkS8sO3SGC7zwhchV9tdn3EjCadApLutlMvGL
MMHwHNo1823+TpO0/JHSais1n8fT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:51 2024 by rpki-client on console-fra.rpki-client.org