Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/F777LlC6TubvPaRMYmLZ6DyVuD8.roa
File:                     F777LlC6TubvPaRMYmLZ6DyVuD8.roa (raw, json)
Hash identifier:          sitaoxjsdzqTg96OTz5tihEakouBERphp6tT52x7UB0=
Subject key identifier:   17:BE:FB:2E:50:BA:4E:E6:EF:3D:A4:4C:62:62:D9:E8:3C:95:B8:3F
Certificate issuer:       /CN=ecee470bf5109976934f51e7eaef210779a2c4de
Certificate serial:       28F6AF6F
Authority key identifier: EC:EE:47:0B:F5:10:99:76:93:4F:51:E7:EA:EF:21:07:79:A2:C4:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7O5HC_UQmXaTT1Hn6u8hB3mixN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/F777LlC6TubvPaRMYmLZ6DyVuD8.roa
Signing time:             Sat 01 Jan 2022 10:54:50 +0000
ROA not before:           Sat 01 Jan 2022 10:54:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20755
IP address blocks:        80.69.32.0/20 maxlen: 20
                          185.99.228.0/22 maxlen: 22
                          2a00:1a18::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 687255407 (0x28f6af6f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecee470bf5109976934f51e7eaef210779a2c4de
        Validity
            Not Before: Jan  1 10:54:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=17befb2e50ba4ee6ef3da44c6262d9e83c95b83f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2e:c2:c4:c2:ec:66:48:b4:e6:37:e6:a3:e1:
                    5c:67:1a:e8:c0:5a:2e:06:0c:71:90:78:0a:72:fb:
                    1d:ca:64:ef:e6:1c:cf:ab:54:80:01:89:f5:be:51:
                    b5:aa:7e:12:73:48:47:ff:7d:4e:c8:85:ff:10:61:
                    7d:c0:8c:a8:5e:e1:37:35:ca:40:19:e5:ea:61:44:
                    fe:f8:04:6b:cd:65:c6:15:70:d9:c0:dd:9b:78:3c:
                    fb:d4:91:a5:b8:1a:18:dc:3e:19:a8:b8:38:cc:7a:
                    d7:21:ea:9f:41:a5:6b:49:cd:ac:93:5f:11:d6:44:
                    58:04:9d:9e:8f:cd:9a:3c:e6:79:e0:50:97:e2:db:
                    4a:0f:df:ca:f1:41:b0:dc:46:e0:55:47:f0:d8:58:
                    de:4e:9b:c9:9f:5c:c7:0d:1c:9f:69:7f:1c:31:ae:
                    f2:f0:0d:cd:84:a2:92:a3:7c:3e:7c:8b:40:b5:a2:
                    df:ed:b3:e1:6c:8b:c5:2d:79:04:a1:ad:0f:22:f6:
                    bd:ba:e5:65:7a:74:c6:8f:30:3a:f4:01:68:69:fe:
                    30:bd:a5:4f:7d:48:30:11:d4:60:83:76:c4:6d:5c:
                    70:d5:7c:80:48:c9:ea:f2:07:b7:a1:41:5f:95:c1:
                    1b:07:1e:7c:51:a5:17:1c:97:23:2d:ba:9c:65:08:
                    42:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BE:FB:2E:50:BA:4E:E6:EF:3D:A4:4C:62:62:D9:E8:3C:95:B8:3F
            X509v3 Authority Key Identifier:
                keyid:EC:EE:47:0B:F5:10:99:76:93:4F:51:E7:EA:EF:21:07:79:A2:C4:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7O5HC_UQmXaTT1Hn6u8hB3mixN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/F777LlC6TubvPaRMYmLZ6DyVuD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/7O5HC_UQmXaTT1Hn6u8hB3mixN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.69.32.0/20
                  185.99.228.0/22
                IPv6:
                  2a00:1a18::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:48:c3:5f:8e:fc:f5:6d:d4:0e:7d:f0:b4:82:49:81:98:42:
         06:61:fc:ce:96:66:cf:96:21:95:bf:eb:ac:51:95:5c:74:86:
         4c:f3:2e:53:22:5a:b8:81:b7:3c:1f:ff:b9:f4:39:e5:ec:e5:
         05:36:82:d7:40:d2:b7:c7:7b:90:35:23:63:25:67:5f:d8:0d:
         4c:6f:0a:25:9a:ee:03:2c:68:74:56:57:b1:51:8c:3a:d4:a9:
         3b:13:04:33:20:33:ca:d8:bb:fe:b4:ed:3e:20:36:dd:d8:59:
         97:71:0b:21:23:06:b7:fa:78:e2:85:de:8e:13:5c:6a:c5:74:
         21:9e:a0:3d:7f:2b:28:73:f7:56:ad:5f:e2:df:22:2d:47:7b:
         58:b9:6d:f2:8c:04:bd:e0:d9:2c:6d:d8:32:83:81:ff:97:8c:
         5a:95:21:5c:f8:50:36:1a:a6:6f:1e:59:ec:c6:09:1b:7e:12:
         b4:e0:3f:8f:14:26:df:4d:16:7f:0b:4c:35:77:34:b4:3a:3c:
         b7:ee:68:20:48:22:96:9e:20:f3:2f:59:65:2d:c8:c8:8c:9d:
         42:dc:6e:47:b7:3b:35:2f:fb:49:6b:77:db:b2:20:45:80:41:
         60:82:ee:ba:4c:93:38:4d:1f:cd:be:74:cb:c6:d2:f0:4c:74:
         64:f6:8f:8c
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEKPavbzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
Y2VlNDcwYmY1MTA5OTc2OTM0ZjUxZTdlYWVmMjEwNzc5YTJjNGRlMB4XDTIyMDEw
MTEwNTQ1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTdiZWZiMmU1MGJh
NGVlNmVmM2RhNDRjNjI2MmQ5ZTgzYzk1YjgzZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKkuwsTC7GZItOY35qPhXGca6MBaLgYMcZB4CnL7Hcpk7+Yc
z6tUgAGJ9b5Rtap+EnNIR/99TsiF/xBhfcCMqF7hNzXKQBnl6mFE/vgEa81lxhVw
2cDdm3g8+9SRpbgaGNw+Gai4OMx61yHqn0Gla0nNrJNfEdZEWASdno/NmjzmeeBQ
l+LbSg/fyvFBsNxG4FVH8NhY3k6byZ9cxw0cn2l/HDGu8vANzYSikqN8PnyLQLWi
3+2z4WyLxS15BKGtDyL2vbrlZXp0xo8wOvQBaGn+ML2lT31IMBHUYIN2xG1ccNV8
gEjJ6vIHt6FBX5XBGwcefFGlFxyXIy26nGUIQmsCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQXvvsuULpO5u89pExiYtnoPJW4PzAfBgNVHSMEGDAWgBTs7kcL9RCZdpNP
Uefq7yEHeaLE3jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdPNUhDX1VRbVhhVFQxSG42dThoQjNtaXhONC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTcvM2Y5NWQ1LWFlNjktNDNiYi1iNTMxLTQxODRlZDMzMWI3NS8x
L0Y3NzdMbEM2VHVidlBhUk1ZbUxaNkR5VnVEOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcv
M2Y5NWQ1LWFlNjktNDNiYi1iNTMxLTQxODRlZDMzMWI3NS8xLzdPNUhDX1VRbVhh
VFQxSG42dThoQjNtaXhONC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBFBFIAMEArlj5DANBAIAAjAHAwUD
KgAaGDANBgkqhkiG9w0BAQsFAAOCAQEAcEjDX4789W3UDn3wtIJJgZhCBmH8zpZm
z5Yhlb/rrFGVXHSGTPMuUyJauIG3PB//ufQ55ezlBTaC10DSt8d7kDUjYyVnX9gN
TG8KJZruAyxodFZXsVGMOtSpOxMEMyAzyti7/rTtPiA23dhZl3ELISMGt/p44oXe
jhNcasV0IZ6gPX8rKHP3Vq1f4t8iLUd7WLlt8owEveDZLG3YMoOB/5eMWpUhXPhQ
Nhqmbx5Z7MYJG34StOA/jxQm300WfwtMNXc0tDo8t+5oIEgilp4g8y9ZZS3IyIyd
QtxuR7c7NS/7SWt327IgRYBBYILuukyTOE0fzb50y8bS8Ex0ZPaPjA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:00 2024 by rpki-client on console-fra.rpki-client.org