Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/8YV3kJKR5o9YDk6gD5mBW5aA6Vo.roa
File:                     8YV3kJKR5o9YDk6gD5mBW5aA6Vo.roa (raw, json)
Hash identifier:          in6mvpT7Y6wY39puK0h0zZQa7YAHIDgjqPnNU87u2vY=
Subject key identifier:   F1:85:77:90:92:91:E6:8F:58:0E:4E:A0:0F:99:81:5B:96:80:E9:5A
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       1B4477BD
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/8YV3kJKR5o9YDk6gD5mBW5aA6Vo.roa
Signing time:             Fri 06 May 2022 05:43:48 +0000
ROA not before:           Fri 06 May 2022 05:43:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60262
IP address blocks:        2a0f:2b40::/29 maxlen: 29
                          2a0f:fa80::/29 maxlen: 29
                          2a0f:c40::/29 maxlen: 29
                          2a0f:3640::/29 maxlen: 29
                          2a0f:1740::/29 maxlen: 29
                          2a0f:2240::/29 maxlen: 29
                          2a0f:2d40::/29 maxlen: 29
                          2a0f:27c0::/29 maxlen: 29
                          2a0f:e40::/29 maxlen: 29
                          2a0f:1940::/29 maxlen: 29
                          2a0f:f380::/29 maxlen: 29
                          2a0f:2f40::/29 maxlen: 29
                          2a0f:fe80::/29 maxlen: 29
                          2a0f:1040::/29 maxlen: 29
                          2a0f:15c0::/29 maxlen: 29
                          2a0f:35c0::/29 maxlen: 29
                          2a0f:16c0::/29 maxlen: 29
                          2a0f:21c0::/29 maxlen: 29
                          2a0f:f680::/29 maxlen: 29
                          2a0f:2cc0::/29 maxlen: 29
                          2a0f:dc0::/29 maxlen: 29
                          2a0f:18c0::/29 maxlen: 29
                          2a0f:2940::/29 maxlen: 29
                          2a0f:2ec0::/29 maxlen: 29
                          2a0f:fc0::/29 maxlen: 29
                          2a0f:a40::/29 maxlen: 29
                          2a0f:1540::/29 maxlen: 29
                          2a0f:e480::/29 maxlen: 29
                          2a0f:1ac0::/29 maxlen: 29
                          2a0f:2040::/29 maxlen: 29
                          2a0f:1640::/29 maxlen: 29
                          2a0f:2140::/29 maxlen: 29
                          2a0f:2c40::/29 maxlen: 29
                          2a0f:240::/29 maxlen: 29
                          2a0f:fb80::/29 maxlen: 29
                          2a0f:12c0::/29 maxlen: 29
                          2a0f:d40::/29 maxlen: 29
                          2a0f:3740::/29 maxlen: 29
                          2a0f:1840::/29 maxlen: 29
                          2a0f:2e40::/29 maxlen: 29
                          2a0f:28c0::/29 maxlen: 29
                          2a0f:f40::/29 maxlen: 29
                          2a0f:1a40::/29 maxlen: 29
                          2a0f:14c0::/29 maxlen: 29
                          2a0f:1fc0::/29 maxlen: 29
                          2a0f:f480::/29 maxlen: 29
                          2a0f:2ac0::/29 maxlen: 29
                          2a0f:20c0::/29 maxlen: 29
                          2a0f:f580::/29 maxlen: 29
                          2a0f:1c0::/29 maxlen: 29
                          2a0f:2bc0::/29 maxlen: 29
                          2a0f:36c0::/29 maxlen: 29
                          2a0f:cc0::/29 maxlen: 29
                          2a0f:1240::/29 maxlen: 29
                          2a0f:17c0::/29 maxlen: 29
                          2a0f:2840::/29 maxlen: 29
                          2a0f:f780::/29 maxlen: 29
                          2a0f:2dc0::/29 maxlen: 29
                          2a0f:e380::/29 maxlen: 29
                          2a0f:19c0::/29 maxlen: 29
                          2a0f:f980::/29 maxlen: 29
                          2a0f:2a40::/29 maxlen: 29
                          2a0f:3540::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 457471933 (0x1b4477bd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: May  6 05:43:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f18577909291e68f580e4ea00f99815b9680e95a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:3a:66:13:c9:39:69:97:13:6f:6e:8d:1d:12:
                    46:85:07:b4:49:fa:06:10:6b:c7:7a:ab:d4:9c:a6:
                    27:53:b5:6b:d3:b4:56:a1:47:ef:b0:b2:25:22:2c:
                    68:ec:e9:1d:42:fd:ed:ab:32:b5:cb:5a:0d:54:cb:
                    ff:53:ef:f2:2c:bb:a2:86:95:91:15:98:80:8e:33:
                    06:49:cc:e0:5f:f1:93:10:b5:9f:8e:f1:93:21:cb:
                    46:e4:25:31:2d:49:be:cd:f1:b7:24:68:b4:48:a2:
                    c7:da:97:4c:61:49:4a:33:b9:58:a6:53:f6:12:2e:
                    26:65:39:ec:ac:e4:77:59:db:81:d9:d9:17:7e:90:
                    7d:22:2a:29:70:1c:7e:c4:48:9f:5e:12:07:3c:50:
                    cb:2c:5a:5d:94:e6:d4:9d:2a:1b:99:84:d5:a4:78:
                    ec:aa:44:05:b2:59:7d:d6:e6:5a:34:6b:53:a2:64:
                    f9:e2:b0:ae:82:23:34:cc:77:96:ee:c2:c7:75:2f:
                    94:7a:a4:13:7b:0e:f9:34:09:0f:7d:8f:4a:f2:51:
                    79:92:18:0c:f8:57:22:0d:40:e4:1e:21:9f:5e:ba:
                    98:0a:04:27:97:72:04:72:33:0a:a7:83:97:a2:59:
                    6b:12:05:19:89:3a:e1:f2:2e:bb:ef:6f:86:ec:6d:
                    44:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:85:77:90:92:91:E6:8F:58:0E:4E:A0:0F:99:81:5B:96:80:E9:5A
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/8YV3kJKR5o9YDk6gD5mBW5aA6Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1c0::/29
                  2a0f:240::/29
                  2a0f:a40::/29
                  2a0f:c40::/29
                  2a0f:cc0::/29
                  2a0f:d40::/29
                  2a0f:dc0::/29
                  2a0f:e40::/29
                  2a0f:f40::/29
                  2a0f:fc0::/29
                  2a0f:1040::/29
                  2a0f:1240::/29
                  2a0f:12c0::/29
                  2a0f:14c0::/29
                  2a0f:1540::/29
                  2a0f:15c0::/29
                  2a0f:1640::/29
                  2a0f:16c0::/29
                  2a0f:1740::/29
                  2a0f:17c0::/29
                  2a0f:1840::/29
                  2a0f:18c0::/29
                  2a0f:1940::/29
                  2a0f:19c0::/29
                  2a0f:1a40::/29
                  2a0f:1ac0::/29
                  2a0f:1fc0::/29
                  2a0f:2040::/29
                  2a0f:20c0::/29
                  2a0f:2140::/29
                  2a0f:21c0::/29
                  2a0f:2240::/29
                  2a0f:27c0::/29
                  2a0f:2840::/29
                  2a0f:28c0::/29
                  2a0f:2940::/29
                  2a0f:2a40::/29
                  2a0f:2ac0::/29
                  2a0f:2b40::/29
                  2a0f:2bc0::/29
                  2a0f:2c40::/29
                  2a0f:2cc0::/29
                  2a0f:2d40::/29
                  2a0f:2dc0::/29
                  2a0f:2e40::/29
                  2a0f:2ec0::/29
                  2a0f:2f40::/29
                  2a0f:3540::/29
                  2a0f:35c0::/29
                  2a0f:3640::/29
                  2a0f:36c0::/29
                  2a0f:3740::/29
                  2a0f:e380::/29
                  2a0f:e480::/29
                  2a0f:f380::/29
                  2a0f:f480::/29
                  2a0f:f580::/29
                  2a0f:f680::/29
                  2a0f:f780::/29
                  2a0f:f980::/29
                  2a0f:fa80::/29
                  2a0f:fb80::/29
                  2a0f:fe80::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:75:9d:4d:bd:c7:a9:18:53:24:df:3a:84:0d:57:2a:50:ff:
         86:39:25:b0:51:66:b4:5d:3c:b0:dd:85:97:17:c2:9d:a6:57:
         15:19:83:22:67:e8:2a:83:26:44:0f:38:4d:b8:b1:aa:b4:e1:
         e8:00:85:39:c7:6e:ec:24:4f:3c:5d:34:5a:b4:78:a7:05:ba:
         57:4e:00:35:2f:d0:61:c9:ab:0e:a3:15:53:17:44:e6:92:07:
         e9:16:43:1c:2b:ba:a0:91:da:fb:5a:1b:04:86:e6:58:4f:0c:
         1b:1e:4a:b3:f6:8e:bc:94:0c:90:37:ab:e7:25:db:83:a1:e9:
         20:52:d4:76:db:6a:ea:22:fd:71:d4:ea:c0:b2:15:86:1b:ed:
         44:07:c4:d0:ac:61:1a:5a:9d:57:f3:c2:63:b7:99:15:f7:da:
         75:17:97:40:cd:0c:6c:32:09:9c:18:1b:b8:90:84:7a:05:7a:
         3c:fe:8d:24:96:ee:7d:37:35:f9:74:a5:41:24:cb:39:a0:de:
         e2:bf:d3:8e:d4:50:fd:09:46:44:61:02:e7:38:69:7c:db:5d:
         fb:fe:59:5b:c7:b4:c4:15:24:d1:d0:ef:0b:81:21:5a:d0:99:
         2d:10:82:b2:62:c8:2e:bd:68:9c:4e:e0:74:5e:f0:39:1d:5c:
         66:b6:57:f0
-----BEGIN CERTIFICATE-----
MIIGrDCCBZSgAwIBAgIEG0R3vTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTU1MDA5YzNkZTQyMWNjNGU2N2I5YTlhZTQyM2JiMzVkZTBiOTI2MB4XDTIyMDUw
NjA1NDM0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjE4NTc3OTA5Mjkx
ZTY4ZjU4MGU0ZWEwMGY5OTgxNWI5NjgwZTk1YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOg6ZhPJOWmXE29ujR0SRoUHtEn6BhBrx3qr1JymJ1O1a9O0
VqFH77CyJSIsaOzpHUL97asytctaDVTL/1Pv8iy7ooaVkRWYgI4zBknM4F/xkxC1
n47xkyHLRuQlMS1Jvs3xtyRotEiix9qXTGFJSjO5WKZT9hIuJmU57Kzkd1nbgdnZ
F36QfSIqKXAcfsRIn14SBzxQyyxaXZTm1J0qG5mE1aR47KpEBbJZfdbmWjRrU6Jk
+eKwroIjNMx3lu7Cx3UvlHqkE3sO+TQJD32PSvJReZIYDPhXIg1A5B4hn166mAoE
J5dyBHIzCqeDl6JZaxIFGYk64fIuu+9vhuxtRK0CAwEAAaOCA8YwggPCMB0GA1Ud
DgQWBBTxhXeQkpHmj1gOTqAPmYFbloDpWjAfBgNVHSMEGDAWgBSxVQCcPeQhzE5n
uamuQjuzXeC5JjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NWVUFuRDNrSWN4T1o3bXBya0k3czEzZ3VTWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTAvZGU5MDJjLTNkMTMtNDdkMS1hNWU2LTczODU2YWY0OWYzZS8x
LzhZVjNrSktSNW85WURrNmdENW1CVzVhQTZWby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAv
ZGU5MDJjLTNkMTMtNDdkMS1hNWU2LTczODU2YWY0OWYzZS8xL3NWVUFuRDNrSWN4
T1o3bXBya0k3czEzZ3VTWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AdoGCCsGAQUFBwEHAQH/BIIByTCCAcUwggHBBAIAAjCCAbkDBQMqDwHAAwUDKg8C
QAMFAyoPCkADBQMqDwxAAwUDKg8MwAMFAyoPDUADBQMqDw3AAwUDKg8OQAMFAyoP
D0ADBQMqDw/AAwUDKg8QQAMFAyoPEkADBQMqDxLAAwUDKg8UwAMFAyoPFUADBQMq
DxXAAwUDKg8WQAMFAyoPFsADBQMqDxdAAwUDKg8XwAMFAyoPGEADBQMqDxjAAwUD
Kg8ZQAMFAyoPGcADBQMqDxpAAwUDKg8awAMFAyoPH8ADBQMqDyBAAwUDKg8gwAMF
AyoPIUADBQMqDyHAAwUDKg8iQAMFAyoPJ8ADBQMqDyhAAwUDKg8owAMFAyoPKUAD
BQMqDypAAwUDKg8qwAMFAyoPK0ADBQMqDyvAAwUDKg8sQAMFAyoPLMADBQMqDy1A
AwUDKg8twAMFAyoPLkADBQMqDy7AAwUDKg8vQAMFAyoPNUADBQMqDzXAAwUDKg82
QAMFAyoPNsADBQMqDzdAAwUDKg/jgAMFAyoP5IADBQMqD/OAAwUDKg/0gAMFAyoP
9YADBQMqD/aAAwUDKg/3gAMFAyoP+YADBQMqD/qAAwUDKg/7gAMFAyoP/oAwDQYJ
KoZIhvcNAQELBQADggEBALp1nU29x6kYUyTfOoQNVypQ/4Y5JbBRZrRdPLDdhZcX
wp2mVxUZgyJn6CqDJkQPOE24saq04egAhTnHbuwkTzxdNFq0eKcFuldOADUv0GHJ
qw6jFVMXROaSB+kWQxwruqCR2vtaGwSG5lhPDBseSrP2jryUDJA3q+cl24Oh6SBS
1Hbbauoi/XHU6sCyFYYb7UQHxNCsYRpanVfzwmO3mRX32nUXl0DNDGwyCZwYG7iQ
hHoFejz+jSSW7n03Nfl0pUEkyzmg3uK/047UUP0JRkRhAuc4aXzbXfv+WVvHtMQV
JNHQ7wuBIVrQmS0QgrJiyC69aJxO4HRe8DkdXGa2V/A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:35:51 2024 by rpki-client on console-ams.rpki-client.org