Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Fo-hMN6chxezaICGZm3_0EUJ--A.roa
File:                     Fo-hMN6chxezaICGZm3_0EUJ--A.roa (raw, json)
Hash identifier:          7InDBTr6phLi6X+V7N/J2jgEaFa1882Ds3jKcRCrvZU=
Subject key identifier:   16:8F:A1:30:DE:9C:87:17:B3:68:80:86:66:6D:FF:D0:45:09:FB:E0
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FAD4D22891147D58192EEEE017E12
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Fo-hMN6chxezaICGZm3_0EUJ--A.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60262
IP address blocks:        2a0f:30c0::/29 maxlen: 29
                          2a0f:3640::/29 maxlen: 29
                          2a0f:1740::/29 maxlen: 29
                          2a0f:2d40::/29 maxlen: 29
                          2a0f:27c0::/29 maxlen: 29
                          2a0f:32c0::/29 maxlen: 29
                          2a0f:1940::/29 maxlen: 29
                          2a06:6ec0::/29 maxlen: 29
                          2a0f:2f40::/29 maxlen: 29
                          2a0f:29c0::/29 maxlen: 29
                          2a0f:34c0::/29 maxlen: 29
                          2a0e:c740::/29 maxlen: 29
                          2a0f:15c0::/29 maxlen: 29
                          2a0e:ee80::/29 maxlen: 29
                          2a0f:35c0::/29 maxlen: 29
                          2a0f:16c0::/29 maxlen: 29
                          2a0e:a3c0::/29 maxlen: 29
                          2a0e:8780::/29 maxlen: 29
                          2a0f:3240::/29 maxlen: 29
                          2a0f:18c0::/29 maxlen: 29
                          2a0f:2940::/29 maxlen: 29
                          2a0f:2ec0::/29 maxlen: 29
                          2a0f:fc0::/29 maxlen: 29
                          2a0e:be80::/29 maxlen: 29
                          2a0f:3440::/29 maxlen: 29
                          2a0f:a40::/29 maxlen: 29
                          2a0f:1540::/29 maxlen: 29
                          2a0f:1ac0::/29 maxlen: 29
                          2a0f:1640::/29 maxlen: 29
                          2a0f:31c0::/29 maxlen: 29
                          2a0f:3740::/29 maxlen: 29
                          2a0f:1840::/29 maxlen: 29
                          2a0e:c180::/29 maxlen: 29
                          2a0e:a280::/29 maxlen: 29
                          2a0f:2e40::/29 maxlen: 29
                          2a0f:28c0::/29 maxlen: 29
                          2a0f:33c0::/29 maxlen: 29
                          2a0f:f40::/29 maxlen: 29
                          2a0f:1a40::/29 maxlen: 29
                          2a0f:14c0::/29 maxlen: 29
                          2a0f:1fc0::/29 maxlen: 29
                          2a0f:3040::/29 maxlen: 29
                          2a0e:a580::/29 maxlen: 29
                          2a0f:36c0::/29 maxlen: 29
                          2a0f:3140::/29 maxlen: 29
                          2a0f:17c0::/29 maxlen: 29
                          2a0f:2840::/29 maxlen: 29
                          2a0f:2dc0::/29 maxlen: 29
                          2a0e:8880::/29 maxlen: 29
                          2a0f:3340::/29 maxlen: 29
                          2a0e:bac0::/29 maxlen: 29
                          2a0e:6c40::/29 maxlen: 29
                          2a0f:19c0::/29 maxlen: 29
                          2a0f:2a40::/29 maxlen: 29
                          2a0f:3540::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ad:4d:22:89:11:47:d5:81:92:ee:ee:01:7e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=168fa130de9c8717b3688086666dffd04509fbe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cc:30:40:68:a6:16:45:f5:b1:b5:75:88:39:
                    73:65:51:72:28:a7:7c:43:3f:10:59:0d:a5:9a:58:
                    5b:80:c0:d4:4e:1f:f1:bd:5b:1c:8f:6a:0a:39:d8:
                    6d:ba:47:e9:62:dc:8d:68:b5:74:e5:29:cc:57:55:
                    a7:90:79:ce:ca:5d:a9:7e:47:47:26:3d:02:11:b0:
                    d5:53:e0:9f:73:5e:4e:17:c5:23:12:82:7a:86:fc:
                    86:ae:7a:22:0d:f3:08:8e:e6:87:f7:b5:96:0d:70:
                    40:71:06:0d:9b:42:95:6a:fd:69:4d:60:16:8a:8c:
                    ab:ec:04:b6:c9:13:f5:20:f2:5e:66:76:3e:dd:9b:
                    24:5d:5e:d5:18:f2:a4:21:86:45:f9:9d:b8:25:69:
                    ce:bd:df:9c:2d:f0:14:a6:bb:d8:d5:ec:da:b2:d8:
                    ee:c9:de:33:e7:09:c9:09:aa:f3:5f:35:dd:ed:fb:
                    98:0d:14:9a:78:1b:01:fb:21:1a:bb:bd:dd:d8:2b:
                    fc:c0:05:ec:92:20:31:7a:d7:8f:f3:aa:ef:bf:4a:
                    58:3d:fe:8d:5d:ff:95:ac:79:58:12:a2:fc:21:ff:
                    3a:ab:2f:29:1d:e9:ef:78:6e:3d:e5:15:1a:ab:36:
                    e9:df:76:c8:e8:03:c7:35:35:f2:35:54:6b:1b:92:
                    e8:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8F:A1:30:DE:9C:87:17:B3:68:80:86:66:6D:FF:D0:45:09:FB:E0
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Fo-hMN6chxezaICGZm3_0EUJ--A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:6ec0::/29
                  2a0e:6c40::/29
                  2a0e:8780::/29
                  2a0e:8880::/29
                  2a0e:a280::/29
                  2a0e:a3c0::/29
                  2a0e:a580::/29
                  2a0e:bac0::/29
                  2a0e:be80::/29
                  2a0e:c180::/29
                  2a0e:c740::/29
                  2a0e:ee80::/29
                  2a0f:a40::/29
                  2a0f:f40::/29
                  2a0f:fc0::/29
                  2a0f:14c0::/29
                  2a0f:1540::/29
                  2a0f:15c0::/29
                  2a0f:1640::/29
                  2a0f:16c0::/29
                  2a0f:1740::/29
                  2a0f:17c0::/29
                  2a0f:1840::/29
                  2a0f:18c0::/29
                  2a0f:1940::/29
                  2a0f:19c0::/29
                  2a0f:1a40::/29
                  2a0f:1ac0::/29
                  2a0f:1fc0::/29
                  2a0f:27c0::/29
                  2a0f:2840::/29
                  2a0f:28c0::/29
                  2a0f:2940::/29
                  2a0f:29c0::/29
                  2a0f:2a40::/29
                  2a0f:2d40::/29
                  2a0f:2dc0::/29
                  2a0f:2e40::/29
                  2a0f:2ec0::/29
                  2a0f:2f40::/29
                  2a0f:3040::/29
                  2a0f:30c0::/29
                  2a0f:3140::/29
                  2a0f:31c0::/29
                  2a0f:3240::/29
                  2a0f:32c0::/29
                  2a0f:3340::/29
                  2a0f:33c0::/29
                  2a0f:3440::/29
                  2a0f:34c0::/29
                  2a0f:3540::/29
                  2a0f:35c0::/29
                  2a0f:3640::/29
                  2a0f:36c0::/29
                  2a0f:3740::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:3f:bb:d4:94:e4:60:6d:ec:ac:ef:f9:12:df:95:77:08:b2:
         78:be:5f:8e:e8:d0:ee:92:95:d8:f6:8e:21:e4:a0:c7:c9:d7:
         52:49:bb:6f:74:99:aa:95:7e:81:7a:f9:42:e5:2d:7e:68:12:
         6b:c6:35:db:ba:b8:f4:d8:1e:f7:b0:57:aa:f0:24:f4:39:ff:
         7b:93:78:1f:2b:c1:d9:0c:6b:4d:5c:97:8f:9c:98:40:a9:6f:
         db:49:d6:7c:5e:bc:49:87:c4:77:bd:69:05:61:24:9c:83:e8:
         26:ed:f3:55:84:43:ca:9a:99:be:e5:4d:f9:61:ea:06:01:d2:
         70:28:8f:cf:33:33:aa:6d:a3:c8:d7:4c:9f:e3:f7:f4:d0:38:
         8d:94:61:b5:50:a6:2a:56:79:ce:06:cc:0a:42:7e:e4:5a:a7:
         a3:42:86:a2:3a:8e:6d:28:0a:ad:8f:98:9b:20:b9:8f:25:a5:
         2d:c3:51:2c:c8:2e:0e:b2:9e:62:5e:38:30:f2:83:8d:a4:1a:
         6c:61:eb:fd:cb:c8:a1:1c:87:75:77:7c:36:81:28:7d:9d:46:
         99:3c:e3:eb:08:6d:75:16:26:f4:94:f0:27:41:9f:fb:67:dc:
         25:c0:18:56:fd:85:93:1f:45:78:da:51:1e:f7:cb:00:a3:28:
         68:8a:7d:02
-----BEGIN CERTIFICATE-----
MIIGgjCCBWqgAwIBAgISAYzIb61NIokRR9WBku7uAX4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhmYTEzMGRlOWM4NzE3YjM2ODgwODY2NjZkZmZkMDQ1MDlmYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcwwQGimFkX1sbV1iDlzZVFyKKd8
Qz8QWQ2lmlhbgMDUTh/xvVscj2oKOdhtukfpYtyNaLV05SnMV1WnkHnOyl2pfkdH
Jj0CEbDVU+Cfc15OF8UjEoJ6hvyGrnoiDfMIjuaH97WWDXBAcQYNm0KVav1pTWAW
ioyr7AS2yRP1IPJeZnY+3ZskXV7VGPKkIYZF+Z24JWnOvd+cLfAUprvY1ezastju
yd4z5wnJCarzXzXd7fuYDRSaeBsB+yEau73d2Cv8wAXskiAxeteP86rvv0pYPf6N
Xf+VrHlYEqL8If86qy8pHenveG495RUaqzbp33bI6APHNTXyNVRrG5LoXQIDAQAB
o4IDjjCCA4owHQYDVR0OBBYEFBaPoTDenIcXs2iAhmZt/9BFCfvgMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvRm8taE1ONmNoeGV6YUlDR1ptM18wRVVKLS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBogYIKwYBBQUHAQcBAf8EggGRMIIBjTCCAYkEAgACMIIB
gQMFAyoGbsADBQMqDmxAAwUDKg6HgAMFAyoOiIADBQMqDqKAAwUDKg6jwAMFAyoO
pYADBQMqDrrAAwUDKg6+gAMFAyoOwYADBQMqDsdAAwUDKg7ugAMFAyoPCkADBQMq
Dw9AAwUDKg8PwAMFAyoPFMADBQMqDxVAAwUDKg8VwAMFAyoPFkADBQMqDxbAAwUD
Kg8XQAMFAyoPF8ADBQMqDxhAAwUDKg8YwAMFAyoPGUADBQMqDxnAAwUDKg8aQAMF
AyoPGsADBQMqDx/AAwUDKg8nwAMFAyoPKEADBQMqDyjAAwUDKg8pQAMFAyoPKcAD
BQMqDypAAwUDKg8tQAMFAyoPLcADBQMqDy5AAwUDKg8uwAMFAyoPL0ADBQMqDzBA
AwUDKg8wwAMFAyoPMUADBQMqDzHAAwUDKg8yQAMFAyoPMsADBQMqDzNAAwUDKg8z
wAMFAyoPNEADBQMqDzTAAwUDKg81QAMFAyoPNcADBQMqDzZAAwUDKg82wAMFAyoP
N0AwDQYJKoZIhvcNAQELBQADggEBAAg/u9SU5GBt7Kzv+RLflXcIsni+X47o0O6S
ldj2jiHkoMfJ11JJu290maqVfoF6+ULlLX5oEmvGNdu6uPTYHvewV6rwJPQ5/3uT
eB8rwdkMa01cl4+cmECpb9tJ1nxevEmHxHe9aQVhJJyD6Cbt81WEQ8qamb7lTflh
6gYB0nAoj88zM6pto8jXTJ/j9/TQOI2UYbVQpipWec4GzApCfuRap6NChqI6jm0o
Cq2PmJsguY8lpS3DUSzILg6ynmJeODDyg42kGmxh6/3LyKEch3V3fDaBKH2dRpk8
4+sIbXUWJvSU8CdBn/tn3CXAGFb9hZMfRXjaUR73ywCjKGiKfQI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:35:51 2024 by rpki-client on console-ams.rpki-client.org