Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/S6xPQBVbgJ_U3bdsZv_ZFmEPyvQ.roa
File:                     S6xPQBVbgJ_U3bdsZv_ZFmEPyvQ.roa (raw, json)
Hash identifier:          3xArRDWgG5PPd+k+U3PsrmfLDzAgtdL9njvTbcBPvk4=
Subject key identifier:   4B:AC:4F:40:15:5B:80:9F:D4:DD:B7:6C:66:FF:D9:16:61:0F:CA:F4
Certificate issuer:       /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial:       01856FDDC5AE0B2662338D4B7B63C23345DD
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/S6xPQBVbgJ_U3bdsZv_ZFmEPyvQ.roa
Signing time:             Mon 02 Jan 2023 00:24:43 +0000
ROA not before:           Mon 02 Jan 2023 00:24:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56694
IP address blocks:        94.198.50.0/23 maxlen: 24
                          185.9.144.0/22 maxlen: 24
                          188.127.224.0/20 maxlen: 24
                          94.198.52.0/22 maxlen: 24
                          188.127.240.0/21 maxlen: 24
                          188.127.248.0/22 maxlen: 24
                          188.127.253.0/24 maxlen: 24
                          188.127.254.0/23 maxlen: 24
                          185.130.248.0/22 maxlen: 24
                          152.89.216.0/22 maxlen: 24
                          2a06:dd00::/29 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:dd:c5:ae:0b:26:62:33:8d:4b:7b:63:c2:33:45:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
        Validity
            Not Before: Jan  2 00:24:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4bac4f40155b809fd4ddb76c66ffd916610fcaf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7e:6e:c9:08:5a:41:c2:4b:40:a8:16:cf:57:
                    6a:d5:13:db:e7:bd:60:9d:41:9d:53:3e:53:aa:9c:
                    ff:8c:9d:67:25:45:bb:02:6d:0f:0b:5b:82:67:21:
                    c3:fa:49:76:85:e8:e9:71:ca:93:1f:b6:45:38:01:
                    41:38:8a:2d:26:1b:e7:74:29:64:d5:41:5e:be:55:
                    38:15:b5:2e:70:7c:44:6c:ea:5c:54:66:29:cb:be:
                    1e:8c:26:bf:ae:b9:c1:f9:f8:8a:24:b5:4c:4b:73:
                    1a:79:ba:6e:67:85:31:3b:f6:b8:da:66:88:c8:0a:
                    d7:77:74:db:55:7c:da:59:9e:58:1e:ff:fd:df:7d:
                    65:d3:e9:ca:db:de:4f:4e:32:3d:1e:19:19:2b:45:
                    1c:cd:8b:16:ef:5c:22:7a:2c:40:ac:c7:8b:01:e9:
                    5b:ff:8d:f2:4c:4a:ce:4b:59:cc:25:e1:0b:0d:71:
                    9d:6c:37:be:d4:5b:37:c4:34:3b:4a:b7:23:65:8c:
                    70:e0:23:b0:37:69:9b:11:92:1d:32:8e:5a:69:a0:
                    5b:a2:4f:fc:d7:a2:e3:60:02:ce:5b:a0:bf:79:f6:
                    89:39:9d:95:d2:67:66:be:d7:8d:d4:9c:1c:cf:a3:
                    7a:4b:a7:a1:96:6f:94:31:0c:b1:ee:d9:56:21:cd:
                    e8:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:AC:4F:40:15:5B:80:9F:D4:DD:B7:6C:66:FF:D9:16:61:0F:CA:F4
            X509v3 Authority Key Identifier:
                keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/S6xPQBVbgJ_U3bdsZv_ZFmEPyvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.198.50.0-94.198.55.255
                  152.89.216.0/22
                  185.9.144.0/22
                  185.130.248.0/22
                  188.127.224.0-188.127.251.255
                  188.127.253.0-188.127.255.255
                IPv6:
                  2a06:dd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:10:ab:ef:f3:af:9c:54:c9:95:70:d1:92:71:da:a5:69:ba:
         31:5b:fb:aa:9e:97:21:bf:6c:c3:fd:de:fd:95:07:08:ce:5b:
         82:7b:51:fa:b7:f4:c3:13:0b:f6:5f:78:2c:04:3d:aa:50:20:
         ec:6d:63:da:48:61:3a:ea:99:a6:f6:ba:64:d9:eb:bd:e5:75:
         59:34:d3:04:7b:49:b5:79:8c:48:e4:8b:7e:63:70:03:0a:49:
         f8:cd:dc:67:ad:75:1d:9c:02:87:70:fe:1d:d5:b3:fb:e2:25:
         47:28:65:25:cd:dc:f2:12:69:e9:66:13:a9:a8:54:36:c1:cf:
         8c:2b:71:b6:6b:97:24:ff:cd:05:5c:e2:7f:f3:4d:92:af:27:
         94:4c:41:09:d1:cb:2f:8f:8d:44:1b:83:99:11:31:29:1e:01:
         59:b7:62:d6:68:5a:78:14:cd:05:75:db:a4:1c:ef:a5:c3:ee:
         c5:77:6e:dc:c0:95:d7:79:50:e8:45:58:e6:70:29:bd:55:16:
         a0:c0:ea:d7:6b:e9:c9:a3:b7:57:44:3a:c2:a8:40:52:1b:27:
         8a:b1:f7:2a:a2:36:30:66:17:51:d7:24:05:05:25:57:c6:4c:
         7a:b2:42:4c:84:15:57:dc:cf:69:3c:26:bc:06:5e:57:8f:38:
         68:3b:68:df
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVv3cWuCyZiM41Le2PCM0XdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjMwMTAyMDAyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmFjNGY0MDE1NWI4MDlmZDRkZGI3NmM2NmZmZDkxNjYxMGZjYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35uyQhaQcJLQKgWz1dq1RPb571g
nUGdUz5Tqpz/jJ1nJUW7Am0PC1uCZyHD+kl2hejpccqTH7ZFOAFBOIotJhvndClk
1UFevlU4FbUucHxEbOpcVGYpy74ejCa/rrnB+fiKJLVMS3MaebpuZ4UxO/a42maI
yArXd3TbVXzaWZ5YHv/9331l0+nK295PTjI9HhkZK0UczYsW71wieixArMeLAelb
/43yTErOS1nMJeELDXGdbDe+1Fs3xDQ7SrcjZYxw4COwN2mbEZIdMo5aaaBbok/8
16LjYALOW6C/efaJOZ2V0mdmvteN1Jwcz6N6S6ehlm+UMQyx7tlWIc3ozQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFEusT0AVW4Cf1N23bGb/2RZhD8r0MB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvUzZ4UFFCVmJnSl9VM2Jkc1p2X1pGbUVQeXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBBBAIAATA7MAwDBAFexjID
BANexjADBAKYWdgDBAK5CZADBAK5gvgwDAMEBbx/4AMEArx/+DALAwQAvH/9AwMH
vAAwDQQCAAIwBwMFAyoG3QAwDQYJKoZIhvcNAQELBQADggEBAIMQq+/zr5xUyZVw
0ZJx2qVpujFb+6qelyG/bMP93v2VBwjOW4J7Ufq39MMTC/ZfeCwEPapQIOxtY9pI
YTrqmab2umTZ673ldVk00wR7SbV5jEjki35jcAMKSfjN3GetdR2cAodw/h3Vs/vi
JUcoZSXN3PISaelmE6moVDbBz4wrcbZrlyT/zQVc4n/zTZKvJ5RMQQnRyy+PjUQb
g5kRMSkeAVm3YtZoWngUzQV126Qc76XD7sV3btzAldd5UOhFWOZwKb1VFqDA6tdr
6cmjt1dEOsKoQFIbJ4qx9yqiNjBmF1HXJAUFJVfGTHqyQkyEFVfcz2k8JrwGXleP
OGg7aN8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:46 2024 by rpki-client on console-ams.rpki-client.org