Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/y14p1ccWSEqa0OvAqzZpiPt-fdc.roa
File:                     y14p1ccWSEqa0OvAqzZpiPt-fdc.roa (raw, json)
Hash identifier:          EjXVrIW4RBtJiKZU/YMs8FwcXl6OKk/l3Tk8HVDpm3g=
Subject key identifier:   CB:5E:29:D5:C7:16:48:4A:9A:D0:EB:C0:AB:36:69:88:FB:7E:7D:D7
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018886FBD8F192A1543AFDD6B9ABA589CFBD
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/y14p1ccWSEqa0OvAqzZpiPt-fdc.roa
Signing time:             Sun 04 Jun 2023 15:17:12 +0000
ROA not before:           Sun 04 Jun 2023 15:17:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          141.98.234.0/24 maxlen: 24
                          46.16.12.0/24 maxlen: 24
                          46.16.15.0/24 maxlen: 24
                          46.16.14.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24
                          37.220.80.0/22 maxlen: 22
                          185.166.196.0/23 maxlen: 24
                          94.198.216.0/22 maxlen: 24
                          94.198.220.0/23 maxlen: 24
                          81.200.144.0/21 maxlen: 24
                          81.200.152.0/22 maxlen: 24
                          81.200.156.0/23 maxlen: 24
                          46.19.64.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:86:fb:d8:f1:92:a1:54:3a:fd:d6:b9:ab:a5:89:cf:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jun  4 15:17:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb5e29d5c716484a9ad0ebc0ab366988fb7e7dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3e:f9:e6:62:8d:c8:cf:ba:fd:e1:1d:e9:d4:
                    36:9b:4c:ca:44:9c:ac:48:2f:fe:90:00:44:a8:9f:
                    8e:5a:b7:6c:5c:aa:45:75:72:3c:e5:57:df:21:c7:
                    f3:99:46:07:1d:34:e1:25:79:dd:ff:86:95:08:ac:
                    89:8d:dd:7f:f2:eb:98:2a:b2:ca:25:3f:6a:c5:3e:
                    f9:5e:cc:39:75:4a:20:6b:1d:bd:38:ae:73:9d:b6:
                    ec:23:33:45:64:62:76:11:14:56:7d:57:b3:55:d5:
                    c9:30:a2:9a:79:c6:20:a2:4f:00:16:a2:33:20:db:
                    29:70:1b:55:32:49:95:bf:f6:22:33:c8:34:06:c5:
                    91:f4:9f:3d:d1:86:33:60:71:2a:7e:bc:2c:db:cf:
                    19:a3:b1:95:fc:5c:bd:e2:f1:66:e6:0f:1e:5e:5a:
                    17:72:4d:d9:b5:44:f9:21:c6:3f:e2:52:9d:37:cd:
                    84:41:7c:44:3d:a1:af:fe:a6:d5:49:1c:f2:62:4d:
                    29:b2:8c:bc:09:be:b0:8d:9e:06:0e:71:6a:08:3b:
                    09:76:95:98:d9:b0:f2:93:b8:03:79:9a:64:ed:7a:
                    e7:4e:ba:d6:05:32:bd:e3:ab:c7:4b:da:0b:62:8b:
                    6c:ad:c1:32:38:fd:74:8c:2b:04:6a:d4:e0:e4:4d:
                    c8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:5E:29:D5:C7:16:48:4A:9A:D0:EB:C0:AB:36:69:88:FB:7E:7D:D7
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/y14p1ccWSEqa0OvAqzZpiPt-fdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.20.255
                  31.129.23.0-31.129.29.255
                  31.129.31.0/24
                  37.220.80.0/22
                  46.16.12.0/24
                  46.16.14.0/23
                  46.19.64.0/22
                  81.200.144.0-81.200.157.255
                  94.198.216.0-94.198.221.255
                  141.98.234.0/24
                  185.166.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:ba:14:bd:1d:5e:17:5d:55:48:0e:ca:74:ab:01:9a:2b:49:
         69:e3:5b:55:f4:e2:4c:c1:ff:06:a3:70:b1:07:d0:0e:11:68:
         6f:82:21:33:ad:7a:76:ab:08:d2:7b:20:8b:72:42:20:32:16:
         20:5e:5c:58:06:ca:c6:fc:be:11:73:f4:24:4f:59:64:4e:9b:
         b3:e0:ea:be:52:5e:85:23:7b:d3:1b:b5:fa:fa:54:1f:75:9a:
         46:d8:e4:51:9d:bd:45:4b:0d:86:38:c6:49:df:81:f3:27:5d:
         fa:87:78:cb:99:a7:ba:83:f1:a6:3e:49:49:f5:cc:0f:bd:d8:
         d0:ee:1e:c5:58:03:ac:d9:6a:d8:31:37:37:74:07:c1:e1:7f:
         90:1c:87:c7:3d:d9:a8:75:87:de:b0:51:f5:64:81:18:3a:09:
         a9:09:d8:f9:88:5a:8f:a3:f5:1a:3b:69:e9:ad:da:ea:87:d1:
         a0:0a:8a:4c:66:73:33:7e:8f:11:94:42:8f:88:3e:53:b8:5d:
         04:83:f3:6e:87:5d:09:24:18:38:e6:30:16:a4:d7:1f:eb:6e:
         3c:da:ed:24:19:55:ed:fc:04:12:3e:11:b0:56:36:d7:15:ab:
         36:54:f1:ae:f9:e3:ff:9b:ab:2e:48:a3:96:30:7b:40:70:e4:
         11:c6:17:1c
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYiG+9jxkqFUOv3Wuaulic+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNjA0MTUxNzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjVlMjlkNWM3MTY0ODRhOWFkMGViYzBhYjM2Njk4OGZiN2U3ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD755mKNyM+6/eEd6dQ2m0zKRJys
SC/+kABEqJ+OWrdsXKpFdXI85VffIcfzmUYHHTThJXnd/4aVCKyJjd1/8uuYKrLK
JT9qxT75Xsw5dUogax29OK5znbbsIzNFZGJ2ERRWfVezVdXJMKKaecYgok8AFqIz
INspcBtVMkmVv/YiM8g0BsWR9J890YYzYHEqfrws288Zo7GV/Fy94vFm5g8eXloX
ck3ZtUT5IcY/4lKdN82EQXxEPaGv/qbVSRzyYk0psoy8Cb6wjZ4GDnFqCDsJdpWY
2bDyk7gDeZpk7XrnTrrWBTK946vHS9oLYotsrcEyOP10jCsEatTg5E3IwQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFMteKdXHFkhKmtDrwKs2aYj7fn3XMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEveTE0cDFjY1dTRXFhME92QXF6WnBpUHQtZmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBnBAIAATBhMAsDAwAfgQME
AB+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQCJdxQAwQALhAMAwQBLhAOAwQCLhNA
MAwDBARRyJADBAFRyJwwDAMEA17G2AMEAV7G3AMEAI1i6gMEAbmmxDANBgkqhkiG
9w0BAQsFAAOCAQEAQboUvR1eF11VSA7KdKsBmitJaeNbVfTiTMH/BqNwsQfQDhFo
b4IhM616dqsI0nsgi3JCIDIWIF5cWAbKxvy+EXP0JE9ZZE6bs+DqvlJehSN70xu1
+vpUH3WaRtjkUZ29RUsNhjjGSd+B8ydd+od4y5mnuoPxpj5JSfXMD73Y0O4exVgD
rNlq2DE3N3QHweF/kByHxz3ZqHWH3rBR9WSBGDoJqQnY+Yhaj6P1Gjtp6a3a6ofR
oAqKTGZzM36PEZRCj4g+U7hdBIPzboddCSQYOOYwFqTXH+tuPNrtJBlV7fwEEj4R
sFY21xWrNlTxrvnj/5urLkijljB7QHDkEcYXHA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:55 2024 by rpki-client on console-fra.rpki-client.org