Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/PMDV6-hBHdqXyh7r2mq54wDzFfE.roa
File:                     PMDV6-hBHdqXyh7r2mq54wDzFfE.roa (raw, json)
Hash identifier:          5K5DU9irYLx8OLuYC5MLvMZotDxSXndVBXeEsXX4lLY=
Subject key identifier:   3C:C0:D5:EB:E8:41:1D:DA:97:CA:1E:EB:DA:6A:B9:E3:00:F3:15:F1
Certificate issuer:       /CN=4777da157768423fcba9217392ec7f483b3b9442
Certificate serial:       018B24A6D8334C1D379835D1BB92101EBC42
Authority key identifier: 47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/PMDV6-hBHdqXyh7r2mq54wDzFfE.roa
Signing time:             Thu 12 Oct 2023 16:09:55 +0000
ROA not before:           Thu 12 Oct 2023 16:09:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8832
IP address blocks:        185.123.176.0/22 maxlen: 22
                          109.69.168.0/21 maxlen: 21
                          2a00:1498::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:24:a6:d8:33:4c:1d:37:98:35:d1:bb:92:10:1e:bc:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4777da157768423fcba9217392ec7f483b3b9442
        Validity
            Not Before: Oct 12 16:09:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3cc0d5ebe8411dda97ca1eebda6ab9e300f315f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:70:36:f4:14:7f:c3:1a:78:c5:07:44:17:5e:
                    ab:b7:b2:4e:55:e2:0f:c8:05:82:88:d8:cf:dc:6d:
                    c2:21:52:b7:fa:2f:3f:34:92:30:d2:dd:b6:39:86:
                    71:b3:20:3a:78:d6:ef:f9:27:5e:38:8e:c0:13:ae:
                    36:bf:55:62:cb:15:22:82:53:e0:97:9b:39:31:93:
                    69:61:22:4a:22:c5:2f:d8:ef:52:a9:a5:d0:ce:62:
                    90:4b:0a:9b:d0:92:82:6a:9d:d2:14:b5:dc:aa:38:
                    1c:11:a9:ec:d0:15:9e:1a:64:7e:6a:56:c3:07:da:
                    a6:5f:ff:8b:7c:c8:3f:c1:87:08:cf:18:1c:1f:77:
                    5e:a7:00:be:f4:06:9a:5e:e2:46:1a:5a:a7:a9:a5:
                    56:f8:ec:5a:50:f0:e9:8c:05:1b:e7:35:90:6b:05:
                    2b:eb:2b:56:98:bc:b9:f2:60:de:21:a0:ae:b6:86:
                    84:4a:6c:f4:24:aa:3c:98:3c:67:64:28:12:c1:26:
                    89:74:f5:ae:bc:cc:d6:b2:56:c0:78:80:78:53:6c:
                    de:ad:cb:e3:a1:61:8a:90:fd:40:aa:0f:15:51:cc:
                    67:f2:66:2c:69:7b:ee:93:9c:9e:ea:e3:e8:be:b3:
                    37:8d:1f:ed:65:31:a2:9a:4a:2c:ac:c3:f8:a2:fc:
                    d6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C0:D5:EB:E8:41:1D:DA:97:CA:1E:EB:DA:6A:B9:E3:00:F3:15:F1
            X509v3 Authority Key Identifier:
                keyid:47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/PMDV6-hBHdqXyh7r2mq54wDzFfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.69.168.0/21
                  185.123.176.0/22
                IPv6:
                  2a00:1498::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:99:61:36:87:a6:40:00:b6:72:9f:e6:34:0d:4e:ed:d9:b8:
         0d:6d:a7:53:60:b2:7b:73:8b:f5:d1:0d:22:17:35:48:ce:0c:
         a8:69:90:3c:54:a0:01:14:77:13:65:70:7e:21:49:34:ce:4c:
         a8:17:89:47:6c:47:73:92:c5:ed:dd:78:69:48:5b:2a:9e:59:
         34:bb:ac:94:0a:53:22:36:2d:a7:f6:d2:34:0e:1d:81:27:a4:
         ab:47:00:2f:7b:cf:e4:8f:f8:65:bd:5f:d9:8b:54:ad:29:39:
         6e:1e:b8:35:c4:07:d2:45:5a:8c:34:a2:b1:a4:20:88:ee:9f:
         d5:c2:6e:85:a5:6c:21:f3:a9:e4:4b:b2:09:13:59:3b:97:ba:
         a7:36:73:93:c4:d4:f8:a1:97:79:21:68:5a:3a:89:00:09:9d:
         03:50:8b:e2:87:23:9c:6b:0b:46:20:85:b1:df:37:b9:e6:1e:
         6f:c8:5e:c7:4e:d4:e5:44:ce:0f:42:5a:83:1d:8e:62:55:7c:
         c8:70:e5:ca:25:ad:e6:16:23:77:e3:06:ca:27:f2:9f:c2:f4:
         ef:44:90:1e:15:45:20:2f:3e:16:4a:d3:7e:bd:d7:f5:2d:22:
         66:96:0e:33:e6:02:14:46:a4:53:87:90:7d:37:db:dc:d4:2b:
         1e:63:ec:bf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYskptgzTB03mDXRu5IQHrxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzdkYTE1Nzc2ODQyM2ZjYmE5MjE3MzkyZWM3ZjQ4M2Iz
Yjk0NDIwHhcNMjMxMDEyMTYwOTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2MwZDVlYmU4NDExZGRhOTdjYTFlZWJkYTZhYjllMzAwZjMxNWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XA29BR/wxp4xQdEF16rt7JOVeIP
yAWCiNjP3G3CIVK3+i8/NJIw0t22OYZxsyA6eNbv+SdeOI7AE642v1ViyxUiglPg
l5s5MZNpYSJKIsUv2O9SqaXQzmKQSwqb0JKCap3SFLXcqjgcEans0BWeGmR+albD
B9qmX/+LfMg/wYcIzxgcH3depwC+9AaaXuJGGlqnqaVW+OxaUPDpjAUb5zWQawUr
6ytWmLy58mDeIaCutoaESmz0JKo8mDxnZCgSwSaJdPWuvMzWslbAeIB4U2zercvj
oWGKkP1Aqg8VUcxn8mYsaXvuk5ye6uPovrM3jR/tZTGimkosrMP4ovzW5QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDzA1evoQR3al8oe69pqueMA8xXxMB8GA1UdIwQY
MBaAFEd32hV3aEI/y6khc5Lsf0g7O5RCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMt
ZjU3Zjg2ZGY0ZjE2LzEvUE1EVjYtaEJIZHFYeWg3cjJtcTU0d0R6RmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMtZjU3Zjg2ZGY0ZjE2
LzEvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbUWoAwQC
uXuwMA0EAgACMAcDBQAqABSYMA0GCSqGSIb3DQEBCwUAA4IBAQA4mWE2h6ZAALZy
n+Y0DU7t2bgNbadTYLJ7c4v10Q0iFzVIzgyoaZA8VKABFHcTZXB+IUk0zkyoF4lH
bEdzksXt3XhpSFsqnlk0u6yUClMiNi2n9tI0Dh2BJ6SrRwAve8/kj/hlvV/Zi1St
KTluHrg1xAfSRVqMNKKxpCCI7p/Vwm6FpWwh86nkS7IJE1k7l7qnNnOTxNT4oZd5
IWhaOokACZ0DUIvihyOcawtGIIWx3ze55h5vyF7HTtTlRM4PQlqDHY5iVXzIcOXK
Ja3mFiN34wbKJ/KfwvTvRJAeFUUgLz4WStN+vdf1LSJmlg4z5gIURqRTh5B9N9vc
1CseY+y/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:34 2024 by rpki-client on console-fra.rpki-client.org