Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/A4vcRuPUhaxLkmR_lSwUdK7GF1s.roa
File:                     A4vcRuPUhaxLkmR_lSwUdK7GF1s.roa (raw, json)
Hash identifier:          IuWL00H/dFSYWlIT3ABEiIeP2njofN3a08Vv3nD58vI=
Subject key identifier:   03:8B:DC:46:E3:D4:85:AC:4B:92:64:7F:95:2C:14:74:AE:C6:17:5B
Certificate issuer:       /CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
Certificate serial:       01856F025591DC58357A6D9048893C8DE245
Authority key identifier: E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/A4vcRuPUhaxLkmR_lSwUdK7GF1s.roa
Signing time:             Sun 01 Jan 2023 20:25:02 +0000
ROA not before:           Sun 01 Jan 2023 20:25:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21243
IP address blocks:        212.2.105.0/24 maxlen: 24
                          31.2.0.0/17 maxlen: 17
                          212.2.106.0/23 maxlen: 23
                          37.247.244.0/23 maxlen: 23
                          2a01:2e1:ffff:6::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:02:55:91:dc:58:35:7a:6d:90:48:89:3c:8d:e2:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
        Validity
            Not Before: Jan  1 20:25:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=038bdc46e3d485ac4b92647f952c1474aec6175b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ea:1c:d3:cf:c0:64:a2:16:c6:3c:f3:aa:8a:
                    4f:68:37:26:d0:da:53:e5:c0:53:94:88:de:69:38:
                    fa:8c:41:3c:23:a5:4a:40:3e:ee:5f:20:8b:ea:dc:
                    64:07:d6:c1:eb:fd:46:54:d0:61:86:4f:11:89:72:
                    c8:6c:f2:ae:e6:58:6c:5d:60:f7:7e:18:59:ed:58:
                    fe:4d:1f:73:75:62:0d:55:74:6a:0c:e0:33:41:2d:
                    c5:63:04:09:0a:49:50:af:a3:d8:e2:a9:f1:34:dd:
                    3d:31:47:16:f0:e9:75:a0:c5:08:54:f9:3b:f2:cd:
                    f3:3a:03:92:e7:55:42:66:45:14:3e:3d:f1:8b:e0:
                    f7:76:6d:5b:06:f8:55:49:d3:f1:c6:25:c5:77:e4:
                    12:7e:ca:1e:21:76:1f:f9:6f:b9:68:45:6e:55:5b:
                    72:75:96:b4:a3:22:94:75:be:91:61:0d:b3:4a:11:
                    4f:73:ce:eb:3f:e2:b6:c9:68:90:05:71:0d:fb:35:
                    a1:cf:87:f4:cb:f7:3b:ef:aa:b0:be:71:8d:4a:78:
                    62:3a:be:d4:d5:96:af:12:16:2e:d1:2b:e7:27:58:
                    ab:c0:09:77:57:4f:c6:44:ab:11:5b:b4:d6:c6:62:
                    ca:11:fa:4d:2b:18:4a:d0:7e:76:18:c3:99:11:aa:
                    4c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:8B:DC:46:E3:D4:85:AC:4B:92:64:7F:95:2C:14:74:AE:C6:17:5B
            X509v3 Authority Key Identifier:
                keyid:E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/A4vcRuPUhaxLkmR_lSwUdK7GF1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.2.0.0/17
                  37.247.244.0/23
                  212.2.105.0-212.2.107.255
                IPv6:
                  2a01:2e1:ffff:6::/64

    Signature Algorithm: sha256WithRSAEncryption
         13:45:37:78:05:0c:9e:40:fb:b8:fb:fe:58:80:74:b0:93:a5:
         b7:dc:e0:d6:cf:4f:e2:23:d9:51:af:3e:69:1c:e5:da:58:c8:
         32:c3:d6:3d:69:be:e4:d2:fe:3f:e2:9f:fe:7d:41:fc:a1:b5:
         7d:34:d7:34:91:0a:8c:3c:c2:4f:e5:7c:21:56:36:64:f1:52:
         e5:15:d6:6c:8f:fd:b8:9b:82:a5:5b:11:90:b4:70:a6:3a:9f:
         89:0f:f1:d9:6a:42:8a:b2:dd:b6:89:66:c2:57:24:c7:65:52:
         05:67:f5:3f:1c:b8:4e:a3:f7:5a:b8:55:c3:4b:89:3f:07:96:
         67:b3:92:42:42:03:64:83:ac:e8:4f:52:f4:b5:1c:d3:2a:94:
         10:8d:0c:68:e1:f6:ab:18:a0:23:06:30:8f:82:8c:7d:8a:8b:
         bf:49:32:66:3b:fa:5b:06:91:d9:f9:25:97:9c:39:35:b0:fb:
         a9:bf:72:e1:80:2b:f5:03:02:ac:6d:8c:af:c5:16:fa:8a:4a:
         0b:6a:85:75:27:46:8f:9f:fd:e6:a6:7a:15:73:54:b4:59:c1:
         2d:3e:78:e7:a9:df:8f:31:82:b6:c7:d8:d6:5a:55:f9:c9:0b:
         00:9d:02:77:2e:32:90:39:38:9e:00:90:ba:a7:2a:bb:2d:0a:
         b4:d0:87:ab
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVvAlWR3Fg1em2QSIk8jeJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWI5YWMyZWY2MzFiOTJlODJmNTk1ZDczZTQ3OTJjODE2
ZWM2ZTYwHhcNMjMwMTAxMjAyNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzhiZGM0NmUzZDQ4NWFjNGI5MjY0N2Y5NTJjMTQ3NGFlYzYxNzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+oc08/AZKIWxjzzqopPaDcm0NpT
5cBTlIjeaTj6jEE8I6VKQD7uXyCL6txkB9bB6/1GVNBhhk8RiXLIbPKu5lhsXWD3
fhhZ7Vj+TR9zdWINVXRqDOAzQS3FYwQJCklQr6PY4qnxNN09MUcW8Ol1oMUIVPk7
8s3zOgOS51VCZkUUPj3xi+D3dm1bBvhVSdPxxiXFd+QSfsoeIXYf+W+5aEVuVVty
dZa0oyKUdb6RYQ2zShFPc87rP+K2yWiQBXEN+zWhz4f0y/c776qwvnGNSnhiOr7U
1ZavEhYu0SvnJ1irwAl3V0/GRKsRW7TWxmLKEfpNKxhK0H52GMOZEapMYQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFAOL3Ebj1IWsS5Jkf5UsFHSuxhdbMB8GA1UdIwQY
MBaAFOKbmsLvYxuS6C9ZXXPkeSyBbsbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYt
OTE2NGUzNTJhODNjLzEvQTR2Y1J1UFVoYXhMa21SX2xTd1VkSzdHRjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYtOTE2NGUzNTJhODNj
LzEvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAgBAIAATAaAwQHHwIAAwQB
Jff0MAwDBADUAmkDBALUAmgwEQQCAAIwCwMJACoBAuH//wAGMA0GCSqGSIb3DQEB
CwUAA4IBAQATRTd4BQyeQPu4+/5YgHSwk6W33ODWz0/iI9lRrz5pHOXaWMgyw9Y9
ab7k0v4/4p/+fUH8obV9NNc0kQqMPMJP5XwhVjZk8VLlFdZsj/24m4KlWxGQtHCm
Op+JD/HZakKKst22iWbCVyTHZVIFZ/U/HLhOo/dauFXDS4k/B5Zns5JCQgNkg6zo
T1L0tRzTKpQQjQxo4farGKAjBjCPgox9iou/STJmO/pbBpHZ+SWXnDk1sPupv3Lh
gCv1AwKsbYyvxRb6ikoLaoV1J0aPn/3mpnoVc1S0WcEtPnjnqd+PMYK2x9jWWlX5
yQsAnQJ3LjKQOTieAJC6pyq7LQq00Ier
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:57 2024 by rpki-client on console-fra.rpki-client.org