Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/EvtYVG2wsznfHJ-tZFoKd1PwOi8.roa
File:                     EvtYVG2wsznfHJ-tZFoKd1PwOi8.roa (raw, json)
Hash identifier:          zNMwoYRN5ukvz3NrZMkKhNWJux8UhANb9unVvcwkRRY=
Subject key identifier:   12:FB:58:54:6D:B0:B3:39:DF:1C:9F:AD:64:5A:0A:77:53:F0:3A:2F
Certificate issuer:       /CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
Certificate serial:       018DB2B28A8662E493F2EF80224CA7DBB41D
Authority key identifier: E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/EvtYVG2wsznfHJ-tZFoKd1PwOi8.roa
Signing time:             Fri 16 Feb 2024 16:14:21 +0000
ROA not before:           Fri 16 Feb 2024 16:14:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8374
IP address blocks:        5.60.0.0/16 maxlen: 16
                          5.172.224.0/19 maxlen: 19
                          5.174.0.0/16 maxlen: 16
                          31.0.0.0/15 maxlen: 15
                          37.7.0.0/16 maxlen: 16
                          37.98.208.0/20 maxlen: 20
                          37.109.0.0/16 maxlen: 16
                          37.152.16.0/20 maxlen: 20
                          37.209.128.0/19 maxlen: 19
                          37.247.128.0/17 maxlen: 17
                          37.247.241.0/28 maxlen: 28
                          37.248.0.0/15 maxlen: 15
                          46.76.0.0/15 maxlen: 15
                          46.168.0.0/15 maxlen: 15
                          46.215.0.0/16 maxlen: 16
                          77.112.0.0/14 maxlen: 14
                          78.30.64.0/18 maxlen: 18
                          84.39.160.0/20 maxlen: 20
                          87.251.224.0/19 maxlen: 19
                          92.60.128.0/20 maxlen: 20
                          93.154.128.0/17 maxlen: 17
                          95.40.0.0/15 maxlen: 15
                          151.248.32.0/20 maxlen: 20
                          185.4.212.0/22 maxlen: 22
                          188.125.32.0/19 maxlen: 19
                          193.41.112.0/23 maxlen: 23
                          212.2.96.0/19 maxlen: 19
                          2a01:2e0::/28 maxlen: 28
                          2a01:bb80::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:b2:8a:86:62:e4:93:f2:ef:80:22:4c:a7:db:b4:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
        Validity
            Not Before: Feb 16 16:14:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12fb58546db0b339df1c9fad645a0a7753f03a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:87:2b:52:30:76:70:81:20:3f:f9:dc:74:38:
                    a7:2b:3b:fd:8c:8c:e2:5a:c9:f7:3f:dd:cf:f2:31:
                    9d:f1:b6:bc:02:fb:a0:a0:82:3f:3e:ec:4d:aa:d8:
                    33:1f:dc:b1:7f:f0:c9:41:68:7d:4e:47:11:9b:bb:
                    12:c3:8f:7f:14:d0:bb:b6:35:87:9a:b7:ef:81:bd:
                    27:e1:74:c7:79:7a:ea:52:b4:f9:13:25:48:3b:89:
                    83:01:8c:70:0f:7a:2a:ff:64:98:ba:80:e9:f1:ed:
                    28:46:22:f3:20:16:95:b3:d3:3b:8b:98:dd:71:fd:
                    ef:21:1e:3a:ba:f2:7f:fe:a9:04:16:b2:f7:10:d1:
                    94:67:3a:74:2b:6c:91:1c:b7:dc:73:ec:7c:54:fe:
                    65:db:b8:c5:fc:71:e9:37:d3:8b:6b:d9:1a:c9:d5:
                    a1:e0:04:c8:fa:38:2a:35:76:87:d6:60:72:0b:d5:
                    f6:ab:24:88:1b:23:5a:80:d3:37:2f:15:df:d8:5b:
                    a5:ef:45:81:78:a5:a6:a6:a7:19:c4:80:3f:16:75:
                    8c:b9:57:5f:1d:bb:76:31:ce:b1:70:9b:29:8d:c6:
                    27:d8:92:7d:59:da:bb:88:86:32:9e:20:a6:a5:1d:
                    d6:95:85:71:56:b2:38:23:13:96:57:c8:b2:16:9d:
                    4f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:FB:58:54:6D:B0:B3:39:DF:1C:9F:AD:64:5A:0A:77:53:F0:3A:2F
            X509v3 Authority Key Identifier:
                keyid:E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/EvtYVG2wsznfHJ-tZFoKd1PwOi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.0.0/16
                  5.172.224.0/19
                  5.174.0.0/16
                  31.0.0.0/15
                  37.7.0.0/16
                  37.98.208.0/20
                  37.109.0.0/16
                  37.152.16.0/20
                  37.209.128.0/19
                  37.247.128.0-37.249.255.255
                  46.76.0.0/15
                  46.168.0.0/15
                  46.215.0.0/16
                  77.112.0.0/14
                  78.30.64.0/18
                  84.39.160.0/20
                  87.251.224.0/19
                  92.60.128.0/20
                  93.154.128.0/17
                  95.40.0.0/15
                  151.248.32.0/20
                  185.4.212.0/22
                  188.125.32.0/19
                  193.41.112.0/23
                  212.2.96.0/19
                IPv6:
                  2a01:2e0::/28
                  2a01:bb80::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:64:9b:5b:6d:17:be:7f:8f:dc:cd:f6:43:d6:8e:e9:e1:5d:
         2f:8b:4e:8e:33:bc:51:5c:8c:55:c5:91:1c:28:7a:d3:7b:82:
         a5:db:36:53:37:2b:55:c1:d9:ec:a2:26:cf:5f:1a:5a:a8:11:
         da:c0:0e:e0:cd:53:48:b6:ec:d6:e0:56:6c:99:48:0c:7c:15:
         34:ba:ff:fd:48:e1:0b:f3:db:b9:fa:3a:51:de:9c:5c:89:db:
         28:a6:ff:28:e0:7a:dc:b9:c8:aa:9d:42:b4:60:b5:20:0b:42:
         25:53:35:3f:30:cd:87:fa:d0:37:31:58:c6:0d:4c:b1:f9:94:
         8f:4a:ba:31:c6:1a:e2:ea:15:9d:28:ec:e0:e5:aa:65:2f:91:
         d2:62:04:61:8e:fc:1d:91:60:f2:92:a7:cb:c2:bb:82:e0:af:
         e7:a4:52:aa:e9:95:ef:2a:6c:b6:1d:9d:57:6d:09:27:9e:b9:
         29:4f:84:2d:14:e9:9f:37:57:c9:2b:19:59:89:06:5b:ff:05:
         9a:d7:03:97:f2:1e:53:76:83:1c:c1:90:71:65:5e:40:81:05:
         be:da:e2:ff:38:0d:af:a5:16:47:69:1e:ed:62:c2:f9:e2:00:
         0f:5f:d8:bf:3c:b4:73:7d:f7:35:ae:95:34:4d:db:59:bc:67:
         2d:24:08:89
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAY2ysoqGYuST8u+AIkyn27QdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWI5YWMyZWY2MzFiOTJlODJmNTk1ZDczZTQ3OTJjODE2
ZWM2ZTYwHhcNMjQwMjE2MTYxNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmZiNTg1NDZkYjBiMzM5ZGYxYzlmYWQ2NDVhMGE3NzUzZjAzYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYcrUjB2cIEgP/ncdDinKzv9jIzi
Wsn3P93P8jGd8ba8AvugoII/PuxNqtgzH9yxf/DJQWh9TkcRm7sSw49/FNC7tjWH
mrfvgb0n4XTHeXrqUrT5EyVIO4mDAYxwD3oq/2SYuoDp8e0oRiLzIBaVs9M7i5jd
cf3vIR46uvJ//qkEFrL3ENGUZzp0K2yRHLfcc+x8VP5l27jF/HHpN9OLa9kaydWh
4ATI+jgqNXaH1mByC9X2qySIGyNagNM3LxXf2Ful70WBeKWmpqcZxIA/FnWMuVdf
Hbt2Mc6xcJspjcYn2JJ9Wdq7iIYyniCmpR3WlYVxVrI4IxOWV8iyFp1PxwIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFBL7WFRtsLM53xyfrWRaCndT8DovMB8GA1UdIwQY
MBaAFOKbmsLvYxuS6C9ZXXPkeSyBbsbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYt
OTE2NGUzNTJhODNjLzEvRXZ0WVZHMndzem5mSEotdFpGb0tkMVB3T2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYtOTE2NGUzNTJhODNj
LzEvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHGBggrBgEFBQcBBwEB/wSBtjCBszCBmgQCAAEwgZMDAwAF
PAMEBQWs4AMDAAWuAwMBHwADAwAlBwMEBCVi0AMDACVtAwQEJZgQAwQFJdGAMAsD
BAcl94ADAwEl+AMDAS5MAwMBLqgDAwAu1wMDAk1wAwQGTh5AAwQEVCegAwQFV/vg
AwQEXDyAAwQHXZqAAwMBXygDBASX+CADBAK5BNQDBAW8fSADBAHBKXADBAXUAmAw
FAQCAAIwDgMFBCoBAuADBQAqAbuAMA0GCSqGSIb3DQEBCwUAA4IBAQBYZJtbbRe+
f4/czfZD1o7p4V0vi06OM7xRXIxVxZEcKHrTe4Kl2zZTNytVwdnsoibPXxpaqBHa
wA7gzVNItuzW4FZsmUgMfBU0uv/9SOEL89u5+jpR3pxcidsopv8o4HrcuciqnUK0
YLUgC0IlUzU/MM2H+tA3MVjGDUyx+ZSPSroxxhri6hWdKOzg5aplL5HSYgRhjvwd
kWDykqfLwruC4K/npFKq6ZXvKmy2HZ1XbQknnrkpT4QtFOmfN1fJKxlZiQZb/wWa
1wOX8h5TdoMcwZBxZV5AgQW+2uL/OA2vpRZHaR7tYsL54gAPX9i/PLRzffc1rpU0
TdtZvGctJAiJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:57 2024 by rpki-client on console-fra.rpki-client.org