Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/M7KT9ZsP3Xy8nmAbVetx8MfNXqY.roa
File:                     M7KT9ZsP3Xy8nmAbVetx8MfNXqY.roa (raw, json)
Hash identifier:          v7fh2NwL6qgika84c5PmkmgweOwMfe1dqoUhIYsk0JU=
Subject key identifier:   33:B2:93:F5:9B:0F:DD:7C:BC:9E:60:1B:55:EB:71:F0:C7:CD:5E:A6
Certificate issuer:       /CN=8936df4ac2f467ea66c1197a8629d3f64bb563f0
Certificate serial:       0185729EC096C7C8F6E5B3A8996964F58254
Authority key identifier: 89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/M7KT9ZsP3Xy8nmAbVetx8MfNXqY.roa
Signing time:             Mon 02 Jan 2023 13:14:44 +0000
ROA not before:           Mon 02 Jan 2023 13:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207722
IP address blocks:        2001:678:ba8::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:9e:c0:96:c7:c8:f6:e5:b3:a8:99:69:64:f5:82:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8936df4ac2f467ea66c1197a8629d3f64bb563f0
        Validity
            Not Before: Jan  2 13:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33b293f59b0fdd7cbc9e601b55eb71f0c7cd5ea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:86:e6:65:32:58:f6:51:51:1e:f0:9b:a2:7d:
                    d3:a1:26:6b:27:43:10:70:61:2c:2c:be:93:34:a5:
                    99:3d:c1:1b:10:41:3a:e1:08:7c:90:8e:4e:f4:fd:
                    74:c7:a2:46:1c:b7:ed:7b:c4:ed:16:16:e7:67:e0:
                    f8:9a:b1:0e:b1:c6:a5:e9:6a:51:70:41:d4:2f:11:
                    78:bf:c7:c6:80:b1:eb:d4:56:57:c0:bf:cf:cd:45:
                    09:60:ee:be:06:69:1e:be:5f:d0:e2:16:73:6d:21:
                    05:ff:1f:af:fb:85:a8:7d:f0:ef:c8:91:06:b4:03:
                    dc:c3:56:06:2d:31:08:15:89:98:89:f8:2b:cf:29:
                    6f:31:36:fb:53:aa:53:04:9c:6d:3b:a3:92:ba:87:
                    4f:b0:69:fb:0c:14:2e:aa:5c:08:fc:37:fc:5a:be:
                    aa:70:0f:59:39:3b:57:f3:1f:44:74:8a:d5:97:a4:
                    43:9c:b2:09:2c:b8:f5:99:d2:d6:78:b8:8f:2b:87:
                    17:0c:64:ce:48:3a:0c:ff:cb:62:b2:a3:9c:ec:d9:
                    59:ec:dc:bd:97:1e:85:c8:b9:b7:d9:65:4e:71:a5:
                    68:1c:c4:63:a8:02:e0:4a:83:f3:ef:e5:62:47:34:
                    aa:29:0d:38:42:27:01:a1:eb:51:42:d6:9f:ff:47:
                    a1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:B2:93:F5:9B:0F:DD:7C:BC:9E:60:1B:55:EB:71:F0:C7:CD:5E:A6
            X509v3 Authority Key Identifier:
                keyid:89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/M7KT9ZsP3Xy8nmAbVetx8MfNXqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ba8::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:cc:71:54:7e:1f:25:a0:77:aa:dc:66:4f:b9:78:9b:a6:55:
         74:40:05:3d:5f:ce:a0:b8:69:2c:39:87:28:4d:72:1a:39:05:
         21:0b:67:37:83:04:7a:e3:88:1a:b7:54:6a:3a:59:fc:eb:80:
         d5:35:8c:2f:53:92:3f:fb:0f:99:30:e6:07:79:b1:95:e0:68:
         49:ba:87:5c:b6:80:52:cd:87:2d:21:8a:7a:89:3d:6e:74:d6:
         7a:2a:ba:f8:00:8a:48:26:54:c6:e8:5a:e6:5c:3a:df:ab:55:
         d1:cf:c0:a4:60:cf:15:e0:fb:aa:21:f4:b7:20:2f:6a:f6:93:
         1c:65:4a:95:e4:ce:cd:a9:0b:67:17:63:54:de:b1:7f:9a:5a:
         b5:ac:0f:e2:38:ea:aa:cf:df:88:0d:9d:7c:23:a8:38:85:dd:
         9a:d9:96:ed:ce:ee:b6:4d:b0:8d:51:7d:8c:2f:cd:78:6e:32:
         01:2e:31:14:64:e4:da:78:2d:7d:0c:be:53:19:5d:96:32:89:
         16:6b:90:ac:0a:fa:9d:0a:70:6e:3c:46:0a:69:b1:d7:0b:c5:
         3a:9e:96:bd:64:a7:92:ae:6c:47:dd:49:ca:82:b6:f9:3e:7a:
         8a:0d:a9:6d:3d:66:49:38:af:c9:35:83:27:bd:a7:1e:68:af:
         b3:2b:17:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVynsCWx8j25bOomWlk9YJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MzZkZjRhYzJmNDY3ZWE2NmMxMTk3YTg2MjlkM2Y2NGJi
NTYzZjAwHhcNMjMwMTAyMTMxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2IyOTNmNTliMGZkZDdjYmM5ZTYwMWI1NWViNzFmMGM3Y2Q1ZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYbmZTJY9lFRHvCbon3ToSZrJ0MQ
cGEsLL6TNKWZPcEbEEE64Qh8kI5O9P10x6JGHLfte8TtFhbnZ+D4mrEOscal6WpR
cEHULxF4v8fGgLHr1FZXwL/PzUUJYO6+Bmkevl/Q4hZzbSEF/x+v+4WoffDvyJEG
tAPcw1YGLTEIFYmYifgrzylvMTb7U6pTBJxtO6OSuodPsGn7DBQuqlwI/Df8Wr6q
cA9ZOTtX8x9EdIrVl6RDnLIJLLj1mdLWeLiPK4cXDGTOSDoM/8tisqOc7NlZ7Ny9
lx6FyLm32WVOcaVoHMRjqALgSoPz7+ViRzSqKQ04QicBoetRQtaf/0ehzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDOyk/WbD918vJ5gG1XrcfDHzV6mMB8GA1UdIwQY
MBaAFIk230rC9GfqZsEZeoYp0/ZLtWPwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRiZlNzTDBaLXBtd1JsNmhpblQ5a3UxWV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi83ODk1ZjgtYWMzMS00Nzk4LTg0MDQt
NGUyNzhkZDQ4YTNmLzEvTTdLVDlac1AzWHk4bm1BYlZldHg4TWZOWHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi83ODk1ZjgtYWMzMS00Nzk4LTg0MDQtNGUyNzhkZDQ4YTNm
LzEvaVRiZlNzTDBaLXBtd1JsNmhpblQ5a3UxWV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAuo
MA0GCSqGSIb3DQEBCwUAA4IBAQBazHFUfh8loHeq3GZPuXibplV0QAU9X86guGks
OYcoTXIaOQUhC2c3gwR644gat1RqOln864DVNYwvU5I/+w+ZMOYHebGV4GhJuodc
toBSzYctIYp6iT1udNZ6Krr4AIpIJlTG6FrmXDrfq1XRz8CkYM8V4PuqIfS3IC9q
9pMcZUqV5M7NqQtnF2NU3rF/mlq1rA/iOOqqz9+IDZ18I6g4hd2a2Zbtzu62TbCN
UX2ML814bjIBLjEUZOTaeC19DL5TGV2WMokWa5CsCvqdCnBuPEYKabHXC8U6npa9
ZKeSrmxH3UnKgrb5PnqKDaltPWZJOK/JNYMnvaceaK+zKxd/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:57 2024 by rpki-client on console-ams.rpki-client.org