Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/yjX7M48qzuLfYKf8NPNfxc_uRR0.roa
File:                     yjX7M48qzuLfYKf8NPNfxc_uRR0.roa (raw, json)
Hash identifier:          Xf5jFLAZ4qpJ5JaJv8/al/x0EQCUI0SlmpEaWG5EF90=
Subject key identifier:   CA:35:FB:33:8F:2A:CE:E2:DF:60:A7:FC:34:F3:5F:C5:CF:EE:45:1D
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       0182EF491D837AAA007515E61CBFD9495B99
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/yjX7M48qzuLfYKf8NPNfxc_uRR0.roa
Signing time:             Tue 30 Aug 2022 15:05:22 +0000
ROA not before:           Tue 30 Aug 2022 15:05:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397563
IP address blocks:        213.142.136.0/24 maxlen: 24
                          213.142.133.0/24 maxlen: 24
                          213.142.137.0/24 maxlen: 24
                          213.142.144.0/24 maxlen: 32
                          213.142.145.0/24 maxlen: 32
                          213.142.142.0/24 maxlen: 32
                          213.142.152.0/24 maxlen: 24
                          213.142.153.0/24 maxlen: 24
                          213.142.128.0/24 maxlen: 24
                          213.142.129.0/24 maxlen: 24
                          213.142.131.0/24 maxlen: 24
                          213.142.132.0/24 maxlen: 24
                          213.142.130.0/24 maxlen: 24
                          91.151.92.0/24 maxlen: 24
                          80.253.252.0/24 maxlen: 24
                          80.253.253.0/24 maxlen: 24
                          91.151.80.0/21 maxlen: 24
                          91.151.80.0/24 maxlen: 24
                          91.151.85.0/24 maxlen: 24
                          91.151.82.0/24 maxlen: 24
                          91.151.91.0/24 maxlen: 24
                          91.151.86.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ef:49:1d:83:7a:aa:00:75:15:e6:1c:bf:d9:49:5b:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Aug 30 15:05:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca35fb338f2acee2df60a7fc34f35fc5cfee451d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:94:4a:82:5e:4f:c0:27:87:7d:8d:89:73:fe:
                    99:5e:6d:d2:52:d0:bc:88:5a:7f:d3:e8:5a:30:3d:
                    c9:b3:e5:0c:9d:f7:e7:e2:95:d3:ad:e5:34:78:9d:
                    37:e2:af:03:03:d2:2e:7e:fc:ed:48:0d:42:fa:ae:
                    f2:7f:c2:96:36:bc:0c:e0:ff:80:ea:3b:bb:9e:c9:
                    af:36:4f:48:d4:d7:ee:61:4b:0f:fe:43:bd:00:1d:
                    9e:17:be:fa:5f:b2:52:c5:98:c2:53:ac:b6:a2:f0:
                    1c:b4:94:1e:5f:6a:9d:76:42:88:0d:e1:63:e6:41:
                    5b:b7:6c:30:e3:87:69:a6:d7:d8:63:f1:7f:02:ac:
                    7d:1b:10:81:5c:5b:22:e3:06:4e:86:35:5e:e9:0e:
                    b0:ab:f1:11:22:8b:ca:f0:f6:a2:5b:78:01:f0:9e:
                    27:00:72:89:26:d4:a8:61:44:b0:34:4c:86:dc:f5:
                    8c:a3:7e:96:a6:dd:9a:94:a1:5e:fa:16:7f:94:2b:
                    8a:cd:b4:67:42:99:ad:b6:24:c8:d8:96:9c:eb:23:
                    3e:e2:79:4f:02:1a:48:f6:4c:c6:9c:10:76:d7:76:
                    62:40:67:47:0b:27:b6:b0:43:b4:2e:ff:4c:f9:fe:
                    bb:43:a0:a5:8c:01:50:fc:8c:a4:dd:ac:d0:c1:11:
                    ef:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:35:FB:33:8F:2A:CE:E2:DF:60:A7:FC:34:F3:5F:C5:CF:EE:45:1D
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/yjX7M48qzuLfYKf8NPNfxc_uRR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.252.0/23
                  91.151.80.0/21
                  91.151.91.0-91.151.92.255
                  213.142.128.0-213.142.133.255
                  213.142.136.0/23
                  213.142.142.0/24
                  213.142.144.0/23
                  213.142.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:55:a1:dc:26:8c:17:ab:15:65:ed:d6:71:ef:93:91:cf:f6:
         76:6a:60:4d:54:74:57:54:13:b6:39:3e:74:59:dd:3c:36:fc:
         00:50:45:b4:98:19:25:ec:8b:78:8f:7b:0a:83:97:de:ff:b7:
         ed:cc:e1:89:8f:9a:b5:17:07:90:ff:b3:3d:23:d7:53:14:3f:
         70:fa:96:c4:11:a6:04:80:72:5a:74:75:de:99:e7:c2:92:72:
         2f:43:11:8c:2c:90:9d:db:b2:55:53:52:40:4d:f7:a8:46:e2:
         bf:d3:6b:97:8d:08:3a:ae:e1:db:e8:c5:91:28:5f:50:fb:e6:
         61:7d:d9:8c:0b:94:2b:3e:1f:2e:2a:e0:31:55:9d:f6:42:0f:
         f1:93:33:78:df:7d:ef:3a:61:ac:74:b2:a5:05:a8:5c:02:59:
         3e:04:fa:c7:34:d2:c9:d5:f6:a0:e7:3d:ff:ce:69:ed:99:2c:
         ed:36:ac:4f:7e:78:67:06:ef:34:33:f7:b9:31:f1:b7:11:44:
         86:ec:86:e0:37:9e:bf:0b:d2:e7:d7:69:49:32:be:54:f6:e5:
         05:a7:bb:43:ba:6a:41:8c:70:28:d8:da:66:51:bc:9c:b8:2e:
         55:7c:9b:3b:04:c9:9f:91:ee:f4:d5:d4:e2:ad:12:24:79:6f:
         da:35:a8:1e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYLvSR2DeqoAdRXmHL/ZSVuZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjIwODMwMTUwNTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTM1ZmIzMzhmMmFjZWUyZGY2MGE3ZmMzNGYzNWZjNWNmZWU0NTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5RKgl5PwCeHfY2Jc/6ZXm3SUtC8
iFp/0+haMD3Js+UMnffn4pXTreU0eJ034q8DA9IufvztSA1C+q7yf8KWNrwM4P+A
6ju7nsmvNk9I1NfuYUsP/kO9AB2eF776X7JSxZjCU6y2ovActJQeX2qddkKIDeFj
5kFbt2ww44dpptfYY/F/Aqx9GxCBXFsi4wZOhjVe6Q6wq/ERIovK8PaiW3gB8J4n
AHKJJtSoYUSwNEyG3PWMo36Wpt2alKFe+hZ/lCuKzbRnQpmttiTI2Jac6yM+4nlP
AhpI9kzGnBB213ZiQGdHCye2sEO0Lv9M+f67Q6CljAFQ/Iyk3azQwRHvlwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFMo1+zOPKs7i32Cn/DTzX8XP7kUdMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEveWpYN000OHF6dUxmWUtmOE5QTmZ4Y191UlIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQBUP38AwQD
W5dQMAwDBABbl1sDBABbl1wwDAMEB9WOgAMEAdWOhAMEAdWOiAMEANWOjgMEAdWO
kAMEAdWOmDANBgkqhkiG9w0BAQsFAAOCAQEAOFWh3CaMF6sVZe3Wce+Tkc/2dmpg
TVR0V1QTtjk+dFndPDb8AFBFtJgZJeyLeI97CoOX3v+37czhiY+atRcHkP+zPSPX
UxQ/cPqWxBGmBIByWnR13pnnwpJyL0MRjCyQnduyVVNSQE33qEbiv9Nrl40IOq7h
2+jFkShfUPvmYX3ZjAuUKz4fLirgMVWd9kIP8ZMzeN997zphrHSypQWoXAJZPgT6
xzTSydX2oOc9/85p7Zks7TasT354ZwbvNDP3uTHxtxFEhuyG4DeevwvS59dpSTK+
VPblBae7Q7pqQYxwKNjaZlG8nLguVXybOwTJn5Hu9NXU4q0SJHlv2jWoHg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:04 2023 by rpki-client on console-ams.rpki-client.org