Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/UVzZGlFxO8wIlTz3u2EDQKDEVno.roa
File:                     UVzZGlFxO8wIlTz3u2EDQKDEVno.roa (raw, json)
Hash identifier:          SgEqxGbAzAeNbzsriErZOnwnvF3GPLp6Twfk5GmxO/E=
Subject key identifier:   51:5C:D9:1A:51:71:3B:CC:08:95:3C:F7:BB:61:03:40:A0:C4:56:7A
Certificate issuer:       /CN=3026806a6b8dac68c2a32b65849229524fc33da7
Certificate serial:       01862B276E682445BA84772A41F6589A374E
Authority key identifier: 30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/UVzZGlFxO8wIlTz3u2EDQKDEVno.roa
Signing time:             Tue 07 Feb 2023 09:14:09 +0000
ROA not before:           Tue 07 Feb 2023 09:14:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205927
IP address blocks:        2001:678:97c::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:2b:27:6e:68:24:45:ba:84:77:2a:41:f6:58:9a:37:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3026806a6b8dac68c2a32b65849229524fc33da7
        Validity
            Not Before: Feb  7 09:14:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=515cd91a51713bcc08953cf7bb610340a0c4567a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:73:e3:6b:56:da:24:61:d6:0f:4e:20:b7:7c:
                    0a:7a:8d:e7:2d:84:3c:e4:bd:3d:b9:5a:11:93:0b:
                    6f:85:ba:44:26:72:70:70:80:cd:ad:0f:9b:e7:90:
                    58:72:b7:47:2c:64:58:ae:6a:4a:13:4e:7d:59:b3:
                    e5:fe:07:ab:f3:80:33:15:1b:8b:bc:0d:0d:7a:f9:
                    55:2c:d2:46:0e:dd:91:30:e0:8b:f6:c3:a2:9c:6a:
                    b9:0b:33:a8:01:3c:6f:b8:9c:15:5e:f4:28:88:be:
                    c1:d9:f2:79:b5:ab:13:de:62:a2:fa:91:4a:1c:2f:
                    a7:bb:57:20:e3:24:17:34:36:68:5b:dc:d8:a9:d8:
                    ec:f9:8a:36:dd:a6:c8:e0:bb:7c:aa:6a:9d:54:ce:
                    f7:3c:46:7c:ed:6a:e6:6c:93:ee:21:c9:c1:a8:c9:
                    7d:82:2f:e8:a6:12:f5:3c:7d:a9:01:b6:fe:70:5b:
                    f5:70:bc:b7:2d:ee:b0:78:46:90:9e:26:ef:25:9a:
                    e8:84:cc:2c:81:37:0c:c7:00:1a:fa:22:e8:ce:ce:
                    23:80:15:0e:e8:74:cd:39:89:21:e8:f9:06:69:d3:
                    48:3d:4a:f9:80:08:32:b2:2c:11:37:53:74:1e:43:
                    8b:95:c4:4d:82:ab:ea:2d:9d:d3:33:4b:28:97:07:
                    04:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:5C:D9:1A:51:71:3B:CC:08:95:3C:F7:BB:61:03:40:A0:C4:56:7A
            X509v3 Authority Key Identifier:
                keyid:30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/UVzZGlFxO8wIlTz3u2EDQKDEVno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:97c::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:85:5f:72:9a:e4:2d:09:3d:75:19:71:07:6f:03:05:2d:ec:
         1d:01:2f:28:23:0b:f4:3d:35:ee:02:f2:72:8f:42:4e:f7:ee:
         18:7c:04:e1:6b:5b:48:c0:44:c6:94:cb:27:c2:3f:b5:77:5f:
         d2:43:eb:76:28:c7:af:80:96:78:ab:b5:35:c1:f7:73:74:41:
         20:19:7b:fc:30:23:de:58:df:76:81:7d:e0:ce:62:00:4f:b7:
         86:09:0d:a0:2c:93:24:90:58:d9:8b:ff:97:57:28:4e:90:28:
         0e:5a:57:cc:ad:cd:70:28:65:58:9e:02:2f:27:2a:9c:65:e5:
         39:f3:f3:fc:cb:b9:d9:21:f4:89:5f:90:29:64:7e:c4:de:e6:
         ce:14:c6:26:64:4e:5b:f9:4f:15:05:91:34:66:45:01:39:d5:
         3f:b1:ae:6f:f3:cf:99:30:47:48:02:21:c7:8b:fa:e0:22:de:
         9b:b5:14:fd:cd:e0:ea:d3:58:d3:6d:c1:b6:11:1c:b4:75:e7:
         a0:af:0e:66:90:a6:d1:d2:ad:ae:f6:92:24:eb:97:90:f8:b3:
         78:b9:b0:d3:b5:4d:fb:e9:97:e1:31:68:f1:ca:e6:21:df:18:
         5c:38:ff:1e:80:66:73:92:fd:96:f1:df:8b:7c:64:f2:64:60:
         7d:59:e0:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYYrJ25oJEW6hHcqQfZYmjdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjY4MDZhNmI4ZGFjNjhjMmEzMmI2NTg0OTIyOTUyNGZj
MzNkYTcwHhcNMjMwMjA3MDkxNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTVjZDkxYTUxNzEzYmNjMDg5NTNjZjdiYjYxMDM0MGEwYzQ1NjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3Pja1baJGHWD04gt3wKeo3nLYQ8
5L09uVoRkwtvhbpEJnJwcIDNrQ+b55BYcrdHLGRYrmpKE059WbPl/ger84AzFRuL
vA0NevlVLNJGDt2RMOCL9sOinGq5CzOoATxvuJwVXvQoiL7B2fJ5tasT3mKi+pFK
HC+nu1cg4yQXNDZoW9zYqdjs+Yo23abI4Lt8qmqdVM73PEZ87WrmbJPuIcnBqMl9
gi/ophL1PH2pAbb+cFv1cLy3Le6weEaQnibvJZrohMwsgTcMxwAa+iLozs4jgBUO
6HTNOYkh6PkGadNIPUr5gAgysiwRN1N0HkOLlcRNgqvqLZ3TM0solwcEHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFFc2RpRcTvMCJU897thA0CgxFZ6MB8GA1UdIwQY
MBaAFDAmgGprjaxowqMrZYSSKVJPwz2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUt
MDhlMmIxMDE3OTI3LzEvVVZ6WkdsRnhPOHdJbFR6M3UyRURRS0RFVm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUtMDhlMmIxMDE3OTI3
LzEvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAl8
MA0GCSqGSIb3DQEBCwUAA4IBAQAkhV9ymuQtCT11GXEHbwMFLewdAS8oIwv0PTXu
AvJyj0JO9+4YfATha1tIwETGlMsnwj+1d1/SQ+t2KMevgJZ4q7U1wfdzdEEgGXv8
MCPeWN92gX3gzmIAT7eGCQ2gLJMkkFjZi/+XVyhOkCgOWlfMrc1wKGVYngIvJyqc
ZeU58/P8y7nZIfSJX5ApZH7E3ubOFMYmZE5b+U8VBZE0ZkUBOdU/sa5v88+ZMEdI
AiHHi/rgIt6btRT9zeDq01jTbcG2ERy0deegrw5mkKbR0q2u9pIk65eQ+LN4ubDT
tU376ZfhMWjxyuYh3xhcOP8egGZzkv2W8d+LfGTyZGB9WeDV
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:52 2024 by rpki-client on console-ams.rpki-client.org