Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/vkHrXtRpPsNsOXkjrD_hGkdUiKQ.roa
File:                     vkHrXtRpPsNsOXkjrD_hGkdUiKQ.roa (raw, json)
Hash identifier:          Mznvcda+nIPWs9MHe1OPfWt0cuz1RDDqGa29LFeIP54=
Subject key identifier:   BE:41:EB:5E:D4:69:3E:C3:6C:39:79:23:AC:3F:E1:1A:47:54:88:A4
Certificate issuer:       /CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
Certificate serial:       08FAC63B
Authority key identifier: FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/vkHrXtRpPsNsOXkjrD_hGkdUiKQ.roa
Signing time:             Mon 07 Feb 2022 08:18:55 +0000
ROA not before:           Mon 07 Feb 2022 08:18:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8798
IP address blocks:        212.69.76.0/24 maxlen: 24
                          212.69.72.0/22 maxlen: 22
                          212.69.78.0/23 maxlen: 23
                          212.69.80.0/21 maxlen: 21
                          212.69.80.0/20 maxlen: 20
                          212.69.88.0/21 maxlen: 21
                          217.79.148.0/22 maxlen: 22
                          212.69.64.0/21 maxlen: 21
                          2001:4028::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 150652475 (0x8fac63b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
        Validity
            Not Before: Feb  7 08:18:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=be41eb5ed4693ec36c397923ac3fe11a475488a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4a:fd:9e:f6:9c:be:e6:e0:30:74:1d:af:6c:
                    3a:4e:ed:98:5a:3b:57:39:d7:0c:dd:ae:18:03:7d:
                    94:9b:ef:c8:ea:f5:0e:b0:41:f0:08:0b:a1:dc:44:
                    de:ae:31:3b:9a:29:f8:cc:19:2c:be:bf:cd:10:d9:
                    5a:ba:76:5f:29:d2:3d:70:b3:97:f4:2c:75:be:2d:
                    89:34:bd:d5:23:8b:22:8d:f6:d1:4c:d2:f7:7a:6c:
                    cd:a8:a0:c6:55:97:95:c1:06:02:18:c2:eb:15:30:
                    ab:2a:0d:2c:32:26:35:f8:f6:83:41:60:0c:11:96:
                    05:59:cf:14:75:2c:31:4d:da:84:cf:b5:ec:8e:95:
                    15:40:19:04:20:e9:69:e0:37:9b:de:83:98:6e:9a:
                    cf:7d:f7:08:2d:f5:49:c4:dc:4a:47:4b:c1:f1:74:
                    e5:9d:87:f9:77:3b:ad:69:65:1b:36:7f:7c:ed:df:
                    52:f0:3f:52:30:81:2f:d3:23:9f:a1:88:c2:3f:10:
                    36:c9:72:36:b6:74:51:a6:d2:41:71:67:ef:89:ec:
                    fd:4e:6d:74:cd:7b:1b:65:b7:1c:bd:e6:58:38:f1:
                    6e:84:fd:50:93:7a:bf:ee:8e:2b:6b:45:85:25:30:
                    bf:6e:c9:5d:27:f8:72:0f:31:38:ab:6c:23:6a:ee:
                    7a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:41:EB:5E:D4:69:3E:C3:6C:39:79:23:AC:3F:E1:1A:47:54:88:A4
            X509v3 Authority Key Identifier:
                keyid:FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/vkHrXtRpPsNsOXkjrD_hGkdUiKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.69.64.0-212.69.76.255
                  212.69.78.0-212.69.95.255
                  217.79.148.0/22
                IPv6:
                  2001:4028::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:cb:12:fa:ac:85:7c:f2:69:88:c7:03:99:7d:3b:71:84:75:
         9e:85:f2:dd:30:32:4d:fd:47:0f:46:f9:14:74:6f:83:e5:e6:
         15:09:a8:23:a8:bd:e6:6e:f3:4c:02:60:30:d6:f9:f9:98:c6:
         45:e5:84:67:42:03:1a:0c:24:9d:78:ab:f4:da:6b:17:63:00:
         29:db:0c:b6:11:12:60:5f:dd:c9:bc:24:e4:d2:6e:ab:e2:6a:
         e6:66:13:33:62:93:ea:aa:c6:4e:47:43:cb:fd:5d:f8:70:29:
         63:da:e3:e8:31:08:ee:a1:89:2c:c1:21:11:d2:98:c9:80:ba:
         2b:b4:82:52:b9:87:17:bc:b1:c2:d6:a4:7d:32:9a:cb:d1:90:
         2b:08:3a:c6:33:65:f2:ca:ef:fe:7d:ba:50:63:a2:de:80:b0:
         be:3c:8a:15:04:ce:92:3f:2d:d5:d2:31:b7:29:2c:db:eb:a6:
         d4:70:c5:ee:8c:b1:18:be:2b:60:21:26:fd:fe:1f:34:fd:33:
         05:97:e9:23:c6:f5:cf:d1:26:48:f9:19:64:57:b8:dc:75:3b:
         e4:1f:25:72:fa:6b:8c:81:ae:73:3a:45:d6:31:42:ab:4b:be:
         2b:7a:84:54:7e:82:c6:79:11:70:63:82:b0:c1:4d:d7:8c:98:
         c4:4b:b3:ba
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIECPrGOzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YTFlOWI0ZThkYzQ5YmUzYWJhNTk3NDI1YWVmZDhiM2E1MzYyZmZjMB4XDTIyMDIw
NzA4MTg1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmU0MWViNWVkNDY5
M2VjMzZjMzk3OTIzYWMzZmUxMWE0NzU0ODhhNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANlK/Z72nL7m4DB0Ha9sOk7tmFo7VznXDN2uGAN9lJvvyOr1
DrBB8AgLodxE3q4xO5op+MwZLL6/zRDZWrp2XynSPXCzl/Qsdb4tiTS91SOLIo32
0UzS93pszaigxlWXlcEGAhjC6xUwqyoNLDImNfj2g0FgDBGWBVnPFHUsMU3ahM+1
7I6VFUAZBCDpaeA3m96DmG6az333CC31ScTcSkdLwfF05Z2H+Xc7rWllGzZ/fO3f
UvA/UjCBL9Mjn6GIwj8QNslyNrZ0UabSQXFn74ns/U5tdM17G2W3HL3mWDjxboT9
UJN6v+6OK2tFhSUwv27JXSf4cg8xOKtsI2ruencCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBS+Qete1Gk+w2w5eSOsP+EaR1SIpDAfBgNVHSMEGDAWgBT6HptOjcSb46ul
l0Ja79izpTYv/DAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtaDZiVG8zRW0tT3JwWmRDV3VfWXM2VTJMX3cuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2M1LzQ3MDdiNC0wMDMyLTRhYzctYmNjNy00MGMxYTcyNzAyZWYv
MS92a0hyWHRScFBzTnNPWGtqckRfaEdrZFVpS1Eucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M1
LzQ3MDdiNC0wMDMyLTRhYzctYmNjNy00MGMxYTcyNzAyZWYvMS8xLWg2YlRvM0Vt
LU9ycFpkQ1d1X1lzNlUyTF93LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiMAwDBAbURUADBADURUwwDAMEAdRF
TgMEBdRFQAMEAtlPlDANBAIAAjAHAwUDIAFAKDANBgkqhkiG9w0BAQsFAAOCAQEA
pcsS+qyFfPJpiMcDmX07cYR1noXy3TAyTf1HD0b5FHRvg+XmFQmoI6i95m7zTAJg
MNb5+ZjGReWEZ0IDGgwknXir9NprF2MAKdsMthESYF/dybwk5NJuq+Jq5mYTM2KT
6qrGTkdDy/1d+HApY9rj6DEI7qGJLMEhEdKYyYC6K7SCUrmHF7yxwtakfTKay9GQ
Kwg6xjNl8srv/n26UGOi3oCwvjyKFQTOkj8t1dIxtyks2+um1HDF7oyxGL4rYCEm
/f4fNP0zBZfpI8b1z9EmSPkZZFe43HU75B8lcvprjIGuczpF1jFCq0u+K3qEVH6C
xnkRcGOCsMFN14yYxEuzug==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:05 2024 by rpki-client on console-fra.rpki-client.org