Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/wBMJ7fGnNS33tpvtWQts-seOyv8.roa
File:                     wBMJ7fGnNS33tpvtWQts-seOyv8.roa (raw, json)
Hash identifier:          OVBcAl4sq9pKfSYqNdaGfbfPTChM67LDzxQGwl9uYmo=
Subject key identifier:   C0:13:09:ED:F1:A7:35:2D:F7:B6:9B:ED:59:0B:6C:FA:C7:8E:CA:FF
Certificate issuer:       /CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
Certificate serial:       089D53FD
Authority key identifier: FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/wBMJ7fGnNS33tpvtWQts-seOyv8.roa
Signing time:             Sat 01 Jan 2022 08:05:57 +0000
ROA not before:           Sat 01 Jan 2022 08:05:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8798
IP address blocks:        212.69.72.0/22 maxlen: 22
                          212.69.76.0/24 maxlen: 24
                          212.69.78.0/23 maxlen: 23
                          212.69.80.0/21 maxlen: 21
                          212.69.80.0/20 maxlen: 20
                          212.69.88.0/21 maxlen: 21
                          217.79.148.0/22 maxlen: 22
                          212.69.64.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 144528381 (0x89d53fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
        Validity
            Not Before: Jan  1 08:05:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c01309edf1a7352df7b69bed590b6cfac78ecaff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c7:15:0a:e6:b6:f5:06:c4:a2:38:c9:61:ab:
                    9a:08:2c:3f:31:3e:61:7f:ee:87:bc:1b:55:ce:24:
                    37:bb:da:88:21:40:e7:8d:f5:58:1c:15:f1:cd:a5:
                    6f:72:30:01:a2:5d:5a:72:49:65:bb:c6:8f:20:f8:
                    3a:9c:91:d9:19:47:7e:d8:bc:bb:dd:d1:c0:97:2f:
                    66:2f:f8:6f:dc:68:1e:6e:36:47:cf:2b:50:0a:f0:
                    db:b0:14:d5:81:1e:a0:9d:14:95:9c:d8:31:ec:e3:
                    13:26:c8:90:ba:7b:f6:59:78:d1:ca:bf:5f:cf:42:
                    7d:74:87:22:08:05:d9:45:cd:6c:71:83:d8:b0:33:
                    99:27:c2:f4:96:9c:61:a5:00:5e:e5:b5:de:c8:3e:
                    89:fb:f2:6e:15:dc:81:f2:02:32:78:3a:bf:3a:d3:
                    11:d3:83:9c:b5:33:bb:dd:ea:e4:7b:2f:87:3b:60:
                    ce:f6:0b:17:ff:f6:bc:70:4e:fd:11:f5:70:0e:eb:
                    6f:e3:61:b0:9d:5b:87:fc:ee:7d:7c:d1:31:21:84:
                    5c:c1:38:4f:75:44:d0:f4:21:fe:82:e3:9d:e3:0b:
                    37:56:f9:d4:88:e5:ac:47:3c:7e:6e:64:73:12:84:
                    4a:75:ee:f9:1c:f8:26:24:c7:6a:31:12:8d:4d:66:
                    ee:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:13:09:ED:F1:A7:35:2D:F7:B6:9B:ED:59:0B:6C:FA:C7:8E:CA:FF
            X509v3 Authority Key Identifier:
                keyid:FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/wBMJ7fGnNS33tpvtWQts-seOyv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.69.64.0-212.69.76.255
                  212.69.78.0-212.69.95.255
                  217.79.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:c2:c7:31:c5:ca:5b:cc:56:cf:36:04:db:64:34:94:cc:b0:
         1d:c2:81:58:70:a1:01:f1:cc:6e:c2:51:63:ba:ab:b0:5f:75:
         fc:d8:49:2a:ca:eb:8b:71:1a:88:5e:77:be:94:64:ed:86:dd:
         e1:9c:d4:e8:7d:a5:e5:41:ef:d9:71:7b:71:59:31:ca:bc:2c:
         d5:cd:a7:ff:ab:89:b8:91:9e:32:94:8f:59:7a:07:4e:97:1e:
         c5:aa:3c:1b:a7:9c:7d:d5:a2:9b:dc:78:76:77:0d:b3:9d:4f:
         8e:3b:f9:06:55:8a:be:5b:33:33:b9:87:5b:1a:a7:17:7d:e5:
         32:5b:68:94:35:90:a8:1b:34:d0:77:65:33:6b:d8:71:9e:3f:
         83:3a:da:0c:d9:d6:be:a8:4d:38:1d:58:ea:b7:ac:fb:55:8d:
         5d:37:73:02:2b:1a:53:47:d3:73:f8:73:6d:ac:8b:2f:06:be:
         92:1f:b2:d9:63:d2:00:db:c4:ec:5d:cd:3a:49:31:17:1e:e5:
         cf:73:a0:8a:57:9f:70:0a:ec:5c:ab:9d:ad:d1:c3:20:4b:64:
         87:f2:94:9b:8f:69:0f:5d:4f:8e:18:ca:f4:d0:57:65:53:cc:
         9b:93:86:60:fc:94:1d:66:d3:ad:03:53:62:90:a0:12:94:d3:
         42:2c:79:7a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIECJ1T/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YTFlOWI0ZThkYzQ5YmUzYWJhNTk3NDI1YWVmZDhiM2E1MzYyZmZjMB4XDTIyMDEw
MTA4MDU1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzAxMzA5ZWRmMWE3
MzUyZGY3YjY5YmVkNTkwYjZjZmFjNzhlY2FmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJrHFQrmtvUGxKI4yWGrmggsPzE+YX/uh7wbVc4kN7vaiCFA
5431WBwV8c2lb3IwAaJdWnJJZbvGjyD4OpyR2RlHfti8u93RwJcvZi/4b9xoHm42
R88rUArw27AU1YEeoJ0UlZzYMezjEybIkLp79ll40cq/X89CfXSHIggF2UXNbHGD
2LAzmSfC9JacYaUAXuW13sg+ifvybhXcgfICMng6vzrTEdODnLUzu93q5Hsvhztg
zvYLF//2vHBO/RH1cA7rb+NhsJ1bh/zufXzRMSGEXME4T3VE0PQh/oLjneMLN1b5
1IjlrEc8fm5kcxKESnXu+Rz4JiTHajESjU1m7rsCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBTAEwnt8ac1Lfe2m+1ZC2z6x47K/zAfBgNVHSMEGDAWgBT6HptOjcSb46ul
l0Ja79izpTYv/DAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtaDZiVG8zRW0tT3JwWmRDV3VfWXM2VTJMX3cuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2M1LzQ3MDdiNC0wMDMyLTRhYzctYmNjNy00MGMxYTcyNzAyZWYv
MS93Qk1KN2ZHbk5TMzN0cHZ0V1F0cy1zZU95djgucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M1
LzQ3MDdiNC0wMDMyLTRhYzctYmNjNy00MGMxYTcyNzAyZWYvMS8xLWg2YlRvM0Vt
LU9ycFpkQ1d1X1lzNlUyTF93LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAbURUADBADURUwwDAMEAdRF
TgMEBdRFQAMEAtlPlDANBgkqhkiG9w0BAQsFAAOCAQEAJsLHMcXKW8xWzzYE22Q0
lMywHcKBWHChAfHMbsJRY7qrsF91/NhJKsrri3EaiF53vpRk7Ybd4ZzU6H2l5UHv
2XF7cVkxyrws1c2n/6uJuJGeMpSPWXoHTpcexao8G6ecfdWim9x4dncNs51Pjjv5
BlWKvlszM7mHWxqnF33lMltolDWQqBs00HdlM2vYcZ4/gzraDNnWvqhNOB1Y6res
+1WNXTdzAisaU0fTc/hzbayLLwa+kh+y2WPSANvE7F3NOkkxFx7lz3OgilefcArs
XKudrdHDIEtkh/KUm49pD11PjhjK9NBXZVPMm5OGYPyUHWbTrQNTYpCgEpTTQix5
eg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:06 2024 by rpki-client on console-ams.rpki-client.org