Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/4CySemjH2tVXJCtts2f3mxe4UTo.roa
File:                     4CySemjH2tVXJCtts2f3mxe4UTo.roa (raw, json)
Hash identifier:          8mi//zvvZV5Oc7kku5QeDD7aTNlg2rgIQq8+ESM2+NA=
Subject key identifier:   E0:2C:92:7A:68:C7:DA:D5:57:24:2B:6D:B3:67:F7:9B:17:B8:51:3A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA86FF33D974C52449FCDA0DFF2BE
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/4CySemjH2tVXJCtts2f3mxe4UTo.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204084
IP address blocks:        2a0f:7c80::/29 maxlen: 29
                          2a0c:7440::/29 maxlen: 29
                          2a0f:5580::/29 maxlen: 29
                          2a0f:2380::/29 maxlen: 29
                          2a0b:a300::/29 maxlen: 29
                          2a0f:a700::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:7300::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a0f:7100::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a8:6f:f3:3d:97:4c:52:44:9f:cd:a0:df:f2:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e02c927a68c7dad557242b6db367f79b17b8513a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5e:6f:7e:54:3a:f7:e8:a8:e9:6a:18:a2:7b:
                    98:75:e1:02:00:8f:ac:44:9c:f0:3e:30:03:8e:ae:
                    73:40:ca:44:c8:b5:4f:6a:e3:83:4c:d2:3a:be:fe:
                    53:f0:50:da:5c:66:c5:a5:a0:11:cc:79:91:7a:14:
                    d6:b2:92:be:27:90:bb:c6:b2:4a:6a:67:0e:71:72:
                    ec:4d:d2:f5:8e:90:e2:29:a0:00:10:9f:61:0f:7c:
                    a8:19:78:72:e9:9d:43:10:67:ef:c9:32:58:d5:7e:
                    7a:ed:ac:07:7f:5c:21:f2:2f:73:df:d0:3b:9b:82:
                    8e:20:08:7b:ca:17:6e:d9:b2:96:53:a5:33:5c:99:
                    48:1a:8f:1e:a8:af:82:fd:5f:3c:d3:6c:54:01:95:
                    ee:17:96:44:c8:07:7b:21:86:12:25:2c:8f:24:7b:
                    8a:0d:d8:6d:5c:0a:59:bd:bc:89:7d:b8:61:26:37:
                    4d:b2:85:74:99:4b:f2:21:9c:4e:72:db:33:c8:c5:
                    ef:b3:d3:9e:e7:33:6b:58:20:3d:63:f4:b8:96:97:
                    93:6f:b3:cd:9e:44:4f:1d:f8:6e:95:de:4b:df:bf:
                    58:04:a9:a5:fe:1a:fa:9c:1d:ac:02:be:b8:67:13:
                    4b:fa:a5:0b:28:63:0b:1e:f0:3b:75:88:bd:a3:61:
                    32:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:2C:92:7A:68:C7:DA:D5:57:24:2B:6D:B3:67:F7:9B:17:B8:51:3A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/4CySemjH2tVXJCtts2f3mxe4UTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a300::/29
                  2a0c:7440::/29
                  2a0c:7540::/29
                  2a0d:88c0::/29
                  2a0f:2380::/29
                  2a0f:5580::/29
                  2a0f:7100::/29
                  2a0f:7300::/29
                  2a0f:7c80::/29
                  2a0f:a700::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:c9:86:6d:0e:b1:56:8d:d9:a1:88:51:a1:f5:18:7f:ba:e6:
         33:6f:8b:f5:be:d2:3c:12:e8:c7:9d:ee:04:28:98:59:5c:e2:
         4b:5c:48:f9:0f:f4:25:5d:5c:ff:6a:31:3a:b8:99:4f:8e:d3:
         25:d1:01:ff:7e:91:e9:fe:20:36:82:c8:fe:c8:f9:a2:82:2c:
         5c:af:b4:c7:df:ac:33:54:02:6b:a1:37:25:6f:35:b4:9b:cd:
         72:35:6f:b9:e7:08:33:53:13:47:23:14:b3:ef:8c:f9:02:73:
         a3:0a:a9:7b:d2:bc:5d:b9:6e:b1:77:34:f7:52:3e:bc:f1:d6:
         fb:47:2d:53:34:17:d0:f7:06:46:0e:84:b4:cc:7f:e8:ee:a5:
         32:62:17:f5:9c:97:e6:a6:e6:29:4a:14:f9:7b:ce:f1:76:13:
         b2:4f:7c:5e:83:23:99:31:df:98:53:5b:6c:39:5f:a0:e2:25:
         0f:db:b4:79:ef:f9:4d:2f:18:9c:aa:2e:1c:1d:41:05:6f:e2:
         72:f0:47:86:f3:00:ee:72:53:4e:47:2f:60:90:7e:6b:4c:9c:
         e4:f6:d8:bc:82:69:5e:18:e9:ac:68:59:98:7f:66:93:91:4d:
         f1:6c:b0:12:45:ef:2f:54:e4:c9:d1:7b:65:18:eb:89:d7:85:
         da:49:a1:ef
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYzI36hv8z2XTFJEn82g3/K+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDJjOTI3YTY4YzdkYWQ1NTcyNDJiNmRiMzY3Zjc5YjE3Yjg1MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr15vflQ69+io6WoYonuYdeECAI+s
RJzwPjADjq5zQMpEyLVPauODTNI6vv5T8FDaXGbFpaARzHmRehTWspK+J5C7xrJK
amcOcXLsTdL1jpDiKaAAEJ9hD3yoGXhy6Z1DEGfvyTJY1X567awHf1wh8i9z39A7
m4KOIAh7yhdu2bKWU6UzXJlIGo8eqK+C/V8802xUAZXuF5ZEyAd7IYYSJSyPJHuK
DdhtXApZvbyJfbhhJjdNsoV0mUvyIZxOctszyMXvs9Oe5zNrWCA9Y/S4lpeTb7PN
nkRPHfhuld5L379YBKml/hr6nB2sAr64ZxNL+qULKGMLHvA7dYi9o2EyjQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFOAsknpox9rVVyQrbbNn95sXuFE6MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvNEN5U2VtakgydFZYSkN0dHMyZjNteGU0VVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKgujAAMF
AyoMdEADBQMqDHVAAwUDKg2IwAMFAyoPI4ADBQMqD1WAAwUDKg9xAAMFAyoPcwAD
BQMqD3yAAwUDKg+nAAMFAyoPx4AwDQYJKoZIhvcNAQELBQADggEBADHJhm0OsVaN
2aGIUaH1GH+65jNvi/W+0jwS6Med7gQomFlc4ktcSPkP9CVdXP9qMTq4mU+O0yXR
Af9+ken+IDaCyP7I+aKCLFyvtMffrDNUAmuhNyVvNbSbzXI1b7nnCDNTE0cjFLPv
jPkCc6MKqXvSvF25brF3NPdSPrzx1vtHLVM0F9D3BkYOhLTMf+jupTJiF/Wcl+am
5ilKFPl7zvF2E7JPfF6DI5kx35hTW2w5X6DiJQ/btHnv+U0vGJyqLhwdQQVv4nLw
R4bzAO5yU05HL2CQfmtMnOT22LyCaV4Y6axoWZh/ZpORTfFssBJF7y9U5MnRe2UY
64nXhdpJoe8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org