Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/7ktFYekz8KBqLl2IBkhPgfwSqOg.roa
File:                     7ktFYekz8KBqLl2IBkhPgfwSqOg.roa (raw, json)
Hash identifier:          o4V3koclr/J5WXo3GqWzs40POM2PcBbBdteU4kmE5t8=
Subject key identifier:   EE:4B:45:61:E9:33:F0:A0:6A:2E:5D:88:06:48:4F:81:FC:12:A8:E8
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01821254E6A4806A472A63E189987B19AA00
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/7ktFYekz8KBqLl2IBkhPgfwSqOg.roa
Signing time:             Mon 18 Jul 2022 17:22:10 +0000
ROA not before:           Mon 18 Jul 2022 17:22:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12608
IP address blocks:        2a0f:3380::/29 maxlen: 29
                          2a0b:e9c0::/29 maxlen: 29
                          2a09:5300::/29 maxlen: 29
                          2a03:f7c0::/29 maxlen: 29
                          2a0b:a300::/32 maxlen: 32
                          2a0c:74c0::/29 maxlen: 29
                          2a0f:5580::/29 maxlen: 29
                          2a0c:5d00::/29 maxlen: 29
                          2a0f:a500::/29 maxlen: 29
                          2a0f:7100::/29 maxlen: 29
                          2a0b:8040::/29 maxlen: 29
                          2a0f:2380::/29 maxlen: 29
                          2a0f:a700::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:7300::/29 maxlen: 29
                          2a0d:8340::/29 maxlen: 29
                          2a0b:d900::/29 maxlen: 29
                          2a0c:5c0::/29 maxlen: 29
                          2a0f:4580::/29 maxlen: 29
                          2a0c:7440::/29 maxlen: 29
                          2a0f:1180::/29 maxlen: 29
                          2a0f:4680::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a06:ddc0::/29 maxlen: 29
                          2a0f:7b80::/29 maxlen: 29
                          2a0c:6980::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:12:54:e6:a4:80:6a:47:2a:63:e1:89:98:7b:19:aa:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 18 17:22:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ee4b4561e933f0a06a2e5d8806484f81fc12a8e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2f:76:e9:6e:5b:ce:df:4e:31:43:72:8b:22:
                    84:c1:96:89:bb:d8:f8:cb:be:b6:67:b3:c6:74:49:
                    ac:28:1e:1a:5e:ca:b6:6b:89:e3:3d:eb:a2:45:05:
                    68:e7:b5:3c:56:dd:d0:b0:d2:52:19:67:dc:be:dc:
                    25:2c:e1:fe:ff:ab:d1:56:ee:d2:85:55:54:9c:d6:
                    aa:dd:64:ea:3c:91:51:43:e3:b7:ac:b6:ec:89:d7:
                    09:11:a4:61:34:ed:60:89:30:2b:5e:e5:03:1a:8c:
                    00:89:5e:68:76:4d:cf:85:e4:34:30:fc:49:52:2f:
                    6a:f5:8b:b1:cd:0d:31:7f:da:46:e2:27:5e:2f:5d:
                    a9:df:40:0f:e2:fa:78:e3:47:d8:61:6f:3c:f5:9a:
                    12:21:f3:30:2a:5f:a6:35:ab:eb:49:1f:17:9e:6b:
                    c0:70:e3:8b:c5:f5:9c:3b:ba:f1:7e:0f:60:5f:e0:
                    13:e5:9b:40:41:d6:1a:19:4c:95:a7:12:81:9e:1c:
                    ab:c0:4b:dd:0c:3e:93:7d:69:93:86:42:29:b0:c2:
                    22:67:a3:10:cd:59:f5:78:cf:a9:44:a0:c6:3c:56:
                    f1:fb:b5:b5:6c:8e:db:ad:6a:dd:48:19:26:e3:e1:
                    1e:74:50:2f:39:ee:44:4a:73:23:aa:9f:09:5e:ad:
                    26:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:4B:45:61:E9:33:F0:A0:6A:2E:5D:88:06:48:4F:81:FC:12:A8:E8
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/7ktFYekz8KBqLl2IBkhPgfwSqOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f7c0::/29
                  2a06:ddc0::/29
                  2a09:5300::/29
                  2a0b:8040::/29
                  2a0b:a300::/32
                  2a0b:d900::/29
                  2a0b:e9c0::/29
                  2a0c:5c0::/29
                  2a0c:5d00::/29
                  2a0c:6980::/29
                  2a0c:7440::/29
                  2a0c:74c0::/29
                  2a0c:7540::/29
                  2a0d:8340::/29
                  2a0d:88c0::/29
                  2a0f:1180::/29
                  2a0f:2380::/29
                  2a0f:3380::/29
                  2a0f:4580::/29
                  2a0f:4680::/29
                  2a0f:5580::/29
                  2a0f:7100::/29
                  2a0f:7300::/29
                  2a0f:7b80::/29
                  2a0f:a500::/29
                  2a0f:a700::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:e2:49:da:f8:2c:6b:25:a1:20:17:05:0b:1b:65:35:ec:2a:
         cd:fe:3d:6a:36:29:a6:2e:47:b0:8a:60:1b:a5:e6:05:56:2a:
         b7:9d:52:b1:65:d4:56:1a:01:88:07:e5:76:51:fa:40:98:3a:
         bd:2e:52:4c:bf:d3:48:fc:1a:b5:84:db:43:08:ad:4c:8f:61:
         42:73:56:12:86:52:eb:55:9a:71:20:f4:59:31:c8:d8:3b:28:
         b3:f8:a1:75:1e:84:40:17:bf:73:ab:26:14:58:99:93:93:a1:
         a5:69:3c:d0:da:c5:0e:8d:11:0f:ea:06:e3:2b:a7:df:35:f9:
         54:35:7e:cc:b9:84:46:24:3c:b0:40:2f:6b:67:af:f9:ad:81:
         5a:8f:27:85:bc:da:2a:1a:bc:e6:85:82:8f:6f:bb:42:52:3a:
         62:ec:6d:68:19:82:72:c4:18:8d:5b:cc:b9:79:3c:59:80:f3:
         87:e2:81:12:c2:e9:6f:a7:ea:bd:c8:55:64:81:e8:ab:13:a1:
         81:96:10:92:b0:4f:aa:60:90:84:56:f6:f5:68:33:5d:d7:6e:
         6b:78:6c:cb:ab:eb:7b:0a:f4:33:f8:44:c0:55:ff:c9:e9:80:
         a5:fd:71:9b:37:1b:11:e4:ac:27:23:73:84:23:0e:44:e0:74:
         95:07:cb:c5
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAYISVOakgGpHKmPhiZh7GaoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIwNzE4MTcyMjEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTRiNDU2MWU5MzNmMGEwNmEyZTVkODgwNjQ4NGY4MWZjMTJhOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi926W5bzt9OMUNyiyKEwZaJu9j4
y762Z7PGdEmsKB4aXsq2a4njPeuiRQVo57U8Vt3QsNJSGWfcvtwlLOH+/6vRVu7S
hVVUnNaq3WTqPJFRQ+O3rLbsidcJEaRhNO1giTArXuUDGowAiV5odk3PheQ0MPxJ
Ui9q9YuxzQ0xf9pG4ideL12p30AP4vp440fYYW889ZoSIfMwKl+mNavrSR8XnmvA
cOOLxfWcO7rxfg9gX+AT5ZtAQdYaGUyVpxKBnhyrwEvdDD6TfWmThkIpsMIiZ6MQ
zVn1eM+pRKDGPFbx+7W1bI7brWrdSBkm4+EedFAvOe5ESnMjqp8JXq0mrwIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFO5LRWHpM/Cgai5diAZIT4H8EqjoMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvN2t0Rllla3o4S0JxTGwySUJraFBnZndTcU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHTBggrBgEFBQcBBwEB/wSBwzCBwDCBvQQCAAIwgbYDBQMq
A/fAAwUDKgbdwAMFAyoJUwADBQMqC4BAAwUAKgujAAMFAyoL2QADBQMqC+nAAwUD
KgwFwAMFAyoMXQADBQMqDGmAAwUDKgx0QAMFAyoMdMADBQMqDHVAAwUDKg2DQAMF
AyoNiMADBQMqDxGAAwUDKg8jgAMFAyoPM4ADBQMqD0WAAwUDKg9GgAMFAyoPVYAD
BQMqD3EAAwUDKg9zAAMFAyoPe4ADBQMqD6UAAwUDKg+nADANBgkqhkiG9w0BAQsF
AAOCAQEAe+JJ2vgsayWhIBcFCxtlNewqzf49ajYppi5HsIpgG6XmBVYqt51SsWXU
VhoBiAfldlH6QJg6vS5STL/TSPwatYTbQwitTI9hQnNWEoZS61WacSD0WTHI2Dso
s/ihdR6EQBe/c6smFFiZk5OhpWk80NrFDo0RD+oG4yun3zX5VDV+zLmERiQ8sEAv
a2ev+a2BWo8nhbzaKhq85oWCj2+7QlI6YuxtaBmCcsQYjVvMuXk8WYDzh+KBEsLp
b6fqvchVZIHoqxOhgZYQkrBPqmCQhFb29WgzXddua3hsy6vrewr0M/hEwFX/yemA
pf1xmzcbEeSsJyNzhCMOROB0lQfLxQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org