Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BZUrx59HAqXODpjUvrfAqpm7bfY.roa
File:                     BZUrx59HAqXODpjUvrfAqpm7bfY.roa (raw, json)
Hash identifier:          8ZC5inrBg7G/dfYbK1aDsKUiKckYuWIAFeobMPC7kMo=
Subject key identifier:   05:95:2B:C7:9F:47:02:A5:CE:0E:98:D4:BE:B7:C0:AA:99:BB:6D:F6
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0189727090C6AE82F217E225700E556464C6
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BZUrx59HAqXODpjUvrfAqpm7bfY.roa
Signing time:             Thu 20 Jul 2023 08:35:26 +0000
ROA not before:           Thu 20 Jul 2023 08:35:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204084
IP address blocks:        2a0f:7c80::/29 maxlen: 29
                          2a0b:9800::/29 maxlen: 29
                          2a0f:2380::/29 maxlen: 29
                          2a0b:a300::/29 maxlen: 29
                          2a0f:a700::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:7300::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29
                          2a0c:7440::/29 maxlen: 29
                          2a0f:5580::/29 maxlen: 29
                          2a0c:74c0::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a0d:2cc0::/29 maxlen: 29
                          2a0f:7100::/29 maxlen: 29
                          2a07:4a00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:72:70:90:c6:ae:82:f2:17:e2:25:70:0e:55:64:64:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 20 08:35:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=05952bc79f4702a5ce0e98d4beb7c0aa99bb6df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:68:ee:57:ab:77:ed:e5:e5:c2:48:f3:a6:84:
                    55:df:6e:e8:97:f9:98:d6:e5:4b:c9:e7:c3:be:f8:
                    c8:7f:00:d3:05:e7:42:ae:2c:57:d9:92:82:ed:98:
                    9c:bf:cd:a9:9e:1d:40:08:18:22:2c:83:01:49:a8:
                    1f:4b:58:bf:10:3d:a6:06:94:66:e5:c6:36:3f:49:
                    45:e6:a6:fe:59:ce:97:81:22:79:5f:11:76:86:da:
                    0b:90:4a:a7:de:ab:e1:3d:15:38:3b:29:8d:89:9b:
                    5b:a9:b9:14:a9:d5:21:f5:b3:6a:e0:19:af:36:05:
                    c7:d2:f6:24:a0:e8:be:58:ae:e9:f4:5d:9c:86:39:
                    1a:77:30:ef:ea:0c:3e:eb:75:44:8e:79:3c:b1:7c:
                    19:e4:ae:a4:3f:ff:77:e3:a7:e5:86:6a:14:b0:18:
                    4a:2f:34:99:66:ef:22:24:b4:25:72:70:3b:4e:bc:
                    7e:0d:9e:0a:07:91:27:87:e3:5e:a4:6a:3d:1e:73:
                    b2:47:da:54:5d:0b:da:87:0f:5e:03:54:df:e4:4c:
                    db:c0:29:73:87:ac:dc:92:a2:15:2c:82:99:5c:96:
                    ee:61:12:4d:c4:12:2a:3f:82:1c:82:a2:7d:20:77:
                    3f:ba:cc:b8:36:bc:26:85:1e:c8:8f:ae:bf:75:bf:
                    02:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:95:2B:C7:9F:47:02:A5:CE:0E:98:D4:BE:B7:C0:AA:99:BB:6D:F6
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BZUrx59HAqXODpjUvrfAqpm7bfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4a00::/29
                  2a0b:9800::/29
                  2a0b:a300::/29
                  2a0c:7440::/29
                  2a0c:74c0::/29
                  2a0c:7540::/29
                  2a0d:2cc0::/29
                  2a0d:88c0::/29
                  2a0f:2380::/29
                  2a0f:5580::/29
                  2a0f:7100::/29
                  2a0f:7300::/29
                  2a0f:7c80::/29
                  2a0f:a700::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:55:c5:b0:97:c2:50:57:99:2e:38:1d:9f:6e:42:ea:ac:ec:
         28:34:ff:3f:34:0a:64:19:a6:d1:12:22:27:39:b6:f0:22:06:
         5d:4b:23:f0:2f:76:53:07:4d:8c:76:1d:0a:8f:0e:f9:ea:4a:
         c1:e2:28:ca:55:1d:f8:09:bd:31:59:25:f8:89:05:f3:17:34:
         e0:bc:f2:c9:c7:f7:27:37:88:54:86:76:0f:a2:4e:a4:d6:86:
         d9:f0:c0:a1:47:57:f4:04:e3:29:e6:81:ad:06:4a:b1:67:81:
         2c:bd:9c:3a:86:7d:a2:d3:29:b0:11:63:f5:d5:53:20:98:f8:
         21:b6:bc:ee:e2:f5:81:e3:84:1e:2e:6d:13:50:de:b3:06:2b:
         45:6e:a9:93:09:ba:1b:68:23:eb:55:d8:ef:88:94:d9:2c:a2:
         fe:b9:ce:34:e2:1e:0d:17:1d:c6:95:8a:ce:9c:b9:0f:d2:9d:
         c6:30:03:83:39:37:bc:fb:9a:f2:d5:50:48:c7:d6:ca:0a:16:
         15:f6:a9:c3:c4:53:7d:c6:f2:e3:d1:d5:28:d5:a0:0c:98:8a:
         ce:72:b4:f8:36:04:d9:6c:03:9b:0f:43:61:d6:e8:94:c7:45:
         6d:16:cc:0c:e6:cf:c8:d7:1b:18:11:9e:51:62:53:75:d2:7a:
         53:14:7b:25
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYlycJDGroLyF+IlcA5VZGTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwNzIwMDgzNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk1MmJjNzlmNDcwMmE1Y2UwZTk4ZDRiZWI3YzBhYTk5YmI2ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GjuV6t37eXlwkjzpoRV327ol/mY
1uVLyefDvvjIfwDTBedCrixX2ZKC7Zicv82pnh1ACBgiLIMBSagfS1i/ED2mBpRm
5cY2P0lF5qb+Wc6XgSJ5XxF2htoLkEqn3qvhPRU4OymNiZtbqbkUqdUh9bNq4Bmv
NgXH0vYkoOi+WK7p9F2chjkadzDv6gw+63VEjnk8sXwZ5K6kP/9346flhmoUsBhK
LzSZZu8iJLQlcnA7Trx+DZ4KB5Enh+NepGo9HnOyR9pUXQvahw9eA1Tf5EzbwClz
h6zckqIVLIKZXJbuYRJNxBIqP4IcgqJ9IHc/usy4NrwmhR7Ij66/db8C0QIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFAWVK8efRwKlzg6Y1L63wKqZu232MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvQlpVcng1OUhBcVhPRHBqVXZyZkFxcG03YmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwbwQCAAIwaQMFAyoHSgAD
BQMqC5gAAwUDKgujAAMFAyoMdEADBQMqDHTAAwUDKgx1QAMFAyoNLMADBQMqDYjA
AwUDKg8jgAMFAyoPVYADBQMqD3EAAwUDKg9zAAMFAyoPfIADBQMqD6cAAwUDKg/H
gDANBgkqhkiG9w0BAQsFAAOCAQEAflXFsJfCUFeZLjgdn25C6qzsKDT/PzQKZBmm
0RIiJzm28CIGXUsj8C92UwdNjHYdCo8O+epKweIoylUd+Am9MVkl+IkF8xc04Lzy
ycf3JzeIVIZ2D6JOpNaG2fDAoUdX9ATjKeaBrQZKsWeBLL2cOoZ9otMpsBFj9dVT
IJj4Iba87uL1geOEHi5tE1DeswYrRW6pkwm6G2gj61XY74iU2Syi/rnONOIeDRcd
xpWKzpy5D9KdxjADgzk3vPua8tVQSMfWygoWFfapw8RTfcby49HVKNWgDJiKznK0
+DYE2WwDmw9DYdbolMdFbRbMDObPyNcbGBGeUWJTddJ6UxR7JQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org