Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FnJKU6Yk-yH-aBI7fuOVa8j5DjA.roa
File:                     FnJKU6Yk-yH-aBI7fuOVa8j5DjA.roa (raw, json)
Hash identifier:          uzPo4FaappnxUzxg9YIbac9uCd046p7b4aQGQ9IyYOU=
Subject key identifier:   16:72:4A:53:A6:24:FB:21:FE:68:12:3B:7E:E3:95:6B:C8:F9:0E:30
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01892B22BB578340FC4D51DD4AAE80A45B33
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FnJKU6Yk-yH-aBI7fuOVa8j5DjA.roa
Signing time:             Thu 06 Jul 2023 12:17:23 +0000
ROA not before:           Thu 06 Jul 2023 12:17:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12608
IP address blocks:        185.112.81.0/24 maxlen: 24
                          2a0f:3380::/29 maxlen: 29
                          2a0f:2380::/29 maxlen: 29
                          2a0f:a700::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:7300::/29 maxlen: 29
                          2a09:5300::/29 maxlen: 29
                          2a0d:8340::/29 maxlen: 29
                          2a0b:a300::/32 maxlen: 32
                          2a0f:4580::/29 maxlen: 29
                          2a0c:7440::/29 maxlen: 29
                          2a0c:74c0::/29 maxlen: 29
                          2a0f:5580::/29 maxlen: 29
                          2a0f:1180::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a0f:a500::/29 maxlen: 29
                          2a0f:7b80::/29 maxlen: 29
                          2a0f:7100::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2b:22:bb:57:83:40:fc:4d:51:dd:4a:ae:80:a4:5b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul  6 12:17:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=16724a53a624fb21fe68123b7ee3956bc8f90e30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ba:59:1f:de:1a:35:ac:04:27:16:c5:6b:b7:
                    8b:3c:06:ba:bd:6f:df:d6:39:ac:2b:3a:77:31:56:
                    f4:12:df:a6:52:2e:84:c5:3d:f1:be:10:76:44:b4:
                    f1:17:c0:e9:8a:42:b6:d9:eb:6e:f3:4c:da:7d:89:
                    cc:6e:62:23:ab:d6:be:a2:d6:51:83:a9:f3:53:68:
                    ab:da:16:a2:fc:ee:d8:9c:46:d2:a1:00:0e:2c:b8:
                    06:e9:e3:8e:ad:1b:14:f7:48:45:a9:b4:48:f6:e9:
                    d1:73:5c:26:6a:33:35:88:0d:e5:27:28:61:0c:f6:
                    fc:fd:ff:7c:44:70:72:74:bd:41:93:5c:db:af:35:
                    a8:51:8c:f2:03:d8:f6:a2:7e:d2:91:0d:df:5a:69:
                    96:e0:0f:72:76:3f:27:cc:ab:f9:20:7d:5c:29:4e:
                    13:cc:68:bd:19:15:c7:27:07:19:6c:54:e9:b3:ad:
                    37:35:26:a3:1b:41:dd:94:04:80:08:b8:b2:39:af:
                    ad:56:48:a1:d2:b0:48:9b:01:21:4c:a8:51:6c:42:
                    94:e1:ae:cf:59:9a:f2:26:da:41:35:bb:b3:f2:0c:
                    0b:70:5f:34:22:1b:c8:26:d5:ae:cd:ae:0a:74:8a:
                    08:f4:79:f9:14:dd:4e:79:27:53:48:a6:ac:88:ab:
                    df:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:72:4A:53:A6:24:FB:21:FE:68:12:3B:7E:E3:95:6B:C8:F9:0E:30
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FnJKU6Yk-yH-aBI7fuOVa8j5DjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.81.0/24
                IPv6:
                  2a09:5300::/29
                  2a0b:a300::/32
                  2a0c:7440::/29
                  2a0c:74c0::/29
                  2a0c:7540::/29
                  2a0d:8340::/29
                  2a0d:88c0::/29
                  2a0f:1180::/29
                  2a0f:2380::/29
                  2a0f:3380::/29
                  2a0f:4580::/29
                  2a0f:5580::/29
                  2a0f:7100::/29
                  2a0f:7300::/29
                  2a0f:7b80::/29
                  2a0f:a500::/29
                  2a0f:a700::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:5a:ab:b9:03:1e:fe:dd:4b:14:00:b4:0d:1a:4c:59:11:47:
         80:a0:23:31:e9:0f:48:56:32:07:93:3a:09:da:f2:e5:4f:b3:
         68:71:b8:d0:17:52:d4:f2:58:78:21:d6:bd:e3:c7:f7:ae:60:
         a6:74:1f:73:f2:4b:b6:56:62:dc:b6:ad:2f:dd:bf:73:48:65:
         64:f2:7f:a7:12:c0:ee:80:6a:d6:a5:a3:f1:8b:17:4b:70:db:
         1e:7b:a2:48:66:3c:f3:6f:1e:09:7c:0a:f1:50:21:c4:bb:85:
         c7:d3:3f:3b:da:14:91:97:f8:d1:89:71:e5:d2:a6:18:fd:49:
         6f:ef:db:ca:63:13:ba:03:48:ab:88:dd:d1:91:ac:cc:80:db:
         47:bd:d1:11:71:47:9d:29:ba:f2:83:dd:53:0e:e8:72:a3:fd:
         28:b9:82:c3:35:b6:31:42:b9:50:9e:4a:3e:2b:be:b0:40:fc:
         0c:b8:15:11:dc:27:a9:cd:7a:a6:41:df:fb:a2:d7:a4:a3:b4:
         57:56:ed:ab:ef:e9:11:0a:dc:b7:ad:37:fb:12:e8:37:51:62:
         f2:c0:3a:46:94:18:98:6a:aa:bd:43:8f:d4:50:d4:51:15:fd:
         59:24:1c:75:b3:a1:22:7d:5b:83:3d:af:5b:96:f5:3a:34:86:
         47:2c:d1:f7
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgISAYkrIrtXg0D8TVHdSq6ApFszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwNzA2MTIxNzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjcyNGE1M2E2MjRmYjIxZmU2ODEyM2I3ZWUzOTU2YmM4ZjkwZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7pZH94aNawEJxbFa7eLPAa6vW/f
1jmsKzp3MVb0Et+mUi6ExT3xvhB2RLTxF8DpikK22etu80zafYnMbmIjq9a+otZR
g6nzU2ir2hai/O7YnEbSoQAOLLgG6eOOrRsU90hFqbRI9unRc1wmajM1iA3lJyhh
DPb8/f98RHBydL1Bk1zbrzWoUYzyA9j2on7SkQ3fWmmW4A9ydj8nzKv5IH1cKU4T
zGi9GRXHJwcZbFTps603NSajG0HdlASACLiyOa+tVkih0rBImwEhTKhRbEKU4a7P
WZryJtpBNbuz8gwLcF80IhvIJtWuza4KdIoI9Hn5FN1OeSdTSKasiKvfNwIDAQAB
o4ICizCCAocwHQYDVR0OBBYEFBZySlOmJPsh/mgSO37jlWvI+Q4wMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRm5KS1U2WWsteUgtYUJJN2Z1T1ZhOGo1RGpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGgBggrBgEFBQcBBwEB/wSBkDCBjTAMBAIAATAGAwQAuXBR
MH0EAgACMHcDBQMqCVMAAwUAKgujAAMFAyoMdEADBQMqDHTAAwUDKgx1QAMFAyoN
g0ADBQMqDYjAAwUDKg8RgAMFAyoPI4ADBQMqDzOAAwUDKg9FgAMFAyoPVYADBQMq
D3EAAwUDKg9zAAMFAyoPe4ADBQMqD6UAAwUDKg+nADANBgkqhkiG9w0BAQsFAAOC
AQEABlqruQMe/t1LFAC0DRpMWRFHgKAjMekPSFYyB5M6Cdry5U+zaHG40BdS1PJY
eCHWvePH965gpnQfc/JLtlZi3LatL92/c0hlZPJ/pxLA7oBq1qWj8YsXS3DbHnui
SGY8828eCXwK8VAhxLuFx9M/O9oUkZf40Ylx5dKmGP1Jb+/bymMTugNIq4jd0ZGs
zIDbR73REXFHnSm68oPdUw7ocqP9KLmCwzW2MUK5UJ5KPiu+sED8DLgVEdwnqc16
pkHf+6LXpKO0V1btq+/pEQrct603+xLoN1Fi8sA6RpQYmGqqvUOP1FDUURX9WSQc
dbOhIn1bgz2vW5b1OjSGRyzR9w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org