Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Yts2QO_qZHS7tCED5Yd9t7LYuag.roa
File:                     Yts2QO_qZHS7tCED5Yd9t7LYuag.roa (raw, json)
Hash identifier:          7UC+DbTdhsgezHdW6afCKvdG01ywvnaKKP1b8aRfUaE=
Subject key identifier:   62:DB:36:40:EF:EA:64:74:BB:B4:21:03:E5:87:7D:B7:B2:D8:B9:A8
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018972709059C37D12C0948FB2CB8560FEB1
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Yts2QO_qZHS7tCED5Yd9t7LYuag.roa
Signing time:             Thu 20 Jul 2023 08:35:26 +0000
ROA not before:           Thu 20 Jul 2023 08:35:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12608
IP address blocks:        185.112.81.0/24 maxlen: 24
                          2a0f:2380::/29 maxlen: 29
                          2a0f:a700::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:7300::/29 maxlen: 29
                          2a09:5300::/29 maxlen: 29
                          2a0d:8340::/29 maxlen: 29
                          2a0b:a300::/32 maxlen: 32
                          2a0c:7440::/29 maxlen: 29
                          2a0c:74c0::/29 maxlen: 29
                          2a0f:5580::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a0f:7b80::/29 maxlen: 29
                          2a0f:7100::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:72:70:90:59:c3:7d:12:c0:94:8f:b2:cb:85:60:fe:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 20 08:35:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=62db3640efea6474bbb42103e5877db7b2d8b9a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a4:c3:8a:9e:a1:93:f0:07:c9:39:22:32:48:
                    41:bd:42:d9:35:f2:a1:52:be:ec:c4:05:25:5b:56:
                    69:34:9d:db:78:92:2c:05:d9:03:a2:31:42:fd:1c:
                    45:3a:65:2a:d0:c6:a7:c5:a6:a7:64:a3:48:6c:1b:
                    a7:1c:28:d7:0d:14:64:7a:35:95:f2:82:8e:25:5f:
                    dc:5d:d0:aa:6a:0f:da:e9:2e:84:fa:e5:8d:ff:06:
                    b1:40:61:6a:7c:06:f1:0b:44:9e:a8:95:ba:be:29:
                    a6:df:57:81:aa:fb:d5:37:60:7f:69:39:af:fc:b9:
                    52:3c:2c:d9:11:f3:fa:f7:a8:2f:e3:18:c1:fd:de:
                    b8:ea:60:0d:34:38:82:86:5a:9c:e2:c1:32:9f:35:
                    62:ca:6b:78:29:33:12:a9:8e:f6:d9:21:ea:59:18:
                    7b:ad:b3:b9:2b:5a:28:34:54:b9:fb:a5:44:07:e3:
                    ae:83:2e:7e:27:13:ca:11:3a:dc:43:94:d9:fc:bd:
                    e3:5b:fe:c1:ad:a8:f7:47:77:02:e2:79:77:08:01:
                    ca:4a:df:cd:b1:cc:8c:74:5e:fc:ba:8f:f7:cd:79:
                    a4:4a:1e:a0:7e:54:89:12:d7:81:a7:27:95:6d:56:
                    d7:a6:c7:ad:9c:d1:e1:41:d6:23:9d:6a:54:e9:2d:
                    33:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:DB:36:40:EF:EA:64:74:BB:B4:21:03:E5:87:7D:B7:B2:D8:B9:A8
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Yts2QO_qZHS7tCED5Yd9t7LYuag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.81.0/24
                IPv6:
                  2a09:5300::/29
                  2a0b:a300::/32
                  2a0c:7440::/29
                  2a0c:74c0::/29
                  2a0c:7540::/29
                  2a0d:8340::/29
                  2a0d:88c0::/29
                  2a0f:2380::/29
                  2a0f:5580::/29
                  2a0f:7100::/29
                  2a0f:7300::/29
                  2a0f:7b80::/29
                  2a0f:a700::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:89:7a:95:2c:78:c3:73:37:70:59:ba:f0:c9:19:7c:b7:de:
         0b:db:af:51:9b:11:eb:cb:a7:cc:f9:dc:9f:ac:ce:81:a8:4a:
         f1:1a:70:63:1d:9e:02:63:f8:44:31:ef:32:f7:2b:c3:72:dc:
         e4:e3:3b:b2:94:37:fe:9b:27:64:cd:d8:b8:62:7d:59:56:7f:
         e1:83:7d:14:a8:04:85:aa:89:0c:7f:21:2b:ec:3b:cf:6f:a4:
         ff:e2:66:9b:6f:12:37:c2:2d:d0:1b:f4:d1:2b:24:19:f0:fa:
         05:65:a2:04:99:85:54:48:d9:6d:22:5a:9c:b3:4e:ca:68:62:
         de:fc:b7:c8:fe:87:c7:d7:aa:b6:1e:ea:aa:0b:3c:00:7e:48:
         80:95:db:3d:8f:9b:13:9a:00:c8:39:11:c3:28:c5:63:33:89:
         b8:63:6d:05:ea:41:f8:1a:9b:59:f9:55:5b:12:f8:ea:55:81:
         a9:f8:b6:6f:92:0c:f7:d7:d2:a3:23:5d:5f:3a:90:2c:d0:e8:
         84:6e:dc:47:a2:fe:c3:55:86:09:e5:4f:63:3f:11:3c:4d:61:
         e0:72:00:97:2d:a3:f3:4b:bc:65:ad:7b:4d:e7:b7:d7:2e:e6:
         5d:a3:ae:c2:3f:a1:81:4b:66:cf:09:77:c5:0b:0c:52:23:55:
         9a:e4:bd:08
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYlycJBZw30SwJSPssuFYP6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwNzIwMDgzNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmRiMzY0MGVmZWE2NDc0YmJiNDIxMDNlNTg3N2RiN2IyZDhiOWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqTDip6hk/AHyTkiMkhBvULZNfKh
Ur7sxAUlW1ZpNJ3beJIsBdkDojFC/RxFOmUq0ManxaanZKNIbBunHCjXDRRkejWV
8oKOJV/cXdCqag/a6S6E+uWN/waxQGFqfAbxC0SeqJW6vimm31eBqvvVN2B/aTmv
/LlSPCzZEfP696gv4xjB/d646mANNDiChlqc4sEynzViymt4KTMSqY722SHqWRh7
rbO5K1ooNFS5+6VEB+Ougy5+JxPKETrcQ5TZ/L3jW/7Braj3R3cC4nl3CAHKSt/N
scyMdF78uo/3zXmkSh6gflSJEteBpyeVbVbXpsetnNHhQdYjnWpU6S0z2wIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFGLbNkDv6mR0u7QhA+WHfbey2LmoMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvWXRzMlFPX3FaSFM3dENFRDVZZDl0N0xZdWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwDAQCAAEwBgMEALlwUTBh
BAIAAjBbAwUDKglTAAMFACoLowADBQMqDHRAAwUDKgx0wAMFAyoMdUADBQMqDYNA
AwUDKg2IwAMFAyoPI4ADBQMqD1WAAwUDKg9xAAMFAyoPcwADBQMqD3uAAwUDKg+n
ADANBgkqhkiG9w0BAQsFAAOCAQEASYl6lSx4w3M3cFm68MkZfLfeC9uvUZsR68un
zPncn6zOgahK8RpwYx2eAmP4RDHvMvcrw3Lc5OM7spQ3/psnZM3YuGJ9WVZ/4YN9
FKgEhaqJDH8hK+w7z2+k/+Jmm28SN8It0Bv00SskGfD6BWWiBJmFVEjZbSJanLNO
ymhi3vy3yP6Hx9eqth7qqgs8AH5IgJXbPY+bE5oAyDkRwyjFYzOJuGNtBepB+Bqb
WflVWxL46lWBqfi2b5IM99fSoyNdXzqQLNDohG7cR6L+w1WGCeVPYz8RPE1h4HIA
ly2j80u8Za17Tee31y7mXaOuwj+hgUtmzwl3xQsMUiNVmuS9CA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org