Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/v1sG7Zh0on2ZN8Iy682hi4tIgIk.roa
File:                     v1sG7Zh0on2ZN8Iy682hi4tIgIk.roa (raw, json)
Hash identifier:          NMuwavQg9xontuYlaExIo3dff2dj5tHijvKzgGY9bCU=
Subject key identifier:   BF:5B:06:ED:98:74:A2:7D:99:37:C2:32:EB:CD:A1:8B:8B:48:80:89
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       1084BB8C
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/v1sG7Zh0on2ZN8Iy682hi4tIgIk.roa
Signing time:             Wed 01 Jun 2022 11:14:20 +0000
ROA not before:           Wed 01 Jun 2022 11:14:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43060
IP address blocks:        91.196.76.0/23 maxlen: 24
                          185.196.216.0/22 maxlen: 22
                          94.158.48.0/21 maxlen: 21
                          94.158.48.0/20 maxlen: 20
                          94.158.56.0/24 maxlen: 24
                          94.158.57.0/24 maxlen: 24
                          94.158.58.0/24 maxlen: 24
                          94.158.60.0/24 maxlen: 24
                          94.158.61.0/24 maxlen: 24
                          94.158.62.0/24 maxlen: 24
                          94.158.63.0/24 maxlen: 24
                          94.158.59.0/24 maxlen: 24
                          109.207.240.0/20 maxlen: 22
                          2a04:1b80::/32 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 277134220 (0x1084bb8c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: Jun  1 11:14:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bf5b06ed9874a27d9937c232ebcda18b8b488089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6a:1d:ed:ef:69:68:74:a6:f5:7a:f7:21:20:
                    17:34:7a:13:67:9f:71:3c:25:9a:b3:e1:c0:30:82:
                    94:06:63:3d:ca:ae:35:95:29:1e:85:d0:7e:3e:6e:
                    85:5a:e4:e2:c1:cc:9c:7d:64:f1:a2:e6:56:dd:b1:
                    c1:9d:a5:d3:86:74:84:e4:38:42:c7:db:9d:d2:7f:
                    26:18:70:22:3f:0c:10:6c:55:37:48:3e:bf:bf:56:
                    d8:cd:bb:7e:60:62:0b:ff:4e:55:ab:09:67:47:63:
                    83:d3:3e:f8:ba:4c:69:c5:4e:9e:41:f3:a3:0d:ff:
                    e2:9d:fb:13:6e:d9:78:f4:4f:e2:0b:76:af:a2:5e:
                    a6:a2:a6:23:7a:53:d5:2f:34:12:03:74:b1:00:ba:
                    e7:d1:48:3f:48:5e:21:07:99:d4:69:cc:cc:89:9d:
                    03:12:65:90:fb:b4:f9:1e:5e:55:71:73:c5:35:1b:
                    2a:c9:66:29:e7:da:e0:fa:21:0a:fc:f3:14:a4:20:
                    dd:ed:d5:1b:23:f7:bd:9b:88:45:df:a0:fe:f2:f0:
                    55:57:2d:73:fb:cb:ee:e4:92:e4:9b:ec:d2:44:36:
                    3d:ec:fe:fc:46:ab:e3:b7:b4:6f:e2:75:76:65:a8:
                    14:a7:d9:24:7b:16:c6:9d:d9:13:e8:de:1c:27:c1:
                    dd:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:5B:06:ED:98:74:A2:7D:99:37:C2:32:EB:CD:A1:8B:8B:48:80:89
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/v1sG7Zh0on2ZN8Iy682hi4tIgIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.76.0/23
                  94.158.48.0/20
                  109.207.240.0/20
                  185.196.216.0/22
                IPv6:
                  2a04:1b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:14:c9:f1:a1:7d:58:c8:99:11:7f:65:d0:6e:56:c0:0e:b1:
         d4:b6:fe:62:1a:04:fe:5f:c7:97:e4:ad:49:9b:0e:77:62:43:
         91:40:88:d8:7f:e2:32:b6:53:12:28:6a:a7:45:10:f6:b2:97:
         75:38:47:c4:fa:02:73:56:61:c7:f0:c7:fa:ce:ff:39:fe:d0:
         53:8e:bf:c6:df:a2:9b:16:da:0a:97:c9:e5:39:5a:63:f5:c6:
         b9:54:55:2c:10:e7:fa:0d:25:27:0d:f8:23:b7:04:63:39:44:
         b4:0a:e1:54:b0:ed:3f:79:82:c7:ec:b8:67:14:6d:fa:23:e8:
         0c:83:87:40:a5:77:1d:f4:45:c8:50:e4:04:ef:89:68:8a:26:
         12:af:2a:65:5c:28:ba:70:4c:f0:10:ed:db:af:31:43:31:1d:
         5b:d8:f2:70:a9:ac:75:5d:81:f1:05:8b:68:25:e4:92:6b:dd:
         16:11:f7:01:cb:c4:8a:6a:67:be:ca:62:aa:a0:7a:b9:6e:f7:
         86:98:38:f1:88:eb:1e:aa:ee:28:e3:35:98:4c:5a:51:64:fe:
         be:8c:9c:37:f7:90:bb:51:b5:34:62:d9:13:8f:25:7b:67:e0:
         67:1b:f6:d1:ec:a4:4b:71:9d:6f:93:49:67:26:91:97:2a:98:
         a3:f9:58:bf
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEEIS7jDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZmI0YThiOTNhZjllYTljZjE4YWFjYTRlNzNmMTE2ZWMyNmViMzU3MB4XDTIyMDYw
MTExMTQyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmY1YjA2ZWQ5ODc0
YTI3ZDk5MzdjMjMyZWJjZGExOGI4YjQ4ODA4OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJVqHe3vaWh0pvV69yEgFzR6E2efcTwlmrPhwDCClAZjPcqu
NZUpHoXQfj5uhVrk4sHMnH1k8aLmVt2xwZ2l04Z0hOQ4QsfbndJ/JhhwIj8MEGxV
N0g+v79W2M27fmBiC/9OVasJZ0djg9M++LpMacVOnkHzow3/4p37E27ZePRP4gt2
r6JepqKmI3pT1S80EgN0sQC659FIP0heIQeZ1GnMzImdAxJlkPu0+R5eVXFzxTUb
KslmKefa4PohCvzzFKQg3e3VGyP3vZuIRd+g/vLwVVctc/vL7uSS5Jvs0kQ2Pez+
/Ear47e0b+J1dmWoFKfZJHsWxp3ZE+jeHCfB3SsCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBS/WwbtmHSifZk3wjLrzaGLi0iAiTAfBgNVHSMEGDAWgBSftKi5OvnqnPGK
rKTnPxFuwm6zVzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L243U291VHI1NnB6eGlxeWs1ejhSYnNKdXMxYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzgvODk4NzQxLWVkYTQtNGM1ZC1hZjlmLThkNjhlYjIwZmJkZC8x
L3Yxc0c3Wmgwb24yWk44SXk2ODJoaTR0SWdJay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgv
ODk4NzQxLWVkYTQtNGM1ZC1hZjlmLThkNjhlYjIwZmJkZC8xL243U291VHI1NnB6
eGlxeWs1ejhSYnNKdXMxYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAVvETAMEBF6eMAMEBG3P8AMEArnE
2DANBAIAAjAHAwUAKgQbgDANBgkqhkiG9w0BAQsFAAOCAQEAHRTJ8aF9WMiZEX9l
0G5WwA6x1Lb+YhoE/l/Hl+StSZsOd2JDkUCI2H/iMrZTEihqp0UQ9rKXdThHxPoC
c1Zhx/DH+s7/Of7QU46/xt+imxbaCpfJ5TlaY/XGuVRVLBDn+g0lJw34I7cEYzlE
tArhVLDtP3mCx+y4ZxRt+iPoDIOHQKV3HfRFyFDkBO+JaIomEq8qZVwounBM8BDt
268xQzEdW9jycKmsdV2B8QWLaCXkkmvdFhH3AcvEimpnvspiqqB6uW73hpg48Yjr
HqruKOM1mExaUWT+voycN/eQu1G1NGLZE48le2fgZxv20eykS3Gdb5NJZyaRlyqY
o/lYvw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:34 2024 by rpki-client on console-fra.rpki-client.org