Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/xhTKPXYbFaYGH0AuPxmmvsWEbr4.roa
File:                     xhTKPXYbFaYGH0AuPxmmvsWEbr4.roa (raw, json)
Hash identifier:          v1V9jz28HkSdma0U6ZxsdnG1U5hncLbz/A62HGlpSXM=
Subject key identifier:   C6:14:CA:3D:76:1B:15:A6:06:1F:40:2E:3F:19:A6:BE:C5:84:6E:BE
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       10613626
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/xhTKPXYbFaYGH0AuPxmmvsWEbr4.roa
Signing time:             Mon 16 May 2022 10:54:29 +0000
ROA not before:           Mon 16 May 2022 10:54:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43060
IP address blocks:        185.196.216.0/22 maxlen: 22
                          94.158.48.0/20 maxlen: 20
                          94.158.56.0/24 maxlen: 24
                          94.158.60.0/24 maxlen: 24
                          94.158.61.0/24 maxlen: 24
                          94.158.59.0/24 maxlen: 24
                          94.158.62.0/24 maxlen: 24
                          109.207.240.0/20 maxlen: 22
                          91.196.76.0/23 maxlen: 24
                          2a04:1b80::/32 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 274806310 (0x10613626)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: May 16 10:54:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c614ca3d761b15a6061f402e3f19a6bec5846ebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2d:55:a7:ef:5e:af:50:78:d6:f9:39:fa:2e:
                    a0:5a:0e:66:ee:9b:b8:e2:42:60:65:bc:bd:68:a8:
                    7c:f7:75:4e:39:61:16:f3:2b:31:ad:37:80:9c:09:
                    5e:9f:ad:97:67:8c:1d:c2:43:23:38:2a:d3:9f:90:
                    8c:44:22:84:a8:e8:c0:2f:3f:5e:2a:16:13:44:96:
                    39:80:ee:17:ba:58:b9:cb:1e:10:19:e1:5a:7e:e0:
                    77:80:c2:0e:71:69:a3:53:f6:fc:e3:f7:4a:b3:0a:
                    24:0c:3d:d8:d8:bc:90:ba:58:7f:2a:8d:d0:90:23:
                    39:a4:3b:d6:4f:b9:cc:e4:ae:4e:36:0c:78:d7:8b:
                    bd:c5:a5:bf:bc:76:cc:96:ea:0e:b4:ef:cc:1a:77:
                    50:da:bb:b4:01:3e:7c:80:20:39:02:71:ce:72:2e:
                    eb:67:36:ca:77:56:ac:64:42:78:bb:5b:6c:39:b6:
                    1d:71:48:71:9b:a6:01:fd:ed:c7:0e:05:15:7f:4e:
                    62:f1:25:c8:da:6d:43:83:0e:24:50:da:a3:6c:ae:
                    75:51:37:27:23:6a:eb:01:6c:ec:9e:7a:6c:d6:64:
                    d2:c3:66:c4:93:ac:15:33:ca:50:dc:ee:54:8e:d4:
                    2e:a7:f8:27:ee:f1:c9:0c:4a:f1:ed:f0:d5:35:21:
                    5f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:14:CA:3D:76:1B:15:A6:06:1F:40:2E:3F:19:A6:BE:C5:84:6E:BE
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/xhTKPXYbFaYGH0AuPxmmvsWEbr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.76.0/23
                  94.158.48.0/20
                  109.207.240.0/20
                  185.196.216.0/22
                IPv6:
                  2a04:1b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:dd:13:e7:fb:ce:01:c6:d2:5b:f8:0c:46:6c:e8:0c:53:58:
         3e:74:b5:6d:a0:46:71:f4:da:22:ef:0b:40:33:0e:23:d0:7f:
         9b:3b:c0:c9:ed:85:d1:2b:92:d9:ec:ff:76:17:c3:16:8e:a3:
         4b:70:01:45:40:66:20:38:16:ee:69:92:cd:17:4f:0d:7c:56:
         7b:8f:66:5b:29:b8:97:9f:c6:e9:f2:70:a0:c6:09:8a:01:fb:
         72:cf:e5:39:e4:e8:df:f7:cc:e9:58:da:73:9d:8b:75:7d:72:
         df:6c:30:f0:69:9f:53:58:4d:60:3c:e9:09:2f:b6:fc:b6:74:
         23:77:5b:bc:73:ef:c2:09:27:6e:e9:50:e0:42:a6:87:bd:47:
         9c:d1:28:31:1d:c0:b4:9d:53:7a:63:f1:1e:2b:52:63:cf:14:
         73:2d:6c:dc:5c:b4:3b:99:f8:9c:70:dd:2a:52:a9:a1:98:d5:
         00:b6:ae:8c:75:35:e8:24:89:97:1a:b8:7f:5f:67:0d:d3:e0:
         52:7b:c3:57:ea:da:e3:cb:c8:47:36:81:d4:ef:5d:7e:2d:d3:
         5e:e1:bb:be:7a:e4:28:07:f8:d4:33:d6:bf:78:b7:2a:8f:77:
         3a:14:7f:90:6f:20:33:3c:e8:b8:5d:6d:79:4f:4f:39:24:8f:
         47:ce:3a:3c
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEEGE2JjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZmI0YThiOTNhZjllYTljZjE4YWFjYTRlNzNmMTE2ZWMyNmViMzU3MB4XDTIyMDUx
NjEwNTQyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzYxNGNhM2Q3NjFi
MTVhNjA2MWY0MDJlM2YxOWE2YmVjNTg0NmViZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMwtVafvXq9QeNb5OfouoFoOZu6buOJCYGW8vWiofPd1Tjlh
FvMrMa03gJwJXp+tl2eMHcJDIzgq05+QjEQihKjowC8/XioWE0SWOYDuF7pYucse
EBnhWn7gd4DCDnFpo1P2/OP3SrMKJAw92Ni8kLpYfyqN0JAjOaQ71k+5zOSuTjYM
eNeLvcWlv7x2zJbqDrTvzBp3UNq7tAE+fIAgOQJxznIu62c2yndWrGRCeLtbbDm2
HXFIcZumAf3txw4FFX9OYvElyNptQ4MOJFDao2yudVE3JyNq6wFs7J56bNZk0sNm
xJOsFTPKUNzuVI7ULqf4J+7xyQxK8e3w1TUhXw0CAwEAAaOCAiowggImMB0GA1Ud
DgQWBBTGFMo9dhsVpgYfQC4/Gaa+xYRuvjAfBgNVHSMEGDAWgBSftKi5OvnqnPGK
rKTnPxFuwm6zVzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L243U291VHI1NnB6eGlxeWs1ejhSYnNKdXMxYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzgvODk4NzQxLWVkYTQtNGM1ZC1hZjlmLThkNjhlYjIwZmJkZC8x
L3hoVEtQWFliRmFZR0gwQXVQeG1tdnNXRWJyNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgv
ODk4NzQxLWVkYTQtNGM1ZC1hZjlmLThkNjhlYjIwZmJkZC8xL243U291VHI1NnB6
eGlxeWs1ejhSYnNKdXMxYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAVvETAMEBF6eMAMEBG3P8AMEArnE
2DANBAIAAjAHAwUAKgQbgDANBgkqhkiG9w0BAQsFAAOCAQEANN0T5/vOAcbSW/gM
RmzoDFNYPnS1baBGcfTaIu8LQDMOI9B/mzvAye2F0SuS2ez/dhfDFo6jS3ABRUBm
IDgW7mmSzRdPDXxWe49mWym4l5/G6fJwoMYJigH7cs/lOeTo3/fM6Vjac52LdX1y
32ww8GmfU1hNYDzpCS+2/LZ0I3dbvHPvwgknbulQ4EKmh71HnNEoMR3AtJ1TemPx
HitSY88Ucy1s3Fy0O5n4nHDdKlKpoZjVALaujHU16CSJlxq4f19nDdPgUnvDV+ra
48vIRzaB1O9dfi3TXuG7vnrkKAf41DPWv3i3Ko93OhR/kG8gMzzouF1teU9POSSP
R846PA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:34 2024 by rpki-client on console-fra.rpki-client.org