Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/7HrmJb8_uwkxoXDKaNNmMQRKZjA.roa
File:                     7HrmJb8_uwkxoXDKaNNmMQRKZjA.roa (raw, json)
Hash identifier:          GSvhSgBIobskJ6tzKUYy9QX08P305AuqqJVyWnU7DR0=
Subject key identifier:   EC:7A:E6:25:BF:3F:BB:09:31:A1:70:CA:68:D3:66:31:04:4A:66:30
Certificate issuer:       /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial:       089031D8
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/7HrmJb8_uwkxoXDKaNNmMQRKZjA.roa
Signing time:             Sat 01 Jan 2022 05:05:51 +0000
ROA not before:           Sat 01 Jan 2022 05:05:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209898
IP address blocks:        147.78.192.0/22 maxlen: 24
                          185.203.112.0/22 maxlen: 24
                          2a0a:e5c0::/29 maxlen: 48
                          2a0a:e5c0:2::/48 maxlen: 48
                          2a09:2940::/29 maxlen: 48
                          2a0a:e5c1:100::/40 maxlen: 48
                          2a0a:e5c0:1::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 143667672 (0x89031d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
        Validity
            Not Before: Jan  1 05:05:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ec7ae625bf3fbb0931a170ca68d36631044a6630
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fa:2b:b5:d6:07:e8:92:20:bf:21:26:57:ef:
                    3e:8e:72:f2:db:b6:3b:8e:bc:dc:ba:26:6c:7b:b6:
                    fd:a6:a4:0a:f5:e2:ea:82:56:c8:74:52:3a:6d:b9:
                    da:80:1f:03:97:8f:27:f2:fb:6c:0d:8c:9e:2f:91:
                    89:75:9b:a3:36:e8:bf:3b:46:8d:c0:b9:54:ec:00:
                    32:0e:fd:4d:d8:d3:57:0e:17:68:23:0e:50:8d:38:
                    00:6b:b2:c2:c0:96:68:71:4e:83:9b:2b:1f:65:3d:
                    ca:10:cd:d6:61:d8:2f:b7:c7:9f:4a:b3:e8:d9:e4:
                    3e:85:ba:29:c5:ea:82:58:06:14:72:b4:9c:08:c8:
                    34:f9:bf:be:42:ef:d2:82:09:89:9c:2b:e2:a2:af:
                    bf:69:dc:3b:65:b3:05:7a:0b:e6:a2:07:ac:33:54:
                    95:59:e6:7b:8f:c6:1e:a4:bc:db:49:e5:94:9e:4e:
                    c9:ce:85:d4:fd:0e:6b:78:0d:78:25:d3:77:80:35:
                    6d:83:e5:66:da:98:4f:e8:e4:bc:90:e9:68:f8:41:
                    21:06:71:41:02:25:6d:e0:50:49:8a:1c:2a:13:84:
                    13:6f:96:b9:1c:16:e4:f5:de:6b:9f:63:52:7d:e0:
                    30:d0:7d:8c:f1:bc:2a:58:9e:b8:a0:40:8c:e0:5c:
                    f8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:7A:E6:25:BF:3F:BB:09:31:A1:70:CA:68:D3:66:31:04:4A:66:30
            X509v3 Authority Key Identifier:
                keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/7HrmJb8_uwkxoXDKaNNmMQRKZjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.192.0/22
                  185.203.112.0/22
                IPv6:
                  2a09:2940::/29
                  2a0a:e5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:97:e4:bc:1f:b4:e3:cd:68:33:5d:1e:5e:76:6c:f1:a9:65:
         8b:1f:f6:32:a0:62:66:25:67:88:bb:e2:0c:2c:0c:62:dc:41:
         24:bb:2e:d0:af:8e:93:03:04:3d:b7:22:ca:5e:00:77:f4:1e:
         97:c9:05:93:7f:b6:e6:da:f2:ef:7a:2c:dc:6b:a4:39:14:e2:
         72:7b:fc:f6:3c:5f:15:45:d1:a3:b0:6b:c3:b6:cd:06:bf:fb:
         f7:8a:64:76:00:d1:be:66:e5:54:ad:16:87:5d:84:ee:33:bd:
         ab:82:f4:76:d1:7e:27:2c:a2:36:80:57:06:f5:43:93:6c:6b:
         71:ff:6a:fb:b6:8f:a6:b4:28:ea:1b:e2:3f:32:df:27:f7:9f:
         ac:e9:35:42:32:b7:30:20:6b:8c:43:f7:75:f7:84:81:2f:08:
         05:99:f6:92:83:b9:4e:b2:ca:cf:c5:72:dd:d6:31:5c:32:7c:
         d9:56:0b:fb:f3:5c:c3:66:0e:43:51:49:fa:f0:94:29:32:72:
         35:af:d0:e4:8c:bb:59:37:dc:54:a6:ff:5e:f4:12:4f:81:12:
         cd:ce:59:b5:18:e8:3e:12:a9:54:c7:ca:0d:26:dc:63:5e:39:
         0c:78:02:ae:c3:20:af:55:dd:26:e9:cd:a9:5e:4a:d2:bf:2e:
         3c:c7:8d:35
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIECJAx2DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NmJmYzVhMTcyNjU0ZGQ2MDA5ZGIxZDgyZDkyZmZhZjcxMjM0MTIwMB4XDTIyMDEw
MTA1MDU1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWM3YWU2MjViZjNm
YmIwOTMxYTE3MGNhNjhkMzY2MzEwNDRhNjYzMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMb6K7XWB+iSIL8hJlfvPo5y8tu2O4683LombHu2/aakCvXi
6oJWyHRSOm252oAfA5ePJ/L7bA2Mni+RiXWbozbovztGjcC5VOwAMg79TdjTVw4X
aCMOUI04AGuywsCWaHFOg5srH2U9yhDN1mHYL7fHn0qz6NnkPoW6KcXqglgGFHK0
nAjINPm/vkLv0oIJiZwr4qKvv2ncO2WzBXoL5qIHrDNUlVnme4/GHqS820nllJ5O
yc6F1P0Oa3gNeCXTd4A1bYPlZtqYT+jkvJDpaPhBIQZxQQIlbeBQSYocKhOEE2+W
uRwW5PXea59jUn3gMNB9jPG8KlieuKBAjOBc+KkCAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBTseuYlvz+7CTGhcMpo02YxBEpmMDAfBgNVHSMEGDAWgBSWv8WhcmVN1gCd
sdgtkv+vcSNBIDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xyX0ZvWEpsVGRZQW5iSFlMWkxfcjNFalFTQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2MvMzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8x
LzdIcm1KYjhfdXdreG9YREthTk5tTVFSS1pqQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Mv
MzYzMGNiLWViZWMtNGQ4Ni1iMTJiLWJmZmI3NTdjMzEzNC8xL2xyX0ZvWEpsVGRZ
QW5iSFlMWkxfcjNFalFTQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEApNOwAMEArnLcDAUBAIAAjAOAwUD
KgkpQAMFAyoK5cAwDQYJKoZIhvcNAQELBQADggEBAB+X5LwftOPNaDNdHl52bPGp
ZYsf9jKgYmYlZ4i74gwsDGLcQSS7LtCvjpMDBD23IspeAHf0HpfJBZN/tuba8u96
LNxrpDkU4nJ7/PY8XxVF0aOwa8O2zQa/+/eKZHYA0b5m5VStFoddhO4zvauC9HbR
ficsojaAVwb1Q5Nsa3H/avu2j6a0KOob4j8y3yf3n6zpNUIytzAga4xD93X3hIEv
CAWZ9pKDuU6yys/Fct3WMVwyfNlWC/vzXMNmDkNRSfrwlCkycjWv0OSMu1k33FSm
/170Ek+BEs3OWbUY6D4SqVTHyg0m3GNeOQx4Aq7DIK9V3SbpzaleStK/LjzHjTU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:07 2024 by rpki-client on console-fra.rpki-client.org