Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/tNFArNL6ZulLezA2ucffWGerjsM.roa
File:                     tNFArNL6ZulLezA2ucffWGerjsM.roa (raw, json)
Hash identifier:          /WY4iQ9/3raanqQmIG0uVeYsze4lUxPHB644dIq4uDA=
Subject key identifier:   B4:D1:40:AC:D2:FA:66:E9:4B:7B:30:36:B9:C7:DF:58:67:AB:8E:C3
Certificate issuer:       /CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
Certificate serial:       01856B256CB7423BBA8352F70F4A3AA41371
Authority key identifier: A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/tNFArNL6ZulLezA2ucffWGerjsM.roa
Signing time:             Sun 01 Jan 2023 02:24:52 +0000
ROA not before:           Sun 01 Jan 2023 02:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43584
IP address blocks:        46.16.160.0/23 maxlen: 23
                          46.16.164.0/24 maxlen: 24
                          185.27.147.0/24 maxlen: 24
                          185.27.146.0/24 maxlen: 24
                          46.16.166.0/24 maxlen: 24
                          46.16.165.0/24 maxlen: 24
                          46.16.167.0/24 maxlen: 24
                          91.197.142.0/23 maxlen: 23
                          91.197.141.0/24 maxlen: 24
                          91.197.140.0/24 maxlen: 24
                          185.27.144.0/24 maxlen: 24
                          185.27.144.0/22 maxlen: 22
                          185.27.145.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:25:6c:b7:42:3b:ba:83:52:f7:0f:4a:3a:a4:13:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
        Validity
            Not Before: Jan  1 02:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b4d140acd2fa66e94b7b3036b9c7df5867ab8ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:80:07:ed:88:e4:1a:60:76:b4:f8:3b:36:43:
                    49:3d:0f:7a:61:35:ba:b2:d6:86:02:66:89:d5:d2:
                    d7:8d:42:e2:f3:dc:14:c0:a0:f9:80:9a:b0:e9:f1:
                    27:a3:77:6f:de:5d:ba:81:d7:bf:2f:ca:ef:e3:7e:
                    33:19:35:eb:e9:80:a5:de:0a:e3:8a:67:47:ba:93:
                    bf:8f:d8:b0:aa:e3:b8:0e:ba:47:44:bb:5e:50:74:
                    f4:e7:06:91:cd:a2:7d:ef:68:af:31:6c:de:17:dd:
                    d3:ba:a5:a7:58:56:9d:dd:4d:8c:aa:2e:d6:a6:51:
                    5d:5a:d1:02:d2:21:48:e3:fd:23:91:0a:5c:fb:12:
                    46:8a:f2:b6:b1:3e:ff:18:bd:d4:84:1d:10:55:f8:
                    c7:05:9a:63:6a:85:3f:58:ce:c3:33:26:0a:37:83:
                    27:49:66:fc:36:27:17:63:7d:17:c1:bf:28:dc:d0:
                    40:04:47:d6:cd:46:9b:d5:38:f6:f5:a1:90:71:88:
                    3d:95:41:e8:45:ba:91:b5:63:0a:9e:2f:ff:88:ca:
                    e9:18:cf:74:09:b3:2b:26:3a:d1:0a:70:52:33:9d:
                    e3:5b:94:4f:e2:5d:56:25:81:20:68:b5:d1:3b:21:
                    dc:20:f6:39:26:33:f6:12:b6:a0:f9:60:f8:fc:0c:
                    8d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D1:40:AC:D2:FA:66:E9:4B:7B:30:36:B9:C7:DF:58:67:AB:8E:C3
            X509v3 Authority Key Identifier:
                keyid:A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/tNFArNL6ZulLezA2ucffWGerjsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/po_5Ip79jRK0Jz80b4xkVOpYfsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.160.0/23
                  46.16.164.0/22
                  91.197.140.0/22
                  185.27.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:6c:cd:32:80:93:b9:57:38:4b:fd:15:82:53:24:4e:1c:2a:
         a4:8e:a5:02:13:ca:47:2b:12:00:31:a2:25:8a:3d:7b:ca:aa:
         3b:56:b2:76:eb:15:4b:99:1f:1b:22:50:14:5c:e3:8f:00:ef:
         85:f7:dc:ef:44:2e:c2:e7:b8:b1:5d:bb:83:3d:af:c4:78:9e:
         0c:a8:a0:df:5c:48:7c:55:86:8e:ce:41:c2:ff:9d:2f:fa:88:
         75:7d:0d:99:60:49:95:79:f5:c4:a6:d0:3a:fd:1e:e2:4f:b6:
         f7:a8:b5:02:65:5e:14:b0:73:72:f3:ee:a3:e7:e3:58:38:fe:
         4a:1a:51:97:68:55:d6:49:3b:8d:75:79:0b:48:90:c7:9d:02:
         8b:4c:a8:be:77:cb:8b:6d:a1:08:5a:4f:6a:cd:63:18:1f:d7:
         c5:c4:eb:50:96:ee:dd:58:c6:bf:1b:87:8d:4d:b2:c4:e5:8d:
         6a:63:f0:42:31:b0:c9:1c:00:54:85:7c:f5:db:c3:fc:54:f9:
         da:09:ef:14:14:98:06:db:1e:c0:41:1e:f3:39:6a:76:33:94:
         13:c7:2c:c9:a0:75:a0:6d:6d:96:45:65:74:a2:7a:e0:6f:6d:
         a2:c8:1a:0a:b2:b1:1b:74:26:a8:f5:2c:14:10:b7:ad:01:0c:
         a6:fe:49:b7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVrJWy3Qju6g1L3D0o6pBNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2OGZmOTIyOWVmZDhkMTJiNDI3M2YzNDZmOGM2NDU0ZWE1
ODdlY2MwHhcNMjMwMTAxMDIyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQxNDBhY2QyZmE2NmU5NGI3YjMwMzZiOWM3ZGY1ODY3YWI4ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7YAH7YjkGmB2tPg7NkNJPQ96YTW6
staGAmaJ1dLXjULi89wUwKD5gJqw6fEno3dv3l26gde/L8rv434zGTXr6YCl3grj
imdHupO/j9iwquO4DrpHRLteUHT05waRzaJ972ivMWzeF93TuqWnWFad3U2Mqi7W
plFdWtEC0iFI4/0jkQpc+xJGivK2sT7/GL3UhB0QVfjHBZpjaoU/WM7DMyYKN4Mn
SWb8NicXY30Xwb8o3NBABEfWzUab1Tj29aGQcYg9lUHoRbqRtWMKni//iMrpGM90
CbMrJjrRCnBSM53jW5RP4l1WJYEgaLXROyHcIPY5JjP2Erag+WD4/AyNOwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLTRQKzS+mbpS3swNrnH31hnq47DMB8GA1UdIwQY
MBaAFKaP+SKe/Y0StCc/NG+MZFTqWH7MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEt
MjI3ZTIxZTY5MWU3LzEvdE5GQXJOTDZadWxMZXpBMnVjZmZXR2VyanNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEtMjI3ZTIxZTY5MWU3
LzEvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBLhCgAwQC
LhCkAwQCW8WMAwQCuRuQMA0GCSqGSIb3DQEBCwUAA4IBAQASbM0ygJO5VzhL/RWC
UyROHCqkjqUCE8pHKxIAMaIlij17yqo7VrJ26xVLmR8bIlAUXOOPAO+F99zvRC7C
57ixXbuDPa/EeJ4MqKDfXEh8VYaOzkHC/50v+oh1fQ2ZYEmVefXEptA6/R7iT7b3
qLUCZV4UsHNy8+6j5+NYOP5KGlGXaFXWSTuNdXkLSJDHnQKLTKi+d8uLbaEIWk9q
zWMYH9fFxOtQlu7dWMa/G4eNTbLE5Y1qY/BCMbDJHABUhXz128P8VPnaCe8UFJgG
2x7AQR7zOWp2M5QTxyzJoHWgbW2WRWV0onrgb22iyBoKsrEbdCao9SwUELetAQym
/km3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:03 2024 by rpki-client on console-fra.rpki-client.org