Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/c566c7-3cac-45a9-82a1-04b09057522f/1/PW1hDm4gpwMg0XkP9-g9AuoxOzs.roa
File:                     PW1hDm4gpwMg0XkP9-g9AuoxOzs.roa (raw, json)
Hash identifier:          Q6Zf+8GPMYGtwfYjXS+nKqXdpzGaE5l93qC5XVSE2KY=
Subject key identifier:   3D:6D:61:0E:6E:20:A7:03:20:D1:79:0F:F7:E8:3D:02:EA:31:3B:3B
Certificate issuer:       /CN=a0af3d8551fbdd3b62f4ffdfd59cad4161e4471e
Certificate serial:       522B
Authority key identifier: A0:AF:3D:85:51:FB:DD:3B:62:F4:FF:DF:D5:9C:AD:41:61:E4:47:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oK89hVH73Tti9P_f1ZytQWHkRx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/c566c7-3cac-45a9-82a1-04b09057522f/1/PW1hDm4gpwMg0XkP9-g9AuoxOzs.roa
Signing time:             Fri 04 Mar 2022 15:56:56 +0000
ROA not before:           Fri 04 Mar 2022 15:56:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        2a12:92c0::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21035 (0x522b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0af3d8551fbdd3b62f4ffdfd59cad4161e4471e
        Validity
            Not Before: Mar  4 15:56:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3d6d610e6e20a70320d1790ff7e83d02ea313b3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:57:fa:7b:41:61:62:9c:b0:63:8e:2f:7a:c7:
                    c8:4e:ba:f1:24:0a:25:72:4b:94:1c:b3:c5:d7:f3:
                    72:13:f2:31:ff:d1:04:04:a4:8c:7d:3f:2d:c6:18:
                    46:f5:29:52:f5:cd:bd:32:dc:ae:6e:63:de:77:79:
                    b5:d6:da:ef:b1:66:05:c8:0e:f0:16:17:13:4f:6c:
                    6a:77:59:36:c3:ab:ed:b7:78:64:df:57:a5:15:6e:
                    02:03:8b:e3:0e:03:29:b6:f8:f5:06:ce:20:95:cf:
                    a4:53:65:84:2a:80:fb:a7:13:6a:bf:2e:95:73:70:
                    a0:7b:62:3c:5d:fb:d3:59:19:c1:0a:24:1e:7f:76:
                    28:09:13:26:46:32:e7:58:3c:c0:c5:d2:06:74:ec:
                    34:9c:20:66:c4:94:88:ed:87:74:6c:20:f0:78:f0:
                    28:a6:3d:08:9a:ae:c7:a3:92:fc:d6:70:1f:b8:7f:
                    96:1a:de:ee:38:77:b9:35:20:04:3e:83:a9:49:8b:
                    8a:8f:bd:e8:e0:45:80:ab:ee:a3:de:52:72:ef:b3:
                    28:1c:c1:20:16:11:59:c1:4e:41:2a:fc:b6:e3:e4:
                    29:dc:bb:45:d6:dc:22:35:38:2b:87:d1:e2:f6:fb:
                    f4:f3:df:a9:15:6f:21:8f:cf:5f:a4:f6:fc:d2:04:
                    c8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:6D:61:0E:6E:20:A7:03:20:D1:79:0F:F7:E8:3D:02:EA:31:3B:3B
            X509v3 Authority Key Identifier:
                keyid:A0:AF:3D:85:51:FB:DD:3B:62:F4:FF:DF:D5:9C:AD:41:61:E4:47:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oK89hVH73Tti9P_f1ZytQWHkRx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c566c7-3cac-45a9-82a1-04b09057522f/1/PW1hDm4gpwMg0XkP9-g9AuoxOzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c566c7-3cac-45a9-82a1-04b09057522f/1/oK89hVH73Tti9P_f1ZytQWHkRx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:92c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:49:34:f1:77:2b:ba:6a:bc:ec:5e:78:bc:01:ee:b8:e1:06:
         aa:6b:9d:04:b5:2a:fb:cf:27:e3:59:da:26:1f:61:0b:03:86:
         74:a6:23:b5:1b:71:ea:8d:a0:cd:67:ba:98:33:7b:b0:57:5c:
         65:43:94:96:69:f5:80:21:26:a2:af:99:bf:5d:05:a3:27:24:
         1b:2b:3e:a8:b8:bb:9a:aa:c9:1d:93:e9:f9:2b:b5:14:75:a7:
         14:f1:8e:5c:b2:01:53:d4:d0:a1:22:15:47:a9:cd:4f:a8:d1:
         77:47:3b:1b:bc:9c:c7:95:ab:ca:ef:cd:a6:d0:4e:b8:76:01:
         53:13:68:a2:9e:51:57:e2:e1:f2:0a:87:17:3a:04:23:f1:7e:
         21:2f:1c:fd:58:82:84:30:f2:d8:bb:3c:90:76:a7:2d:4f:a9:
         19:bd:cb:fb:b8:b0:6a:f4:17:92:1f:88:f6:ac:d6:a1:fc:4f:
         c4:89:20:2e:d3:85:f2:7c:e2:1a:62:b3:05:62:d1:a4:04:63:
         a0:1f:26:1f:7b:76:42:e3:9f:5d:66:67:68:ee:83:e2:02:c0:
         ba:0c:11:35:5a:fa:cc:90:a0:74:fd:35:de:90:a5:ff:e0:9b:
         27:1d:09:29:67:82:2a:4d:8d:12:2d:35:c8:29:31:83:64:2a:
         76:67:8b:19
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgICUiswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoYTBh
ZjNkODU1MWZiZGQzYjYyZjRmZmRmZDU5Y2FkNDE2MWU0NDcxZTAeFw0yMjAzMDQx
NTU2NTZaFw0yMzA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKDNkNmQ2MTBlNmUyMGE3
MDMyMGQxNzkwZmY3ZTgzZDAyZWEzMTNiM2IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLV/p7QWFinLBjji96x8hOuvEkCiVyS5Qcs8XX83IT8jH/0QQE
pIx9Py3GGEb1KVL1zb0y3K5uY953ebXW2u+xZgXIDvAWFxNPbGp3WTbDq+23eGTf
V6UVbgIDi+MOAym2+PUGziCVz6RTZYQqgPunE2q/LpVzcKB7Yjxd+9NZGcEKJB5/
digJEyZGMudYPMDF0gZ07DScIGbElIjth3RsIPB48CimPQiarsejkvzWcB+4f5Ya
3u44d7k1IAQ+g6lJi4qPvejgRYCr7qPeUnLvsygcwSAWEVnBTkEq/Lbj5Cncu0XW
3CI1OCuH0eL2+/Tz36kVbyGPz1+k9vzSBMihAgMBAAGjggIKMIICBjAdBgNVHQ4E
FgQUPW1hDm4gpwMg0XkP9+g9AuoxOzswHwYDVR0jBBgwFoAUoK89hVH73Tti9P/f
1ZytQWHkRx4wDgYDVR0PAQH/BAQDAgeAMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEF
BQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9v
Szg5aFZINzNUdGk5UF9mMVp5dFFXSGtSeDQuY2VyMIGNBggrBgEFBQcBCwSBgDB+
MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2Y0L2M1NjZjNy0zY2FjLTQ1YTktODJhMS0wNGIwOTA1NzUyMmYvMS9Q
VzFoRG00Z3B3TWcwWGtQOS1nOUF1b3hPenMucm9hMIGBBgNVHR8EejB4MHagdKBy
hnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y0L2M1
NjZjNy0zY2FjLTQ1YTktODJhMS0wNGIwOTA1NzUyMmYvMS9vSzg5aFZINzNUdGk5
UF9mMVp5dFFXSGtSeDQuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYI
KwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqEpLAMA0GCSqGSIb3DQEBCwUAA4IB
AQArSTTxdyu6arzsXni8Ae644Qaqa50EtSr7zyfjWdomH2ELA4Z0piO1G3HqjaDN
Z7qYM3uwV1xlQ5SWafWAISair5m/XQWjJyQbKz6ouLuaqskdk+n5K7UUdacU8Y5c
sgFT1NChIhVHqc1PqNF3RzsbvJzHlavK782m0E64dgFTE2iinlFX4uHyCocXOgQj
8X4hLxz9WIKEMPLYuzyQdqctT6kZvcv7uLBq9BeSH4j2rNah/E/EiSAu04XyfOIa
YrMFYtGkBGOgHyYfe3ZC459dZmdo7oPiAsC6DBE1WvrMkKB0/TXekKX/4JsnHQkp
Z4IqTY0SLTXIKTGDZCp2Z4sZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:40 2024 by rpki-client on console-ams.rpki-client.org