Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/lkJwBVxARLzzCOMvs6jJCtV_WzE.roa
File:                     lkJwBVxARLzzCOMvs6jJCtV_WzE.roa (raw, json)
Hash identifier:          SbS7xomtr1I/3U1sXxHVp28WW2lzZelwPtde8DXqpHw=
Subject key identifier:   96:42:70:05:5C:40:44:BC:F3:08:E3:2F:B3:A8:C9:0A:D5:7F:5B:31
Certificate issuer:       /CN=ca707e086640056bc271d5d2b3e24d01440baa04
Certificate serial:       018FEECA9F9362838002796237D4BBCA18F0
Authority key identifier: CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/lkJwBVxARLzzCOMvs6jJCtV_WzE.roa
Signing time:             Thu 06 Jun 2024 18:23:27 +0000
ROA not before:           Thu 06 Jun 2024 18:23:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215427
IP address blocks:        2a14:41c0::/29 maxlen: 29
                          2a14:42c0::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ee:ca:9f:93:62:83:80:02:79:62:37:d4:bb:ca:18:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca707e086640056bc271d5d2b3e24d01440baa04
        Validity
            Not Before: Jun  6 18:23:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=964270055c4044bcf308e32fb3a8c90ad57f5b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:96:38:ff:40:9e:f1:e3:dc:10:85:58:bc:ca:
                    31:a2:52:c9:7a:9b:4b:9c:ea:4b:c7:af:a7:6b:de:
                    89:6c:7c:77:da:53:0c:9f:28:25:f5:97:f1:05:36:
                    68:0d:07:0c:fc:c2:63:63:13:5b:ac:0d:df:a4:63:
                    8b:2e:d5:65:f4:54:e5:c4:7a:31:49:4f:76:20:aa:
                    9a:26:f9:cb:1a:c6:16:92:00:6e:0b:bb:99:2c:03:
                    12:0e:9e:48:dd:10:5e:74:ca:f4:88:90:d7:3a:68:
                    a9:8e:b6:8e:0b:3a:57:6c:46:ee:66:4e:fc:35:49:
                    aa:82:12:dc:39:91:3a:dd:af:4d:3b:d4:94:7a:6b:
                    bf:74:48:bf:42:55:78:91:7c:a7:69:99:f5:1e:cc:
                    84:e8:ee:dc:dc:49:21:4a:fb:58:82:28:e6:77:a4:
                    b4:73:f5:94:81:09:3c:c1:62:07:7d:f1:0a:19:3e:
                    ab:c9:e6:91:83:15:7c:1c:f4:15:16:74:10:b5:26:
                    08:a9:db:4a:d1:66:cc:7b:e6:14:40:e3:13:6e:78:
                    4c:c3:40:3b:f0:b8:23:67:2a:dc:8e:99:d6:e9:30:
                    a6:cb:e6:9a:cc:52:ee:90:29:10:9e:d5:77:06:4d:
                    38:fd:7d:88:f2:cb:56:8e:90:37:8e:9b:32:83:0d:
                    78:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:42:70:05:5C:40:44:BC:F3:08:E3:2F:B3:A8:C9:0A:D5:7F:5B:31
            X509v3 Authority Key Identifier:
                keyid:CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/lkJwBVxARLzzCOMvs6jJCtV_WzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:41c0::/29
                  2a14:42c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:11:cf:23:63:54:99:54:d2:34:11:24:91:a5:ff:a2:47:83:
         81:8f:5e:28:32:43:b1:3d:10:a3:37:c5:e3:b3:90:94:ab:93:
         ec:a1:9e:74:17:59:42:ef:d7:32:cb:02:1c:23:a1:25:73:8f:
         97:ae:05:41:a3:20:d8:89:2e:26:15:1b:ef:72:42:29:0a:01:
         0d:13:ed:32:c3:2f:29:ea:fb:5b:12:9d:2e:de:74:ee:2a:16:
         95:45:d3:de:f5:c7:ea:33:2b:64:1f:33:c5:29:05:e6:85:f9:
         76:22:0a:65:8b:22:cd:42:5d:a6:55:b2:33:8a:fa:37:79:1c:
         92:e9:a4:a9:76:98:ab:3a:a9:05:f6:a3:53:0d:cc:3e:a5:fa:
         fb:2f:7c:39:24:58:b3:54:4e:3d:dd:65:59:2f:10:db:8f:b6:
         f0:b9:6f:4d:69:a7:85:30:71:87:af:cf:03:d8:fd:49:ff:0c:
         c3:b2:a6:cf:bd:1a:e2:5a:a1:5b:17:4a:07:35:23:6c:12:c9:
         58:58:cf:79:bf:ae:c0:57:a2:81:c9:e7:91:a7:76:24:36:77:
         69:3f:8e:d6:f3:b4:7f:71:be:ab:3c:a3:11:32:79:78:d7:a2:
         71:48:39:3f:6a:f2:09:c2:53:d1:67:26:e9:f2:a3:c3:d7:87:
         f9:1d:48:16
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY/uyp+TYoOAAnliN9S7yhjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNzA3ZTA4NjY0MDA1NmJjMjcxZDVkMmIzZTI0ZDAxNDQw
YmFhMDQwHhcNMjQwNjA2MTgyMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjQyNzAwNTVjNDA0NGJjZjMwOGUzMmZiM2E4YzkwYWQ1N2Y1YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5Y4/0Ce8ePcEIVYvMoxolLJeptL
nOpLx6+na96JbHx32lMMnygl9ZfxBTZoDQcM/MJjYxNbrA3fpGOLLtVl9FTlxHox
SU92IKqaJvnLGsYWkgBuC7uZLAMSDp5I3RBedMr0iJDXOmipjraOCzpXbEbuZk78
NUmqghLcOZE63a9NO9SUemu/dEi/QlV4kXynaZn1HsyE6O7c3EkhSvtYgijmd6S0
c/WUgQk8wWIHffEKGT6ryeaRgxV8HPQVFnQQtSYIqdtK0WbMe+YUQOMTbnhMw0A7
8LgjZyrcjpnW6TCmy+aazFLukCkQntV3Bk04/X2I8stWjpA3jpsygw14HQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJZCcAVcQES88wjjL7OoyQrVf1sxMB8GA1UdIwQY
MBaAFMpwfghmQAVrwnHV0rPiTQFEC6oEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW5CLUNHWkFCV3ZDY2RYU3MtSk5BVVFMcWdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zNzZjY2QtZGVmYS00MDI4LWFmMWMt
Yjk5Y2UzMGQ4MzlmLzEvbGtKd0JWeEFSTHp6Q09NdnM2akpDdFZfV3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zNzZjY2QtZGVmYS00MDI4LWFmMWMtYjk5Y2UzMGQ4Mzlm
LzEveW5CLUNHWkFCV3ZDY2RYU3MtSk5BVVFMcWdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhRBwAMF
AyoUQsAwDQYJKoZIhvcNAQELBQADggEBAEIRzyNjVJlU0jQRJJGl/6JHg4GPXigy
Q7E9EKM3xeOzkJSrk+yhnnQXWULv1zLLAhwjoSVzj5euBUGjINiJLiYVG+9yQikK
AQ0T7TLDLynq+1sSnS7edO4qFpVF0971x+ozK2QfM8UpBeaF+XYiCmWLIs1CXaZV
sjOK+jd5HJLppKl2mKs6qQX2o1MNzD6l+vsvfDkkWLNUTj3dZVkvENuPtvC5b01p
p4UwcYevzwPY/Un/DMOyps+9GuJaoVsXSgc1I2wSyVhYz3m/rsBXooHJ55GndiQ2
d2k/jtbztH9xvqs8oxEyeXjXonFIOT9q8gnCU9FnJunyo8PXh/kdSBY=
-----END CERTIFICATE-----
Generated at Mon Jul 1 18:05:18 2024 by rpki-client on console-ams.rpki-client.org