Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2Xa_H9YYba7lNLs2QVHS-ypJrFk.roa
File:                     2Xa_H9YYba7lNLs2QVHS-ypJrFk.roa (raw, json)
Hash identifier:          NQJEjDrzv4Mg6Zg65azWFkqMvrHaQadaaPKKaKDRRIc=
Subject key identifier:   D9:76:BF:1F:D6:18:6D:AE:E5:34:BB:36:41:51:D2:FB:2A:49:AC:59
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018BCB0D70CBE8C86A469F8D6FBA792B04DA
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2Xa_H9YYba7lNLs2QVHS-ypJrFk.roa
Signing time:             Mon 13 Nov 2023 23:38:57 +0000
ROA not before:           Mon 13 Nov 2023 23:38:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6079
IP address blocks:        94.190.248.0/22 maxlen: 24
                          185.172.20.0/22 maxlen: 24
                          185.64.100.0/22 maxlen: 24
                          185.77.250.0/23 maxlen: 24
                          188.240.40.0/23 maxlen: 24
                          188.211.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:cb:0d:70:cb:e8:c8:6a:46:9f:8d:6f:ba:79:2b:04:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Nov 13 23:38:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d976bf1fd6186daee534bb364151d2fb2a49ac59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1e:40:93:98:48:d4:d4:aa:e8:a4:9b:a8:9e:
                    19:a3:45:be:92:6f:f4:7e:03:75:53:a3:fe:4c:95:
                    8e:f0:d8:2b:23:73:9a:48:84:6f:47:29:31:f5:0f:
                    3f:9b:c3:dc:8f:a7:cd:34:42:b8:cd:0a:46:80:be:
                    75:85:a2:e1:5e:1a:e8:99:62:95:37:18:15:85:f6:
                    37:d0:df:c6:40:a4:25:b5:a9:63:3b:14:1d:50:92:
                    e6:04:65:53:98:4c:db:a4:74:0b:6d:90:f7:42:10:
                    d2:e3:41:14:45:30:57:a3:df:b0:b4:cd:c6:5a:4a:
                    ac:d7:85:07:0e:f8:2c:61:4e:ef:9b:ce:54:72:ac:
                    84:63:98:b0:ce:45:5f:a5:db:e3:f8:10:e4:20:af:
                    26:0c:f7:0f:1b:3a:6a:52:b1:b9:77:42:e7:ac:87:
                    3c:c8:6c:8b:35:cd:ef:57:68:1e:bc:d9:7f:66:80:
                    73:15:9c:49:b6:a4:d7:7a:fe:01:ac:4c:dd:97:9d:
                    95:28:fa:ca:1f:70:9c:f1:c5:93:b4:2f:f4:9d:1e:
                    56:d8:e5:cf:e6:41:58:df:90:3e:5f:8b:03:12:73:
                    c5:1e:3a:65:d0:47:a3:54:06:dd:dd:a4:ec:a9:91:
                    d2:45:ea:f2:ed:e8:cd:8b:a6:dd:18:54:4f:15:26:
                    e4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:76:BF:1F:D6:18:6D:AE:E5:34:BB:36:41:51:D2:FB:2A:49:AC:59
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2Xa_H9YYba7lNLs2QVHS-ypJrFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.190.248.0/22
                  185.64.100.0/22
                  185.77.250.0/23
                  185.172.20.0/22
                  188.211.252.0/24
                  188.240.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:39:fc:0f:60:5b:61:2b:8f:74:6c:68:b1:5c:66:54:44:8e:
         f1:18:08:a4:b5:01:91:d4:fd:cc:c8:86:13:1f:4d:94:28:f8:
         27:e1:96:56:f8:83:f9:be:5b:7d:65:8a:f4:df:2c:49:6c:ca:
         d6:d7:03:53:a5:21:aa:b7:7f:f9:14:53:e8:d3:fc:a7:f6:6f:
         db:8d:c4:5c:6b:14:7f:92:22:87:a5:b0:71:d4:d1:e1:fe:8e:
         32:ed:5a:e8:15:e1:9f:cf:30:b8:a7:9e:3b:ad:fc:5b:49:1c:
         ce:89:77:e5:cd:5a:ca:80:a5:c7:28:1d:6e:ec:a7:7f:22:6a:
         ea:8a:c6:8d:e0:c6:23:3d:b7:7e:0d:91:ac:a7:49:4d:ff:96:
         0a:99:e3:86:36:b6:e9:23:4f:6e:27:9e:69:d5:1c:57:06:50:
         2f:74:0e:84:c6:63:32:c5:c4:d9:24:d6:6c:ed:d9:4a:99:71:
         fc:91:e6:37:81:9e:c8:f0:48:fb:7e:2c:ce:91:0a:7f:50:23:
         e2:b7:19:9c:51:cc:aa:b4:9f:67:45:24:ac:2f:5d:bb:41:93:
         2b:56:1e:39:fd:21:cc:f7:b8:45:e9:c3:2e:9e:2c:e7:68:a3:
         9f:3d:00:21:90:19:18:bf:ff:ca:52:1e:ae:22:7f:43:19:d6:
         e7:50:5a:30
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYvLDXDL6MhqRp+Nb7p5KwTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMTEzMjMzODU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTc2YmYxZmQ2MTg2ZGFlZTUzNGJiMzY0MTUxZDJmYjJhNDlhYzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmh5Ak5hI1NSq6KSbqJ4Zo0W+km/0
fgN1U6P+TJWO8NgrI3OaSIRvRykx9Q8/m8Pcj6fNNEK4zQpGgL51haLhXhromWKV
NxgVhfY30N/GQKQltaljOxQdUJLmBGVTmEzbpHQLbZD3QhDS40EURTBXo9+wtM3G
Wkqs14UHDvgsYU7vm85UcqyEY5iwzkVfpdvj+BDkIK8mDPcPGzpqUrG5d0LnrIc8
yGyLNc3vV2gevNl/ZoBzFZxJtqTXev4BrEzdl52VKPrKH3Cc8cWTtC/0nR5W2OXP
5kFY35A+X4sDEnPFHjpl0EejVAbd3aTsqZHSRery7ejNi6bdGFRPFSbkmQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNl2vx/WGG2u5TS7NkFR0vsqSaxZMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvMlhhX0g5WVliYTdsTkxzMlFWSFMteXBKckZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCXr74AwQC
uUBkAwQBuU36AwQCuawUAwQAvNP8AwQBvPAoMA0GCSqGSIb3DQEBCwUAA4IBAQCJ
OfwPYFthK490bGixXGZURI7xGAiktQGR1P3MyIYTH02UKPgn4ZZW+IP5vlt9ZYr0
3yxJbMrW1wNTpSGqt3/5FFPo0/yn9m/bjcRcaxR/kiKHpbBx1NHh/o4y7VroFeGf
zzC4p547rfxbSRzOiXflzVrKgKXHKB1u7Kd/ImrqisaN4MYjPbd+DZGsp0lN/5YK
meOGNrbpI09uJ55p1RxXBlAvdA6ExmMyxcTZJNZs7dlKmXH8keY3gZ7I8Ej7fizO
kQp/UCPitxmcUcyqtJ9nRSSsL127QZMrVh45/SHM97hF6cMuniznaKOfPQAhkBkY
v//KUh6uIn9DGdbnUFow
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org