Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/O0ZqFeQQQyxvVmlFiO4-vFbt8V8.roa
File:                     O0ZqFeQQQyxvVmlFiO4-vFbt8V8.roa (raw, json)
Hash identifier:          7VJXEXf3bICb/i5pKTynqLmT53b5HkfQA4RFqyvi1fU=
Subject key identifier:   3B:46:6A:15:E4:10:43:2C:6F:56:69:45:88:EE:3E:BC:56:ED:F1:5F
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018CC56EFCCB6BF63117C0D7DA4DCB766EA2
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/O0ZqFeQQQyxvVmlFiO4-vFbt8V8.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        195.133.202.0/23 maxlen: 24
                          194.88.96.0/21 maxlen: 24
                          89.37.216.0/23 maxlen: 24
                          84.234.16.0/20 maxlen: 24
                          194.88.112.0/20 maxlen: 24
                          93.113.184.0/21 maxlen: 24
                          62.112.12.0/23 maxlen: 24
                          194.58.64.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fc:cb:6b:f6:31:17:c0:d7:da:4d:cb:76:6e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b466a15e410432c6f56694588ee3ebc56edf15f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b3:dd:76:c5:fc:0f:64:4d:6f:b8:1d:11:9a:
                    73:5d:af:3f:5b:d5:0f:85:0e:cf:db:14:ed:fc:ac:
                    6b:c5:0e:59:54:ac:db:bd:12:e1:6b:33:97:54:c8:
                    9c:4a:66:de:ef:91:19:ad:d0:f5:07:ce:6d:e4:12:
                    d4:da:ff:f6:2b:db:15:7e:0a:0b:e8:45:d3:d8:87:
                    83:76:10:c0:d8:5b:3a:7a:97:49:b9:0d:24:2a:f3:
                    2b:31:3e:0c:70:a1:31:dc:9b:50:eb:d9:84:c3:7b:
                    a3:a6:34:d3:24:16:f8:c1:2d:cb:c5:5f:73:9a:2c:
                    9f:93:4d:12:23:3b:54:69:4c:cc:19:df:f5:1a:e3:
                    25:a8:61:12:f5:9c:dd:ec:60:74:b7:87:42:0e:71:
                    93:b0:6e:f0:74:90:55:af:74:c7:47:a7:dc:47:26:
                    f5:e6:54:6a:4b:06:0f:12:12:9b:2c:8d:25:08:d2:
                    29:6c:7d:0d:7b:6c:58:eb:2d:12:0d:8d:79:ef:03:
                    42:5d:0b:07:5c:f0:bc:f5:01:33:69:86:d9:71:e1:
                    90:26:b2:3d:c4:7f:f2:1f:00:d8:41:7b:5c:16:45:
                    ed:e2:31:55:6f:98:e3:6b:63:96:ca:82:43:03:91:
                    28:49:e5:3c:f6:84:29:82:7b:21:53:6c:57:7c:db:
                    8d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:46:6A:15:E4:10:43:2C:6F:56:69:45:88:EE:3E:BC:56:ED:F1:5F
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/O0ZqFeQQQyxvVmlFiO4-vFbt8V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.12.0/23
                  84.234.16.0/20
                  89.37.216.0/23
                  93.113.184.0/21
                  194.58.64.0/23
                  194.88.96.0/21
                  194.88.112.0/20
                  195.133.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:25:b8:ee:92:e4:cc:1f:47:03:25:bd:ad:61:81:54:9e:07:
         ec:a7:c8:c7:70:0d:bc:5c:2f:70:29:db:f2:4f:4d:fb:f7:14:
         4a:fd:bd:06:be:6a:57:61:2d:9e:c3:74:e5:d6:b9:78:21:06:
         d7:6b:c6:72:bb:a5:d7:af:00:07:c0:fa:b8:67:40:09:dc:1f:
         22:a7:f9:34:77:74:33:0b:b4:3a:bb:aa:45:5e:74:f0:ee:26:
         38:6e:ff:d3:01:65:ee:88:41:2d:18:53:91:9e:a0:1e:17:48:
         52:f7:a7:d4:89:7b:9d:c5:a9:09:71:d0:36:b3:6d:56:1c:2f:
         fd:9f:32:35:e9:af:ae:8d:f0:c9:04:0d:ac:15:96:fc:80:b0:
         2d:23:d2:b9:95:72:a4:64:22:c9:a9:c6:83:8f:d7:32:f1:7f:
         25:a5:63:5c:d0:57:f7:75:11:33:37:d1:96:ca:e5:29:1f:af:
         7d:5f:b1:bf:99:a3:6f:36:45:96:9d:f6:21:b5:3d:e0:54:1a:
         05:ef:01:97:49:73:e4:83:58:ab:79:e0:a2:f5:da:06:bc:d2:
         f7:43:71:3b:6b:f4:60:b8:dc:74:4b:a8:98:66:09:0a:73:a7:
         68:e5:5f:6d:3b:cc:66:75:59:36:18:fa:37:c2:02:6a:6f:18:
         4c:36:55:e3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzFbvzLa/YxF8DX2k3Ldm6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQ2NmExNWU0MTA0MzJjNmY1NjY5NDU4OGVlM2ViYzU2ZWRmMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLPddsX8D2RNb7gdEZpzXa8/W9UP
hQ7P2xTt/KxrxQ5ZVKzbvRLhazOXVMicSmbe75EZrdD1B85t5BLU2v/2K9sVfgoL
6EXT2IeDdhDA2Fs6epdJuQ0kKvMrMT4McKEx3JtQ69mEw3ujpjTTJBb4wS3LxV9z
miyfk00SIztUaUzMGd/1GuMlqGES9Zzd7GB0t4dCDnGTsG7wdJBVr3THR6fcRyb1
5lRqSwYPEhKbLI0lCNIpbH0Ne2xY6y0SDY157wNCXQsHXPC89QEzaYbZceGQJrI9
xH/yHwDYQXtcFkXt4jFVb5jja2OWyoJDA5EoSeU89oQpgnshU2xXfNuNGwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDtGahXkEEMsb1ZpRYjuPrxW7fFfMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvTzBacUZlUVFReXh2Vm1sRmlPNC12RmJ0OFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBPnAMAwQE
VOoQAwQBWSXYAwQDXXG4AwQBwjpAAwQDwlhgAwQEwlhwAwQBw4XKMA0GCSqGSIb3
DQEBCwUAA4IBAQBdJbjukuTMH0cDJb2tYYFUngfsp8jHcA28XC9wKdvyT0379xRK
/b0GvmpXYS2ew3Tl1rl4IQbXa8Zyu6XXrwAHwPq4Z0AJ3B8ip/k0d3QzC7Q6u6pF
XnTw7iY4bv/TAWXuiEEtGFORnqAeF0hS96fUiXudxakJcdA2s21WHC/9nzI16a+u
jfDJBA2sFZb8gLAtI9K5lXKkZCLJqcaDj9cy8X8lpWNc0Ff3dREzN9GWyuUpH699
X7G/maNvNkWWnfYhtT3gVBoF7wGXSXPkg1ireeCi9doGvNL3Q3E7a/RguNx0S6iY
ZgkKc6do5V9tO8xmdVk2GPo3wgJqbxhMNlXj
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org