Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vJHYdv7gVh82YMCMCJkpYRNJmDc.roa
File:                     vJHYdv7gVh82YMCMCJkpYRNJmDc.roa (raw, json)
Hash identifier:          8Ss9S7vzcVuOPoReGckpmPDWjGPB8tFPqR9NOQAx/4c=
Subject key identifier:   BC:91:D8:76:FE:E0:56:1F:36:60:C0:8C:08:99:29:61:13:49:98:37
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018CC56EFD80CAC79C9CDABCBB458CCDF9BB
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vJHYdv7gVh82YMCMCJkpYRNJmDc.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16589
IP address blocks:        213.159.10.0/23 maxlen: 24
                          213.159.12.0/23 maxlen: 24
                          195.133.208.0/23 maxlen: 24
                          194.135.26.0/23 maxlen: 24
                          89.37.216.0/23 maxlen: 24
                          85.204.148.0/22 maxlen: 24
                          93.113.184.0/21 maxlen: 21
                          62.112.12.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fd:80:ca:c7:9c:9c:da:bc:bb:45:8c:cd:f9:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc91d876fee0561f3660c08c0899296113499837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3d:2b:48:59:aa:3b:0b:df:51:64:72:d0:78:
                    40:6d:7b:9c:de:cb:84:1b:03:41:5b:1b:d5:c6:ab:
                    60:10:5b:4d:a6:89:20:22:f0:ce:ed:91:be:1d:e6:
                    5f:64:a4:ff:61:33:d7:15:ab:1f:7e:62:16:70:63:
                    bb:98:ca:63:1d:ab:49:df:b8:1e:c6:61:31:c4:92:
                    35:e9:58:75:bc:e4:74:6f:1a:ff:a4:00:92:d7:c4:
                    e6:fa:31:e4:e5:20:df:8f:c4:ed:4e:24:46:32:1e:
                    31:cb:2f:d7:df:f5:44:b4:7d:9c:36:5f:d1:67:8d:
                    3c:1d:fc:df:85:1e:88:57:fb:ba:fc:74:64:ed:99:
                    5a:77:8d:70:eb:a2:12:51:83:37:9b:a1:11:4b:0f:
                    cd:de:d6:9a:10:e5:94:6d:1e:6d:49:83:e3:ef:bb:
                    be:cf:54:b9:dc:dc:13:95:b3:20:42:9a:fc:33:25:
                    f1:b8:2d:58:14:a4:9d:89:af:fd:e5:c1:17:8d:fb:
                    76:8c:b4:50:34:43:b0:67:ea:dc:50:62:d5:ff:ff:
                    a9:26:32:c5:5b:df:75:3d:ee:71:5d:97:8d:83:81:
                    34:02:6b:d4:32:1a:2a:99:37:dd:c2:6c:74:49:ac:
                    98:05:7c:96:3d:43:51:ed:59:0d:47:52:d9:78:46:
                    54:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:91:D8:76:FE:E0:56:1F:36:60:C0:8C:08:99:29:61:13:49:98:37
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vJHYdv7gVh82YMCMCJkpYRNJmDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.12.0/23
                  85.204.148.0/22
                  89.37.216.0/23
                  93.113.184.0/21
                  194.135.26.0/23
                  195.133.208.0/23
                  213.159.10.0-213.159.13.255

    Signature Algorithm: sha256WithRSAEncryption
         91:51:86:76:9d:c3:22:21:50:d2:d0:0f:59:a7:d1:8f:1b:76:
         b3:52:b3:4c:c2:61:0c:5d:20:96:1c:48:24:7f:48:80:1c:fe:
         87:07:47:76:a1:01:0a:2e:91:34:f9:f8:b5:2f:56:38:25:b9:
         55:6c:bb:f1:88:a6:bd:1b:fd:4a:10:9f:96:99:d1:fa:a8:4b:
         d8:36:1c:1f:58:76:52:e2:b5:fd:aa:4b:cd:df:16:e3:2d:e0:
         f7:58:f5:ac:37:9f:e3:3b:6a:bb:ef:8f:76:4a:7b:a1:cf:b0:
         24:fc:d4:9c:c1:71:d6:d0:cc:34:93:92:10:10:b4:e6:48:0c:
         d6:43:98:c3:af:9b:84:fb:a1:de:1c:b4:a6:1f:1b:e4:51:0b:
         9f:5d:61:b2:9a:bf:f8:1f:57:23:02:f7:c1:33:af:a6:bb:6f:
         1d:c7:96:01:9d:44:93:77:3e:ea:92:00:8d:c2:52:20:ca:b5:
         b8:db:39:d9:1f:2b:e4:ce:f6:49:67:76:9d:9c:e8:81:6b:fc:
         7c:0a:2b:a9:2c:85:76:08:9b:5e:2a:22:91:ba:cf:87:ae:cf:
         8d:79:6c:30:fc:ae:96:6b:ae:2d:2e:61:ed:36:38:4d:45:bb:
         bf:2a:9d:66:63:c0:3f:a3:9d:98:d8:3a:f5:69:0f:3c:2f:22:
         7b:7c:93:7d
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzFbv2AysecnNq8u0WMzfm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzkxZDg3NmZlZTA1NjFmMzY2MGMwOGMwODk5Mjk2MTEzNDk5ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlD0rSFmqOwvfUWRy0HhAbXuc3suE
GwNBWxvVxqtgEFtNpokgIvDO7ZG+HeZfZKT/YTPXFasffmIWcGO7mMpjHatJ37ge
xmExxJI16Vh1vOR0bxr/pACS18Tm+jHk5SDfj8TtTiRGMh4xyy/X3/VEtH2cNl/R
Z408HfzfhR6IV/u6/HRk7Zlad41w66ISUYM3m6ERSw/N3taaEOWUbR5tSYPj77u+
z1S53NwTlbMgQpr8MyXxuC1YFKSdia/95cEXjft2jLRQNEOwZ+rcUGLV//+pJjLF
W991Pe5xXZeNg4E0AmvUMhoqmTfdwmx0SayYBXyWPUNR7VkNR1LZeEZUIwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLyR2Hb+4FYfNmDAjAiZKWETSZg3MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvdkpIWWR2N2dWaDgyWU1DTUNKa3BZUk5KbURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBPnAMAwQC
VcyUAwQBWSXYAwQDXXG4AwQBwocaAwQBw4XQMAwDBAHVnwoDBAHVnwwwDQYJKoZI
hvcNAQELBQADggEBAJFRhnadwyIhUNLQD1mn0Y8bdrNSs0zCYQxdIJYcSCR/SIAc
/ocHR3ahAQoukTT5+LUvVjgluVVsu/GIpr0b/UoQn5aZ0fqoS9g2HB9YdlLitf2q
S83fFuMt4PdY9aw3n+M7arvvj3ZKe6HPsCT81JzBcdbQzDSTkhAQtOZIDNZDmMOv
m4T7od4ctKYfG+RRC59dYbKav/gfVyMC98Ezr6a7bx3HlgGdRJN3PuqSAI3CUiDK
tbjbOdkfK+TO9klndp2c6IFr/HwKK6kshXYIm14qIpG6z4euz415bDD8rpZrri0u
Ye02OE1Fu78qnWZjwD+jnZjYOvVpDzwvInt8k30=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org