Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Kazw4QdzFuYHDK5wRUQ-4hLqNbU.roa
File:                     Kazw4QdzFuYHDK5wRUQ-4hLqNbU.roa (raw, json)
Hash identifier:          vldRZGVTKTkigPyTWvQHDKmMTpR6xw4GAz2NkNMZPdw=
Subject key identifier:   29:AC:F0:E1:07:73:16:E6:07:0C:AE:70:45:44:3E:E2:12:EA:35:B5
Certificate issuer:       /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial:       018CC8DF629745BAE21DDE41F1A2E17F03ED
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Kazw4QdzFuYHDK5wRUQ-4hLqNbU.roa
Signing time:             Tue 02 Jan 2024 06:32:12 +0000
ROA not before:           Tue 02 Jan 2024 06:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202505
IP address blocks:        89.43.78.0/24 maxlen: 24
                          86.104.14.0/24 maxlen: 24
                          193.31.118.0/24 maxlen: 24
                          193.31.117.0/24 maxlen: 24
                          193.31.119.0/24 maxlen: 24
                          84.54.14.0/24 maxlen: 24
                          185.81.152.0/24 maxlen: 24
                          185.81.153.0/24 maxlen: 24
                          185.81.155.0/24 maxlen: 24
                          185.81.154.0/24 maxlen: 24
                          213.226.117.0/24 maxlen: 24
                          176.98.42.0/24 maxlen: 24
                          176.98.43.0/24 maxlen: 24
                          2a06:f7c5::/32 maxlen: 32
                          2a05:88c5::/32 maxlen: 32
                          2a10:7f46::/32 maxlen: 32
                          2a10:7f45::/32 maxlen: 32
                          2a10:3302::/32 maxlen: 32
                          2a06:f7c4::/32 maxlen: 32
                          2a05:88c4::/32 maxlen: 32
                          2a10:3301::/32 maxlen: 32
                          2a10:7f44::/32 maxlen: 32
                          2a10:7f47::/32 maxlen: 32
                          2a06:f7c7::/32 maxlen: 32
                          2a05:88c7::/32 maxlen: 32
                          2a10:3303::/32 maxlen: 32
                          2a10:3300::/32 maxlen: 32
                          2a11:d102::/32 maxlen: 32
                          2a11:d101::/32 maxlen: 32
                          2a10:3304::/32 maxlen: 32
                          2a10:3307::/32 maxlen: 32
                          2a10:7f40::/32 maxlen: 32
                          2a06:f7c3::/32 maxlen: 32
                          2a10:7fc5::/32 maxlen: 32
                          2a05:88c6::/32 maxlen: 32
                          2a10:7f43::/32 maxlen: 32
                          2a06:f7c0::/32 maxlen: 32
                          2a05:88c0::/32 maxlen: 32
                          2a05:88c3::/32 maxlen: 32
                          2a06:f7c6::/32 maxlen: 32
                          2a11:d105::/32 maxlen: 32
                          2a10:7fc2::/32 maxlen: 32
                          2a11:d104::/32 maxlen: 32
                          2a10:7fc1::/32 maxlen: 32
                          2a10:7fc4::/32 maxlen: 32
                          2a11:d107::/32 maxlen: 32
                          2a10:7fc0::/32 maxlen: 32
                          2a10:7fc3::/32 maxlen: 32
                          2a10:3306::/32 maxlen: 32
                          2a05:88c1::/32 maxlen: 32
                          2a06:f7c1::/32 maxlen: 32
                          2a10:7f42::/32 maxlen: 32
                          2a10:3305::/32 maxlen: 32
                          2a10:7fc6::/32 maxlen: 32
                          2a10:7f41::/32 maxlen: 32
                          2a06:f7c2::/32 maxlen: 32
                          2a10:7fc7::/32 maxlen: 32
                          2a05:88c2::/32 maxlen: 32
                          2a11:d106::/32 maxlen: 32
                          2a11:d100::/32 maxlen: 32
                          2a11:d103::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:62:97:45:ba:e2:1d:de:41:f1:a2:e1:7f:03:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
        Validity
            Not Before: Jan  2 06:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29acf0e1077316e6070cae7045443ee212ea35b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:01:17:cc:f8:fc:48:1f:25:e9:af:b0:32:5d:
                    bf:4c:95:8d:99:85:bc:31:8a:29:dc:96:09:76:23:
                    29:e8:5e:8e:ed:81:b7:c1:53:e2:1b:d2:27:d5:bc:
                    37:a4:06:38:9e:38:0c:41:bf:bc:76:cd:b5:af:2d:
                    d7:e7:5c:14:ca:4a:77:58:38:a1:2d:26:74:6d:28:
                    0e:b4:2d:a4:61:d0:7b:7f:3b:e9:4c:7b:e3:d6:b2:
                    c9:6b:4c:91:1c:0e:bf:00:57:0a:75:b5:58:cb:a9:
                    81:2d:fe:ec:de:6e:d9:bf:7f:c7:9c:3f:bc:96:38:
                    81:d8:59:8c:5e:78:82:24:8a:c6:d3:90:7b:ae:a3:
                    f9:a6:a2:d6:9c:26:95:68:59:83:8b:86:0c:14:b8:
                    92:65:18:cc:d5:9b:85:a2:7d:bc:03:1c:97:e1:cf:
                    b8:e5:4a:12:a3:35:4a:50:59:45:85:d4:5b:24:23:
                    26:9b:e6:2d:c1:3c:9e:b7:bc:92:8e:ed:d6:53:80:
                    b0:1f:cc:6e:94:b7:26:32:ec:e0:2c:c1:2f:5b:65:
                    a9:07:16:b2:bc:b8:2f:09:1d:90:a2:41:de:29:6b:
                    9c:4f:bc:a1:18:d0:12:0e:e5:a5:2e:0c:6b:f2:7c:
                    13:65:d5:56:21:2d:76:22:87:d3:4b:76:96:ab:53:
                    6a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AC:F0:E1:07:73:16:E6:07:0C:AE:70:45:44:3E:E2:12:EA:35:B5
            X509v3 Authority Key Identifier:
                keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Kazw4QdzFuYHDK5wRUQ-4hLqNbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.14.0/24
                  86.104.14.0/24
                  89.43.78.0/24
                  176.98.42.0/23
                  185.81.152.0/22
                  193.31.117.0-193.31.119.255
                  213.226.117.0/24
                IPv6:
                  2a05:88c0::/29
                  2a06:f7c0::/29
                  2a10:3300::/29
                  2a10:7f40::/29
                  2a10:7fc0::/29
                  2a11:d100::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:a3:db:89:f3:2d:1e:68:66:91:65:56:24:ef:90:82:3b:dc:
         78:21:69:6d:5e:94:78:ef:de:c1:31:4f:a8:dc:e3:49:ed:63:
         b0:65:40:96:51:f5:c8:ea:64:63:2a:11:d6:32:33:d4:f3:78:
         74:a6:35:cb:29:eb:09:17:79:d0:08:fd:cb:f9:c9:61:04:1f:
         a4:63:56:1f:fb:67:ea:2d:38:f8:71:9f:4a:8d:5c:a3:31:62:
         51:8e:ea:04:de:30:74:c1:5b:6d:7d:d4:31:d6:3b:c5:d4:1e:
         95:60:a6:17:5a:6f:30:b3:fe:49:7c:d7:7c:cf:35:9a:f2:d0:
         80:02:19:00:bb:03:07:79:ea:5e:bf:15:24:63:f6:48:dc:dd:
         2f:3a:af:9a:ef:15:50:5e:1b:f2:d3:e5:de:ad:15:4e:69:3e:
         35:37:9f:a8:ff:de:61:99:8f:c9:fb:84:93:74:8e:aa:2b:aa:
         2e:e5:cd:81:8f:d2:d5:d5:bb:c7:75:2f:2b:52:53:52:c3:2e:
         43:05:3d:3f:ca:60:ee:e8:fb:2e:72:94:3d:e1:8e:19:67:d2:
         93:ac:42:7a:17:2b:f9:b4:12:ec:d0:b5:1e:6a:fd:e4:2b:7c:
         a1:3b:1f:f9:a6:3f:6e:d3:b0:fd:b1:50:03:2b:8e:64:80:d2:
         e2:9d:45:c5
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYzI32KXRbriHd5B8aLhfwPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjQwMTAyMDYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFjZjBlMTA3NzMxNmU2MDcwY2FlNzA0NTQ0M2VlMjEyZWEzNWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQEXzPj8SB8l6a+wMl2/TJWNmYW8
MYop3JYJdiMp6F6O7YG3wVPiG9In1bw3pAY4njgMQb+8ds21ry3X51wUykp3WDih
LSZ0bSgOtC2kYdB7fzvpTHvj1rLJa0yRHA6/AFcKdbVYy6mBLf7s3m7Zv3/HnD+8
ljiB2FmMXniCJIrG05B7rqP5pqLWnCaVaFmDi4YMFLiSZRjM1ZuFon28AxyX4c+4
5UoSozVKUFlFhdRbJCMmm+YtwTyet7ySju3WU4CwH8xulLcmMuzgLMEvW2WpBxay
vLgvCR2QokHeKWucT7yhGNASDuWlLgxr8nwTZdVWIS12IofTS3aWq1NqkwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFCms8OEHcxbmBwyucEVEPuIS6jW1MB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvS2F6dzRRZHpGdVlIREs1d1JVUS00aExxTmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDA4BAIAATAyAwQAVDYOAwQA
VmgOAwQAWStOAwQBsGIqAwQCuVGYMAwDBADBH3UDBAPBH3ADBADV4nUwMAQCAAIw
KgMFAyoFiMADBQMqBvfAAwUDKhAzAAMFAyoQf0ADBQMqEH/AAwUDKhHRADANBgkq
hkiG9w0BAQsFAAOCAQEABKPbifMtHmhmkWVWJO+QgjvceCFpbV6UeO/ewTFPqNzj
Se1jsGVAllH1yOpkYyoR1jIz1PN4dKY1yynrCRd50Aj9y/nJYQQfpGNWH/tn6i04
+HGfSo1cozFiUY7qBN4wdMFbbX3UMdY7xdQelWCmF1pvMLP+SXzXfM81mvLQgAIZ
ALsDB3nqXr8VJGP2SNzdLzqvmu8VUF4b8tPl3q0VTmk+NTefqP/eYZmPyfuEk3SO
qiuqLuXNgY/S1dW7x3UvK1JTUsMuQwU9P8pg7uj7LnKUPeGOGWfSk6xCehcr+bQS
7NC1Hmr95Ct8oTsf+aY/btOw/bFQAyuOZIDS4p1FxQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:31 2024 by rpki-client on console-fra.rpki-client.org