Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8EH0J4ORToXFIIg_ovNhBJGQSNU.roa
File:                     8EH0J4ORToXFIIg_ovNhBJGQSNU.roa (raw, json)
Hash identifier:          sPUIxLRU75h0TMFK4Qh0Fj/k8sidjhaIFIjd7O6V560=
Subject key identifier:   F0:41:F4:27:83:91:4E:85:C5:20:88:3F:A2:F3:61:04:91:90:48:D5
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018679491303701E7631CF2BC983313746F3
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8EH0J4ORToXFIIg_ovNhBJGQSNU.roa
Signing time:             Wed 22 Feb 2023 13:21:17 +0000
ROA not before:           Wed 22 Feb 2023 13:21:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6700
IP address blocks:        217.26.64.0/20 maxlen: 20
                          195.252.110.0/24 maxlen: 24
                          195.252.109.0/24 maxlen: 24
                          195.252.122.0/23 maxlen: 23
                          195.252.64.0/19 maxlen: 19
                          195.252.78.0/23 maxlen: 23
                          195.252.76.0/23 maxlen: 23
                          195.252.80.0/23 maxlen: 23
                          195.252.96.0/19 maxlen: 19
                          195.252.102.0/24 maxlen: 24
                          213.244.224.0/20 maxlen: 20
                          194.106.165.0/24 maxlen: 24
                          194.106.166.0/24 maxlen: 24
                          194.106.162.0/24 maxlen: 24
                          194.106.160.0/20 maxlen: 20
                          194.106.170.0/24 maxlen: 24
                          194.106.176.0/20 maxlen: 20
                          194.106.182.0/24 maxlen: 24
                          62.193.131.0/24 maxlen: 24
                          62.193.129.0/24 maxlen: 24
                          62.193.130.0/24 maxlen: 24
                          62.193.128.0/19 maxlen: 19
                          62.193.137.0/24 maxlen: 24
                          62.193.151.0/24 maxlen: 24
                          91.148.112.0/22 maxlen: 22
                          91.148.117.0/24 maxlen: 24
                          91.148.118.0/24 maxlen: 24
                          91.148.124.0/24 maxlen: 24
                          91.148.125.0/24 maxlen: 24
                          91.148.123.0/24 maxlen: 24
                          91.148.122.0/24 maxlen: 24
                          91.148.120.0/23 maxlen: 23
                          91.148.126.0/23 maxlen: 24
                          85.222.160.0/22 maxlen: 24
                          85.222.160.0/24 maxlen: 24
                          91.148.69.0/24 maxlen: 24
                          91.148.70.0/24 maxlen: 24
                          91.148.68.0/24 maxlen: 24
                          91.148.64.0/18 maxlen: 18
                          91.148.72.0/24 maxlen: 24
                          91.148.73.0/24 maxlen: 24
                          91.148.80.0/20 maxlen: 20
                          91.148.96.0/20 maxlen: 20
                          91.148.96.0/21 maxlen: 21
                          91.148.105.0/24 maxlen: 24
                          91.148.104.0/24 maxlen: 24
                          62.108.107.0/24 maxlen: 24
                          185.47.210.0/24 maxlen: 24
                          185.47.208.0/22 maxlen: 22
                          185.47.208.0/24 maxlen: 24
                          178.20.206.0/24 maxlen: 24
                          62.108.96.0/19 maxlen: 19
                          178.20.204.0/24 maxlen: 24
                          178.20.205.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:79:49:13:03:70:1e:76:31:cf:2b:c9:83:31:37:46:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Feb 22 13:21:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f041f42783914e85c520883fa2f36104919048d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:5c:b9:39:8a:67:b3:55:81:7a:c8:1d:1f:85:
                    f7:16:56:12:2b:87:ae:81:29:ef:0f:07:06:f9:63:
                    2f:3e:57:16:e2:02:47:1b:6b:f1:c3:a7:4d:6c:4b:
                    2b:6d:b2:81:c7:7d:6c:f5:d3:6e:79:59:25:0a:c2:
                    77:39:7b:0b:41:87:9e:cc:cd:b2:dd:e9:f4:33:22:
                    cc:1e:6a:74:8b:56:03:f8:7b:a8:75:24:cb:db:d2:
                    04:12:d7:38:7b:95:ce:59:69:ff:eb:7a:56:45:39:
                    0b:d4:a7:48:75:83:0f:58:21:33:61:ff:4f:35:26:
                    2d:b3:56:b5:ed:9e:eb:32:04:1b:c4:03:42:c3:88:
                    17:c6:ee:50:88:a4:05:56:5e:03:71:41:4c:f9:bc:
                    38:41:af:6b:61:6b:28:b0:76:43:67:97:f3:4f:23:
                    1e:d8:e4:00:33:21:7a:98:b4:e5:6d:1e:f9:5b:4c:
                    5e:13:50:0f:51:50:ad:4f:04:c8:ab:62:f8:25:86:
                    ff:c9:79:ca:14:e4:f0:48:21:c9:a0:58:06:0b:1c:
                    ca:6b:23:93:09:fc:bb:5d:ed:f9:8b:f5:92:0e:e2:
                    ca:57:88:40:d7:4d:9e:97:83:f7:78:1f:61:ee:a6:
                    5d:51:26:c4:39:3e:e6:6f:b9:5a:e8:86:6f:e8:66:
                    a5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:41:F4:27:83:91:4E:85:C5:20:88:3F:A2:F3:61:04:91:90:48:D5
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8EH0J4ORToXFIIg_ovNhBJGQSNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/22
                  91.148.64.0/18
                  178.20.204.0/22
                  185.47.208.0/22
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.224.0/20
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:8c:85:9c:6d:64:81:70:67:eb:45:47:a3:9b:3e:fd:cf:60:
         f0:26:45:20:99:31:ee:af:e4:13:36:b1:76:bf:42:8a:a5:d3:
         34:a9:b2:da:fc:44:92:2c:80:21:3a:bf:94:ab:2c:d3:ce:ec:
         20:08:af:cd:c4:3b:94:30:39:ff:5c:20:2b:9f:9c:4b:89:5d:
         a8:c3:03:ac:7d:17:52:f0:c4:9b:22:cd:18:79:1d:45:12:f9:
         da:bd:3f:fb:5a:81:2b:3f:79:bf:91:fd:c6:7c:a5:c7:9f:b7:
         a1:ee:98:63:2d:80:43:dd:43:8f:61:10:7d:bd:73:66:58:3c:
         a9:53:0d:c1:a8:07:b7:d1:6d:55:f9:b3:ef:d9:87:cf:e3:bf:
         69:4f:9b:9c:90:cf:45:69:0e:dc:f9:34:f9:d6:eb:37:1a:6d:
         3d:59:89:69:08:4f:56:7b:61:a5:c6:16:55:c3:7d:19:cc:0b:
         85:32:9f:ea:37:95:f7:bb:89:41:4b:20:3e:d8:70:d7:ed:36:
         1e:70:e7:05:f1:18:58:38:b6:87:9c:39:7c:48:72:93:9a:5f:
         ab:69:50:1b:5a:b5:39:1d:79:44:6f:96:1d:8f:97:0c:8c:cb:
         75:a0:17:f8:03:54:7e:65:ae:a9:3e:ac:1e:cb:b6:ed:0e:61:
         45:8d:5a:f8
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYZ5SRMDcB52Mc8ryYMxN0bzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjMwMjIyMTMyMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQxZjQyNzgzOTE0ZTg1YzUyMDg4M2ZhMmYzNjEwNDkxOTA0OGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71y5OYpns1WBesgdH4X3FlYSK4eu
gSnvDwcG+WMvPlcW4gJHG2vxw6dNbEsrbbKBx31s9dNueVklCsJ3OXsLQYeezM2y
3en0MyLMHmp0i1YD+HuodSTL29IEEtc4e5XOWWn/63pWRTkL1KdIdYMPWCEzYf9P
NSYts1a17Z7rMgQbxANCw4gXxu5QiKQFVl4DcUFM+bw4Qa9rYWsosHZDZ5fzTyMe
2OQAMyF6mLTlbR75W0xeE1APUVCtTwTIq2L4JYb/yXnKFOTwSCHJoFgGCxzKayOT
Cfy7Xe35i/WSDuLKV4hA102el4P3eB9h7qZdUSbEOT7mb7la6IZv6GalTwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFPBB9CeDkU6FxSCIP6LzYQSRkEjVMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvOEVIMEo0T1JUb1hGSUlnX292TmhCSkdRU05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQFPmxgAwQF
PsGAAwQCVd6gAwQGW5RAAwQCshTMAwQCuS/QAwQFwmqgAwQGw/xAAwQE1fTgAwQE
2RpAMBQEAgACMA4DBQAgAQjIAwUAKgIOQDANBgkqhkiG9w0BAQsFAAOCAQEAHYyF
nG1kgXBn60VHo5s+/c9g8CZFIJkx7q/kEzaxdr9CiqXTNKmy2vxEkiyAITq/lKss
087sIAivzcQ7lDA5/1wgK5+cS4ldqMMDrH0XUvDEmyLNGHkdRRL52r0/+1qBKz95
v5H9xnylx5+3oe6YYy2AQ91Dj2EQfb1zZlg8qVMNwagHt9FtVfmz79mHz+O/aU+b
nJDPRWkO3Pk0+dbrNxptPVmJaQhPVnthpcYWVcN9GcwLhTKf6jeV97uJQUsgPthw
1+02HnDnBfEYWDi2h5w5fEhyk5pfq2lQG1q1OR15RG+WHY+XDIzLdaAX+ANUfmWu
qT6sHsu27Q5hRY1a+A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:30 2024 by rpki-client on console-fra.rpki-client.org