Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/u8ffIlSjFZ4y4ceBJ33JjjiPc3w.roa
File:                     u8ffIlSjFZ4y4ceBJ33JjjiPc3w.roa (raw, json)
Hash identifier:          +8xEZBiu/AaYz3jmWbURb2FCjH/cV9KX0qLoWTOgt00=
Subject key identifier:   BB:C7:DF:22:54:A3:15:9E:32:E1:C7:81:27:7D:C9:8E:38:8F:73:7C
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       0182B06339729FF82E5395A9D93F38A596EF
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/u8ffIlSjFZ4y4ceBJ33JjjiPc3w.roa
Signing time:             Thu 18 Aug 2022 09:57:48 +0000
ROA not before:           Thu 18 Aug 2022 09:57:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6700
IP address blocks:        217.26.64.0/20 maxlen: 20
                          195.252.110.0/24 maxlen: 24
                          195.252.109.0/24 maxlen: 24
                          195.252.122.0/23 maxlen: 23
                          195.252.64.0/19 maxlen: 19
                          195.252.78.0/23 maxlen: 23
                          195.252.76.0/23 maxlen: 23
                          195.252.80.0/23 maxlen: 23
                          195.252.96.0/19 maxlen: 19
                          195.252.102.0/24 maxlen: 24
                          213.244.224.0/20 maxlen: 20
                          194.106.165.0/24 maxlen: 24
                          194.106.166.0/24 maxlen: 24
                          194.106.162.0/24 maxlen: 24
                          194.106.160.0/20 maxlen: 20
                          194.106.170.0/24 maxlen: 24
                          194.106.176.0/20 maxlen: 20
                          194.106.182.0/24 maxlen: 24
                          62.193.131.0/24 maxlen: 24
                          62.193.129.0/24 maxlen: 24
                          62.193.130.0/24 maxlen: 24
                          62.193.128.0/19 maxlen: 19
                          62.193.137.0/24 maxlen: 24
                          62.193.151.0/24 maxlen: 24
                          91.148.117.0/24 maxlen: 24
                          91.148.118.0/24 maxlen: 24
                          91.148.124.0/24 maxlen: 24
                          91.148.125.0/24 maxlen: 24
                          91.148.123.0/24 maxlen: 24
                          91.148.122.0/24 maxlen: 24
                          91.148.120.0/23 maxlen: 23
                          91.148.126.0/23 maxlen: 24
                          85.222.160.0/22 maxlen: 24
                          85.222.160.0/24 maxlen: 24
                          91.148.69.0/24 maxlen: 24
                          91.148.70.0/24 maxlen: 24
                          91.148.68.0/24 maxlen: 24
                          91.148.64.0/18 maxlen: 18
                          91.148.72.0/24 maxlen: 24
                          91.148.73.0/24 maxlen: 24
                          91.148.80.0/20 maxlen: 20
                          91.148.96.0/21 maxlen: 21
                          91.148.105.0/24 maxlen: 24
                          91.148.104.0/24 maxlen: 24
                          185.47.210.0/24 maxlen: 24
                          185.47.208.0/22 maxlen: 22
                          185.47.208.0/24 maxlen: 24
                          178.20.206.0/24 maxlen: 24
                          62.108.96.0/19 maxlen: 19
                          178.20.205.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:b0:63:39:72:9f:f8:2e:53:95:a9:d9:3f:38:a5:96:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Aug 18 09:57:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bbc7df2254a3159e32e1c781277dc98e388f737c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fc:e4:23:31:fd:56:74:11:e5:d2:21:81:f6:
                    e8:f2:9a:e5:53:54:a2:57:2e:7e:8b:ea:ea:a7:9e:
                    68:9a:dc:03:7e:c0:9d:a3:d0:d1:9f:1c:15:5b:45:
                    03:d1:a0:bc:35:08:4a:ae:91:56:c0:30:2c:e2:a7:
                    7d:0f:44:c6:8b:8a:64:da:dd:b5:bc:28:11:86:6e:
                    b6:c9:94:b4:fd:58:0b:60:3f:87:39:13:6f:8d:07:
                    6e:98:2f:37:2f:bb:3e:2a:85:2b:d9:57:3c:5d:8e:
                    04:8d:65:c7:3c:06:be:7b:37:01:4f:23:99:e1:b9:
                    a0:0e:84:10:be:45:a7:d2:c8:23:c9:63:b3:4c:b2:
                    e4:1f:0a:66:db:25:c9:5a:cb:8d:be:6f:2f:51:8e:
                    ae:2a:98:ec:6e:7b:06:0a:1d:7d:ac:ae:f1:b1:cd:
                    e6:a1:5c:61:ad:79:b4:98:29:1c:75:93:52:e3:96:
                    11:93:8a:16:0d:62:7a:a8:00:04:8c:41:b6:b6:bf:
                    ad:70:27:91:71:f3:a8:24:37:b7:70:d8:4c:2c:2e:
                    ae:16:e3:f7:a8:10:82:ba:b1:f9:b8:0f:08:be:00:
                    6b:02:69:33:1f:27:42:64:bd:eb:46:17:a2:a6:c8:
                    1d:65:c5:c6:60:de:ed:f0:16:b8:ad:10:bf:4d:ce:
                    46:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C7:DF:22:54:A3:15:9E:32:E1:C7:81:27:7D:C9:8E:38:8F:73:7C
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/u8ffIlSjFZ4y4ceBJ33JjjiPc3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/22
                  91.148.64.0/18
                  178.20.205.0-178.20.207.255
                  185.47.208.0/22
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.224.0/20
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:1d:fa:50:b9:ee:e1:e5:24:a2:de:02:5e:69:1e:82:5d:8e:
         31:4b:73:ee:95:b9:87:c8:f6:80:cb:32:b5:5e:ba:85:fd:3e:
         d8:29:53:16:0d:74:69:1f:da:2e:1f:0c:8a:d5:97:d9:e3:ff:
         c2:69:db:f9:70:d0:a4:32:28:77:95:27:18:ca:b0:34:b7:10:
         a3:8d:51:a9:5c:4b:df:71:0a:61:1e:6e:af:1a:5c:46:75:69:
         44:de:90:bf:9a:36:0b:9f:7f:3d:83:23:80:54:e8:d9:4a:e1:
         a5:26:9c:dd:7e:c2:de:95:de:38:24:41:85:d0:50:af:d5:f3:
         5c:32:a7:0a:df:c8:a5:87:32:c3:72:db:ab:89:ef:be:73:f9:
         f9:8e:fe:0a:ee:6c:3a:4f:e2:0a:9b:7f:ab:28:0b:d8:d8:bd:
         8e:79:89:3a:62:bc:f6:e1:24:9b:f3:09:e4:8a:2c:f3:1e:ce:
         a6:6a:6d:c8:6a:cc:69:f5:81:27:e9:db:b9:b3:02:f2:78:fc:
         d9:ef:0b:e2:e0:9d:21:3e:a5:1a:a6:db:33:7e:73:99:98:f1:
         d0:13:9e:c3:35:f1:d0:fe:e3:3d:55:d5:80:92:0a:fe:71:f1:
         a8:d3:42:ef:b0:fa:49:e5:05:39:73:6e:a0:50:db:b6:1b:94:
         69:87:6d:03
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYKwYzlyn/guU5Wp2T84pZbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjIwODE4MDk1NzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmM3ZGYyMjU0YTMxNTllMzJlMWM3ODEyNzdkYzk4ZTM4OGY3MzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvzkIzH9VnQR5dIhgfbo8prlU1Si
Vy5+i+rqp55omtwDfsCdo9DRnxwVW0UD0aC8NQhKrpFWwDAs4qd9D0TGi4pk2t21
vCgRhm62yZS0/VgLYD+HORNvjQdumC83L7s+KoUr2Vc8XY4EjWXHPAa+ezcBTyOZ
4bmgDoQQvkWn0sgjyWOzTLLkHwpm2yXJWsuNvm8vUY6uKpjsbnsGCh19rK7xsc3m
oVxhrXm0mCkcdZNS45YRk4oWDWJ6qAAEjEG2tr+tcCeRcfOoJDe3cNhMLC6uFuP3
qBCCurH5uA8IvgBrAmkzHydCZL3rRheipsgdZcXGYN7t8Ba4rRC/Tc5GqQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFLvH3yJUoxWeMuHHgSd9yY44j3N8MB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvdThmZklsU2pGWjR5NGNlQkozM0pqamlQYzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBKBAIAATBEAwQFPmxgAwQF
PsGAAwQCVd6gAwQGW5RAMAwDBACyFM0DBASyFMADBAK5L9ADBAXCaqADBAbD/EAD
BATV9OADBATZGkAwFAQCAAIwDgMFACABCMgDBQAqAg5AMA0GCSqGSIb3DQEBCwUA
A4IBAQA4HfpQue7h5SSi3gJeaR6CXY4xS3PulbmHyPaAyzK1XrqF/T7YKVMWDXRp
H9ouHwyK1ZfZ4//Cadv5cNCkMih3lScYyrA0txCjjVGpXEvfcQphHm6vGlxGdWlE
3pC/mjYLn389gyOAVOjZSuGlJpzdfsLeld44JEGF0FCv1fNcMqcK38ilhzLDctur
ie++c/n5jv4K7mw6T+IKm3+rKAvY2L2OeYk6Yrz24SSb8wnkiizzHs6mam3Iasxp
9YEn6du5swLyePzZ7wvi4J0hPqUaptszfnOZmPHQE57DNfHQ/uM9VdWAkgr+cfGo
00LvsPpJ5QU5c26gUNu2G5Rph20D
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:19 2024 by rpki-client on console-ams.rpki-client.org