Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Dm7brQjzZXPR6dCyEl5IwAXLnEs.roa
File:                     Dm7brQjzZXPR6dCyEl5IwAXLnEs.roa (raw, json)
Hash identifier:          78eByPBAegxNHtTT1Zddd63YZ6G4jh5MF1hemNwos9E=
Subject key identifier:   0E:6E:DB:AD:08:F3:65:73:D1:E9:D0:B2:12:5E:48:C0:05:CB:9C:4B
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0182C9D945CDB600C4A4F29A7BFE0F9CD82A
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Dm7brQjzZXPR6dCyEl5IwAXLnEs.roa
Signing time:             Tue 23 Aug 2022 08:37:15 +0000
ROA not before:           Tue 23 Aug 2022 08:37:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35277
IP address blocks:        5.189.219.0/24 maxlen: 24
                          5.189.218.0/24 maxlen: 24
                          5.189.217.0/24 maxlen: 24
                          5.189.216.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.188.179.0/24 maxlen: 24
                          5.101.44.0/24 maxlen: 24
                          5.101.47.0/24 maxlen: 24
                          5.101.46.0/24 maxlen: 24
                          5.101.45.0/24 maxlen: 24
                          5.188.203.0/24 maxlen: 24
                          5.188.202.0/24 maxlen: 24
                          5.188.201.0/24 maxlen: 24
                          5.188.200.0/24 maxlen: 24
                          91.243.40.0/24 maxlen: 24
                          91.243.43.0/24 maxlen: 24
                          5.189.253.0/24 maxlen: 24
                          5.189.252.0/24 maxlen: 24
                          5.189.255.0/24 maxlen: 24
                          5.8.44.0/24 maxlen: 24
                          5.8.47.0/24 maxlen: 24
                          5.8.46.0/24 maxlen: 24
                          5.8.45.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c9:d9:45:cd:b6:00:c4:a4:f2:9a:7b:fe:0f:9c:d8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Aug 23 08:37:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0e6edbad08f36573d1e9d0b2125e48c005cb9c4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2a:33:be:00:37:4c:50:0b:c4:71:98:c7:47:
                    5c:6d:bd:16:6d:96:de:b7:93:50:53:1f:e0:0d:5a:
                    67:e6:d3:3c:40:ec:ff:7d:e4:04:e1:25:ca:64:7a:
                    59:f7:53:42:00:e2:b0:2b:88:1e:3d:a1:e7:d4:d8:
                    6f:46:35:c4:68:bb:03:4f:2c:fa:60:4c:d4:aa:17:
                    1c:63:a0:c8:c0:87:58:b3:32:08:00:3a:f7:3b:f0:
                    00:86:63:48:90:f4:b1:25:62:4a:1a:16:1f:3d:b0:
                    45:e0:ff:ab:53:e2:dc:99:33:4c:b0:c5:6b:46:21:
                    f7:09:79:45:be:af:24:66:11:03:b5:0e:a4:cc:1d:
                    6a:ed:39:8b:ae:69:c9:46:85:bd:67:d5:21:c8:8d:
                    bf:20:95:12:27:df:d8:f1:85:5a:d3:f2:64:e1:b0:
                    f8:4f:3b:57:b4:73:12:87:f8:35:36:7d:7c:a5:4e:
                    41:0c:47:86:a6:50:57:df:e7:fa:66:bb:3f:06:aa:
                    02:08:2b:1a:c2:80:18:42:22:ea:12:98:91:95:b9:
                    9f:08:fd:60:7c:96:67:96:68:3d:91:46:c4:74:72:
                    7a:e8:fe:6f:e4:f4:aa:ea:80:c6:ff:2a:17:0e:e4:
                    35:8d:57:5a:6f:42:d7:9e:de:56:7d:ba:41:94:05:
                    0e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6E:DB:AD:08:F3:65:73:D1:E9:D0:B2:12:5E:48:C0:05:CB:9C:4B
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Dm7brQjzZXPR6dCyEl5IwAXLnEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.44.0/22
                  5.101.44.0/22
                  5.188.50.0/24
                  5.188.179.0/24
                  5.188.200.0/22
                  5.189.216.0/22
                  5.189.252.0/23
                  5.189.255.0/24
                  91.243.40.0/24
                  91.243.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:59:c0:63:1c:8c:90:ac:7e:6a:6b:ab:ac:da:4a:54:a2:17:
         20:d4:5a:f7:0d:5c:0e:6a:f4:fe:35:1c:1f:3d:fd:c4:6b:2c:
         29:0a:b8:a1:8a:0f:11:1f:7c:ea:41:2d:f9:7c:3f:94:f2:47:
         8a:51:89:21:43:90:3a:f1:05:ad:66:81:9f:47:f4:44:8d:d2:
         f4:39:a3:dc:36:75:33:80:a0:4c:29:9d:44:83:ad:ee:fa:6c:
         19:35:f5:83:51:53:a5:99:13:de:83:24:5c:83:8b:3c:f7:6b:
         08:5f:2c:c8:e3:17:4a:c0:4f:33:3d:fc:dd:fa:f0:67:13:f3:
         92:fc:54:42:86:c7:b9:7d:c5:44:1f:f1:ec:5c:b4:72:a2:77:
         d4:5a:55:df:69:86:70:b2:ed:0a:0a:aa:69:5e:b5:32:99:4a:
         b3:8c:d0:dd:5d:08:61:5c:5e:dc:f6:4e:4b:5f:68:6d:25:7a:
         f0:0b:17:41:17:2b:38:e9:8f:61:92:c5:70:be:f3:48:95:5d:
         7d:91:bf:34:a9:af:45:68:e7:e5:5e:ec:85:d2:3f:2f:16:fb:
         d7:6c:dc:7e:34:98:d8:d9:06:61:9c:49:e6:85:cf:4e:dc:1e:
         c3:61:4c:23:d6:f7:bc:c9:30:1d:13:88:8a:35:1d:4f:c2:e0:
         ed:e2:d8:30
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYLJ2UXNtgDEpPKae/4PnNgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIwODIzMDgzNzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZlZGJhZDA4ZjM2NTczZDFlOWQwYjIxMjVlNDhjMDA1Y2I5YzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiozvgA3TFALxHGYx0dcbb0WbZbe
t5NQUx/gDVpn5tM8QOz/feQE4SXKZHpZ91NCAOKwK4gePaHn1NhvRjXEaLsDTyz6
YEzUqhccY6DIwIdYszIIADr3O/AAhmNIkPSxJWJKGhYfPbBF4P+rU+LcmTNMsMVr
RiH3CXlFvq8kZhEDtQ6kzB1q7TmLrmnJRoW9Z9UhyI2/IJUSJ9/Y8YVa0/Jk4bD4
TztXtHMSh/g1Nn18pU5BDEeGplBX3+f6Zrs/BqoCCCsawoAYQiLqEpiRlbmfCP1g
fJZnlmg9kUbEdHJ66P5v5PSq6oDG/yoXDuQ1jVdab0LXnt5WfbpBlAUOIwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFA5u260I82Vz0enQshJeSMAFy5xLMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvRG03YnJRanpaWFBSNmRDeUVsNUl3QVhMbkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCBQgsAwQC
BWUsAwQABbwyAwQABbyzAwQCBbzIAwQCBb3YAwQBBb38AwQABb3/AwQAW/MoAwQA
W/MrMA0GCSqGSIb3DQEBCwUAA4IBAQDHWcBjHIyQrH5qa6us2kpUohcg1Fr3DVwO
avT+NRwfPf3EaywpCrihig8RH3zqQS35fD+U8keKUYkhQ5A68QWtZoGfR/REjdL0
OaPcNnUzgKBMKZ1Eg63u+mwZNfWDUVOlmRPegyRcg4s892sIXyzI4xdKwE8zPfzd
+vBnE/OS/FRChse5fcVEH/HsXLRyonfUWlXfaYZwsu0KCqppXrUymUqzjNDdXQhh
XF7c9k5LX2htJXrwCxdBFys46Y9hksVwvvNIlV19kb80qa9FaOflXuyF0j8vFvvX
bNx+NJjY2QZhnEnmhc9O3B7DYUwj1ve8yTAdE4iKNR1PwuDt4tgw
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:28 2024 by rpki-client on console-fra.rpki-client.org