Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/JoYrvAMEnK-qPYFpYr_2orQ3mXA.roa
File:                     JoYrvAMEnK-qPYFpYr_2orQ3mXA.roa (raw, json)
Hash identifier:          6wz+WtVwxr/KyShambSISmWhqarzL5RmdJQMBNXGXVc=
Subject key identifier:   26:86:2B:BC:03:04:9C:AF:AA:3D:81:69:62:BF:F6:A2:B4:37:99:70
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018655D9F65101B04EE0066C901118FB524B
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/JoYrvAMEnK-qPYFpYr_2orQ3mXA.roa
Signing time:             Wed 15 Feb 2023 16:13:12 +0000
ROA not before:           Wed 15 Feb 2023 16:13:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34665
IP address blocks:        46.161.14.0/23 maxlen: 23
                          46.161.12.0/23 maxlen: 23
                          46.161.20.0/22 maxlen: 22
                          46.161.24.0/23 maxlen: 23
                          5.188.10.0/23 maxlen: 23
                          5.188.9.0/24 maxlen: 24
                          95.215.0.0/22 maxlen: 24
                          95.215.2.0/23 maxlen: 23
                          95.215.0.0/23 maxlen: 23
                          46.161.26.0/24 maxlen: 24
                          95.215.0.0/24 maxlen: 24
                          46.161.30.0/24 maxlen: 24
                          95.215.3.0/24 maxlen: 24
                          95.215.1.0/24 maxlen: 24
                          46.161.28.0/24 maxlen: 24
                          95.215.2.0/24 maxlen: 24
                          46.161.29.0/24 maxlen: 24
                          46.161.32.0/22 maxlen: 22
                          46.161.42.0/24 maxlen: 24
                          46.161.41.0/24 maxlen: 24
                          46.161.48.0/23 maxlen: 23
                          46.161.48.0/22 maxlen: 22
                          46.161.50.0/23 maxlen: 23
                          46.161.48.0/24 maxlen: 24
                          46.161.51.0/24 maxlen: 24
                          46.161.49.0/24 maxlen: 24
                          46.161.50.0/24 maxlen: 24
                          5.188.44.0/22 maxlen: 22
                          5.188.44.0/23 maxlen: 23
                          5.188.44.0/24 maxlen: 24
                          5.188.46.0/23 maxlen: 23
                          5.188.49.0/24 maxlen: 24
                          5.188.47.0/24 maxlen: 24
                          5.188.48.0/24 maxlen: 24
                          5.188.46.0/24 maxlen: 24
                          5.188.45.0/24 maxlen: 24
                          46.161.2.0/23 maxlen: 24
                          46.161.11.0/24 maxlen: 24
                          46.161.10.0/24 maxlen: 24
                          46.161.8.0/24 maxlen: 24
                          5.101.4.0/24 maxlen: 24
                          5.101.2.0/24 maxlen: 24
                          5.101.3.0/24 maxlen: 24
                          5.101.0.0/24 maxlen: 24
                          5.101.1.0/24 maxlen: 24
                          5.101.2.0/23 maxlen: 23
                          5.101.4.0/22 maxlen: 22
                          5.101.4.0/23 maxlen: 23
                          5.101.0.0/22 maxlen: 22
                          5.101.0.0/23 maxlen: 23
                          5.101.7.0/24 maxlen: 24
                          5.101.5.0/24 maxlen: 24
                          5.101.6.0/24 maxlen: 24
                          5.101.6.0/23 maxlen: 23
                          5.188.62.0/24 maxlen: 24
                          5.188.60.0/23 maxlen: 23
                          37.139.51.0/24 maxlen: 24
                          37.139.49.0/24 maxlen: 24
                          37.139.58.0/24 maxlen: 24
                          37.139.57.0/24 maxlen: 24
                          37.139.56.0/24 maxlen: 24
                          37.139.53.0/24 maxlen: 24
                          37.139.58.0/23 maxlen: 23
                          37.139.56.0/23 maxlen: 23
                          37.139.56.0/22 maxlen: 22
                          37.139.54.0/23 maxlen: 23
                          37.139.59.0/24 maxlen: 24
                          31.44.184.0/24 maxlen: 24
                          31.44.188.0/22 maxlen: 32
                          146.185.244.0/23 maxlen: 23
                          146.185.224.0/21 maxlen: 21
                          146.185.223.0/24 maxlen: 24
                          185.238.152.0/22 maxlen: 22
                          31.184.192.0/24 maxlen: 24
                          31.184.192.0/23 maxlen: 23
                          31.184.192.0/22 maxlen: 22
                          31.184.193.0/24 maxlen: 24
                          31.184.196.0/24 maxlen: 24
                          31.184.195.0/24 maxlen: 24
                          31.184.196.0/22 maxlen: 22
                          31.184.196.0/23 maxlen: 23
                          31.184.194.0/23 maxlen: 23
                          31.184.194.0/24 maxlen: 24
                          31.184.199.0/24 maxlen: 24
                          31.184.198.0/23 maxlen: 23
                          31.184.197.0/24 maxlen: 24
                          31.184.198.0/24 maxlen: 24
                          195.2.240.0/23 maxlen: 24
                          31.184.231.0/24 maxlen: 24
                          31.184.232.0/22 maxlen: 24
                          31.184.228.0/23 maxlen: 23
                          31.184.238.0/23 maxlen: 23
                          31.184.243.0/24 maxlen: 24
                          188.143.232.0/24 maxlen: 24
                          188.143.233.0/24 maxlen: 24
                          188.143.232.0/23 maxlen: 23
                          188.143.232.0/22 maxlen: 22
                          37.9.48.0/24 maxlen: 24
                          188.143.235.0/24 maxlen: 24
                          91.243.93.0/24 maxlen: 24
                          5.8.52.0/23 maxlen: 23
                          5.8.54.0/23 maxlen: 23
                          5.8.52.0/22 maxlen: 22
                          5.8.56.0/24 maxlen: 24
                          5.8.57.0/24 maxlen: 24
                          5.8.54.0/24 maxlen: 24
                          5.8.55.0/24 maxlen: 24
                          5.8.53.0/24 maxlen: 24
                          5.8.52.0/24 maxlen: 24
                          5.8.60.0/23 maxlen: 23
                          5.8.59.0/24 maxlen: 24
                          5.8.65.0/24 maxlen: 24
                          5.8.8.0/24 maxlen: 24
                          5.8.10.0/23 maxlen: 23
                          5.8.8.0/22 maxlen: 22
                          5.8.8.0/23 maxlen: 23
                          5.8.11.0/24 maxlen: 24
                          5.8.9.0/24 maxlen: 24
                          5.8.10.0/24 maxlen: 24
                          5.8.12.0/22 maxlen: 22
                          5.189.248.0/22 maxlen: 22
                          5.8.48.0/22 maxlen: 22
                          5.8.48.0/23 maxlen: 23
                          5.8.50.0/23 maxlen: 23
                          5.8.49.0/24 maxlen: 24
                          5.8.50.0/24 maxlen: 24
                          5.8.48.0/24 maxlen: 24
                          5.8.51.0/24 maxlen: 24
                          5.101.66.0/23 maxlen: 23
                          5.101.66.0/24 maxlen: 24
                          5.101.67.0/24 maxlen: 24
                          5.101.65.0/24 maxlen: 24
                          5.188.220.0/23 maxlen: 24
                          5.188.223.0/24 maxlen: 24
                          5.188.222.0/24 maxlen: 24
                          5.101.80.0/22 maxlen: 22
                          5.188.233.0/24 maxlen: 24
                          5.101.84.0/22 maxlen: 22
                          5.188.234.0/23 maxlen: 23
                          5.101.90.0/23 maxlen: 23
                          5.188.166.0/24 maxlen: 24
                          5.188.164.0/24 maxlen: 24
                          5.188.165.0/24 maxlen: 24
                          5.101.32.0/22 maxlen: 24
                          5.188.204.0/23 maxlen: 23
                          5.101.64.0/22 maxlen: 22
                          5.101.64.0/23 maxlen: 23
                          5.188.211.0/24 maxlen: 24
                          5.188.210.0/24 maxlen: 24
                          5.188.207.0/24 maxlen: 24
                          5.101.64.0/24 maxlen: 24
                          5.188.208.0/23 maxlen: 23
                          91.243.44.0/22 maxlen: 22
                          91.243.48.0/23 maxlen: 23
                          91.243.48.0/22 maxlen: 22
                          91.243.50.0/23 maxlen: 23
                          91.243.51.0/24 maxlen: 24
                          91.243.50.0/24 maxlen: 24
                          91.243.48.0/24 maxlen: 24
                          91.243.49.0/24 maxlen: 24
                          91.243.56.0/22 maxlen: 22
                          91.243.52.0/22 maxlen: 22
                          91.243.62.0/23 maxlen: 23
                          91.243.60.0/24 maxlen: 24
                          91.243.61.0/24 maxlen: 24
                          91.243.91.0/24 maxlen: 24
                          91.243.90.0/24 maxlen: 24
                          91.243.32.0/22 maxlen: 22
                          2a00:1d78:100:1c0::/58 maxlen: 58

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:55:d9:f6:51:01:b0:4e:e0:06:6c:90:11:18:fb:52:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Feb 15 16:13:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=26862bbc03049cafaa3d816962bff6a2b4379970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ab:5f:40:0b:e5:1d:bb:40:a1:b6:69:94:de:
                    bd:b1:f7:52:15:b2:a2:df:72:74:dd:99:85:e4:bb:
                    20:a0:bc:87:7e:7f:c1:f2:71:f4:d5:e7:42:14:c5:
                    c2:a7:22:50:88:ed:69:ed:22:33:50:54:e3:c2:07:
                    81:9c:4e:53:23:1c:a7:ab:9c:44:af:52:d9:e9:01:
                    07:ca:c0:6a:34:c2:5a:ea:6c:06:0a:8f:0d:9e:4f:
                    05:e4:fb:26:70:47:4a:41:73:20:a5:3d:18:9d:e8:
                    f6:09:b5:ec:2d:38:a1:9b:da:65:6d:a9:56:ad:39:
                    7a:ea:39:bb:d8:2b:ad:9a:ec:75:93:54:02:fc:1a:
                    f7:f1:29:0d:9c:cb:76:9d:24:93:d2:07:e8:79:18:
                    14:19:23:f0:c2:43:31:96:6f:25:15:e9:b8:71:83:
                    eb:c0:5f:93:88:65:08:a4:46:c6:fb:5d:ce:9a:a4:
                    d9:bc:b3:bd:de:19:6a:92:66:91:fa:0b:da:51:41:
                    fe:33:54:55:4a:f3:94:15:c7:f9:25:31:70:28:db:
                    b5:e3:6c:bb:b8:d7:dc:39:46:11:5e:b3:a1:9a:6e:
                    1f:f3:0b:69:ea:71:62:90:3d:54:08:2e:2f:da:fa:
                    7e:3a:80:35:3d:8f:db:d1:26:83:2e:73:5c:79:7d:
                    dc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:86:2B:BC:03:04:9C:AF:AA:3D:81:69:62:BF:F6:A2:B4:37:99:70
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/JoYrvAMEnK-qPYFpYr_2orQ3mXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.8.0/21
                  5.8.48.0-5.8.57.255
                  5.8.59.0-5.8.61.255
                  5.8.65.0/24
                  5.101.0.0/21
                  5.101.32.0/22
                  5.101.64.0/22
                  5.101.80.0/21
                  5.101.90.0/23
                  5.188.9.0-5.188.11.255
                  5.188.44.0-5.188.49.255
                  5.188.60.0-5.188.62.255
                  5.188.164.0-5.188.166.255
                  5.188.204.0/23
                  5.188.207.0-5.188.211.255
                  5.188.220.0/22
                  5.188.233.0-5.188.235.255
                  5.189.248.0/22
                  31.44.184.0/24
                  31.44.188.0/22
                  31.184.192.0/21
                  31.184.228.0/23
                  31.184.231.0-31.184.235.255
                  31.184.238.0/23
                  31.184.243.0/24
                  37.9.48.0/24
                  37.139.49.0/24
                  37.139.51.0/24
                  37.139.53.0-37.139.59.255
                  46.161.2.0/23
                  46.161.8.0/24
                  46.161.10.0-46.161.15.255
                  46.161.20.0-46.161.26.255
                  46.161.28.0-46.161.30.255
                  46.161.32.0/22
                  46.161.41.0-46.161.42.255
                  46.161.48.0/22
                  91.243.32.0/22
                  91.243.44.0-91.243.63.255
                  91.243.90.0/23
                  91.243.93.0/24
                  95.215.0.0/22
                  146.185.223.0-146.185.231.255
                  146.185.244.0/23
                  185.238.152.0/22
                  188.143.232.0/22
                  195.2.240.0/23
                IPv6:
                  2a00:1d78:100:1c0::/58

    Signature Algorithm: sha256WithRSAEncryption
         79:47:63:2e:5d:07:04:b1:e8:f6:c3:3d:65:47:e2:49:75:70:
         95:15:69:2f:7c:57:ca:cd:81:46:e2:d2:ad:9e:b5:0e:d8:2f:
         28:f4:f2:f5:f6:12:f8:0c:b5:8c:90:7b:71:18:93:0e:76:b6:
         91:23:1f:1d:03:7f:08:12:13:18:09:5d:14:b1:1a:b4:f2:fd:
         4a:a3:ed:1a:8c:e6:c8:8a:1b:9a:7f:49:27:53:bb:44:de:80:
         58:67:a7:74:7b:25:a5:ca:16:4e:46:2d:41:d9:e1:3c:48:25:
         c8:81:1c:6e:49:01:9c:80:bf:f6:eb:2c:80:44:59:da:13:17:
         45:66:87:a0:75:09:58:08:fc:12:c4:69:c6:c9:7d:5f:a0:c1:
         0a:bf:76:d2:ab:31:ea:11:b1:4b:ca:e2:09:d0:f9:16:36:54:
         9c:a6:7a:57:22:e0:07:fb:fe:50:31:96:0b:d6:48:cb:18:89:
         45:5e:b1:4b:fb:2d:c5:84:fe:dc:aa:6f:56:bf:fb:74:f9:5a:
         be:39:9f:45:93:ff:d8:f6:c3:55:72:5a:52:71:fa:c2:b5:4b:
         8d:0a:58:d0:68:75:37:6e:6d:7f:6d:eb:38:6b:86:b2:a4:96:
         5d:47:ef:9d:86:d7:1c:eb:88:50:f0:8f:fc:93:c9:82:93:54:
         2f:6f:a8:e9
-----BEGIN CERTIFICATE-----
MIIGrjCCBZagAwIBAgISAYZV2fZRAbBO4AZskBEY+1JLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjMwMjE1MTYxMzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjg2MmJiYzAzMDQ5Y2FmYWEzZDgxNjk2MmJmZjZhMmI0Mzc5OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKtfQAvlHbtAobZplN69sfdSFbKi
33J03ZmF5LsgoLyHfn/B8nH01edCFMXCpyJQiO1p7SIzUFTjwgeBnE5TIxynq5xE
r1LZ6QEHysBqNMJa6mwGCo8Nnk8F5PsmcEdKQXMgpT0Ynej2CbXsLTihm9plbalW
rTl66jm72Cutmux1k1QC/Br38SkNnMt2nSST0gfoeRgUGSPwwkMxlm8lFem4cYPr
wF+TiGUIpEbG+13OmqTZvLO93hlqkmaR+gvaUUH+M1RVSvOUFcf5JTFwKNu142y7
uNfcOUYRXrOhmm4f8wtp6nFikD1UCC4v2vp+OoA1PY/b0SaDLnNceX3c+wIDAQAB
o4IDujCCA7YwHQYDVR0OBBYEFCaGK7wDBJyvqj2BaWK/9qK0N5lwMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSm9ZcnZBTUVuSy1xUFlGcFlyXzJvclEzbVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzgYIKwYBBQUHAQcBAf8EggG9MIIBuTCCAaIEAgABMIIB
mgMEAwUICDAMAwQEBQgwAwQBBQg4MAwDBAAFCDsDBAEFCDwDBAAFCEEDBAMFZQAD
BAIFZSADBAIFZUADBAMFZVADBAEFZVowDAMEAAW8CQMEAgW8CDAMAwQCBbwsAwQB
BbwwMAwDBAIFvDwDBAAFvD4wDAMEAgW8pAMEAAW8pgMEAQW8zDAMAwQABbzPAwQC
BbzQAwQCBbzcMAwDBAAFvOkDBAIFvOgDBAIFvfgDBAAfLLgDBAIfLLwDBAMfuMAD
BAEfuOQwDAMEAB+45wMEAh+46AMEAR+47gMEAB+48wMEACUJMAMEACWLMQMEACWL
MzAMAwQAJYs1AwQCJYs4AwQBLqECAwQALqEIMAwDBAEuoQoDBAQuoQAwDAMEAi6h
FAMEAC6hGjAMAwQCLqEcAwQALqEeAwQCLqEgMAwDBAAuoSkDBAAuoSoDBAIuoTAD
BAJb8yAwDAMEAlvzLAMEBlvzAAMEAVvzWgMEAFvzXQMEAl/XADAMAwQAkrnfAwQD
krngAwQBkrn0AwQCue6YAwQCvI/oAwQBwwLwMBEEAgACMAsDCQYqAB14AQABwDAN
BgkqhkiG9w0BAQsFAAOCAQEAeUdjLl0HBLHo9sM9ZUfiSXVwlRVpL3xXys2BRuLS
rZ61DtgvKPTy9fYS+Ay1jJB7cRiTDna2kSMfHQN/CBITGAldFLEatPL9SqPtGozm
yIobmn9JJ1O7RN6AWGendHslpcoWTkYtQdnhPEglyIEcbkkBnIC/9ussgERZ2hMX
RWaHoHUJWAj8EsRpxsl9X6DBCr920qsx6hGxS8riCdD5FjZUnKZ6VyLgB/v+UDGW
C9ZIyxiJRV6xS/stxYT+3KpvVr/7dPlavjmfRZP/2PbDVXJaUnH6wrVLjQpY0Gh1
N25tf23rOGuGsqSWXUfvnYbXHOuIUPCP/JPJgpNUL2+o6Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:55 2024 by rpki-client on console-ams.rpki-client.org