Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa
File:                     aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa (raw, json)
Hash identifier:          JEMRAR2hFjVNE6wt/VxIsOJXXEY/fAAvRbe+MFZpHBg=
Subject key identifier:   68:AB:8C:E8:61:63:41:D6:4D:66:D2:8E:5C:F4:0A:11:52:7D:11:24
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0183A27CB7A6A7564E4E4727137175BF0211
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa
Signing time:             Tue 04 Oct 2022 10:13:45 +0000
ROA not before:           Tue 04 Oct 2022 10:13:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209813
IP address blocks:        185.238.152.0/24 maxlen: 24
                          46.161.31.0/24 maxlen: 24
                          185.238.153.0/24 maxlen: 24
                          185.238.155.0/24 maxlen: 24
                          185.238.154.0/24 maxlen: 24
                          31.184.203.0/24 maxlen: 24
                          31.184.202.0/24 maxlen: 24
                          31.184.201.0/24 maxlen: 24
                          31.184.200.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.188.194.0/24 maxlen: 24
                          5.188.195.0/24 maxlen: 24
                          91.243.42.0/24 maxlen: 24
                          91.243.41.0/24 maxlen: 24
                          5.8.66.0/24 maxlen: 24
                          5.8.67.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a2:7c:b7:a6:a7:56:4e:4e:47:27:13:71:75:bf:02:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Oct  4 10:13:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=68ab8ce8616341d64d66d28e5cf40a11527d1124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:97:68:fe:e4:65:cb:c7:69:e1:ce:77:b6:9b:
                    7a:e7:e4:4d:84:1a:52:9c:75:6d:5e:4d:2f:a7:88:
                    5a:16:82:85:f2:be:e7:58:99:b1:82:59:ce:b1:9f:
                    c5:4c:c8:87:7e:2e:6a:c6:ff:86:e4:13:f1:b2:1b:
                    8f:63:b4:30:c0:2b:82:75:a4:02:78:6f:0d:5e:24:
                    3a:fc:c5:ee:21:a9:56:b4:d3:ad:3f:3c:cd:b5:0a:
                    76:3b:cc:d1:53:6c:7f:e8:b8:b9:f0:b5:80:2f:1b:
                    75:57:88:d9:07:2b:19:94:ce:4e:67:8c:4f:41:d1:
                    90:76:d2:75:da:87:e6:76:0d:32:c3:22:b1:b8:c1:
                    27:ac:54:6a:8e:d2:d8:61:cc:05:59:2f:6a:99:0a:
                    5d:68:7d:7e:83:88:be:31:74:12:54:6d:34:df:0a:
                    7f:2e:6d:77:71:4b:c5:d1:91:6e:18:00:85:42:ba:
                    e2:69:95:66:cd:e6:30:6d:64:70:ac:d6:ad:fb:cc:
                    58:67:3d:3b:d5:54:81:0c:02:cb:00:99:13:24:7a:
                    81:b1:e5:22:3f:08:44:18:24:e3:bd:c8:a3:ec:0f:
                    46:06:8f:07:c5:6b:f2:72:60:fd:91:07:88:ba:54:
                    46:d2:66:e4:d5:ab:a5:5f:2a:d3:14:fe:e4:bf:52:
                    16:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:AB:8C:E8:61:63:41:D6:4D:66:D2:8E:5C:F4:0A:11:52:7D:11:24
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.66.0/23
                  5.188.50.0/24
                  5.188.194.0/23
                  31.184.200.0/22
                  46.161.31.0/24
                  91.243.41.0-91.243.42.255
                  185.238.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:79:60:6e:a6:55:39:d7:62:2b:f4:9b:40:f9:7d:9e:7f:c7:
         ac:c5:dd:b2:47:ff:b2:9d:e8:a0:96:02:f3:6b:00:09:a0:55:
         32:30:ce:17:1e:13:96:76:55:ed:df:cc:6b:87:2e:9e:a4:98:
         66:b0:43:7a:df:2a:73:24:cd:c6:cc:a7:66:5f:85:22:57:6b:
         48:79:e7:30:34:5d:40:39:c9:a5:65:b0:bb:33:b8:75:23:54:
         49:b9:25:c3:fd:95:04:a2:43:c3:71:d3:5b:1b:ad:6f:8e:ea:
         d7:e8:a0:01:6f:d0:b9:6c:3c:e3:79:a6:89:5a:53:d9:6f:6a:
         d7:f3:91:f9:35:e2:5e:e6:53:e2:20:f3:0a:21:49:a4:20:3f:
         93:89:79:60:e1:1e:01:c6:b2:7f:41:e4:51:5f:a1:a9:09:8f:
         38:33:80:2e:f2:fc:84:5c:84:1c:92:e2:01:ee:b1:43:4a:0e:
         e2:a1:3d:ea:ed:52:d9:79:71:c1:fa:b6:6e:56:1b:b0:8c:5f:
         4e:b2:cc:01:cf:bb:cc:1c:cc:bf:31:03:1f:61:ce:e9:33:84:
         50:8e:7e:12:95:6e:40:59:a1:94:70:ed:76:6a:2d:8a:2e:5f:
         67:e6:67:f7:c0:8d:d2:ec:8e:a3:36:76:f7:dd:56:e2:2f:cf:
         9a:c9:42:d7
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYOifLemp1ZOTkcnE3F1vwIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIxMDA0MTAxMzQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGFiOGNlODYxNjM0MWQ2NGQ2NmQyOGU1Y2Y0MGExMTUyN2QxMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZdo/uRly8dp4c53tpt65+RNhBpS
nHVtXk0vp4haFoKF8r7nWJmxglnOsZ/FTMiHfi5qxv+G5BPxshuPY7QwwCuCdaQC
eG8NXiQ6/MXuIalWtNOtPzzNtQp2O8zRU2x/6Li58LWALxt1V4jZBysZlM5OZ4xP
QdGQdtJ12ofmdg0ywyKxuMEnrFRqjtLYYcwFWS9qmQpdaH1+g4i+MXQSVG003wp/
Lm13cUvF0ZFuGACFQrriaZVmzeYwbWRwrNat+8xYZz071VSBDALLAJkTJHqBseUi
PwhEGCTjvcij7A9GBo8HxWvycmD9kQeIulRG0mbk1aulXyrTFP7kv1IWrQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFGirjOhhY0HWTWbSjlz0ChFSfREkMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvYUt1TTZHRmpRZFpOWnRLT1hQUUtFVko5RVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBBQhCAwQA
BbwyAwQBBbzCAwQCH7jIAwQALqEfMAwDBABb8ykDBABb8yoDBAK57pgwDQYJKoZI
hvcNAQELBQADggEBAHp5YG6mVTnXYiv0m0D5fZ5/x6zF3bJH/7Kd6KCWAvNrAAmg
VTIwzhceE5Z2Ve3fzGuHLp6kmGawQ3rfKnMkzcbMp2ZfhSJXa0h55zA0XUA5yaVl
sLszuHUjVEm5JcP9lQSiQ8Nx01sbrW+O6tfooAFv0LlsPON5polaU9lvatfzkfk1
4l7mU+Ig8wohSaQgP5OJeWDhHgHGsn9B5FFfoakJjzgzgC7y/IRchByS4gHusUNK
DuKhPertUtl5ccH6tm5WG7CMX06yzAHPu8wczL8xAx9hzukzhFCOfhKVbkBZoZRw
7XZqLYouX2fmZ/fAjdLsjqM2dvfdVuIvz5rJQtc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:29 2024 by rpki-client on console-fra.rpki-client.org