Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qE9jskTW1Aj3rbIY87Slvbb1Yko.roa
File:                     qE9jskTW1Aj3rbIY87Slvbb1Yko.roa (raw, json)
Hash identifier:          S5Wik3tMMRNA25K6ElOBUfqhH2zuspvLWgaK8frdQyU=
Subject key identifier:   A8:4F:63:B2:44:D6:D4:08:F7:AD:B2:18:F3:B4:A5:BD:B6:F5:62:4A
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01830D929A6A871B2D7C7009158A5C24609B
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qE9jskTW1Aj3rbIY87Slvbb1Yko.roa
Signing time:             Mon 05 Sep 2022 12:14:15 +0000
ROA not before:           Mon 05 Sep 2022 12:14:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34665
IP address blocks:        46.161.14.0/23 maxlen: 23
                          46.161.20.0/22 maxlen: 22
                          46.161.24.0/23 maxlen: 23
                          5.188.10.0/23 maxlen: 23
                          5.188.9.0/24 maxlen: 24
                          95.215.0.0/22 maxlen: 24
                          95.215.2.0/23 maxlen: 23
                          95.215.0.0/23 maxlen: 23
                          46.161.26.0/24 maxlen: 24
                          95.215.0.0/24 maxlen: 24
                          46.161.30.0/24 maxlen: 24
                          95.215.3.0/24 maxlen: 24
                          95.215.1.0/24 maxlen: 24
                          46.161.28.0/24 maxlen: 24
                          95.215.2.0/24 maxlen: 24
                          46.161.29.0/24 maxlen: 24
                          46.161.32.0/22 maxlen: 22
                          46.161.44.0/22 maxlen: 22
                          46.161.42.0/24 maxlen: 24
                          46.161.48.0/23 maxlen: 23
                          46.161.48.0/22 maxlen: 22
                          46.161.50.0/23 maxlen: 23
                          46.161.48.0/24 maxlen: 24
                          46.161.51.0/24 maxlen: 24
                          46.161.49.0/24 maxlen: 24
                          46.161.50.0/24 maxlen: 24
                          5.188.44.0/22 maxlen: 22
                          5.188.44.0/23 maxlen: 23
                          5.188.44.0/24 maxlen: 24
                          5.188.46.0/23 maxlen: 23
                          5.188.49.0/24 maxlen: 24
                          5.188.47.0/24 maxlen: 24
                          5.188.48.0/24 maxlen: 24
                          5.188.46.0/24 maxlen: 24
                          5.188.45.0/24 maxlen: 24
                          46.161.2.0/23 maxlen: 24
                          46.161.11.0/24 maxlen: 24
                          46.161.10.0/24 maxlen: 24
                          46.161.8.0/24 maxlen: 24
                          5.101.4.0/24 maxlen: 24
                          5.101.2.0/24 maxlen: 24
                          5.101.3.0/24 maxlen: 24
                          5.101.0.0/24 maxlen: 24
                          5.101.1.0/24 maxlen: 24
                          5.101.2.0/23 maxlen: 23
                          5.101.4.0/22 maxlen: 22
                          5.101.4.0/23 maxlen: 23
                          5.101.0.0/22 maxlen: 22
                          5.101.0.0/23 maxlen: 23
                          5.101.7.0/24 maxlen: 24
                          5.101.5.0/24 maxlen: 24
                          5.101.6.0/24 maxlen: 24
                          5.101.6.0/23 maxlen: 23
                          5.188.62.0/24 maxlen: 24
                          5.188.60.0/23 maxlen: 23
                          37.139.51.0/24 maxlen: 24
                          37.139.49.0/24 maxlen: 24
                          37.139.58.0/24 maxlen: 24
                          37.139.57.0/24 maxlen: 24
                          37.139.56.0/24 maxlen: 24
                          37.139.53.0/24 maxlen: 24
                          37.139.58.0/23 maxlen: 23
                          37.139.56.0/23 maxlen: 23
                          37.139.56.0/22 maxlen: 22
                          37.139.54.0/23 maxlen: 23
                          37.139.59.0/24 maxlen: 24
                          31.44.185.0/24 maxlen: 24
                          31.44.184.0/24 maxlen: 24
                          31.44.188.0/22 maxlen: 32
                          146.185.244.0/23 maxlen: 23
                          146.185.196.0/22 maxlen: 22
                          146.185.224.0/21 maxlen: 21
                          146.185.223.0/24 maxlen: 24
                          185.238.152.0/22 maxlen: 22
                          31.184.192.0/24 maxlen: 24
                          31.184.192.0/23 maxlen: 23
                          31.184.192.0/22 maxlen: 22
                          31.184.193.0/24 maxlen: 24
                          31.184.196.0/24 maxlen: 24
                          31.184.195.0/24 maxlen: 24
                          31.184.196.0/22 maxlen: 22
                          31.184.196.0/23 maxlen: 23
                          31.184.194.0/23 maxlen: 23
                          31.184.194.0/24 maxlen: 24
                          31.184.199.0/24 maxlen: 24
                          31.184.198.0/23 maxlen: 23
                          31.184.197.0/24 maxlen: 24
                          31.184.198.0/24 maxlen: 24
                          195.2.240.0/23 maxlen: 24
                          31.184.231.0/24 maxlen: 24
                          31.184.232.0/22 maxlen: 24
                          31.184.228.0/23 maxlen: 23
                          31.184.238.0/23 maxlen: 23
                          31.184.243.0/24 maxlen: 24
                          37.9.36.0/22 maxlen: 22
                          188.143.232.0/24 maxlen: 24
                          188.143.233.0/24 maxlen: 24
                          188.143.232.0/23 maxlen: 23
                          188.143.232.0/22 maxlen: 22
                          37.9.50.0/24 maxlen: 24
                          37.9.48.0/24 maxlen: 24
                          188.143.235.0/24 maxlen: 24
                          37.9.52.0/22 maxlen: 22
                          91.243.93.0/24 maxlen: 24
                          5.8.52.0/23 maxlen: 23
                          5.8.54.0/23 maxlen: 23
                          5.8.52.0/22 maxlen: 22
                          5.8.56.0/24 maxlen: 24
                          5.8.57.0/24 maxlen: 24
                          5.8.54.0/24 maxlen: 24
                          5.8.55.0/24 maxlen: 24
                          5.8.53.0/24 maxlen: 24
                          5.8.52.0/24 maxlen: 24
                          5.8.60.0/23 maxlen: 23
                          5.8.62.0/24 maxlen: 24
                          5.8.59.0/24 maxlen: 24
                          5.8.65.0/24 maxlen: 24
                          5.8.8.0/24 maxlen: 24
                          5.8.10.0/23 maxlen: 23
                          5.8.8.0/22 maxlen: 22
                          5.8.8.0/23 maxlen: 23
                          5.8.11.0/24 maxlen: 24
                          5.8.9.0/24 maxlen: 24
                          5.8.10.0/24 maxlen: 24
                          5.8.12.0/22 maxlen: 22
                          5.8.20.0/22 maxlen: 22
                          5.189.248.0/22 maxlen: 22
                          5.8.48.0/22 maxlen: 22
                          5.8.48.0/23 maxlen: 23
                          5.8.50.0/23 maxlen: 23
                          5.8.49.0/24 maxlen: 24
                          5.8.50.0/24 maxlen: 24
                          5.8.48.0/24 maxlen: 24
                          5.8.51.0/24 maxlen: 24
                          5.101.66.0/23 maxlen: 23
                          5.101.66.0/24 maxlen: 24
                          5.101.67.0/24 maxlen: 24
                          5.101.65.0/24 maxlen: 24
                          5.101.68.0/22 maxlen: 22
                          5.188.220.0/23 maxlen: 24
                          5.188.223.0/24 maxlen: 24
                          5.188.222.0/24 maxlen: 24
                          5.101.80.0/22 maxlen: 22
                          5.188.233.0/24 maxlen: 24
                          5.101.84.0/22 maxlen: 22
                          5.188.234.0/23 maxlen: 23
                          5.101.90.0/23 maxlen: 23
                          5.188.166.0/24 maxlen: 24
                          5.188.165.0/24 maxlen: 24
                          5.188.176.0/22 maxlen: 24
                          5.101.36.0/22 maxlen: 22
                          5.101.32.0/22 maxlen: 24
                          5.188.204.0/23 maxlen: 23
                          5.101.64.0/22 maxlen: 22
                          5.101.64.0/23 maxlen: 23
                          5.188.211.0/24 maxlen: 24
                          5.188.210.0/24 maxlen: 24
                          5.188.207.0/24 maxlen: 24
                          5.101.64.0/24 maxlen: 24
                          5.188.208.0/23 maxlen: 23
                          91.243.44.0/22 maxlen: 22
                          91.243.48.0/23 maxlen: 23
                          91.243.48.0/22 maxlen: 22
                          91.243.50.0/23 maxlen: 23
                          91.243.51.0/24 maxlen: 24
                          91.243.50.0/24 maxlen: 24
                          91.243.48.0/24 maxlen: 24
                          91.243.49.0/24 maxlen: 24
                          91.243.56.0/22 maxlen: 22
                          91.243.52.0/22 maxlen: 22
                          91.243.62.0/23 maxlen: 23
                          91.243.60.0/24 maxlen: 24
                          91.243.61.0/24 maxlen: 24
                          91.243.91.0/24 maxlen: 24
                          91.243.90.0/24 maxlen: 24
                          91.243.32.0/22 maxlen: 22
                          2a00:1d78:100:1c0::/58 maxlen: 58

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0d:92:9a:6a:87:1b:2d:7c:70:09:15:8a:5c:24:60:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Sep  5 12:14:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a84f63b244d6d408f7adb218f3b4a5bdb6f5624a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b8:f6:6b:13:41:4d:57:0c:3e:ab:54:6b:cb:
                    0e:b8:c1:db:40:e5:93:59:be:03:cd:ae:a7:b0:ee:
                    73:bd:d3:a6:e8:e7:16:fc:c3:b8:55:9f:23:00:1f:
                    67:a5:58:01:99:02:74:4d:3a:50:39:8a:3e:c0:6a:
                    5d:5c:31:72:00:d6:31:57:c6:97:64:bb:17:9b:c8:
                    aa:6b:a2:2a:51:ff:da:6a:6b:75:d2:9c:22:a0:3b:
                    2b:eb:da:56:52:a9:86:56:02:16:f3:80:c4:00:65:
                    dd:6b:53:ed:2e:04:aa:6d:e6:ee:ca:df:4d:c8:70:
                    5e:ed:ba:ce:93:ac:3c:be:10:86:3a:b0:d9:7e:66:
                    64:1c:0c:b7:51:88:1b:0b:d3:80:8a:e3:3d:34:42:
                    6a:bf:e7:b8:8a:38:2e:b6:ff:3f:30:e5:89:9a:b8:
                    93:7f:97:72:c7:30:19:c1:cc:ce:55:12:21:56:cf:
                    57:4d:69:f4:ce:12:8d:26:3d:06:c0:d4:14:c1:9a:
                    63:7a:4c:b8:e4:7e:b8:0a:b3:94:a6:f2:49:d6:38:
                    a8:dd:5a:0b:9b:3b:71:ae:e9:5d:16:77:c1:ac:b3:
                    ce:81:6c:86:5d:2d:1b:b4:fa:cf:72:6b:11:b9:46:
                    d6:d5:a7:06:49:3e:8c:9a:90:a8:3b:40:0c:dc:85:
                    86:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:4F:63:B2:44:D6:D4:08:F7:AD:B2:18:F3:B4:A5:BD:B6:F5:62:4A
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qE9jskTW1Aj3rbIY87Slvbb1Yko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.8.0/21
                  5.8.20.0/22
                  5.8.48.0-5.8.57.255
                  5.8.59.0-5.8.62.255
                  5.8.65.0/24
                  5.101.0.0/21
                  5.101.32.0/21
                  5.101.64.0/21
                  5.101.80.0/21
                  5.101.90.0/23
                  5.188.9.0-5.188.11.255
                  5.188.44.0-5.188.49.255
                  5.188.60.0-5.188.62.255
                  5.188.165.0-5.188.166.255
                  5.188.176.0/22
                  5.188.204.0/23
                  5.188.207.0-5.188.211.255
                  5.188.220.0/22
                  5.188.233.0-5.188.235.255
                  5.189.248.0/22
                  31.44.184.0/23
                  31.44.188.0/22
                  31.184.192.0/21
                  31.184.228.0/23
                  31.184.231.0-31.184.235.255
                  31.184.238.0/23
                  31.184.243.0/24
                  37.9.36.0/22
                  37.9.48.0/24
                  37.9.50.0/24
                  37.9.52.0/22
                  37.139.49.0/24
                  37.139.51.0/24
                  37.139.53.0-37.139.59.255
                  46.161.2.0/23
                  46.161.8.0/24
                  46.161.10.0/23
                  46.161.14.0/23
                  46.161.20.0-46.161.26.255
                  46.161.28.0-46.161.30.255
                  46.161.32.0/22
                  46.161.42.0/24
                  46.161.44.0-46.161.51.255
                  91.243.32.0/22
                  91.243.44.0-91.243.63.255
                  91.243.90.0/23
                  91.243.93.0/24
                  95.215.0.0/22
                  146.185.196.0/22
                  146.185.223.0-146.185.231.255
                  146.185.244.0/23
                  185.238.152.0/22
                  188.143.232.0/22
                  195.2.240.0/23
                IPv6:
                  2a00:1d78:100:1c0::/58

    Signature Algorithm: sha256WithRSAEncryption
         b9:d6:e7:57:e3:9f:57:c1:e1:b8:30:68:a5:f7:42:4c:68:bf:
         88:2d:02:53:bf:36:8f:a2:c5:60:48:e1:86:8c:b1:88:0d:f8:
         e1:42:b3:39:35:91:1e:57:93:21:78:c9:8b:44:c5:af:22:30:
         41:12:08:da:f8:1a:54:6c:38:32:af:85:f8:ab:00:a2:1b:0e:
         e2:59:e4:12:51:6b:57:e5:d7:1e:9d:c8:13:34:6c:54:db:38:
         90:fb:ef:15:2f:b4:3b:2e:11:1d:da:c0:b6:33:91:0c:fa:d3:
         5d:ee:9b:e4:04:23:6d:38:ae:cd:8d:c6:18:d5:5f:47:33:a7:
         88:8c:71:e1:4c:d8:96:f1:a5:b4:bb:a5:b1:6a:3d:52:7d:6d:
         e2:e9:f5:14:f6:c6:c8:08:9b:92:6d:ff:a7:1d:69:d4:bb:25:
         91:e8:14:cf:23:f7:42:a4:d7:cf:dd:f7:a8:a7:4b:72:27:ef:
         1e:ac:5f:c7:41:84:bc:3d:06:a1:6a:0f:fe:af:5b:e0:fb:97:
         c6:a6:f7:bf:7c:c6:da:e7:e2:df:dd:bd:64:65:9c:94:4f:7a:
         c5:83:c0:04:7c:40:ca:25:66:35:b1:1f:ad:98:5d:16:72:29:
         15:2f:db:77:66:5e:b1:d8:14:cd:00:ed:19:83:bd:3d:e4:db:
         73:a2:c1:28
-----BEGIN CERTIFICATE-----
MIIG0DCCBbigAwIBAgISAYMNkppqhxstfHAJFYpcJGCbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIwOTA1MTIxNDE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODRmNjNiMjQ0ZDZkNDA4ZjdhZGIyMThmM2I0YTViZGI2ZjU2MjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7j2axNBTVcMPqtUa8sOuMHbQOWT
Wb4Dza6nsO5zvdOm6OcW/MO4VZ8jAB9npVgBmQJ0TTpQOYo+wGpdXDFyANYxV8aX
ZLsXm8iqa6IqUf/aamt10pwioDsr69pWUqmGVgIW84DEAGXda1PtLgSqbebuyt9N
yHBe7brOk6w8vhCGOrDZfmZkHAy3UYgbC9OAiuM9NEJqv+e4ijgutv8/MOWJmriT
f5dyxzAZwczOVRIhVs9XTWn0zhKNJj0GwNQUwZpjeky45H64CrOUpvJJ1jio3VoL
mztxruldFnfBrLPOgWyGXS0btPrPcmsRuUbW1acGST6MmpCoO0AM3IWGwQIDAQAB
o4ID3DCCA9gwHQYDVR0OBBYEFKhPY7JE1tQI962yGPO0pb229WJKMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvcUU5anNrVFcxQWozcmJJWTg3U2x2YmIxWWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB8AYIKwYBBQUHAQcBAf8EggHfMIIB2zCCAcQEAgABMIIB
vAMEAwUICAMEAgUIFDAMAwQEBQgwAwQBBQg4MAwDBAAFCDsDBAAFCD4DBAAFCEED
BAMFZQADBAMFZSADBAMFZUADBAMFZVADBAEFZVowDAMEAAW8CQMEAgW8CDAMAwQC
BbwsAwQBBbwwMAwDBAIFvDwDBAAFvD4wDAMEAAW8pQMEAAW8pgMEAgW8sAMEAQW8
zDAMAwQABbzPAwQCBbzQAwQCBbzcMAwDBAAFvOkDBAIFvOgDBAIFvfgDBAEfLLgD
BAIfLLwDBAMfuMADBAEfuOQwDAMEAB+45wMEAh+46AMEAR+47gMEAB+48wMEAiUJ
JAMEACUJMAMEACUJMgMEAiUJNAMEACWLMQMEACWLMzAMAwQAJYs1AwQCJYs4AwQB
LqECAwQALqEIAwQBLqEKAwQBLqEOMAwDBAIuoRQDBAAuoRowDAMEAi6hHAMEAC6h
HgMEAi6hIAMEAC6hKjAMAwQCLqEsAwQCLqEwAwQCW/MgMAwDBAJb8ywDBAZb8wAD
BAFb81oDBABb810DBAJf1wADBAKSucQwDAMEAJK53wMEA5K54AMEAZK59AMEArnu
mAMEAryP6AMEAcMC8DARBAIAAjALAwkGKgAdeAEAAcAwDQYJKoZIhvcNAQELBQAD
ggEBALnW51fjn1fB4bgwaKX3Qkxov4gtAlO/No+ixWBI4YaMsYgN+OFCszk1kR5X
kyF4yYtExa8iMEESCNr4GlRsODKvhfirAKIbDuJZ5BJRa1fl1x6dyBM0bFTbOJD7
7xUvtDsuER3awLYzkQz6013um+QEI204rs2NxhjVX0czp4iMceFM2JbxpbS7pbFq
PVJ9beLp9RT2xsgIm5Jt/6cdadS7JZHoFM8j90Kk18/d96inS3In7x6sX8dBhLw9
BqFqD/6vW+D7l8am9798xtrn4t/dvWRlnJRPesWDwAR8QMolZjWxH62YXRZyKRUv
23dmXrHYFM0A7RmDvT3k23OiwSg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:55 2024 by rpki-client on console-ams.rpki-client.org