Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3sUf55AZVwCzgw4Dp7dhowXjKHo.roa
File:                     3sUf55AZVwCzgw4Dp7dhowXjKHo.roa (raw, json)
Hash identifier:          N+Kz5MmwwnHuCYufpKZJ5bWx230WDP5V/I77yGnv1is=
Subject key identifier:   DE:C5:1F:E7:90:19:57:00:B3:83:0E:03:A7:B7:61:A3:05:E3:28:7A
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01896EFD1793C773C8190E40ACB95639142A
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3sUf55AZVwCzgw4Dp7dhowXjKHo.roa
Signing time:             Wed 19 Jul 2023 16:30:27 +0000
ROA not before:           Wed 19 Jul 2023 16:30:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        89.39.242.0/24 maxlen: 24
                          194.56.152.0/23 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          86.104.19.0/24 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          193.203.127.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          195.138.103.0/24 maxlen: 24
                          195.138.104.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          45.140.32.0/22 maxlen: 22
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          91.239.59.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6e:fd:17:93:c7:73:c8:19:0e:40:ac:b9:56:39:14:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul 19 16:30:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dec51fe790195700b3830e03a7b761a305e3287a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8a:d1:e7:94:cb:5f:c5:b4:18:64:69:f9:32:
                    86:55:0c:8d:9d:e2:11:66:97:12:ee:75:54:7e:8b:
                    54:a4:77:c5:bb:50:af:03:c0:b1:c6:16:24:eb:11:
                    a4:a0:c2:6c:7e:f5:7d:e9:2c:a8:8b:cc:20:8b:f0:
                    65:6b:e9:89:3e:2e:0c:e6:19:6e:f1:ef:1c:7c:e4:
                    0e:e2:7e:5b:42:fb:e7:6b:1e:08:65:9d:a1:3a:01:
                    d9:73:25:35:60:30:73:38:f2:8b:3d:cd:45:f2:77:
                    63:ad:55:b7:dc:04:81:9c:62:a7:19:c2:dd:fc:4c:
                    d4:94:7a:bb:f8:f9:e4:94:1a:e3:4d:84:5c:13:b8:
                    df:06:aa:d9:ac:be:4b:d5:32:9f:8b:88:f9:cb:84:
                    d7:4e:bf:b2:94:20:a1:6c:96:ce:e6:09:b1:23:b5:
                    7d:40:55:bc:82:01:02:0d:e2:97:d4:b5:d4:33:34:
                    c9:11:2b:8c:9e:39:dc:c9:39:6d:a2:43:40:e2:eb:
                    33:0e:41:99:5c:d2:68:c6:a2:5e:58:f6:d6:b3:24:
                    12:e3:12:1c:52:f2:b9:d2:02:a7:fb:d4:be:ea:17:
                    72:ff:ab:03:44:4c:bf:80:8a:9d:2b:49:d9:27:ed:
                    02:51:15:49:b5:a4:1e:09:cb:31:38:3c:3e:da:5a:
                    da:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C5:1F:E7:90:19:57:00:B3:83:0E:03:A7:B7:61:A3:05:E3:28:7A
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3sUf55AZVwCzgw4Dp7dhowXjKHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.64.0/22
                  45.67.117.0/24
                  45.140.32.0/22
                  80.94.80.0/23
                  86.104.19.0/24
                  89.39.242.0/24
                  89.40.161.0/24
                  91.239.59.0/24
                  91.242.70.0-91.242.75.255
                  91.242.103.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  193.203.127.0/24
                  194.56.152.0/23
                  194.213.10.0/24
                  194.242.28.0/23
                  195.138.103.0-195.138.106.255

    Signature Algorithm: sha256WithRSAEncryption
         9c:37:7e:0a:13:5f:90:16:27:ba:5a:81:fa:a2:a0:2b:be:17:
         aa:bd:09:9a:17:ae:10:76:c6:7d:21:97:aa:58:0b:58:99:ba:
         7c:92:c8:46:32:1a:e4:40:47:7b:2d:a3:b6:33:b7:62:dd:b4:
         0a:e7:ed:1f:a9:cf:68:25:05:13:1b:30:1e:ce:33:6a:81:9f:
         1d:7d:b7:88:74:23:da:e3:ef:8c:81:53:a7:f0:da:da:93:90:
         ae:0d:d8:73:c4:dc:67:75:10:32:5b:f7:51:fe:0d:ac:83:ac:
         35:3e:e9:f4:1f:a0:59:92:e9:5c:23:b5:1a:b2:2a:6e:9f:91:
         03:1b:bb:11:b6:88:a9:97:3f:4f:2c:8a:37:28:e9:6c:3f:27:
         4e:09:8b:18:fa:d7:f6:c4:c9:f0:8a:a1:2f:aa:c1:e9:d3:d9:
         85:5c:59:d8:79:fe:ea:02:b0:7e:48:15:fc:73:c8:1c:28:2c:
         b7:b9:d2:d7:db:ed:b3:71:59:bc:23:25:a9:ff:54:59:f6:06:
         5b:3b:58:a2:35:4d:14:fe:95:60:12:91:0a:ac:2c:b7:f2:cd:
         1c:04:fe:2e:2a:2c:1f:dc:fd:57:3c:25:33:7c:aa:08:a2:83:
         ee:24:b9:ed:5c:6e:48:cf:65:f6:ab:48:fb:0b:fa:cf:85:1f:
         69:06:7c:50
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYlu/ReTx3PIGQ5ArLlWORQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNzE5MTYzMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWM1MWZlNzkwMTk1NzAwYjM4MzBlMDNhN2I3NjFhMzA1ZTMyODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlorR55TLX8W0GGRp+TKGVQyNneIR
ZpcS7nVUfotUpHfFu1CvA8CxxhYk6xGkoMJsfvV96Syoi8wgi/Bla+mJPi4M5hlu
8e8cfOQO4n5bQvvnax4IZZ2hOgHZcyU1YDBzOPKLPc1F8ndjrVW33ASBnGKnGcLd
/EzUlHq7+PnklBrjTYRcE7jfBqrZrL5L1TKfi4j5y4TXTr+ylCChbJbO5gmxI7V9
QFW8ggECDeKX1LXUMzTJESuMnjncyTltokNA4uszDkGZXNJoxqJeWPbWsyQS4xIc
UvK50gKn+9S+6hdy/6sDREy/gIqdK0nZJ+0CURVJtaQeCcsxODw+2lraEQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFN7FH+eQGVcAs4MOA6e3YaMF4yh6MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvM3NVZjU1QVpWd0N6Z3c0RHA3ZGhvd1hqS0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAIt
D0ADBAAtQ3UDBAItjCADBAFQXlADBABWaBMDBABZJ/IDBABZKKEDBABb7zswDAME
AVvyRgMEAlvySAMEAFvyZwMEAF7nxgMEALB+3wMEALkoaQMEALmt9wMEALnUCwME
AMEu0wMEAMHLfwMEAcI4mAMEAMLVCgMEAcLyHDAMAwQAw4pnAwQAw4pqMA0GCSqG
SIb3DQEBCwUAA4IBAQCcN34KE1+QFie6WoH6oqArvheqvQmaF64QdsZ9IZeqWAtY
mbp8kshGMhrkQEd7LaO2M7di3bQK5+0fqc9oJQUTGzAezjNqgZ8dfbeIdCPa4++M
gVOn8Nrak5CuDdhzxNxndRAyW/dR/g2sg6w1Pun0H6BZkulcI7Uasipun5EDG7sR
toiplz9PLIo3KOlsPydOCYsY+tf2xMnwiqEvqsHp09mFXFnYef7qArB+SBX8c8gc
KCy3udLX2+2zcVm8IyWp/1RZ9gZbO1iiNU0U/pVgEpEKrCy38s0cBP4uKiwf3P1X
PCUzfKoIooPuJLntXG5Iz2X2q0j7C/rPhR9pBnxQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:25 2024 by rpki-client on console-ams.rpki-client.org