Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/6wQ4p3y97yRZI7kfEHQ_m8LJpy4.roa
File:                     6wQ4p3y97yRZI7kfEHQ_m8LJpy4.roa (raw, json)
Hash identifier:          e6F2SiTWGzov3IpicOmuivel8Vi8xCZRWzFJqTVD7m8=
Subject key identifier:   EB:04:38:A7:7C:BD:EF:24:59:23:B9:1F:10:74:3F:9B:C2:C9:A7:2E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0183B352A78267B66CBB2FB78904A05B6140
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/6wQ4p3y97yRZI7kfEHQ_m8LJpy4.roa
Signing time:             Fri 07 Oct 2022 16:41:22 +0000
ROA not before:           Fri 07 Oct 2022 16:41:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        194.180.238.0/24 maxlen: 24
                          91.242.105.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 22
                          45.140.32.0/22 maxlen: 22
                          91.242.120.0/21 maxlen: 21
                          45.143.252.0/22 maxlen: 22
                          45.150.180.0/22 maxlen: 22
                          194.242.22.0/23 maxlen: 23
                          185.145.80.0/22 maxlen: 22
                          91.242.64.0/22 maxlen: 22
                          45.151.196.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b3:52:a7:82:67:b6:6c:bb:2f:b7:89:04:a0:5b:61:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Oct  7 16:41:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=eb0438a77cbdef245923b91f10743f9bc2c9a72e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e4:14:d2:5f:07:b6:f6:5b:bf:fa:c9:87:71:
                    91:1f:7f:64:0c:24:86:51:fc:72:14:be:b0:67:45:
                    50:9e:e9:13:c4:1f:98:d5:c6:97:f6:a9:90:0b:8f:
                    2e:d1:06:51:07:b0:94:b7:2f:16:4e:09:38:2e:e9:
                    fa:3f:cc:b8:43:e9:39:46:13:f9:09:e5:94:b9:e3:
                    35:d9:d0:e1:43:06:48:2d:56:65:4e:71:e5:93:0a:
                    32:9b:97:d7:aa:9f:8d:76:b1:ca:ee:c8:3b:a6:fb:
                    7c:a5:d9:36:d2:3b:41:dc:0d:80:45:dc:0b:55:ac:
                    47:c6:62:54:8f:1f:1b:56:16:30:c6:be:3b:26:a7:
                    72:ef:7e:0b:5c:a4:ff:1c:e4:3b:c6:bf:94:97:6c:
                    bf:93:f8:17:e6:5b:15:0f:56:62:48:23:ae:8e:84:
                    7f:37:1a:69:ae:9f:9c:6b:b4:2b:18:8f:91:7e:b1:
                    0b:63:50:c4:d0:fe:4f:12:b7:3b:9e:7a:05:61:c4:
                    9f:24:56:17:cd:52:71:09:f0:a4:1c:63:74:34:a9:
                    29:91:43:6e:65:83:17:dc:88:0f:6e:18:b4:ba:9f:
                    2c:0e:95:26:2b:d4:03:cf:f3:00:3f:b0:05:c1:03:
                    ac:af:df:a2:67:bd:d6:6f:99:d5:9d:ad:05:f5:68:
                    74:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:04:38:A7:7C:BD:EF:24:59:23:B9:1F:10:74:3F:9B:C2:C9:A7:2E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/6wQ4p3y97yRZI7kfEHQ_m8LJpy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.32.0/22
                  45.143.252.0/22
                  45.150.180.0/22
                  45.151.196.0/22
                  91.242.64.0/22
                  91.242.105.0/24
                  91.242.108.0/22
                  91.242.120.0/21
                  185.145.80.0/22
                  194.180.238.0/24
                  194.242.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:21:db:dd:aa:9b:01:3a:93:b9:cc:23:5a:e1:f8:fd:24:90:
         e7:bf:fb:ac:99:b4:82:43:cf:f1:90:a2:20:0e:81:1a:e9:3f:
         6c:77:44:ea:ce:69:25:f0:07:67:37:c2:28:c9:a6:46:3a:fe:
         3c:33:bf:f8:bd:94:98:fe:69:0c:66:7b:75:0c:a3:64:e4:31:
         37:21:84:66:5b:ab:89:88:0f:dc:13:f2:7e:48:6f:a8:66:44:
         bd:b1:c2:f7:cb:a0:d1:8b:60:dc:d1:1c:32:92:41:89:81:33:
         61:36:ef:bd:05:bf:bd:da:f7:3b:b3:a6:96:24:cf:24:9b:63:
         b0:2e:bc:3a:6b:d9:9e:3e:ff:c0:de:74:db:0e:fc:d2:f9:f6:
         fe:98:32:d2:89:f4:57:f3:f3:13:8b:67:13:87:29:13:ba:97:
         c3:f7:c5:e3:1e:ec:e5:7f:51:e0:c8:01:6d:73:20:ff:f2:80:
         23:c0:af:21:ae:38:94:31:ca:ca:ae:c0:11:d6:58:9b:88:0b:
         d8:91:ae:47:6e:b8:b5:de:4d:7c:35:5f:67:70:6d:ef:09:a2:
         10:c9:a4:67:de:b3:81:6a:71:c7:1d:58:4c:8c:9a:45:1f:59:
         08:40:1f:db:a8:23:87:77:e7:2b:a4:6f:22:56:9d:7a:10:89:
         d0:02:63:1c
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYOzUqeCZ7Zsuy+3iQSgW2FAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMDA3MTY0MTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjA0MzhhNzdjYmRlZjI0NTkyM2I5MWYxMDc0M2Y5YmMyYzlhNzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeQU0l8HtvZbv/rJh3GRH39kDCSG
UfxyFL6wZ0VQnukTxB+Y1caX9qmQC48u0QZRB7CUty8WTgk4Lun6P8y4Q+k5RhP5
CeWUueM12dDhQwZILVZlTnHlkwoym5fXqp+NdrHK7sg7pvt8pdk20jtB3A2ARdwL
VaxHxmJUjx8bVhYwxr47Jqdy734LXKT/HOQ7xr+Ul2y/k/gX5lsVD1ZiSCOujoR/
Nxpprp+ca7QrGI+RfrELY1DE0P5PErc7nnoFYcSfJFYXzVJxCfCkHGN0NKkpkUNu
ZYMX3IgPbhi0up8sDpUmK9QDz/MAP7AFwQOsr9+iZ73Wb5nVna0F9Wh0KQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFOsEOKd8ve8kWSO5HxB0P5vCyacuMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvNndRNHAzeTk3eVJaSTdrZkVIUV9tOExKcHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLYwgAwQC
LY/8AwQCLZa0AwQCLZfEAwQCW/JAAwQAW/JpAwQCW/JsAwQDW/J4AwQCuZFQAwQA
wrTuAwQBwvIWMA0GCSqGSIb3DQEBCwUAA4IBAQBAIdvdqpsBOpO5zCNa4fj9JJDn
v/usmbSCQ8/xkKIgDoEa6T9sd0Tqzmkl8AdnN8IoyaZGOv48M7/4vZSY/mkMZnt1
DKNk5DE3IYRmW6uJiA/cE/J+SG+oZkS9scL3y6DRi2Dc0RwykkGJgTNhNu+9Bb+9
2vc7s6aWJM8km2OwLrw6a9mePv/A3nTbDvzS+fb+mDLSifRX8/MTi2cThykTupfD
98XjHuzlf1HgyAFtcyD/8oAjwK8hrjiUMcrKrsAR1libiAvYka5Hbri13k18NV9n
cG3vCaIQyaRn3rOBanHHHVhMjJpFH1kIQB/bqCOHd+crpG8iVp16EInQAmMc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org