Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JaU70RDNckU13SWD6luEwECrfSY.roa
File:                     JaU70RDNckU13SWD6luEwECrfSY.roa (raw, json)
Hash identifier:          z+qd6KeIIZoUh/mqOgyPOAG8vDWXj/n8L8YUxXJzzqY=
Subject key identifier:   25:A5:3B:D1:10:CD:72:45:35:DD:25:83:EA:5B:84:C0:40:AB:7D:26
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018C35DBA1016D897EF429FF351406ACB23F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JaU70RDNckU13SWD6luEwECrfSY.roa
Signing time:             Mon 04 Dec 2023 17:23:55 +0000
ROA not before:           Mon 04 Dec 2023 17:23:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.255.99.0/24 maxlen: 24
                          185.15.136.0/23 maxlen: 24
                          45.67.117.0/24 maxlen: 24
                          185.243.140.0/22 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          194.56.153.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          194.180.238.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          195.149.127.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          89.32.126.0/24 maxlen: 24
                          92.118.108.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24
                          91.242.71.0/24 maxlen: 24
                          45.149.160.0/22 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.75.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:35:db:a1:01:6d:89:7e:f4:29:ff:35:14:06:ac:b2:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Dec  4 17:23:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=25a53bd110cd724535dd2583ea5b84c040ab7d26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:c3:58:88:fc:f4:b1:e5:1b:7d:8d:16:a3:a3:
                    4e:72:e7:34:d2:b8:f4:0b:1b:cd:08:52:22:6f:76:
                    a3:12:3c:72:9d:bd:c9:a3:83:34:03:a3:f8:5e:40:
                    ae:72:61:41:a7:1d:21:99:35:fd:2f:9a:5d:18:e9:
                    38:a6:81:50:3b:fd:62:95:9c:2d:50:71:7f:a9:09:
                    00:e3:53:fa:c6:6b:c7:e5:7e:42:ab:6e:2f:c1:80:
                    7b:02:a4:88:eb:10:db:a8:63:0d:71:3a:e4:51:4e:
                    c1:a1:bb:4a:34:fd:95:69:b0:dc:b2:48:3b:6a:e4:
                    28:fd:6c:7a:16:56:67:32:9d:17:dc:6c:d2:9a:da:
                    ee:7a:b4:a2:27:53:bf:f0:79:ff:37:f2:4b:15:23:
                    bb:b1:81:77:95:3c:ba:e3:eb:39:0a:c1:0b:43:8b:
                    a1:dc:e7:94:dd:52:a9:ff:ee:c1:f9:b6:b4:bf:08:
                    28:af:e7:a4:91:60:e3:e6:07:0e:d6:d7:c5:a7:79:
                    8a:69:01:71:52:b9:97:3b:fa:87:30:cd:8d:10:08:
                    e3:cf:a4:d7:a0:43:79:f1:a5:d7:5e:e0:d8:f0:12:
                    82:a9:49:dc:c8:be:cd:7b:50:07:93:c1:40:1a:fc:
                    c8:df:ec:b6:66:54:70:1a:46:f2:cc:29:f8:d1:c6:
                    28:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A5:3B:D1:10:CD:72:45:35:DD:25:83:EA:5B:84:C0:40:AB:7D:26
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JaU70RDNckU13SWD6luEwECrfSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.117.0/24
                  45.149.160.0/22
                  89.32.126.0/24
                  91.242.71.0-91.242.73.255
                  91.242.75.0/24
                  91.242.103.0/24
                  92.118.108.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.15.136.0/23
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  185.243.140.0/22
                  185.255.99.0/24
                  194.56.153.0/24
                  194.180.238.0/24
                  194.213.10.0/24
                  194.242.28.0/23
                  195.149.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:36:29:08:b0:06:4f:8b:7c:23:a3:38:89:2c:1b:1e:1f:ea:
         90:ac:fa:84:8b:83:0e:91:7b:52:94:e3:06:91:03:04:9c:eb:
         7f:2c:04:69:83:c6:79:86:63:89:f3:ea:db:6d:f2:1c:42:6b:
         29:0d:56:c6:63:ea:4c:a3:4d:0e:c3:d9:bb:aa:ee:8c:3c:e5:
         22:67:c2:6a:fc:4f:a2:73:d2:c8:f7:50:5e:54:39:f0:ff:4c:
         d7:0b:71:84:62:af:57:e4:82:c8:9b:46:11:ea:bf:8b:ec:d0:
         63:f6:53:ef:0d:0e:4b:bb:06:9d:68:b1:4f:07:13:ae:5f:a8:
         34:9f:4e:13:5f:58:f1:51:f3:0f:db:58:e5:a2:8e:82:e6:07:
         68:16:cd:99:29:07:c2:b2:d1:bc:b0:e4:6f:11:83:f8:64:76:
         fb:7b:f4:b2:b1:93:f7:aa:ca:5a:66:06:c7:6e:1b:ff:e0:7b:
         50:c4:80:9f:85:e9:56:a3:35:27:8d:b4:cc:84:ae:f1:fc:fa:
         38:d1:fb:c1:9f:95:8e:b3:78:1d:3e:9e:55:35:7e:44:03:1d:
         34:80:fb:c4:7a:d2:08:82:92:1e:19:ca:44:61:10:c7:c7:f3:
         2a:16:20:6a:a1:30:2b:2c:9d:93:eb:d0:cc:d3:f4:ac:59:f4:
         63:c9:11:50
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAYw126EBbYl+9Cn/NRQGrLI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMjA0MTcyMzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE1M2JkMTEwY2Q3MjQ1MzVkZDI1ODNlYTViODRjMDQwYWI3ZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9cNYiPz0seUbfY0Wo6NOcuc00rj0
CxvNCFIib3ajEjxynb3Jo4M0A6P4XkCucmFBpx0hmTX9L5pdGOk4poFQO/1ilZwt
UHF/qQkA41P6xmvH5X5Cq24vwYB7AqSI6xDbqGMNcTrkUU7BobtKNP2VabDcskg7
auQo/Wx6FlZnMp0X3GzSmtruerSiJ1O/8Hn/N/JLFSO7sYF3lTy64+s5CsELQ4uh
3OeU3VKp/+7B+ba0vwgor+ekkWDj5gcO1tfFp3mKaQFxUrmXO/qHMM2NEAjjz6TX
oEN58aXXXuDY8BKCqUncyL7Ne1AHk8FAGvzI3+y2ZlRwGkbyzCn40cYoRwIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFCWlO9EQzXJFNd0lg+pbhMBAq30mMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvSmFVNzBSRE5ja1UxM1NXRDZsdUV3RUNyZlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBAAt
Q3UDBAItlaADBABZIH4wDAMEAFvyRwMEAVvySAMEAFvySwMEAFvyZwMEAFx2bAME
AF7nxgMEALB+3wMEAbkPiAMEALkoaQMEALmt9wMEALnUCwMEArnzjAMEALn/YwME
AMI4mQMEAMK07gMEAMLVCgMEAcLyHAMEAMOVfzANBgkqhkiG9w0BAQsFAAOCAQEA
FDYpCLAGT4t8I6M4iSwbHh/qkKz6hIuDDpF7UpTjBpEDBJzrfywEaYPGeYZjifPq
223yHEJrKQ1WxmPqTKNNDsPZu6rujDzlImfCavxPonPSyPdQXlQ58P9M1wtxhGKv
V+SCyJtGEeq/i+zQY/ZT7w0OS7sGnWixTwcTrl+oNJ9OE19Y8VHzD9tY5aKOguYH
aBbNmSkHwrLRvLDkbxGD+GR2+3v0srGT96rKWmYGx24b/+B7UMSAn4XpVqM1J420
zISu8fz6ONH7wZ+VjrN4HT6eVTV+RAMdNID7xHrSCIKSHhnKRGEQx8fzKhYgaqEw
Kyydk+vQzNP0rFn0Y8kRUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org