Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NgZA6hg6YcYvmMTx6UfAHZd5xqc.roa
File:                     NgZA6hg6YcYvmMTx6UfAHZd5xqc.roa (raw, json)
Hash identifier:          RDUMfHqhPbkGrn8jtCaBDLOQUjdQ82Ul3wZhKjhHweI=
Subject key identifier:   36:06:40:EA:18:3A:61:C6:2F:98:C4:F1:E9:47:C0:1D:97:79:C6:A7
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01828E78422E837698437E318AE5A8ED33F3
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NgZA6hg6YcYvmMTx6UfAHZd5xqc.roa
Signing time:             Thu 11 Aug 2022 19:53:41 +0000
ROA not before:           Thu 11 Aug 2022 19:53:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        91.214.200.0/22 maxlen: 22
                          45.88.124.0/22 maxlen: 22
                          194.56.152.0/23 maxlen: 24
                          91.242.81.0/24 maxlen: 24
                          5.180.4.0/22 maxlen: 22
                          194.35.52.0/22 maxlen: 22
                          91.242.105.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 22
                          91.242.107.0/24 maxlen: 24
                          91.242.120.0/21 maxlen: 21
                          193.46.211.0/24 maxlen: 24
                          91.242.64.0/22 maxlen: 22
                          5.182.28.0/22 maxlen: 22
                          194.50.188.0/23 maxlen: 23
                          194.50.206.0/23 maxlen: 23
                          195.138.96.0/19 maxlen: 24
                          194.50.200.0/23 maxlen: 23
                          2.57.152.0/22 maxlen: 22
                          45.140.32.0/22 maxlen: 22
                          45.128.20.0/22 maxlen: 22
                          194.50.184.0/23 maxlen: 23
                          95.214.152.0/22 maxlen: 22
                          45.150.168.0/22 maxlen: 22
                          45.150.180.0/22 maxlen: 22
                          2.56.0.0/22 maxlen: 22
                          185.173.244.0/22 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          2.57.212.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:8e:78:42:2e:83:76:98:43:7e:31:8a:e5:a8:ed:33:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug 11 19:53:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=360640ea183a61c62f98c4f1e947c01d9779c6a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7a:d3:8b:a8:36:db:a6:7c:1c:e5:a5:58:a1:
                    6f:3a:7e:7a:fb:e5:a7:0a:7f:48:4b:0d:0d:7b:c2:
                    20:0b:60:d2:a0:a3:a5:4f:d5:af:b0:57:f1:fb:b8:
                    33:e2:2c:de:04:75:5c:cd:66:41:f0:3c:7c:f9:0d:
                    73:35:bf:b5:77:64:73:fc:f9:25:e0:84:ee:f3:5f:
                    15:9f:f1:a0:92:44:b5:a1:6e:d5:f7:f5:40:d9:b3:
                    0e:21:d4:85:e6:c2:f2:bf:fb:3e:9d:ec:7f:f1:8b:
                    eb:b2:09:fe:68:d7:d0:30:88:fd:7a:71:8b:77:70:
                    87:88:de:d4:a1:09:6b:62:5c:ff:0f:a4:53:82:31:
                    74:b7:37:b2:58:de:16:14:cf:8b:ba:ef:70:c9:30:
                    0b:5c:40:84:99:31:64:58:c1:dc:93:b3:3e:81:62:
                    6e:5a:ae:5c:50:64:79:c6:d3:d7:dd:ba:93:26:6e:
                    82:93:d9:10:53:c9:e6:6a:a3:18:24:56:0f:bd:f6:
                    fc:d6:30:de:71:7b:11:eb:73:20:3e:d1:8f:f6:28:
                    c2:ea:d6:3e:07:19:4c:a7:ab:ad:b1:ac:a6:53:30:
                    d0:31:7b:c5:d6:36:96:36:5d:8e:a7:a4:76:e9:de:
                    e1:36:36:a6:86:5e:5a:9c:fd:ee:c2:e9:45:a1:79:
                    ca:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:06:40:EA:18:3A:61:C6:2F:98:C4:F1:E9:47:C0:1D:97:79:C6:A7
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NgZA6hg6YcYvmMTx6UfAHZd5xqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.0.0/22
                  2.57.152.0/22
                  2.57.212.0/22
                  5.180.4.0/22
                  5.182.28.0/22
                  45.88.124.0/22
                  45.128.20.0/22
                  45.140.32.0/22
                  45.150.168.0/22
                  45.150.180.0/22
                  91.214.200.0/22
                  91.242.64.0/22
                  91.242.81.0/24
                  91.242.105.0/24
                  91.242.107.0-91.242.111.255
                  91.242.120.0/21
                  95.214.152.0/22
                  185.173.244.0/22
                  193.46.211.0/24
                  194.35.52.0/22
                  194.50.184.0/23
                  194.50.188.0/23
                  194.50.200.0/23
                  194.50.206.0/23
                  194.56.152.0/23
                  195.138.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         42:c3:77:23:e4:a7:31:47:f6:0b:66:e4:05:e9:d0:91:68:e6:
         4e:b2:ca:a8:a5:04:aa:70:a2:32:74:8d:5b:1c:f2:ee:01:ee:
         32:dc:d2:7c:64:48:2c:77:6e:44:16:f3:d8:f5:41:4e:36:bd:
         cd:d8:e7:c4:31:69:91:19:6f:56:da:40:b7:71:de:e7:46:de:
         82:6e:32:eb:21:15:71:3f:d6:d8:24:42:52:8c:77:db:5d:2b:
         2b:6e:f6:e4:93:f4:3f:e3:42:72:f5:e3:03:e8:e7:69:07:62:
         0a:0d:f6:58:6e:20:0d:20:97:07:c7:d0:69:aa:9d:9f:9d:c8:
         8d:d5:64:42:6e:1e:6b:99:71:29:b4:a2:c5:d6:e7:6c:c4:3a:
         10:2f:b3:e5:13:07:c0:9e:56:b1:fd:a1:76:f4:3a:ac:0b:b8:
         d1:05:67:2d:4f:c0:f1:74:cf:14:77:36:fa:aa:c7:6e:f1:be:
         9a:ae:62:5b:5a:c1:cc:51:82:1f:f2:cc:06:1e:9a:35:ea:3f:
         8a:3e:79:ae:dc:db:a6:29:bd:12:e1:4d:7c:ca:b8:f3:91:b0:
         b6:84:dc:26:37:a2:25:14:bb:33:ad:c1:0a:0f:fa:4c:ec:77:
         36:dc:5e:6e:2e:37:7f:12:a2:ea:a5:45:28:17:25:fd:90:dc:
         cd:1d:3f:3a
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYKOeEIug3aYQ34xiuWo7TPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIwODExMTk1MzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjA2NDBlYTE4M2E2MWM2MmY5OGM0ZjFlOTQ3YzAxZDk3NzljNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXrTi6g226Z8HOWlWKFvOn56++Wn
Cn9ISw0Ne8IgC2DSoKOlT9WvsFfx+7gz4izeBHVczWZB8Dx8+Q1zNb+1d2Rz/Pkl
4ITu818Vn/GgkkS1oW7V9/VA2bMOIdSF5sLyv/s+nex/8Yvrsgn+aNfQMIj9enGL
d3CHiN7UoQlrYlz/D6RTgjF0tzeyWN4WFM+Luu9wyTALXECEmTFkWMHck7M+gWJu
Wq5cUGR5xtPX3bqTJm6Ck9kQU8nmaqMYJFYPvfb81jDecXsR63MgPtGP9ijC6tY+
BxlMp6utsaymUzDQMXvF1jaWNl2Op6R26d7hNjamhl5anP3uwulFoXnKZwIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFDYGQOoYOmHGL5jE8elHwB2XecanMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTmdaQTZoZzZZY1l2bU1UeDZVZkFIWmQ1eHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAIC
OAADBAICOZgDBAICOdQDBAIFtAQDBAIFthwDBAItWHwDBAItgBQDBAItjCADBAIt
lqgDBAItlrQDBAJb1sgDBAJb8kADBABb8lEDBABb8mkwDAMEAFvyawMEBFvyYAME
A1vyeAMEAl/WmAMEArmt9AMEAMEu0wMEAsIjNAMEAcIyuAMEAcIyvAMEAcIyyAME
AcIyzgMEAcI4mAMEBcOKYDANBgkqhkiG9w0BAQsFAAOCAQEAQsN3I+SnMUf2C2bk
BenQkWjmTrLKqKUEqnCiMnSNWxzy7gHuMtzSfGRILHduRBbz2PVBTja9zdjnxDFp
kRlvVtpAt3He50begm4y6yEVcT/W2CRCUox3210rK2725JP0P+NCcvXjA+jnaQdi
Cg32WG4gDSCXB8fQaaqdn53IjdVkQm4ea5lxKbSixdbnbMQ6EC+z5RMHwJ5Wsf2h
dvQ6rAu40QVnLU/A8XTPFHc2+qrHbvG+mq5iW1rBzFGCH/LMBh6aNeo/ij55rtzb
pim9EuFNfMq485GwtoTcJjeiJRS7M63BCg/6TOx3Ntxebi43fxKi6qVFKBcl/ZDc
zR0/Og==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org