Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/P1I-8qImVOl74ohgGZnIM_NqKyE.roa
File:                     P1I-8qImVOl74ohgGZnIM_NqKyE.roa (raw, json)
Hash identifier:          mXx8Y3wbxJXYp0Io5o/w2nCgy3Lzqr7X+TfIfm/i/34=
Subject key identifier:   3F:52:3E:F2:A2:26:54:E9:7B:E2:88:60:19:99:C8:33:F3:6A:2B:21
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018A8A704E223B29160E23DED565ADB7578A
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/P1I-8qImVOl74ohgGZnIM_NqKyE.roa
Signing time:             Tue 12 Sep 2023 17:28:50 +0000
ROA not before:           Tue 12 Sep 2023 17:28:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7029
IP address blocks:        185.255.99.0/24 maxlen: 24
                          195.138.107.0/24 maxlen: 24
                          195.138.111.0/24 maxlen: 24
                          195.138.112.0/24 maxlen: 24
                          195.138.114.0/24 maxlen: 24
                          195.138.118.0/24 maxlen: 24
                          185.180.145.0/24 maxlen: 24
                          195.138.120.0/24 maxlen: 24
                          185.15.136.0/23 maxlen: 24
                          91.201.107.0/24 maxlen: 24
                          185.243.140.0/22 maxlen: 24
                          193.30.30.0/24 maxlen: 24
                          194.180.238.0/24 maxlen: 24
                          195.149.127.0/24 maxlen: 24
                          89.32.126.0/24 maxlen: 24
                          92.118.108.0/24 maxlen: 24
                          193.46.220.0/24 maxlen: 24
                          45.149.160.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:8a:70:4e:22:3b:29:16:0e:23:de:d5:65:ad:b7:57:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Sep 12 17:28:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f523ef2a22654e97be288601999c833f36a2b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:08:c7:e4:52:56:69:17:71:d2:e4:7a:31:0e:
                    a9:bf:d3:66:00:4f:82:df:fb:bc:b7:5f:a9:8d:be:
                    28:f3:89:f5:ac:a2:21:50:5f:71:a1:f6:96:96:18:
                    b2:d4:3d:df:0d:45:60:af:a8:58:70:67:a5:fd:0d:
                    eb:a4:bc:99:ed:94:9b:6e:1f:de:da:be:c3:e5:72:
                    bd:c7:9a:4b:50:28:0c:d5:fc:e6:17:07:88:d1:40:
                    8e:a6:da:e8:e3:eb:8c:c8:e5:83:8f:d7:d8:a2:81:
                    c4:f1:34:12:cd:aa:70:3b:9d:7a:56:9e:96:13:99:
                    72:6c:2a:30:95:ea:df:df:39:c5:f6:ef:f3:1f:3a:
                    30:e9:28:3a:3d:97:21:90:91:f4:3c:14:e1:0c:65:
                    83:b4:7a:6e:e0:52:63:12:74:d0:b4:90:ee:b9:27:
                    b5:36:c7:2e:aa:62:d7:10:0f:b2:df:a1:7c:8a:6e:
                    a5:c9:ad:89:8f:b7:a3:61:8c:88:79:99:eb:c9:b9:
                    91:49:0e:15:9c:a9:4e:ab:4f:e2:38:28:47:e8:70:
                    c3:9e:90:6c:4b:84:96:c1:f1:4e:9e:0c:b6:6f:f8:
                    44:32:f8:b0:63:1a:d9:d4:39:a4:55:15:c1:47:26:
                    7a:b3:53:76:18:cf:86:e7:77:39:13:5f:10:91:40:
                    23:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:52:3E:F2:A2:26:54:E9:7B:E2:88:60:19:99:C8:33:F3:6A:2B:21
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/P1I-8qImVOl74ohgGZnIM_NqKyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.160.0/22
                  89.32.126.0/24
                  91.201.107.0/24
                  92.118.108.0/24
                  185.15.136.0/23
                  185.180.145.0/24
                  185.243.140.0/22
                  185.255.99.0/24
                  193.30.30.0/24
                  193.46.220.0/24
                  194.180.238.0/24
                  195.138.107.0/24
                  195.138.111.0-195.138.112.255
                  195.138.114.0/24
                  195.138.118.0/24
                  195.138.120.0/24
                  195.149.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:80:1b:50:06:e9:b1:bd:2c:7c:27:08:03:62:b0:d2:f9:fb:
         02:96:d7:69:98:07:03:66:ab:c6:8a:11:38:37:a7:4b:b4:5b:
         c4:b2:4b:77:22:bb:f6:90:c0:12:2b:aa:09:69:d9:d7:98:ed:
         66:79:5f:54:0c:09:2d:3d:9a:0e:0d:bc:37:11:44:d2:25:8d:
         db:71:80:d2:76:2c:d0:d3:c7:da:0c:1f:61:03:5d:2d:1f:07:
         d4:b6:00:92:cb:5c:ff:c5:08:2c:fa:be:6d:59:b3:5e:44:83:
         d1:82:cd:cd:06:c7:1f:64:76:cb:1f:31:11:56:c9:2b:2f:e8:
         ce:08:7b:38:ed:49:f1:b2:87:66:3e:aa:db:3d:bb:fe:af:29:
         a9:5a:62:4c:a0:69:84:89:40:c2:bd:0b:4e:9e:49:ce:61:a4:
         e4:e7:cb:b6:8f:f3:27:9a:e6:d1:7f:83:d9:4b:22:c3:c2:05:
         fb:e4:31:a3:58:65:6a:3c:3a:84:e7:0e:1d:2f:cc:e4:2e:b3:
         7c:5f:37:c9:bd:84:88:7b:93:ac:18:03:17:c4:b8:a4:e8:8d:
         36:18:5f:74:1c:ab:d6:78:e4:6c:07:a7:b6:be:e0:8d:9c:c6:
         7f:0a:45:78:1a:fb:fc:77:2d:b7:41:10:21:a3:0a:c6:78:53:
         39:3a:78:71
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYqKcE4iOykWDiPe1WWtt1eKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwOTEyMTcyODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjUyM2VmMmEyMjY1NGU5N2JlMjg4NjAxOTk5YzgzM2YzNmEyYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wjH5FJWaRdx0uR6MQ6pv9NmAE+C
3/u8t1+pjb4o84n1rKIhUF9xofaWlhiy1D3fDUVgr6hYcGel/Q3rpLyZ7ZSbbh/e
2r7D5XK9x5pLUCgM1fzmFweI0UCOptro4+uMyOWDj9fYooHE8TQSzapwO516Vp6W
E5lybCowlerf3znF9u/zHzow6Sg6PZchkJH0PBThDGWDtHpu4FJjEnTQtJDuuSe1
NscuqmLXEA+y36F8im6lya2Jj7ejYYyIeZnrybmRSQ4VnKlOq0/iOChH6HDDnpBs
S4SWwfFOngy2b/hEMviwYxrZ1DmkVRXBRyZ6s1N2GM+G53c5E18QkUAj9wIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFD9SPvKiJlTpe+KIYBmZyDPzaishMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUDFJLThxSW1WT2w3NG9oZ0dabklNX05xS3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAi2VoAME
AFkgfgMEAFvJawMEAFx2bAMEAbkPiAMEALm0kQMEArnzjAMEALn/YwMEAMEeHgME
AMEu3AMEAMK07gMEAMOKazAMAwQAw4pvAwQAw4pwAwQAw4pyAwQAw4p2AwQAw4p4
AwQAw5V/MA0GCSqGSIb3DQEBCwUAA4IBAQBkgBtQBumxvSx8JwgDYrDS+fsCltdp
mAcDZqvGihE4N6dLtFvEskt3Irv2kMASK6oJadnXmO1meV9UDAktPZoODbw3EUTS
JY3bcYDSdizQ08faDB9hA10tHwfUtgCSy1z/xQgs+r5tWbNeRIPRgs3NBscfZHbL
HzERVskrL+jOCHs47UnxsodmPqrbPbv+rympWmJMoGmEiUDCvQtOnknOYaTk58u2
j/MnmubRf4PZSyLDwgX75DGjWGVqPDqE5w4dL8zkLrN8XzfJvYSIe5OsGAMXxLik
6I02GF90HKvWeORsB6e2vuCNnMZ/CkV4Gvv8dy23QRAhowrGeFM5Onhx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org