Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PsPAe8_j2vW8ppL1huSiiMmF2uw.roa
File:                     PsPAe8_j2vW8ppL1huSiiMmF2uw.roa (raw, json)
Hash identifier:          lHLtDj0uiQmsmvIEsn1xqKBTMh8+JFaKYelY9t8I0eE=
Subject key identifier:   3E:C3:C0:7B:CF:E3:DA:F5:BC:A6:92:F5:86:E4:A2:88:C9:85:DA:EC
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0189697D476006A5F3DC0F2D5AA6B2A6A58E
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PsPAe8_j2vW8ppL1huSiiMmF2uw.roa
Signing time:             Tue 18 Jul 2023 14:52:45 +0000
ROA not before:           Tue 18 Jul 2023 14:52:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        89.39.242.0/24 maxlen: 24
                          194.56.152.0/23 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          45.89.44.0/22 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          86.104.19.0/24 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          193.203.127.0/24 maxlen: 24
                          89.40.35.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          195.138.103.0/24 maxlen: 24
                          195.138.104.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          45.140.32.0/22 maxlen: 22
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          91.239.59.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:69:7d:47:60:06:a5:f3:dc:0f:2d:5a:a6:b2:a6:a5:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul 18 14:52:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ec3c07bcfe3daf5bca692f586e4a288c985daec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:67:45:f8:1a:e5:90:62:9f:d8:48:10:a6:42:
                    1a:ed:89:b8:6b:05:52:53:ad:c3:51:83:70:01:47:
                    19:7e:e6:1c:25:91:7c:24:5e:da:1f:08:9d:57:08:
                    40:bd:a2:1b:ce:0f:5c:31:38:85:32:17:c7:32:6c:
                    0e:a8:38:df:5e:fd:ff:35:73:bf:f7:4f:95:1e:6d:
                    c8:3c:88:7a:7d:64:66:d4:47:54:e4:db:00:b4:e6:
                    df:48:38:88:9f:82:1e:9d:9b:17:48:d0:7a:85:bc:
                    bd:96:74:1a:0f:a9:55:27:76:e6:f7:9c:02:11:ab:
                    76:c9:3a:53:3e:aa:ca:76:8c:8c:ab:9f:c0:82:9b:
                    e6:3e:d3:c7:d9:ad:46:bb:18:88:1a:26:7f:ec:47:
                    fd:28:50:cd:3f:17:ef:1c:29:f5:e7:7f:f7:f5:eb:
                    97:c1:01:20:4f:c2:c3:2f:e2:dc:b4:a0:aa:2b:93:
                    a0:06:ab:32:45:13:a0:93:c6:3a:47:41:25:79:1c:
                    a2:4e:a6:a8:23:7a:e3:88:6e:ae:d5:44:df:b1:df:
                    6c:7f:39:a0:2c:c8:50:f5:0b:65:6f:3e:ea:be:93:
                    2e:9b:f7:d6:2c:5d:83:12:3c:22:1b:4b:e1:d2:31:
                    0d:0d:33:ee:56:b1:ca:32:f4:d9:f6:88:06:31:c2:
                    3d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C3:C0:7B:CF:E3:DA:F5:BC:A6:92:F5:86:E4:A2:88:C9:85:DA:EC
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PsPAe8_j2vW8ppL1huSiiMmF2uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.64.0/22
                  45.67.117.0/24
                  45.89.44.0/22
                  45.140.32.0/22
                  80.94.80.0/23
                  86.104.19.0/24
                  89.39.242.0/24
                  89.40.35.0/24
                  89.40.161.0/24
                  91.239.59.0/24
                  91.242.70.0-91.242.75.255
                  91.242.103.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  193.203.127.0/24
                  194.56.152.0/23
                  194.213.10.0/24
                  194.242.28.0/23
                  195.138.103.0-195.138.106.255

    Signature Algorithm: sha256WithRSAEncryption
         73:0f:d4:7e:dd:1c:cd:af:83:5e:71:e0:72:74:97:ec:02:8d:
         cb:57:a4:8f:a4:6f:e0:4b:6e:3d:07:51:45:08:5b:6e:f9:1b:
         74:da:60:00:f8:28:4d:80:31:0a:55:86:e5:cf:15:27:6e:e6:
         98:d8:43:a4:13:91:f4:ea:36:df:70:0f:79:c5:00:a6:91:89:
         1f:33:85:de:bb:a1:85:46:af:c2:26:a5:c1:1b:76:58:b6:df:
         1d:73:ee:19:fb:f8:26:50:7c:65:32:ab:a7:1f:ab:4c:05:10:
         1d:f9:d6:fa:2e:61:e3:52:92:d2:d2:aa:90:6a:92:97:24:c7:
         df:57:e5:6c:2d:b4:13:27:50:f9:22:4b:7a:8f:9f:17:0a:f5:
         ac:e6:14:29:fa:64:69:3d:e5:6f:1e:06:9d:5d:06:0d:e3:f3:
         3d:71:73:cc:2f:fb:71:bb:b1:60:06:b4:75:d5:8f:fc:aa:53:
         57:3d:e5:09:97:7f:02:86:d4:60:b0:78:5c:44:48:f5:0f:cf:
         fa:91:78:96:29:c5:fc:da:de:69:07:bd:00:d9:c5:da:fa:73:
         f8:09:ee:c4:0f:d8:21:50:37:ac:58:90:cd:fe:43:0d:7c:f3:
         ef:aa:b0:7e:08:e1:c2:06:80:9a:fe:4d:f1:6b:78:68:bb:69:
         f0:a5:aa:94
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAYlpfUdgBqXz3A8tWqaypqWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNzE4MTQ1MjQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWMzYzA3YmNmZTNkYWY1YmNhNjkyZjU4NmU0YTI4OGM5ODVkYWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2dF+BrlkGKf2EgQpkIa7Ym4awVS
U63DUYNwAUcZfuYcJZF8JF7aHwidVwhAvaIbzg9cMTiFMhfHMmwOqDjfXv3/NXO/
90+VHm3IPIh6fWRm1EdU5NsAtObfSDiIn4IenZsXSNB6hby9lnQaD6lVJ3bm95wC
Eat2yTpTPqrKdoyMq5/AgpvmPtPH2a1GuxiIGiZ/7Ef9KFDNPxfvHCn153/39euX
wQEgT8LDL+LctKCqK5OgBqsyRROgk8Y6R0EleRyiTqaoI3rjiG6u1UTfsd9sfzmg
LMhQ9Qtlbz7qvpMum/fWLF2DEjwiG0vh0jENDTPuVrHKMvTZ9ogGMcI9MQIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFD7DwHvP49r1vKaS9YbkoojJhdrsMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUHNQQWU4X2oydlc4cHBMMWh1U2lpTW1GMnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZoDBAIt
D0ADBAAtQ3UDBAItWSwDBAItjCADBAFQXlADBABWaBMDBABZJ/IDBABZKCMDBABZ
KKEDBABb7zswDAMEAVvyRgMEAlvySAMEAFvyZwMEAF7nxgMEALB+3wMEALkoaQME
ALmt9wMEALnUCwMEAMEu0wMEAMHLfwMEAcI4mAMEAMLVCgMEAcLyHDAMAwQAw4pn
AwQAw4pqMA0GCSqGSIb3DQEBCwUAA4IBAQBzD9R+3RzNr4NeceBydJfsAo3LV6SP
pG/gS249B1FFCFtu+Rt02mAA+ChNgDEKVYblzxUnbuaY2EOkE5H06jbfcA95xQCm
kYkfM4Xeu6GFRq/CJqXBG3ZYtt8dc+4Z+/gmUHxlMqunH6tMBRAd+db6LmHjUpLS
0qqQapKXJMffV+VsLbQTJ1D5Ikt6j58XCvWs5hQp+mRpPeVvHgadXQYN4/M9cXPM
L/txu7FgBrR11Y/8qlNXPeUJl38ChtRgsHhcREj1D8/6kXiWKcX82t5pB70A2cXa
+nP4Ce7ED9ghUDesWJDN/kMNfPPvqrB+COHCBoCa/k3xa3hou2nwpaqU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org