Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/U6p49q-E_0TV9SUYEpPq53DKSzs.roa
File:                     U6p49q-E_0TV9SUYEpPq53DKSzs.roa (raw, json)
Hash identifier:          6vRngFDjDVRnAuNtXs+su8hjbpr2v0tO2sg41tUyUMA=
Subject key identifier:   53:AA:78:F6:AF:84:FF:44:D5:F5:25:18:12:93:EA:E7:70:CA:4B:3B
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0188E3E99879598CB16E31ABB9806E95EFD8
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/U6p49q-E_0TV9SUYEpPq53DKSzs.roa
Signing time:             Thu 22 Jun 2023 16:21:56 +0000
ROA not before:           Thu 22 Jun 2023 16:21:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        89.39.242.0/24 maxlen: 24
                          194.56.152.0/23 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          45.89.44.0/22 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          86.104.19.0/24 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          193.203.127.0/24 maxlen: 24
                          89.40.35.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          195.138.103.0/24 maxlen: 24
                          195.138.104.0/24 maxlen: 24
                          86.104.192.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          45.140.32.0/22 maxlen: 22
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          91.239.59.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e3:e9:98:79:59:8c:b1:6e:31:ab:b9:80:6e:95:ef:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jun 22 16:21:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=53aa78f6af84ff44d5f525181293eae770ca4b3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b8:f8:1b:26:27:ee:fb:74:dc:bd:90:3e:58:
                    58:ef:6e:60:ef:88:43:60:fa:4c:75:45:7d:b9:0f:
                    f5:81:9e:ff:ff:47:9b:f5:56:f9:38:45:10:4c:43:
                    12:fa:b3:2d:98:ea:9c:aa:9f:5b:37:1c:d3:fe:0f:
                    07:22:ed:74:89:cf:98:0e:14:84:9b:a1:47:99:07:
                    bb:22:b6:70:95:9c:a9:cf:63:19:e3:76:41:d5:b6:
                    e1:b2:05:07:70:88:46:9e:26:65:9c:8d:19:a2:f6:
                    6f:43:c5:0a:0f:a2:f1:f5:0c:f7:59:d3:6e:ab:16:
                    b4:f8:56:a8:33:9f:be:35:d6:33:30:fb:92:a2:20:
                    a8:fd:75:22:ec:ff:51:cb:3d:cd:f9:d6:53:9f:1a:
                    02:43:d8:5b:f7:a3:7d:4a:0c:92:2f:2c:1d:94:ed:
                    37:22:04:c4:e9:79:f4:dd:6d:35:b3:6f:75:66:ad:
                    05:08:f3:a3:d9:ac:87:a3:52:69:bb:29:b4:e7:43:
                    1a:8e:2a:8a:d8:a9:7b:b1:08:43:e6:49:0d:b4:2f:
                    44:19:aa:30:ea:ee:d0:10:e7:6d:1d:cf:96:c7:c7:
                    7b:d8:f6:d3:66:94:76:f2:ac:58:f4:cd:ee:7f:2a:
                    a1:da:f0:95:ef:2b:d8:d9:34:02:7f:fb:43:58:8c:
                    fb:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:AA:78:F6:AF:84:FF:44:D5:F5:25:18:12:93:EA:E7:70:CA:4B:3B
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/U6p49q-E_0TV9SUYEpPq53DKSzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.64.0/22
                  45.67.117.0/24
                  45.89.44.0/22
                  45.140.32.0/22
                  80.94.80.0/23
                  86.104.19.0/24
                  86.104.192.0/24
                  89.39.242.0/24
                  89.40.35.0/24
                  89.40.161.0/24
                  91.239.59.0/24
                  91.242.70.0-91.242.75.255
                  91.242.103.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  193.203.127.0/24
                  194.56.152.0/23
                  194.213.10.0/24
                  194.242.28.0/23
                  195.138.103.0-195.138.106.255

    Signature Algorithm: sha256WithRSAEncryption
         51:19:54:9f:30:6b:66:3b:64:c9:cb:c9:75:77:5b:42:6a:57:
         ef:84:d8:14:21:88:49:16:85:e7:77:06:fc:31:ac:55:30:cf:
         4d:14:ad:22:3f:a6:cf:cd:1e:a8:57:1f:e6:b7:88:37:d9:58:
         7e:a4:1a:cf:8d:07:88:fa:40:00:39:af:4e:72:11:48:f9:06:
         61:28:d4:5c:ef:fe:63:fa:9a:1c:e3:54:82:4d:c3:53:aa:a9:
         1a:39:f7:d6:7b:01:10:5d:ef:42:90:50:ec:d2:85:33:5a:41:
         07:af:a7:6c:12:84:04:2e:46:ae:d2:1d:f4:19:8f:de:47:09:
         7d:76:a2:56:8e:67:8f:d3:73:41:14:93:1a:98:90:70:ff:e0:
         dd:31:9a:63:d6:9f:4a:44:1a:1a:4b:ee:f4:a7:21:08:12:93:
         5f:d9:87:69:4f:c1:dd:28:bb:af:5b:bf:aa:6b:a6:2f:b4:9b:
         5f:34:6f:2f:60:b6:3f:47:e4:c1:3f:41:4b:e4:35:c3:32:9a:
         f7:98:19:8c:fb:0d:01:91:89:e6:ec:f2:34:02:31:76:c9:fa:
         3b:7a:ea:90:0e:81:76:db:eb:d4:81:2c:b8:42:2f:0e:c8:1e:
         37:65:97:a8:06:50:8d:df:de:a5:c2:72:88:f8:22:64:04:c2:
         fb:b1:0d:ea
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYjj6Zh5WYyxbjGruYBule/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNjIyMTYyMTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2FhNzhmNmFmODRmZjQ0ZDVmNTI1MTgxMjkzZWFlNzcwY2E0YjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLj4GyYn7vt03L2QPlhY725g74hD
YPpMdUV9uQ/1gZ7//0eb9Vb5OEUQTEMS+rMtmOqcqp9bNxzT/g8HIu10ic+YDhSE
m6FHmQe7IrZwlZypz2MZ43ZB1bbhsgUHcIhGniZlnI0ZovZvQ8UKD6Lx9Qz3WdNu
qxa0+FaoM5++NdYzMPuSoiCo/XUi7P9Ryz3N+dZTnxoCQ9hb96N9SgySLywdlO03
IgTE6Xn03W01s291Zq0FCPOj2ayHo1Jpuym050MajiqK2Kl7sQhD5kkNtC9EGaow
6u7QEOdtHc+Wx8d72PbTZpR28qxY9M3ufyqh2vCV7yvY2TQCf/tDWIz7JQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFFOqePavhP9E1fUlGBKT6udwyks7MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvVTZwNDlxLUVfMFRWOVNVWUVwUHE1M0RLU3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBAIt
D0ADBAAtQ3UDBAItWSwDBAItjCADBAFQXlADBABWaBMDBABWaMADBABZJ/IDBABZ
KCMDBABZKKEDBABb7zswDAMEAVvyRgMEAlvySAMEAFvyZwMEAF7nxgMEALB+3wME
ALkoaQMEALmt9wMEALnUCwMEAMEu0wMEAMHLfwMEAcI4mAMEAMLVCgMEAcLyHDAM
AwQAw4pnAwQAw4pqMA0GCSqGSIb3DQEBCwUAA4IBAQBRGVSfMGtmO2TJy8l1d1tC
alfvhNgUIYhJFoXndwb8MaxVMM9NFK0iP6bPzR6oVx/mt4g32Vh+pBrPjQeI+kAA
Oa9OchFI+QZhKNRc7/5j+poc41SCTcNTqqkaOffWewEQXe9CkFDs0oUzWkEHr6ds
EoQELkau0h30GY/eRwl9dqJWjmeP03NBFJMamJBw/+DdMZpj1p9KRBoaS+70pyEI
EpNf2YdpT8HdKLuvW7+qa6YvtJtfNG8vYLY/R+TBP0FL5DXDMpr3mBmM+w0BkYnm
7PI0AjF2yfo7euqQDoF22+vUgSy4Qi8OyB43ZZeoBlCN396lwnKI+CJkBML7sQ3q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org