Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/WHwV5yRcGgS-pMw_mPAv8AIGf6g.roa
File:                     WHwV5yRcGgS-pMw_mPAv8AIGf6g.roa (raw, json)
Hash identifier:          h4RXxVIX26gHxyjPmTlrX1jWjOLPg2I3EMHLaDM2BR0=
Subject key identifier:   58:7C:15:E7:24:5C:1A:04:BE:A4:CC:3F:98:F0:2F:F0:02:06:7F:A8
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018A6658C48A273D136FCBFF5CAE5888D64A
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/WHwV5yRcGgS-pMw_mPAv8AIGf6g.roa
Signing time:             Tue 05 Sep 2023 17:16:48 +0000
ROA not before:           Tue 05 Sep 2023 17:16:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398465
IP address blocks:        185.255.99.0/24 maxlen: 24
                          194.180.238.0/24 maxlen: 24
                          185.15.136.0/23 maxlen: 24
                          195.149.127.0/24 maxlen: 24
                          89.32.126.0/24 maxlen: 24
                          92.118.108.0/24 maxlen: 24
                          45.149.160.0/22 maxlen: 24
                          185.243.140.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:66:58:c4:8a:27:3d:13:6f:cb:ff:5c:ae:58:88:d6:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Sep  5 17:16:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=587c15e7245c1a04bea4cc3f98f02ff002067fa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b0:f7:7d:23:d3:0e:88:ba:f2:57:75:88:76:
                    db:4f:96:e1:8c:c8:70:87:20:29:36:86:45:b3:6d:
                    7b:9a:97:a3:93:30:ba:2f:45:08:87:e3:7e:b5:5e:
                    83:83:d9:9f:e3:49:a3:2e:74:72:0d:4c:5f:99:de:
                    fd:98:3b:c3:1a:9e:ab:82:a2:07:6b:21:36:35:c2:
                    0b:c0:a6:9f:68:d4:21:2a:68:b2:4d:f8:61:06:a8:
                    15:9c:0d:0c:a6:bf:d8:24:e7:c0:a1:00:8e:4b:be:
                    36:2d:da:a4:b0:2e:47:bc:e2:e4:59:50:c3:e9:3d:
                    97:65:94:24:ad:db:c2:0c:eb:0d:7f:33:b4:e1:5f:
                    c2:9f:c9:03:b3:50:64:cf:1a:63:3e:b6:d6:e7:fb:
                    43:99:1b:dc:ff:6e:74:ca:e6:26:46:55:d5:10:bd:
                    cc:3f:9f:e6:5b:c0:a1:44:1a:e1:26:1b:ed:2c:ef:
                    ff:ac:5e:80:a7:06:fc:c6:47:8b:fe:bf:a3:1f:36:
                    35:52:d7:aa:ec:99:e8:0f:dd:0e:30:05:19:80:28:
                    1f:39:f6:62:1e:61:59:15:e7:a7:b6:fa:ca:86:a8:
                    0a:6a:44:7f:97:07:23:0e:d7:61:89:0a:94:3d:9d:
                    a6:09:68:37:9e:6f:08:57:90:33:ad:cf:64:af:a2:
                    dd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:7C:15:E7:24:5C:1A:04:BE:A4:CC:3F:98:F0:2F:F0:02:06:7F:A8
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/WHwV5yRcGgS-pMw_mPAv8AIGf6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.160.0/22
                  89.32.126.0/24
                  92.118.108.0/24
                  185.15.136.0/23
                  185.243.140.0/22
                  185.255.99.0/24
                  194.180.238.0/24
                  195.149.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:67:e8:6e:1a:74:85:7f:d0:35:f8:f9:f9:82:e1:d8:3b:0a:
         af:5b:4a:49:31:b0:fd:05:23:2f:98:66:c7:66:35:bf:b4:e6:
         a0:ff:07:94:9c:72:82:08:e1:bc:ab:73:2b:05:17:61:12:6f:
         d1:b7:ea:82:f6:d0:21:0c:e8:65:15:ed:4a:9f:2c:46:16:ba:
         0a:d3:cb:f2:05:79:3a:34:87:63:35:ab:a9:9c:48:df:fc:54:
         11:0e:cc:6d:e9:fe:0a:4b:71:90:ed:3b:48:61:0d:87:89:44:
         ff:b2:33:1d:65:6a:ba:56:78:23:6f:5b:6c:d3:2f:45:a3:a9:
         3b:e3:91:4b:d1:36:b8:7c:3a:74:64:1e:7f:7f:18:e9:95:e5:
         86:d4:07:25:05:c4:f7:02:81:a0:91:49:ec:b7:0c:77:2d:69:
         bd:5a:2e:dd:cc:91:ba:48:f5:d5:c8:30:c1:f7:ff:cc:f1:08:
         82:50:39:e3:58:01:d7:84:21:b6:a8:f8:9e:97:98:8f:0a:17:
         07:3f:9c:8d:3e:c6:8d:c1:6c:4a:59:d0:0e:2b:ef:21:88:22:
         ea:c4:ce:a7:df:2a:80:af:2e:bf:bc:60:0c:12:c4:cd:f2:dd:
         32:8d:c9:2f:37:79:76:da:53:c3:38:58:98:7f:57:aa:97:a8:
         3f:8d:e3:f8
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYpmWMSKJz0Tb8v/XK5YiNZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwOTA1MTcxNjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODdjMTVlNzI0NWMxYTA0YmVhNGNjM2Y5OGYwMmZmMDAyMDY3ZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLD3fSPTDoi68ld1iHbbT5bhjMhw
hyApNoZFs217mpejkzC6L0UIh+N+tV6Dg9mf40mjLnRyDUxfmd79mDvDGp6rgqIH
ayE2NcILwKafaNQhKmiyTfhhBqgVnA0Mpr/YJOfAoQCOS742LdqksC5HvOLkWVDD
6T2XZZQkrdvCDOsNfzO04V/Cn8kDs1BkzxpjPrbW5/tDmRvc/250yuYmRlXVEL3M
P5/mW8ChRBrhJhvtLO//rF6Apwb8xkeL/r+jHzY1Uteq7JnoD90OMAUZgCgfOfZi
HmFZFeentvrKhqgKakR/lwcjDtdhiQqUPZ2mCWg3nm8IV5Azrc9kr6LdvwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFh8FeckXBoEvqTMP5jwL/ACBn+oMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvV0h3VjV5UmNHZ1MtcE13X21QQXY4QUlHZjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLZWgAwQA
WSB+AwQAXHZsAwQBuQ+IAwQCufOMAwQAuf9jAwQAwrTuAwQAw5V/MA0GCSqGSIb3
DQEBCwUAA4IBAQBDZ+huGnSFf9A1+Pn5guHYOwqvW0pJMbD9BSMvmGbHZjW/tOag
/weUnHKCCOG8q3MrBRdhEm/Rt+qC9tAhDOhlFe1KnyxGFroK08vyBXk6NIdjNaup
nEjf/FQRDsxt6f4KS3GQ7TtIYQ2HiUT/sjMdZWq6Vngjb1ts0y9Fo6k745FL0Ta4
fDp0ZB5/fxjpleWG1AclBcT3AoGgkUnstwx3LWm9Wi7dzJG6SPXVyDDB9//M8QiC
UDnjWAHXhCG2qPiel5iPChcHP5yNPsaNwWxKWdAOK+8hiCLqxM6n3yqAry6/vGAM
EsTN8t0yjckvN3l22lPDOFiYf1eql6g/jeP4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org