Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/atyutjBxwOvh8sJAt2p_-dl1Ndc.roa
File:                     atyutjBxwOvh8sJAt2p_-dl1Ndc.roa (raw, json)
Hash identifier:          iim2uiYGls0UOHhZzMi+Nb7gnbNtnH8/2+/zpcuNK8Q=
Subject key identifier:   6A:DC:AE:B6:30:71:C0:EB:E1:F2:C2:40:B7:6A:7F:F9:D9:75:35:D7
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0184EBB69239701BA09F42356F694458A03B
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/atyutjBxwOvh8sJAt2p_-dl1Ndc.roa
Signing time:             Wed 07 Dec 2022 08:32:01 +0000
ROA not before:           Wed 07 Dec 2022 08:32:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        45.88.124.0/22 maxlen: 22
                          194.56.152.0/23 maxlen: 24
                          91.242.81.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.107.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          5.182.28.0/22 maxlen: 22
                          45.140.32.0/22 maxlen: 22
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          80.94.80.0/24 maxlen: 24
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          45.150.180.0/22 maxlen: 22
                          185.173.247.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:eb:b6:92:39:70:1b:a0:9f:42:35:6f:69:44:58:a0:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Dec  7 08:32:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6adcaeb63071c0ebe1f2c240b76a7ff9d97535d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cc:b5:89:b1:50:ab:7a:96:d6:2e:01:78:62:
                    c4:e1:bf:66:46:b4:69:fb:73:bd:34:94:f9:e0:c4:
                    92:9e:d1:97:28:19:26:71:ac:34:0a:2f:0a:be:89:
                    68:47:bb:20:d9:97:40:c5:a9:d1:fe:6a:cb:2e:91:
                    1f:2c:8c:fa:31:4d:aa:3f:2a:00:70:6e:a4:aa:7e:
                    a8:b6:bc:e5:2d:03:d6:f6:07:53:13:f1:6c:e8:df:
                    5a:6d:1c:f6:c5:4f:83:a4:ff:37:0c:4d:e6:e1:2f:
                    d9:10:85:61:1a:ba:27:f5:80:8b:93:c8:18:1c:19:
                    83:d9:7f:0c:a4:98:90:64:df:d2:3a:b5:38:86:63:
                    a4:7c:94:d7:3f:f8:36:98:91:67:36:76:24:26:dd:
                    87:00:8d:40:99:09:fb:30:91:86:2e:46:58:4d:97:
                    a3:5a:fa:7d:ed:fd:6a:d1:04:e4:1d:1b:19:2e:39:
                    8a:5e:a5:9f:2b:fa:12:b6:68:ea:ac:79:6f:a3:1f:
                    fa:91:b3:b5:74:63:e2:91:73:10:28:20:a6:05:6e:
                    df:1e:fd:71:63:2f:81:c0:31:d1:f8:ea:03:a8:30:
                    06:60:42:24:47:62:2e:66:e3:44:87:a9:54:25:5b:
                    39:68:e9:9d:01:88:37:39:bc:31:ad:20:08:f7:15:
                    ad:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:DC:AE:B6:30:71:C0:EB:E1:F2:C2:40:B7:6A:7F:F9:D9:75:35:D7
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/atyutjBxwOvh8sJAt2p_-dl1Ndc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.28.0/22
                  45.15.64.0/22
                  45.67.117.0/24
                  45.88.124.0/22
                  45.140.32.0/22
                  45.150.180.0/22
                  80.94.80.0/23
                  91.242.70.0-91.242.75.255
                  91.242.81.0/24
                  91.242.103.0/24
                  91.242.107.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  194.56.152.0/23
                  194.242.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:24:ca:c3:13:22:9a:fa:0f:47:c8:94:f3:7e:d8:5a:22:5e:
         de:c5:d3:73:9e:58:a2:a3:c5:43:02:cb:57:ae:53:03:ce:85:
         45:36:6a:e9:8a:a0:f0:70:82:7c:a8:be:87:8a:5b:b7:74:34:
         e8:0c:75:37:39:b7:3e:67:74:98:c8:3a:5e:0c:ab:36:a2:7b:
         c2:43:d6:1b:2e:fb:71:a1:69:e5:15:b8:9c:7f:46:3b:3f:2d:
         67:0d:d8:4e:2c:ec:e8:e5:b3:77:97:fd:28:1f:d8:90:e8:36:
         25:ba:ee:20:c1:92:33:df:2a:b1:22:e8:1f:40:a4:67:73:14:
         45:7e:31:b9:aa:5d:43:58:0c:78:12:ab:a8:8a:60:ce:10:c0:
         7d:a8:89:29:ff:f8:24:b5:d8:5d:6f:91:e9:1b:90:a4:49:72:
         4e:57:e7:9f:96:25:70:8a:9c:7a:ca:87:85:e6:99:64:ce:fc:
         17:8f:2f:72:99:66:67:83:3e:ff:16:4a:23:d3:d3:1c:4b:04:
         ff:13:13:f7:b9:e6:89:eb:1b:8b:3c:8c:74:77:a4:f7:64:58:
         66:63:4a:48:df:74:27:90:f4:fb:21:34:5f:93:4c:83:bc:db:
         58:50:87:58:3c:cd:5b:3c:dc:9a:8d:45:76:aa:ce:fc:89:42:
         3f:5c:59:5c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYTrtpI5cBugn0I1b2lEWKA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMjA3MDgzMjAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWRjYWViNjMwNzFjMGViZTFmMmMyNDBiNzZhN2ZmOWQ5NzUzNWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8y1ibFQq3qW1i4BeGLE4b9mRrRp
+3O9NJT54MSSntGXKBkmcaw0Ci8KvoloR7sg2ZdAxanR/mrLLpEfLIz6MU2qPyoA
cG6kqn6otrzlLQPW9gdTE/Fs6N9abRz2xU+DpP83DE3m4S/ZEIVhGron9YCLk8gY
HBmD2X8MpJiQZN/SOrU4hmOkfJTXP/g2mJFnNnYkJt2HAI1AmQn7MJGGLkZYTZej
Wvp97f1q0QTkHRsZLjmKXqWfK/oStmjqrHlvox/6kbO1dGPikXMQKCCmBW7fHv1x
Yy+BwDHR+OoDqDAGYEIkR2IuZuNEh6lUJVs5aOmdAYg3ObwxrSAI9xWtBQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFGrcrrYwccDr4fLCQLdqf/nZdTXXMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvYXR5dXRqQnh3T3ZoOHNKQXQycF8tZGwxTmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAgW2HAME
Ai0PQAMEAC1DdQMEAi1YfAMEAi2MIAMEAi2WtAMEAVBeUDAMAwQBW/JGAwQCW/JI
AwQAW/JRAwQAW/JnAwQAW/JrAwQAua33AwQAudQLAwQAwS7TAwQBwjiYAwQBwvIc
MA0GCSqGSIb3DQEBCwUAA4IBAQA6JMrDEyKa+g9HyJTzfthaIl7exdNznliio8VD
AstXrlMDzoVFNmrpiqDwcIJ8qL6Hilu3dDToDHU3Obc+Z3SYyDpeDKs2onvCQ9Yb
LvtxoWnlFbicf0Y7Py1nDdhOLOzo5bN3l/0oH9iQ6DYluu4gwZIz3yqxIugfQKRn
cxRFfjG5ql1DWAx4EquoimDOEMB9qIkp//gktdhdb5HpG5CkSXJOV+efliVwipx6
yoeF5plkzvwXjy9ymWZngz7/Fkoj09McSwT/ExP3ueaJ6xuLPIx0d6T3ZFhmY0pI
33QnkPT7ITRfk0yDvNtYUIdYPM1bPNyajUV2qs78iUI/XFlc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org