Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/d9A5EJcduXtD3yjB1lKmcc-JdRM.roa
File:                     d9A5EJcduXtD3yjB1lKmcc-JdRM.roa (raw, json)
Hash identifier:          ir6NI+JhVb8KM672a0roX9KpppKFJ0bPBzlEu185uNc=
Subject key identifier:   77:D0:39:10:97:1D:B9:7B:43:DF:28:C1:D6:52:A6:71:CF:89:75:13
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0189E5094B8A82B1AB4DA2620DF9D8BEAFF4
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/d9A5EJcduXtD3yjB1lKmcc-JdRM.roa
Signing time:             Fri 11 Aug 2023 14:38:58 +0000
ROA not before:           Fri 11 Aug 2023 14:38:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        89.39.242.0/24 maxlen: 24
                          194.56.152.0/23 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          86.104.19.0/24 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          195.138.103.0/24 maxlen: 24
                          195.138.104.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e5:09:4b:8a:82:b1:ab:4d:a2:62:0d:f9:d8:be:af:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug 11 14:38:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77d03910971db97b43df28c1d652a671cf897513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ff:26:bc:49:e7:8b:a8:6e:75:10:29:83:5c:
                    b0:1c:b0:a3:ca:d6:50:00:00:fa:b0:c9:12:23:11:
                    b8:e3:ee:09:c8:28:fb:4d:7a:d7:23:80:06:b7:3c:
                    31:4e:53:55:11:68:49:c9:e8:ea:50:87:76:64:81:
                    1e:03:d3:22:bf:49:59:db:5c:8f:8d:cf:9c:73:59:
                    bb:5e:50:4f:35:c5:b5:4a:5b:51:cb:f9:aa:a8:25:
                    a4:49:58:39:79:d0:85:0e:1b:92:e5:02:1b:4a:b3:
                    80:c9:e2:1a:41:2c:88:4a:d0:9d:9d:da:cf:74:2c:
                    67:ea:d3:f4:19:9a:6d:14:cd:32:73:6d:bc:9e:d2:
                    a6:29:bc:cb:30:38:6a:f8:39:87:3f:49:ed:b1:4b:
                    1d:04:16:ef:bb:08:97:fd:31:e7:01:b6:94:bb:9c:
                    0a:f3:59:2d:33:27:55:c2:d6:db:37:89:86:a8:a2:
                    12:24:9a:59:61:5e:2c:5b:66:96:38:b7:5f:2e:ad:
                    30:4b:db:38:3d:3f:20:eb:7c:99:a2:3e:2e:cb:15:
                    1a:fc:29:31:0f:38:dd:7e:84:69:af:5e:a5:d1:84:
                    c2:8f:c2:23:40:0e:40:e6:fe:04:f4:4d:c1:f5:73:
                    04:0d:93:db:2d:56:42:18:ba:ff:c7:8a:40:10:7a:
                    a9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D0:39:10:97:1D:B9:7B:43:DF:28:C1:D6:52:A6:71:CF:89:75:13
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/d9A5EJcduXtD3yjB1lKmcc-JdRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.64.0/22
                  45.67.117.0/24
                  80.94.80.0/23
                  86.104.19.0/24
                  89.39.242.0/24
                  89.40.161.0/24
                  91.242.70.0-91.242.75.255
                  91.242.103.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  194.56.152.0/23
                  194.213.10.0/24
                  194.242.28.0/23
                  195.138.103.0-195.138.106.255

    Signature Algorithm: sha256WithRSAEncryption
         9f:00:62:6f:34:3e:e5:e3:af:32:9d:7c:86:46:27:b9:9c:d3:
         8d:d6:9f:c7:5d:05:2c:2f:10:72:e6:ed:9d:73:dd:2d:dd:81:
         64:98:64:30:11:5a:42:b2:fe:7a:ef:9f:91:b9:14:09:4c:16:
         52:9e:41:1a:8a:d0:8a:ef:e8:92:90:e8:9b:f9:2d:55:f2:e4:
         c2:5b:81:50:7f:ab:f6:57:ab:b5:45:bd:3e:61:fb:a2:6e:b5:
         15:44:18:c5:4d:be:d3:e0:d6:5b:e7:56:be:8d:7d:19:01:2e:
         7b:7e:3c:96:21:49:23:3c:48:5e:9e:6f:d9:37:5b:15:28:94:
         2b:7f:82:6a:5e:34:96:dc:9a:6b:48:11:85:c3:85:0c:15:d6:
         ab:50:2b:fd:96:b0:52:e9:e4:1c:c5:c6:5f:08:b1:5e:cb:ee:
         6d:a4:b8:71:8f:62:ce:23:01:0a:cd:84:e8:b9:0e:6c:0d:c0:
         b5:3c:82:ea:f5:18:e4:fd:a3:b3:92:f4:b5:5a:65:f8:dd:0f:
         22:bd:5e:a7:ba:b9:37:8b:52:aa:ca:d0:cc:12:6a:07:b3:00:
         4f:c7:f0:ef:83:a6:0e:ae:5d:42:22:42:85:d8:43:2b:52:4f:
         8f:3b:6c:1b:2c:21:a9:0e:ba:fe:f6:3e:9d:0a:1c:ce:86:0e:
         fa:07:18:16
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYnlCUuKgrGrTaJiDfnYvq/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwODExMTQzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2QwMzkxMDk3MWRiOTdiNDNkZjI4YzFkNjUyYTY3MWNmODk3NTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv8mvEnni6hudRApg1ywHLCjytZQ
AAD6sMkSIxG44+4JyCj7TXrXI4AGtzwxTlNVEWhJyejqUId2ZIEeA9Miv0lZ21yP
jc+cc1m7XlBPNcW1SltRy/mqqCWkSVg5edCFDhuS5QIbSrOAyeIaQSyIStCdndrP
dCxn6tP0GZptFM0yc228ntKmKbzLMDhq+DmHP0ntsUsdBBbvuwiX/THnAbaUu5wK
81ktMydVwtbbN4mGqKISJJpZYV4sW2aWOLdfLq0wS9s4PT8g63yZoj4uyxUa/Ckx
DzjdfoRpr16l0YTCj8IjQA5A5v4E9E3B9XMEDZPbLVZCGLr/x4pAEHqpFwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFHfQORCXHbl7Q98owdZSpnHPiXUTMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvZDlBNUVKY2R1WHREM3lqQjFsS21jYy1KZFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAi0P
QAMEAC1DdQMEAVBeUAMEAFZoEwMEAFkn8gMEAFkooTAMAwQBW/JGAwQCW/JIAwQA
W/JnAwQAXufGAwQAsH7fAwQAuShpAwQAua33AwQAudQLAwQAwS7TAwQBwjiYAwQA
wtUKAwQBwvIcMAwDBADDimcDBADDimowDQYJKoZIhvcNAQELBQADggEBAJ8AYm80
PuXjrzKdfIZGJ7mc043Wn8ddBSwvEHLm7Z1z3S3dgWSYZDARWkKy/nrvn5G5FAlM
FlKeQRqK0Irv6JKQ6Jv5LVXy5MJbgVB/q/ZXq7VFvT5h+6JutRVEGMVNvtPg1lvn
Vr6NfRkBLnt+PJYhSSM8SF6eb9k3WxUolCt/gmpeNJbcmmtIEYXDhQwV1qtQK/2W
sFLp5BzFxl8IsV7L7m2kuHGPYs4jAQrNhOi5DmwNwLU8gur1GOT9o7OS9LVaZfjd
DyK9Xqe6uTeLUqrK0MwSagezAE/H8O+Dpg6uXUIiQoXYQytST487bBssIakOuv72
Pp0KHM6GDvoHGBY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org