Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/iAx1DI5yBKR89OXfLADz96O1ZlQ.roa
File:                     iAx1DI5yBKR89OXfLADz96O1ZlQ.roa (raw, json)
Hash identifier:          1AQWu7tQtZVDuNTQqbs+qgJcREcRV5RSIi1n1ET6Y5w=
Subject key identifier:   88:0C:75:0C:8E:72:04:A4:7C:F4:E5:DF:2C:00:F3:F7:A3:B5:66:54
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01854ED5F072815FFB48DC7FC1AC45356F97
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/iAx1DI5yBKR89OXfLADz96O1ZlQ.roa
Signing time:             Mon 26 Dec 2022 14:28:41 +0000
ROA not before:           Mon 26 Dec 2022 14:28:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        45.88.124.0/22 maxlen: 22
                          194.56.152.0/23 maxlen: 24
                          91.242.81.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.107.0/24 maxlen: 24
                          45.89.44.0/22 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          5.182.28.0/22 maxlen: 22
                          45.140.32.0/22 maxlen: 22
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          80.94.80.0/24 maxlen: 24
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          45.150.180.0/22 maxlen: 22
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:4e:d5:f0:72:81:5f:fb:48:dc:7f:c1:ac:45:35:6f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Dec 26 14:28:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=880c750c8e7204a47cf4e5df2c00f3f7a3b56654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b6:ee:c6:4f:55:8c:d6:74:4c:ca:04:c3:fa:
                    3b:38:f9:be:60:38:28:3f:a5:83:81:3b:58:c7:6b:
                    41:b8:af:c3:ad:72:06:3a:e1:80:3e:22:6c:cc:68:
                    51:57:31:7d:6b:7f:a5:14:15:41:8a:0e:51:fe:25:
                    e9:b9:56:f1:2c:43:0d:80:21:cd:0c:b7:e3:fb:a9:
                    8d:07:38:4f:4e:ec:09:8d:15:82:ca:20:9d:0b:2d:
                    d5:3d:f2:e2:4a:35:db:28:1e:11:cb:22:bd:fe:26:
                    8f:e1:51:f9:73:62:1d:fc:f0:2f:55:ed:c3:1e:07:
                    71:4d:4c:5b:63:58:d8:79:24:83:fd:3b:c2:0e:6b:
                    56:ce:23:85:92:1d:3e:cc:58:3a:1a:33:f2:ae:db:
                    77:33:bf:ea:bb:bb:e6:f8:e1:cf:04:e0:3f:9f:d0:
                    05:28:c4:47:19:c4:a2:30:cf:8b:e1:08:32:8b:e6:
                    a2:06:f2:32:a9:6a:03:2a:cb:0a:1c:ae:42:8d:72:
                    e1:0f:eb:84:66:bc:ab:d5:1c:ed:70:67:5e:bd:9e:
                    31:d4:ea:0d:f8:19:a6:ac:59:c5:17:fa:94:ca:21:
                    29:04:fd:18:67:ac:b7:82:34:43:c6:ee:93:e7:4d:
                    f8:9b:fd:a9:76:c9:35:92:c1:79:e1:58:f4:ab:b9:
                    c9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:0C:75:0C:8E:72:04:A4:7C:F4:E5:DF:2C:00:F3:F7:A3:B5:66:54
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/iAx1DI5yBKR89OXfLADz96O1ZlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.28.0/22
                  45.15.64.0/22
                  45.67.117.0/24
                  45.88.124.0/22
                  45.89.44.0/22
                  45.140.32.0/22
                  45.150.180.0/22
                  80.94.80.0/23
                  91.242.70.0-91.242.75.255
                  91.242.81.0/24
                  91.242.103.0/24
                  91.242.107.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  194.56.152.0/23
                  194.213.10.0/24
                  194.242.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:f6:95:cf:3e:2d:b5:5b:0a:98:77:87:63:4f:bd:79:4f:ee:
         35:9a:48:ba:b7:fc:1e:92:e3:85:3a:a5:50:a5:7d:a9:c4:b0:
         57:c9:8e:a4:11:b8:58:e8:da:04:1a:b2:ba:ee:d3:0c:f3:0c:
         9a:99:7f:d2:df:12:cc:16:ed:ba:0f:9b:53:71:1c:21:5d:68:
         50:0e:85:d5:88:7e:df:ff:65:5e:30:69:18:c6:c7:13:b9:e9:
         7c:ac:94:6d:2b:84:3b:b3:4e:28:d9:79:35:f5:07:7d:b1:fe:
         0a:08:94:fb:91:d8:9a:37:80:8f:83:01:b6:ac:0e:f9:6d:d1:
         76:42:3e:9f:c6:6e:f1:05:74:07:71:45:d6:56:81:5a:ed:06:
         51:74:4a:03:03:22:8d:63:44:36:0b:e5:a7:4f:9d:9e:f4:b1:
         52:18:ae:32:81:4f:20:8d:63:f8:aa:10:9f:44:69:0f:05:84:
         df:c3:43:48:fa:bb:c0:58:d4:3b:c5:80:6a:05:53:42:6f:d3:
         06:c0:2b:4c:ac:fb:23:51:9d:99:12:f4:55:ef:1b:4f:d3:f1:
         41:73:10:49:a2:70:fc:27:8c:77:29:c2:e8:61:9c:9b:5c:fc:
         81:f7:5c:28:e8:8b:63:1e:cc:91:18:79:62:15:da:28:96:05:
         03:51:5c:9d
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYVO1fBygV/7SNx/waxFNW+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMjI2MTQyODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODBjNzUwYzhlNzIwNGE0N2NmNGU1ZGYyYzAwZjNmN2EzYjU2NjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7buxk9VjNZ0TMoEw/o7OPm+YDgo
P6WDgTtYx2tBuK/DrXIGOuGAPiJszGhRVzF9a3+lFBVBig5R/iXpuVbxLEMNgCHN
DLfj+6mNBzhPTuwJjRWCyiCdCy3VPfLiSjXbKB4RyyK9/iaP4VH5c2Id/PAvVe3D
HgdxTUxbY1jYeSSD/TvCDmtWziOFkh0+zFg6GjPyrtt3M7/qu7vm+OHPBOA/n9AF
KMRHGcSiMM+L4Qgyi+aiBvIyqWoDKssKHK5CjXLhD+uEZryr1RztcGdevZ4x1OoN
+BmmrFnFF/qUyiEpBP0YZ6y3gjRDxu6T5034m/2pdsk1ksF54Vj0q7nJgQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFIgMdQyOcgSkfPTl3ywA8/ejtWZUMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaUF4MURJNXlCS1I4OU9YZkxBRHo5Nk8xWmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAgW2HAME
Ai0PQAMEAC1DdQMEAi1YfAMEAi1ZLAMEAi2MIAMEAi2WtAMEAVBeUDAMAwQBW/JG
AwQCW/JIAwQAW/JRAwQAW/JnAwQAW/JrAwQAua33AwQAudQLAwQAwS7TAwQBwjiY
AwQAwtUKAwQBwvIcMA0GCSqGSIb3DQEBCwUAA4IBAQCr9pXPPi21WwqYd4djT715
T+41mki6t/wekuOFOqVQpX2pxLBXyY6kEbhY6NoEGrK67tMM8wyamX/S3xLMFu26
D5tTcRwhXWhQDoXViH7f/2VeMGkYxscTuel8rJRtK4Q7s04o2Xk19Qd9sf4KCJT7
kdiaN4CPgwG2rA75bdF2Qj6fxm7xBXQHcUXWVoFa7QZRdEoDAyKNY0Q2C+WnT52e
9LFSGK4ygU8gjWP4qhCfRGkPBYTfw0NI+rvAWNQ7xYBqBVNCb9MGwCtMrPsjUZ2Z
EvRV7xtP0/FBcxBJonD8J4x3KcLoYZybXPyB91wo6ItjHsyRGHliFdoolgUDUVyd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org