Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mCNOcI-GYCGy1DH02MoQKLOTfg4.roa
File:                     mCNOcI-GYCGy1DH02MoQKLOTfg4.roa (raw, json)
Hash identifier:          Ilew91aRd8A+UsPZlqLdy6ZJBZUdDp7/+YoehVpY7CY=
Subject key identifier:   98:23:4E:70:8F:86:60:21:B2:D4:31:F4:D8:CA:10:28:B3:93:7E:0E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018A8A75CC7837EF9D0306D5AEFC46001ED2
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mCNOcI-GYCGy1DH02MoQKLOTfg4.roa
Signing time:             Tue 12 Sep 2023 17:34:50 +0000
ROA not before:           Tue 12 Sep 2023 17:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.255.99.0/24 maxlen: 24
                          89.39.242.0/24 maxlen: 24
                          194.56.152.0/23 maxlen: 24
                          185.243.140.0/22 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          195.149.127.0/24 maxlen: 24
                          86.104.19.0/24 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          45.149.160.0/22 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          195.138.103.0/24 maxlen: 24
                          195.138.104.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          185.15.136.0/23 maxlen: 24
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          194.180.238.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          89.32.126.0/24 maxlen: 24
                          92.118.108.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:8a:75:cc:78:37:ef:9d:03:06:d5:ae:fc:46:00:1e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Sep 12 17:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=98234e708f866021b2d431f4d8ca1028b3937e0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9e:d4:ba:a1:c7:08:ac:e9:c3:8d:24:40:77:
                    59:c2:7e:37:81:27:da:78:47:83:5c:c3:ce:5d:73:
                    f3:28:8d:7c:a2:d4:60:ab:d3:e1:0b:94:30:72:04:
                    1f:57:47:98:e8:43:42:b8:bf:1b:59:0b:be:2b:a5:
                    10:9b:2e:47:36:42:2e:53:d4:61:8f:a7:ba:72:c9:
                    9c:57:80:ba:b6:58:6f:11:ca:e1:95:49:95:33:a8:
                    74:5f:1a:51:98:78:ca:1c:bf:4a:e9:44:d5:d8:46:
                    f0:8b:59:9f:f7:cb:2e:15:97:3d:b6:bd:00:a7:c2:
                    be:61:ed:d8:cc:9e:e2:98:37:2b:01:3e:14:3e:ed:
                    50:8e:c1:42:49:ef:61:17:70:12:01:10:64:07:8f:
                    ee:43:2d:f1:34:d0:2c:2f:80:0f:a1:ce:04:ad:a0:
                    62:f8:14:7a:3e:1f:9e:a8:b4:5b:05:09:90:c8:da:
                    8f:b3:30:70:65:fe:b7:4d:cf:1d:33:52:c6:4c:ac:
                    95:4f:69:f4:a9:d9:d2:bf:41:ac:ad:68:38:30:1f:
                    0b:bf:0e:53:8f:af:9c:c2:5a:de:5b:6d:76:9b:2e:
                    0e:2a:eb:2b:54:ce:ff:b0:45:a8:4b:74:1f:b4:d4:
                    ca:a9:17:42:ac:84:44:1e:e0:87:b1:65:24:c5:ab:
                    2a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:23:4E:70:8F:86:60:21:B2:D4:31:F4:D8:CA:10:28:B3:93:7E:0E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mCNOcI-GYCGy1DH02MoQKLOTfg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.64.0/22
                  45.67.117.0/24
                  45.149.160.0/22
                  80.94.80.0/23
                  86.104.19.0/24
                  89.32.126.0/24
                  89.39.242.0/24
                  89.40.161.0/24
                  91.242.70.0-91.242.73.255
                  91.242.75.0/24
                  91.242.103.0/24
                  92.118.108.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.15.136.0/23
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  185.243.140.0/22
                  185.255.99.0/24
                  193.46.211.0/24
                  194.56.152.0/23
                  194.180.238.0/24
                  194.213.10.0/24
                  194.242.28.0/23
                  195.138.103.0-195.138.106.255
                  195.149.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:63:71:f8:7a:27:a8:97:27:31:94:2d:c4:45:58:f2:4b:a7:
         3c:51:ca:06:70:ff:59:cc:eb:4a:86:31:2b:c1:37:b5:19:8b:
         20:97:27:0f:99:f4:2d:9f:5d:92:cb:aa:b6:f9:2b:87:e1:55:
         72:81:50:7e:4c:9d:5b:66:cb:1e:a8:8d:da:9c:ae:3e:4e:79:
         ab:8a:64:18:d5:01:0a:46:0e:72:b1:40:3b:0f:1d:5b:d3:e8:
         25:8c:c7:58:c8:da:c2:9d:b7:b2:6e:bd:6f:59:33:5f:69:0f:
         7f:80:05:0d:25:72:57:74:1a:cf:7a:bf:eb:55:a3:8f:b2:8e:
         a7:db:b0:dc:01:66:96:a5:39:cd:ce:0f:a9:b3:45:f4:4f:82:
         96:73:22:d4:b7:0d:3a:35:66:38:35:92:11:e7:4f:c8:b2:4e:
         a1:9c:9e:08:db:b3:45:34:64:6d:b3:38:48:fb:cd:b5:70:85:
         7d:94:b2:3c:7d:9b:f9:fd:a3:fb:f8:0d:51:19:15:24:34:a6:
         35:a2:18:0f:3f:ae:bf:36:66:87:a4:dd:4e:01:79:9a:91:e3:
         bc:9a:ea:e5:c4:c1:54:f3:92:04:e8:88:ae:4a:5c:db:c7:3a:
         8a:0f:d1:51:34:3d:c8:a6:e7:15:33:13:e2:e8:31:0d:3f:d5:
         00:ef:bd:50
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAYqKdcx4N++dAwbVrvxGAB7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwOTEyMTczNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODIzNGU3MDhmODY2MDIxYjJkNDMxZjRkOGNhMTAyOGIzOTM3ZTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ7UuqHHCKzpw40kQHdZwn43gSfa
eEeDXMPOXXPzKI18otRgq9PhC5QwcgQfV0eY6ENCuL8bWQu+K6UQmy5HNkIuU9Rh
j6e6csmcV4C6tlhvEcrhlUmVM6h0XxpRmHjKHL9K6UTV2Ebwi1mf98suFZc9tr0A
p8K+Ye3YzJ7imDcrAT4UPu1QjsFCSe9hF3ASARBkB4/uQy3xNNAsL4APoc4EraBi
+BR6Ph+eqLRbBQmQyNqPszBwZf63Tc8dM1LGTKyVT2n0qdnSv0GsrWg4MB8Lvw5T
j6+cwlreW212my4OKusrVM7/sEWoS3QftNTKqRdCrIREHuCHsWUkxasq0QIDAQAB
o4ICujCCArYwHQYDVR0OBBYEFJgjTnCPhmAhstQx9NjKECizk34OMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvbUNOT2NJLUdZQ0d5MURIMDJNb1FLTE9UZmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHPBggrBgEFBQcBBwEB/wSBvzCBvDCBuQQCAAEwgbIDBAIt
D0ADBAAtQ3UDBAItlaADBAFQXlADBABWaBMDBABZIH4DBABZJ/IDBABZKKEwDAME
AVvyRgMEAVvySAMEAFvySwMEAFvyZwMEAFx2bAMEAF7nxgMEALB+3wMEAbkPiAME
ALkoaQMEALmt9wMEALnUCwMEArnzjAMEALn/YwMEAMEu0wMEAcI4mAMEAMK07gME
AMLVCgMEAcLyHDAMAwQAw4pnAwQAw4pqAwQAw5V/MA0GCSqGSIb3DQEBCwUAA4IB
AQBSY3H4eieolycxlC3ERVjyS6c8UcoGcP9ZzOtKhjErwTe1GYsglycPmfQtn12S
y6q2+SuH4VVygVB+TJ1bZsseqI3anK4+TnmrimQY1QEKRg5ysUA7Dx1b0+gljMdY
yNrCnbeybr1vWTNfaQ9/gAUNJXJXdBrPer/rVaOPso6n27DcAWaWpTnNzg+ps0X0
T4KWcyLUtw06NWY4NZIR50/Isk6hnJ4I27NFNGRtszhI+821cIV9lLI8fZv5/aP7
+A1RGRUkNKY1ohgPP66/NmaHpN1OAXmakeO8murlxMFU85IE6IiuSlzbxzqKD9FR
ND3IpucVMxPi6DENP9UA771Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:27 2024 by rpki-client on console-ams.rpki-client.org