Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mc7c2347KvXlVgjMbJPMVdHlc7k.roa
File:                     mc7c2347KvXlVgjMbJPMVdHlc7k.roa (raw, json)
Hash identifier:          55aE6/V3pK4aI9JQPPP/VS91TRZpYDKhKAQ3WBPASuQ=
Subject key identifier:   99:CE:DC:DB:7E:3B:2A:F5:E5:56:08:CC:6C:93:CC:55:D1:E5:73:B9
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0185655BEEBC2BDD1FA264CB991194426A03
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mc7c2347KvXlVgjMbJPMVdHlc7k.roa
Signing time:             Fri 30 Dec 2022 23:26:41 +0000
ROA not before:           Fri 30 Dec 2022 23:26:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        89.39.242.0/24 maxlen: 24
                          45.88.124.0/22 maxlen: 22
                          194.56.152.0/23 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          91.242.81.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.107.0/24 maxlen: 24
                          45.89.44.0/22 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          86.104.19.0/24 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          193.203.127.0/24 maxlen: 24
                          89.40.35.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          5.182.28.0/22 maxlen: 22
                          89.40.161.0/24 maxlen: 24
                          86.104.192.0/24 maxlen: 24
                          45.140.32.0/22 maxlen: 22
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          91.239.59.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          45.150.180.0/22 maxlen: 22
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:65:5b:ee:bc:2b:dd:1f:a2:64:cb:99:11:94:42:6a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Dec 30 23:26:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=99cedcdb7e3b2af5e55608cc6c93cc55d1e573b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b7:46:b0:7c:31:1f:a4:06:38:92:21:14:6d:
                    97:04:9a:f6:77:3c:80:dd:64:15:62:86:b2:69:de:
                    43:df:5c:ed:ae:68:f9:9d:71:aa:28:7c:7e:c6:0a:
                    72:f8:86:55:4e:8f:b5:55:12:49:f7:a8:88:38:83:
                    c5:d9:0d:34:ca:0a:2d:1c:f5:6c:fb:82:2a:41:12:
                    76:ce:7b:47:38:ce:39:4d:50:c4:4c:aa:f6:61:43:
                    fc:10:20:88:69:dc:1b:78:b3:58:3b:5a:32:50:ff:
                    aa:5e:e2:75:53:0a:d7:4e:b8:26:37:d1:b0:4a:b3:
                    51:44:75:94:51:dc:0f:91:a5:b4:d7:03:5c:25:b1:
                    d7:e1:83:ee:fd:e9:73:3f:98:f4:c5:63:e7:a8:6a:
                    32:70:f7:35:c7:b0:20:d4:ca:18:c5:a3:1c:15:0d:
                    58:1c:c2:97:15:e3:14:93:34:6d:e8:fe:d7:f3:cd:
                    45:9f:78:8d:a3:33:1c:a8:02:05:11:91:07:89:a5:
                    5a:8c:8c:0e:a4:fd:7d:fb:0b:46:25:58:bb:f5:cb:
                    fd:17:d8:24:34:48:4d:63:f7:18:d0:13:96:56:68:
                    0e:f0:ef:64:75:ac:9c:af:2c:97:7a:0d:38:fd:f9:
                    63:d0:0b:90:3a:e9:48:5d:de:39:6b:1e:9d:a2:67:
                    b8:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CE:DC:DB:7E:3B:2A:F5:E5:56:08:CC:6C:93:CC:55:D1:E5:73:B9
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mc7c2347KvXlVgjMbJPMVdHlc7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.28.0/22
                  45.15.64.0/22
                  45.67.117.0/24
                  45.88.124.0/22
                  45.89.44.0/22
                  45.140.32.0/22
                  45.150.180.0/22
                  80.94.80.0/23
                  86.104.19.0/24
                  86.104.192.0/24
                  89.39.242.0/24
                  89.40.35.0/24
                  89.40.161.0/24
                  91.239.59.0/24
                  91.242.70.0-91.242.75.255
                  91.242.81.0/24
                  91.242.103.0/24
                  91.242.107.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  193.203.127.0/24
                  194.56.152.0/23
                  194.213.10.0/24
                  194.242.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:3f:ac:c5:5a:54:f5:d7:31:81:04:ce:59:24:97:6a:45:d9:
         b6:af:0a:66:27:63:2c:27:4c:50:40:2b:3a:80:c2:73:f4:5d:
         62:89:e5:51:a1:9e:bf:d4:5d:73:99:6e:8b:2f:1a:51:75:71:
         79:44:e5:62:90:64:26:49:ad:06:59:07:3a:b7:be:68:8d:2c:
         0c:79:0c:bb:cc:96:fe:54:55:c1:cf:df:8e:1f:0b:90:2a:ec:
         1a:58:10:75:85:8e:5d:51:d0:a1:63:d0:2b:f2:a9:d9:04:ac:
         2d:8f:5c:78:34:c5:d2:c5:dc:75:49:03:3a:32:e2:ec:f6:be:
         0e:63:3e:19:9f:da:94:8f:ad:02:3a:b6:99:f9:d5:c1:b1:9c:
         b5:35:9c:7d:5a:c5:24:cf:8a:d2:02:67:2b:bb:51:80:56:5d:
         4b:3b:55:eb:5e:b5:a7:fa:e3:4b:b8:5c:32:d7:dd:bb:40:d8:
         18:f5:0f:db:b6:b7:30:87:26:20:a7:e0:bc:79:1a:5b:e4:ce:
         b8:d8:f0:6d:a7:8b:16:fc:4d:2a:d2:18:7f:91:10:fd:04:a7:
         c6:9c:b9:86:ed:62:d1:64:b9:16:74:ee:47:40:a5:70:e3:2d:
         d2:ab:7e:ca:aa:bf:6a:c2:00:df:60:89:c9:95:fb:1b:2e:a6:
         32:bc:b6:62
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYVlW+68K90fomTLmRGUQmoDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMjMwMjMyNjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWNlZGNkYjdlM2IyYWY1ZTU1NjA4Y2M2YzkzY2M1NWQxZTU3M2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrdGsHwxH6QGOJIhFG2XBJr2dzyA
3WQVYoayad5D31ztrmj5nXGqKHx+xgpy+IZVTo+1VRJJ96iIOIPF2Q00ygotHPVs
+4IqQRJ2zntHOM45TVDETKr2YUP8ECCIadwbeLNYO1oyUP+qXuJ1UwrXTrgmN9Gw
SrNRRHWUUdwPkaW01wNcJbHX4YPu/elzP5j0xWPnqGoycPc1x7Ag1MoYxaMcFQ1Y
HMKXFeMUkzRt6P7X881Fn3iNozMcqAIFEZEHiaVajIwOpP19+wtGJVi79cv9F9gk
NEhNY/cY0BOWVmgO8O9kdaycryyXeg04/flj0AuQOulIXd45ax6dome4OwIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFJnO3Nt+Oyr15VYIzGyTzFXR5XO5MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvbWM3YzIzNDdLdlhsVmdqTWJKUE1WZEhsYzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBAIF
thwDBAItD0ADBAAtQ3UDBAItWHwDBAItWSwDBAItjCADBAItlrQDBAFQXlADBABW
aBMDBABWaMADBABZJ/IDBABZKCMDBABZKKEDBABb7zswDAMEAVvyRgMEAlvySAME
AFvyUQMEAFvyZwMEAFvyawMEAF7nxgMEALB+3wMEALkoaQMEALmt9wMEALnUCwME
AMEu0wMEAMHLfwMEAcI4mAMEAMLVCgMEAcLyHDANBgkqhkiG9w0BAQsFAAOCAQEA
nz+sxVpU9dcxgQTOWSSXakXZtq8KZidjLCdMUEArOoDCc/RdYonlUaGev9Rdc5lu
iy8aUXVxeUTlYpBkJkmtBlkHOre+aI0sDHkMu8yW/lRVwc/fjh8LkCrsGlgQdYWO
XVHQoWPQK/Kp2QSsLY9ceDTF0sXcdUkDOjLi7Pa+DmM+GZ/alI+tAjq2mfnVwbGc
tTWcfVrFJM+K0gJnK7tRgFZdSztV6161p/rjS7hcMtfdu0DYGPUP27a3MIcmIKfg
vHkaW+TOuNjwbaeLFvxNKtIYf5EQ/QSnxpy5hu1i0WS5FnTuR0ClcOMt0qt+yqq/
asIA32CJyZX7Gy6mMry2Yg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:27 2024 by rpki-client on console-ams.rpki-client.org