Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vHkI6XYXyzWjaR0fSnVMijl9kIA.roa
File:                     vHkI6XYXyzWjaR0fSnVMijl9kIA.roa (raw, json)
Hash identifier:          MWMtEl5X33htaxlpsRNuvKgWtqs3ndLVbMDXe4Y0+Bs=
Subject key identifier:   BC:79:08:E9:76:17:CB:35:A3:69:1D:1F:4A:75:4C:8A:39:7D:90:80
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018974312D62E32A01C4557E24B1858589B3
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vHkI6XYXyzWjaR0fSnVMijl9kIA.roa
Signing time:             Thu 20 Jul 2023 16:45:27 +0000
ROA not before:           Thu 20 Jul 2023 16:45:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        89.39.242.0/24 maxlen: 24
                          194.56.152.0/23 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          45.89.44.0/24 maxlen: 24
                          45.89.46.0/24 maxlen: 24
                          45.89.47.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          86.104.19.0/24 maxlen: 24
                          193.46.211.0/24 maxlen: 24
                          193.203.127.0/24 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          195.138.103.0/24 maxlen: 24
                          195.138.104.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          80.94.81.0/24 maxlen: 24
                          80.94.80.0/24 maxlen: 24
                          80.94.80.0/23 maxlen: 23
                          45.67.117.0/24 maxlen: 24
                          45.15.64.0/24 maxlen: 24
                          91.239.59.0/24 maxlen: 24
                          45.15.64.0/22 maxlen: 22
                          45.15.66.0/24 maxlen: 24
                          45.15.67.0/24 maxlen: 24
                          45.15.65.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:31:2d:62:e3:2a:01:c4:55:7e:24:b1:85:85:89:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul 20 16:45:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bc7908e97617cb35a3691d1f4a754c8a397d9080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c0:ec:a6:c3:b2:8f:cf:0b:1e:d0:3e:a3:f4:
                    ce:80:3d:d8:c4:9e:a8:07:f8:96:79:cb:7d:80:b9:
                    ac:fd:1f:03:51:b6:a2:f8:f4:06:69:e9:6f:b6:c7:
                    7e:2b:e6:04:da:52:ef:0e:aa:8a:c4:da:5d:c1:40:
                    37:64:1d:7e:92:de:5a:db:eb:f0:e9:fc:bf:8d:d0:
                    47:46:7b:b5:60:79:93:2b:e6:4b:c7:00:f2:0c:c5:
                    41:09:b3:0b:65:e4:d3:32:ee:6b:8a:3c:1c:c5:cb:
                    6d:54:d4:2b:78:bd:a0:4c:fa:93:ed:d8:5d:fe:0c:
                    54:dd:ed:f6:f1:e7:ad:c1:05:16:af:72:6f:42:e6:
                    36:7e:42:6b:1d:76:36:ba:f3:f3:26:66:d1:e1:8c:
                    84:03:12:b5:e7:7f:f6:62:f2:46:7b:ad:25:6b:d7:
                    c5:98:9b:56:21:63:b4:ba:d8:c4:97:7c:b8:54:fe:
                    79:dc:10:f6:28:0a:66:4f:66:cc:6d:7d:a9:e1:37:
                    d1:94:f6:fe:13:ee:9e:ec:1e:4a:07:d9:b9:c8:8f:
                    48:11:37:c9:d3:7d:ec:55:9d:d7:58:14:a2:86:44:
                    11:85:06:a2:22:09:a6:bc:c0:e9:98:9a:91:db:71:
                    28:da:80:1b:9a:4a:69:1f:92:63:b1:3c:ed:af:f7:
                    63:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:79:08:E9:76:17:CB:35:A3:69:1D:1F:4A:75:4C:8A:39:7D:90:80
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vHkI6XYXyzWjaR0fSnVMijl9kIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.64.0/22
                  45.67.117.0/24
                  45.89.44.0/24
                  45.89.46.0/23
                  80.94.80.0/23
                  86.104.19.0/24
                  89.39.242.0/24
                  89.40.161.0/24
                  91.239.59.0/24
                  91.242.70.0-91.242.75.255
                  91.242.103.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  193.46.211.0/24
                  193.203.127.0/24
                  194.56.152.0/23
                  194.213.10.0/24
                  194.242.28.0/23
                  195.138.103.0-195.138.106.255

    Signature Algorithm: sha256WithRSAEncryption
         66:f2:8c:95:0f:a4:38:bd:12:24:68:c1:f7:fb:33:86:07:72:
         b4:66:ed:cd:1e:22:d4:31:d0:12:b9:7c:02:8e:a6:60:c4:2f:
         e4:83:70:19:ff:6a:dc:6c:bc:bb:f6:d5:a1:5d:56:ca:cb:55:
         dc:69:d8:3f:36:29:3d:dc:24:93:c6:15:f4:59:49:0c:53:d9:
         23:5a:7d:eb:d1:df:1c:82:2e:5f:c9:32:1a:10:e2:2c:68:fd:
         e7:23:ea:62:61:1b:82:38:cc:6b:8a:4a:ae:9b:45:8b:0c:7d:
         6e:6d:fb:8f:da:a8:ad:a1:7b:ed:28:1c:b7:4d:3d:14:6e:15:
         df:43:d3:3a:05:e3:e6:30:82:b4:f1:dc:8f:8a:3a:9e:bf:3e:
         10:49:e1:5e:27:60:a9:d2:6f:c3:1d:b9:c0:bf:cc:fe:71:a8:
         df:28:18:c3:26:4a:74:aa:de:42:91:6a:b6:1c:76:4f:2e:5f:
         eb:0e:31:aa:e3:15:81:c8:f5:5c:af:e8:59:8f:cf:24:a3:52:
         c7:4a:04:ea:3c:d3:00:ad:cf:cf:89:5c:ee:49:d2:ca:7e:d2:
         e7:83:a1:91:f8:87:70:ee:46:a2:ea:94:8b:61:10:41:17:68:
         fe:38:b6:08:5c:e0:1d:94:28:94:55:cb:d1:a8:4e:a5:a6:d7:
         9d:b0:18:8e
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAYl0MS1i4yoBxFV+JLGFhYmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNzIwMTY0NTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzc5MDhlOTc2MTdjYjM1YTM2OTFkMWY0YTc1NGM4YTM5N2Q5MDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcDspsOyj88LHtA+o/TOgD3YxJ6o
B/iWect9gLms/R8DUbai+PQGaelvtsd+K+YE2lLvDqqKxNpdwUA3ZB1+kt5a2+vw
6fy/jdBHRnu1YHmTK+ZLxwDyDMVBCbMLZeTTMu5rijwcxcttVNQreL2gTPqT7dhd
/gxU3e328eetwQUWr3JvQuY2fkJrHXY2uvPzJmbR4YyEAxK153/2YvJGe60la9fF
mJtWIWO0utjEl3y4VP553BD2KApmT2bMbX2p4TfRlPb+E+6e7B5KB9m5yI9IETfJ
033sVZ3XWBSihkQRhQaiIgmmvMDpmJqR23Eo2oAbmkppH5JjsTztr/djQwIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFLx5COl2F8s1o2kdH0p1TIo5fZCAMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvdkhrSTZYWVh5eldqYVIwZlNuVk1pamw5a0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjCBmwQCAAEwgZQDBAIt
D0ADBAAtQ3UDBAAtWSwDBAEtWS4DBAFQXlADBABWaBMDBABZJ/IDBABZKKEDBABb
7zswDAMEAVvyRgMEAlvySAMEAFvyZwMEAF7nxgMEALB+3wMEALkoaQMEALmt9wME
ALnUCwMEAMEu0wMEAMHLfwMEAcI4mAMEAMLVCgMEAcLyHDAMAwQAw4pnAwQAw4pq
MA0GCSqGSIb3DQEBCwUAA4IBAQBm8oyVD6Q4vRIkaMH3+zOGB3K0Zu3NHiLUMdAS
uXwCjqZgxC/kg3AZ/2rcbLy79tWhXVbKy1Xcadg/Nik93CSTxhX0WUkMU9kjWn3r
0d8cgi5fyTIaEOIsaP3nI+piYRuCOMxrikqum0WLDH1ubfuP2qitoXvtKBy3TT0U
bhXfQ9M6BePmMIK08dyPijqevz4QSeFeJ2Cp0m/DHbnAv8z+cajfKBjDJkp0qt5C
kWq2HHZPLl/rDjGq4xWByPVcr+hZj88ko1LHSgTqPNMArc/PiVzuSdLKftLng6GR
+Idw7kai6pSLYRBBF2j+OLYIXOAdlCiUVcvRqE6lptedsBiO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org