Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vx7330RWiSw-VzEr6QQkdJj-U7Q.roa
File:                     vx7330RWiSw-VzEr6QQkdJj-U7Q.roa (raw, json)
Hash identifier:          suGZVu0CKgvo69uhICYjDyWZ2Zba+LiqZTJgVkdVh9U=
Subject key identifier:   BF:1E:F7:DF:44:56:89:2C:3E:57:31:2B:E9:04:24:74:98:FE:53:B4
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018C7C5099F2953F1560613D921D5A8743C7
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vx7330RWiSw-VzEr6QQkdJj-U7Q.roa
Signing time:             Mon 18 Dec 2023 09:45:06 +0000
ROA not before:           Mon 18 Dec 2023 09:45:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        45.67.117.0/24 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          194.56.153.0/24 maxlen: 24
                          185.212.11.0/24 maxlen: 24
                          194.180.238.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.213.10.0/24 maxlen: 24
                          194.242.28.0/23 maxlen: 24
                          185.173.247.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24
                          91.242.71.0/24 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.75.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7c:50:99:f2:95:3f:15:60:61:3d:92:1d:5a:87:43:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Dec 18 09:45:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf1ef7df4456892c3e57312be904247498fe53b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:09:b5:21:37:91:7f:34:ff:09:f3:29:e9:b9:
                    06:2c:66:b1:ce:eb:17:de:c4:38:df:56:fc:17:9d:
                    47:85:a6:0f:03:d3:4f:29:c7:3b:71:af:50:58:09:
                    a6:b8:2c:b2:60:74:a0:22:9b:30:63:8e:10:63:84:
                    91:46:7c:dc:06:0d:e0:89:83:11:ce:79:bd:bb:67:
                    49:38:80:d1:d7:78:1e:cf:0b:f3:16:82:bf:f0:46:
                    29:1e:89:61:f2:b3:cb:94:45:4f:d6:5b:86:a9:20:
                    18:ec:25:24:36:d1:f6:c2:c9:44:e4:22:a5:72:64:
                    d5:66:6d:58:0e:f3:6a:85:33:df:bc:25:5c:00:df:
                    f0:1d:81:53:11:74:bb:65:a8:4c:8c:59:e8:4c:0d:
                    13:27:81:28:a5:f9:37:3f:d6:b2:53:45:1a:09:05:
                    13:06:fa:3d:1b:cf:fd:6d:69:d7:1f:49:04:ca:43:
                    5c:f5:34:f8:99:7a:5b:bd:b3:92:30:0b:53:d2:63:
                    cf:5d:a0:a1:0f:0e:fb:f2:f5:77:ff:4d:be:d9:c3:
                    8d:60:b8:9c:9a:f3:ba:19:4d:d3:f9:7b:20:fa:13:
                    17:82:32:aa:59:29:ce:39:80:95:53:4a:e3:13:19:
                    73:42:3f:8d:d9:51:80:1c:33:54:9c:48:7b:a2:e7:
                    94:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:1E:F7:DF:44:56:89:2C:3E:57:31:2B:E9:04:24:74:98:FE:53:B4
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/vx7330RWiSw-VzEr6QQkdJj-U7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.117.0/24
                  91.242.71.0-91.242.73.255
                  91.242.75.0/24
                  91.242.103.0/24
                  94.231.198.0/24
                  176.126.223.0/24
                  185.40.105.0/24
                  185.173.247.0/24
                  185.212.11.0/24
                  194.56.153.0/24
                  194.180.238.0/24
                  194.213.10.0/24
                  194.242.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:45:f5:c4:0a:d9:b7:14:2c:0c:af:79:2d:28:53:54:ed:86:
         1d:f7:33:e8:b2:5c:3f:5f:18:08:80:d1:d5:35:b5:7c:ca:c2:
         08:d1:1b:85:82:33:03:4f:b8:14:eb:5e:8a:cf:ed:4d:47:d4:
         e2:39:cc:07:89:78:6f:8a:c6:cc:76:86:4d:43:d0:48:bc:b9:
         cc:5e:c7:fb:d1:c7:e6:5a:65:1b:e1:70:a4:a0:ab:20:e5:e9:
         ee:12:7c:ce:f5:e9:62:b2:15:19:ad:e3:68:ff:8a:90:61:b8:
         f3:1d:bd:d4:31:95:bc:dd:f4:0d:56:40:96:85:5b:f3:b8:ac:
         b3:f8:47:96:b5:36:c7:ba:8d:6e:7c:9d:a9:6d:9a:01:26:91:
         27:ff:54:1c:52:25:0a:11:0b:47:79:de:9c:40:a6:a8:a2:54:
         0c:68:87:07:67:13:a5:10:f0:53:ee:6b:36:d8:d8:b7:25:4d:
         72:b9:80:a0:6a:95:6e:18:b9:cd:df:a8:f8:81:81:4f:4d:db:
         3d:aa:3e:f6:53:29:e8:f4:1f:79:e7:69:2b:2d:9c:72:05:86:
         1b:00:d9:4e:84:4a:ba:13:22:42:37:aa:f8:2b:53:10:c6:06:
         59:76:b7:78:3b:52:67:b6:43:94:85:dc:c4:21:67:24:f5:2c:
         a5:10:6b:50
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYx8UJnylT8VYGE9kh1ah0PHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMjE4MDk0NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjFlZjdkZjQ0NTY4OTJjM2U1NzMxMmJlOTA0MjQ3NDk4ZmU1M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gm1ITeRfzT/CfMp6bkGLGaxzusX
3sQ431b8F51HhaYPA9NPKcc7ca9QWAmmuCyyYHSgIpswY44QY4SRRnzcBg3giYMR
znm9u2dJOIDR13gezwvzFoK/8EYpHolh8rPLlEVP1luGqSAY7CUkNtH2wslE5CKl
cmTVZm1YDvNqhTPfvCVcAN/wHYFTEXS7ZahMjFnoTA0TJ4Eopfk3P9ayU0UaCQUT
Bvo9G8/9bWnXH0kEykNc9TT4mXpbvbOSMAtT0mPPXaChDw778vV3/02+2cONYLic
mvO6GU3T+Xsg+hMXgjKqWSnOOYCVU0rjExlzQj+N2VGAHDNUnEh7oueUqQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFL8e999EVoksPlcxK+kEJHSY/lO0MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvdng3MzMwUldpU3ctVnpFcjZRUWtkSmotVTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALUN1MAwD
BABb8kcDBAFb8kgDBABb8ksDBABb8mcDBABe58YDBACwft8DBAC5KGkDBAC5rfcD
BAC51AsDBADCOJkDBADCtO4DBADC1QoDBAHC8hwwDQYJKoZIhvcNAQELBQADggEB
AB1F9cQK2bcULAyveS0oU1Tthh33M+iyXD9fGAiA0dU1tXzKwgjRG4WCMwNPuBTr
XorP7U1H1OI5zAeJeG+Kxsx2hk1D0Ei8ucxex/vRx+ZaZRvhcKSgqyDl6e4SfM71
6WKyFRmt42j/ipBhuPMdvdQxlbzd9A1WQJaFW/O4rLP4R5a1Nse6jW58naltmgEm
kSf/VBxSJQoRC0d53pxApqiiVAxohwdnE6UQ8FPuazbY2LclTXK5gKBqlW4Yuc3f
qPiBgU9N2z2qPvZTKej0H3nnaSstnHIFhhsA2U6ESroTIkI3qvgrUxDGBll2t3g7
Ume2Q5SF3MQhZyT1LKUQa1A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org