Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/bvRxpAERMo5dwfDtYK2CJijISAw.roa
File:                     bvRxpAERMo5dwfDtYK2CJijISAw.roa (raw, json)
Hash identifier:          SrurAYtpaF85eqXylXoX94a+XEEIOT5CyFmU0r1bKIg=
Subject key identifier:   6E:F4:71:A4:01:11:32:8E:5D:C1:F0:ED:60:AD:82:26:28:C8:48:0C
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       01849F8BE71CD9C4D98D7300C2FE23A2D78F
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/bvRxpAERMo5dwfDtYK2CJijISAw.roa
Signing time:             Tue 22 Nov 2022 13:34:16 +0000
ROA not before:           Tue 22 Nov 2022 13:34:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8220
IP address blocks:        212.36.128.0/18 maxlen: 18
                          62.23.0.0/16 maxlen: 16
                          62.23.14.0/24 maxlen: 24
                          212.36.144.0/20 maxlen: 20
                          62.23.23.0/24 maxlen: 24
                          80.80.0.0/19 maxlen: 19
                          46.248.128.0/19 maxlen: 19
                          212.161.0.0/17 maxlen: 17
                          136.225.0.0/16 maxlen: 16
                          84.16.160.0/19 maxlen: 19
                          193.188.132.0/23 maxlen: 23
                          213.215.128.0/17 maxlen: 17
                          213.208.192.0/18 maxlen: 18
                          62.97.64.0/18 maxlen: 18
                          212.36.160.0/20 maxlen: 20
                          62.23.43.0/24 maxlen: 24
                          157.120.224.0/21 maxlen: 21
                          157.120.236.0/22 maxlen: 22
                          212.36.184.0/21 maxlen: 21
                          62.23.61.0/24 maxlen: 24
                          62.23.70.0/24 maxlen: 24
                          157.120.240.0/20 maxlen: 20
                          193.116.128.0/18 maxlen: 18
                          212.35.96.0/19 maxlen: 19
                          62.96.0.0/16 maxlen: 16
                          213.86.0.0/16 maxlen: 16
                          87.241.0.0/18 maxlen: 18
                          213.173.160.0/19 maxlen: 19
                          213.164.0.0/19 maxlen: 19
                          193.93.80.0/22 maxlen: 22
                          80.251.160.0/19 maxlen: 19
                          195.110.64.0/19 maxlen: 19
                          212.123.192.0/18 maxlen: 18
                          217.110.0.0/15 maxlen: 15
                          212.203.64.0/18 maxlen: 18
                          212.78.160.0/19 maxlen: 19
                          194.223.128.0/21 maxlen: 21
                          194.223.136.0/22 maxlen: 22
                          213.246.192.0/18 maxlen: 18
                          85.88.128.0/19 maxlen: 19
                          195.68.74.0/24 maxlen: 24
                          193.118.224.0/19 maxlen: 19
                          78.143.0.0/18 maxlen: 18
                          212.31.224.0/19 maxlen: 19
                          217.173.96.0/20 maxlen: 20
                          82.112.192.0/19 maxlen: 19
                          62.72.96.0/19 maxlen: 19
                          57.133.0.0/16 maxlen: 16
                          78.156.64.0/19 maxlen: 19
                          193.82.32.0/19 maxlen: 19
                          212.74.79.0/24 maxlen: 24
                          212.121.128.0/19 maxlen: 19
                          212.23.224.0/19 maxlen: 19
                          213.185.160.0/19 maxlen: 19
                          212.0.96.0/19 maxlen: 19
                          213.61.0.0/16 maxlen: 16
                          62.192.0.0/19 maxlen: 19
                          193.114.160.0/19 maxlen: 19
                          212.74.64.0/24 maxlen: 24
                          212.74.64.0/19 maxlen: 19
                          212.74.77.0/24 maxlen: 24
                          212.74.78.0/24 maxlen: 24
                          195.68.0.0/17 maxlen: 17
                          84.14.63.0/24 maxlen: 24
                          62.152.96.0/19 maxlen: 19
                          213.229.128.0/18 maxlen: 18
                          118.67.224.0/19 maxlen: 19
                          62.84.192.0/19 maxlen: 19
                          84.14.0.0/16 maxlen: 16
                          213.27.128.0/17 maxlen: 17
                          213.41.0.0/17 maxlen: 17
                          80.169.0.0/16 maxlen: 16
                          2001:921::/32 maxlen: 32
                          2001:926::/32 maxlen: 32
                          2001:924::/32 maxlen: 32
                          2001:925::/32 maxlen: 32
                          2001:920::/29 maxlen: 29
                          2001:920::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:8b:e7:1c:d9:c4:d9:8d:73:00:c2:fe:23:a2:d7:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Nov 22 13:34:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6ef471a40111328e5dc1f0ed60ad822628c8480c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:31:2d:19:65:24:61:1c:a5:d0:4b:ba:cd:9e:
                    73:2a:de:ce:78:05:72:0c:48:6c:43:22:a9:ee:c9:
                    e3:da:d9:b9:6f:81:6a:04:64:69:fb:9e:1b:7c:4c:
                    21:12:cf:ca:89:ae:c8:6f:7e:8a:63:42:59:a3:a0:
                    10:0f:c6:77:17:7c:a7:78:a4:00:c9:7e:fd:92:37:
                    18:81:98:ed:f3:c9:c6:54:9d:1d:4d:39:f6:95:f4:
                    a7:5c:b7:f2:81:2e:dc:24:99:cd:c6:f3:5f:6f:ed:
                    a5:53:de:cd:92:e5:85:a3:e4:10:ae:fe:ea:af:d1:
                    fc:a0:2f:51:11:bd:a1:d3:96:c0:33:f4:a3:2e:de:
                    2e:11:7b:a9:ba:8e:d7:41:8f:55:df:9a:63:d1:ea:
                    42:fe:71:6c:16:41:67:cf:03:6b:06:33:fe:d1:40:
                    c5:c4:e2:ea:08:e9:d3:2b:29:00:d2:08:aa:22:4b:
                    6e:4e:57:3a:f5:8a:40:ad:bd:a9:13:72:d9:32:24:
                    35:2d:de:19:c3:2e:96:f9:9a:29:50:b6:81:9c:e4:
                    1f:1c:97:f0:07:2a:7b:4d:e0:39:b6:f9:ec:9d:03:
                    5c:34:04:06:29:34:82:ca:e3:50:39:8b:20:e2:a6:
                    24:04:0b:fb:ea:c8:e6:ce:bd:c2:91:4e:2f:5d:6d:
                    58:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:F4:71:A4:01:11:32:8E:5D:C1:F0:ED:60:AD:82:26:28:C8:48:0C
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/bvRxpAERMo5dwfDtYK2CJijISAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.248.128.0/19
                  57.133.0.0/16
                  62.23.0.0/16
                  62.72.96.0/19
                  62.84.192.0/19
                  62.96.0.0/16
                  62.97.64.0/18
                  62.152.96.0/19
                  62.192.0.0/19
                  78.143.0.0/18
                  78.156.64.0/19
                  80.80.0.0/19
                  80.169.0.0/16
                  80.251.160.0/19
                  82.112.192.0/19
                  84.14.0.0/16
                  84.16.160.0/19
                  85.88.128.0/19
                  87.241.0.0/18
                  118.67.224.0/19
                  136.225.0.0/16
                  157.120.224.0/21
                  157.120.236.0-157.120.255.255
                  193.82.32.0/19
                  193.93.80.0/22
                  193.114.160.0/19
                  193.116.128.0/18
                  193.118.224.0/19
                  193.188.132.0/23
                  194.223.128.0-194.223.139.255
                  195.68.0.0/17
                  195.110.64.0/19
                  212.0.96.0/19
                  212.23.224.0/19
                  212.31.224.0/19
                  212.35.96.0/19
                  212.36.128.0/18
                  212.74.64.0/19
                  212.78.160.0/19
                  212.121.128.0/19
                  212.123.192.0/18
                  212.161.0.0/17
                  212.203.64.0/18
                  213.27.128.0/17
                  213.41.0.0/17
                  213.61.0.0/16
                  213.86.0.0/16
                  213.164.0.0/19
                  213.173.160.0/19
                  213.185.160.0/19
                  213.208.192.0/18
                  213.215.128.0/17
                  213.229.128.0/18
                  213.246.192.0/18
                  217.110.0.0/15
                  217.173.96.0/20
                IPv6:
                  2001:920::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:53:54:6e:43:35:26:33:ea:34:33:e5:c6:3d:9a:37:8b:d1:
         c4:25:59:91:b0:91:ee:ee:fe:aa:f5:60:4c:33:1f:c2:d6:ca:
         0f:bd:df:13:f5:40:a8:23:74:fa:09:cc:4c:c1:5b:4f:33:c7:
         9c:90:e2:b3:f1:b8:55:08:43:6a:c9:d0:24:27:66:ac:1f:df:
         74:4a:92:2e:33:70:74:52:1a:9f:a3:b8:17:9e:ff:c5:10:ef:
         d8:91:34:12:24:c4:58:34:1a:11:10:87:47:98:6f:a8:47:a7:
         ce:ff:21:6e:5a:54:02:92:f9:35:87:d7:b0:4e:8d:45:58:06:
         30:c2:b0:af:54:bf:3b:bd:6d:8c:0b:09:1b:d0:63:14:22:f8:
         74:ee:62:ec:f0:b7:37:57:42:26:b3:f5:21:1f:e7:90:3e:05:
         16:23:9c:f7:c3:31:08:f5:04:8a:60:aa:32:83:f7:dd:62:9e:
         90:08:dd:57:3e:a4:db:26:3b:1c:37:ed:71:18:09:e4:7c:d9:
         2f:0d:26:72:60:4a:21:69:8d:a0:ee:e0:30:fe:c6:ad:b1:86:
         23:a4:67:65:8b:a7:6e:fd:9e:d1:45:6e:2a:1c:03:42:ef:21:
         33:8b:41:5b:85:76:aa:7f:94:05:ce:da:2a:db:28:02:9a:50:
         5e:04:99:be
-----BEGIN CERTIFICATE-----
MIIGZjCCBU6gAwIBAgISAYSfi+cc2cTZjXMAwv4jotePMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjIxMTIyMTMzNDE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWY0NzFhNDAxMTEzMjhlNWRjMWYwZWQ2MGFkODIyNjI4Yzg0ODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzEtGWUkYRyl0Eu6zZ5zKt7OeAVy
DEhsQyKp7snj2tm5b4FqBGRp+54bfEwhEs/Kia7Ib36KY0JZo6AQD8Z3F3yneKQA
yX79kjcYgZjt88nGVJ0dTTn2lfSnXLfygS7cJJnNxvNfb+2lU97NkuWFo+QQrv7q
r9H8oC9REb2h05bAM/SjLt4uEXupuo7XQY9V35pj0epC/nFsFkFnzwNrBjP+0UDF
xOLqCOnTKykA0giqIktuTlc69YpArb2pE3LZMiQ1Ld4Zwy6W+ZopULaBnOQfHJfw
Byp7TeA5tvnsnQNcNAQGKTSCyuNQOYsg4qYkBAv76sjmzr3CkU4vXW1YOwIDAQAB
o4IDcjCCA24wHQYDVR0OBBYEFG70caQBETKOXcHw7WCtgiYoyEgMMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvYnZSeHBBRVJNbzVkd2ZEdFlLMkNKaWpJU0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBhgYIKwYBBQUHAQcBAf8EggF1MIIBcTCCAV4EAgABMIIB
VgMEBS74gAMDADmFAwMAPhcDBAU+SGADBAU+VMADAwA+YAMEBj5hQAMEBT6YYAME
BT7AAAMEBk6PAAMEBU6cQAMEBVBQAAMDAFCpAwQFUPugAwQFUnDAAwMAVA4DBAVU
EKADBAVVWIADBAZX8QADBAV2Q+ADAwCI4QMEA5144DALAwQCnXjsAwMAnXgDBAXB
UiADBALBXVADBAXBcqADBAbBdIADBAXBduADBAHBvIQwDAMEB8LfgAMEAsLfiAME
B8NEAAMEBcNuQAMEBdQAYAMEBdQX4AMEBdQf4AMEBdQjYAMEBtQkgAMEBdRKQAME
BdROoAMEBdR5gAMEBtR7wAMEB9ShAAMEBtTLQAMEB9UbgAMEB9UpAAMDANU9AwMA
1VYDBAXVpAADBAXVraADBAXVuaADBAbV0MADBAfV14ADBAbV5YADBAbV9sADAwHZ
bgMEBNmtYDANBAIAAjAHAwUDIAEJIDANBgkqhkiG9w0BAQsFAAOCAQEAsVNUbkM1
JjPqNDPlxj2aN4vRxCVZkbCR7u7+qvVgTDMfwtbKD73fE/VAqCN0+gnMTMFbTzPH
nJDis/G4VQhDasnQJCdmrB/fdEqSLjNwdFIan6O4F57/xRDv2JE0EiTEWDQaERCH
R5hvqEenzv8hblpUApL5NYfXsE6NRVgGMMKwr1S/O71tjAsJG9BjFCL4dO5i7PC3
N1dCJrP1IR/nkD4FFiOc98MxCPUEimCqMoP33WKekAjdVz6k2yY7HDftcRgJ5HzZ
Lw0mcmBKIWmNoO7gMP7GrbGGI6RnZYunbv2e0UVuKhwDQu8hM4tBW4V2qn+UBc7a
KtsoAppQXgSZvg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:28 2024 by rpki-client on console-ams.rpki-client.org