Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/ftVL_8Wx2wt-lJAyytd5H2uwXqs.roa
File:                     ftVL_8Wx2wt-lJAyytd5H2uwXqs.roa (raw, json)
Hash identifier:          F70j20QvQfEMFywNgwGwuttEiey0jbG8Zu292otejVI=
Subject key identifier:   7E:D5:4B:FF:C5:B1:DB:0B:7E:94:90:32:CA:D7:79:1F:6B:B0:5E:AB
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       1043F74B
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/ftVL_8Wx2wt-lJAyytd5H2uwXqs.roa
Signing time:             Wed 02 Mar 2022 13:12:22 +0000
ROA not before:           Wed 02 Mar 2022 13:12:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8220
IP address blocks:        212.36.128.0/18 maxlen: 18
                          62.23.0.0/16 maxlen: 16
                          62.23.14.0/24 maxlen: 24
                          212.36.144.0/20 maxlen: 20
                          62.23.23.0/24 maxlen: 24
                          80.80.0.0/19 maxlen: 19
                          46.248.128.0/19 maxlen: 19
                          212.161.0.0/17 maxlen: 17
                          84.16.160.0/19 maxlen: 19
                          193.188.132.0/23 maxlen: 23
                          213.215.128.0/17 maxlen: 17
                          213.208.192.0/18 maxlen: 18
                          212.36.160.0/20 maxlen: 20
                          62.97.64.0/18 maxlen: 18
                          62.23.43.0/24 maxlen: 24
                          157.120.224.0/21 maxlen: 21
                          157.120.236.0/22 maxlen: 22
                          212.36.184.0/21 maxlen: 21
                          62.23.61.0/24 maxlen: 24
                          62.23.70.0/24 maxlen: 24
                          157.120.240.0/20 maxlen: 20
                          193.116.128.0/18 maxlen: 18
                          212.35.96.0/19 maxlen: 19
                          62.96.0.0/16 maxlen: 16
                          213.86.0.0/16 maxlen: 16
                          87.241.0.0/18 maxlen: 18
                          213.173.160.0/19 maxlen: 19
                          213.164.0.0/19 maxlen: 19
                          193.93.80.0/22 maxlen: 22
                          80.251.160.0/19 maxlen: 19
                          195.110.64.0/19 maxlen: 19
                          212.123.192.0/18 maxlen: 18
                          27.110.0.0/20 maxlen: 20
                          217.110.0.0/15 maxlen: 15
                          27.110.16.0/22 maxlen: 22
                          212.203.64.0/18 maxlen: 18
                          193.82.0.0/18 maxlen: 18
                          212.78.160.0/19 maxlen: 19
                          194.223.128.0/19 maxlen: 19
                          213.246.192.0/18 maxlen: 18
                          85.88.128.0/19 maxlen: 19
                          195.68.74.0/24 maxlen: 24
                          193.118.224.0/19 maxlen: 19
                          78.143.0.0/18 maxlen: 18
                          212.31.224.0/19 maxlen: 19
                          217.173.96.0/20 maxlen: 20
                          82.112.192.0/19 maxlen: 19
                          62.72.96.0/19 maxlen: 19
                          57.133.0.0/16 maxlen: 16
                          78.156.64.0/19 maxlen: 19
                          212.74.79.0/24 maxlen: 24
                          212.121.128.0/19 maxlen: 19
                          212.23.224.0/19 maxlen: 19
                          213.185.160.0/19 maxlen: 19
                          212.0.96.0/19 maxlen: 19
                          213.61.0.0/16 maxlen: 16
                          62.192.0.0/19 maxlen: 19
                          193.114.160.0/19 maxlen: 19
                          212.74.64.0/24 maxlen: 24
                          212.74.64.0/19 maxlen: 19
                          212.74.77.0/24 maxlen: 24
                          212.74.78.0/24 maxlen: 24
                          195.68.0.0/17 maxlen: 17
                          84.14.63.0/24 maxlen: 24
                          62.152.96.0/19 maxlen: 19
                          213.229.128.0/18 maxlen: 18
                          118.67.224.0/19 maxlen: 19
                          62.84.192.0/19 maxlen: 19
                          84.14.0.0/16 maxlen: 16
                          213.27.128.0/17 maxlen: 17
                          213.41.0.0/17 maxlen: 17
                          80.169.0.0/16 maxlen: 16
                          2001:921::/32 maxlen: 32
                          2001:926::/32 maxlen: 32
                          2001:924::/32 maxlen: 32
                          2001:925::/32 maxlen: 32
                          2001:920::/29 maxlen: 29
                          2001:920::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 272889675 (0x1043f74b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Mar  2 13:12:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7ed54bffc5b1db0b7e949032cad7791f6bb05eab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:09:69:54:8d:95:ff:37:5e:0f:21:79:5d:19:
                    85:f6:22:2d:dc:28:25:9f:fd:c0:5e:e1:e7:5c:80:
                    1d:82:13:79:28:41:1c:2e:a6:70:45:d0:c7:07:72:
                    25:a9:ec:2b:bd:1a:1f:44:3b:15:17:59:d1:56:8a:
                    3d:f6:ed:e7:6a:33:6f:fc:b3:8d:b6:41:05:73:ae:
                    68:98:f4:49:39:96:5a:11:e7:38:fa:6b:13:34:28:
                    d4:8f:c7:d6:cb:e7:74:a9:ea:6a:03:19:69:1b:d8:
                    cd:c0:c2:80:ed:01:57:ea:c6:a6:b9:d1:cc:dc:33:
                    3a:99:4a:cf:19:e0:8e:9c:8d:d1:b1:7e:ea:35:f8:
                    c3:0f:e4:ee:31:72:67:0f:a9:2a:21:cc:ad:59:d4:
                    08:fe:a5:de:cd:69:57:d3:c1:00:4c:84:16:d1:9b:
                    b8:48:75:ac:bd:64:84:8d:da:33:36:2e:ff:cd:9b:
                    7d:8a:50:ad:0c:8d:fb:71:80:dc:74:dc:62:b2:77:
                    19:07:e6:04:39:61:3e:4e:dd:09:5f:99:0f:7a:4f:
                    20:5e:01:09:1a:6a:57:08:2c:23:03:09:e0:1b:3c:
                    43:0f:6b:84:95:b2:30:d6:39:a2:10:54:59:7e:40:
                    6e:18:e5:c1:ef:b4:64:3b:e3:dc:c3:9b:ed:ee:68:
                    7e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D5:4B:FF:C5:B1:DB:0B:7E:94:90:32:CA:D7:79:1F:6B:B0:5E:AB
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/ftVL_8Wx2wt-lJAyytd5H2uwXqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.110.0.0-27.110.19.255
                  46.248.128.0/19
                  57.133.0.0/16
                  62.23.0.0/16
                  62.72.96.0/19
                  62.84.192.0/19
                  62.96.0.0/16
                  62.97.64.0/18
                  62.152.96.0/19
                  62.192.0.0/19
                  78.143.0.0/18
                  78.156.64.0/19
                  80.80.0.0/19
                  80.169.0.0/16
                  80.251.160.0/19
                  82.112.192.0/19
                  84.14.0.0/16
                  84.16.160.0/19
                  85.88.128.0/19
                  87.241.0.0/18
                  118.67.224.0/19
                  157.120.224.0/21
                  157.120.236.0-157.120.255.255
                  193.82.0.0/18
                  193.93.80.0/22
                  193.114.160.0/19
                  193.116.128.0/18
                  193.118.224.0/19
                  193.188.132.0/23
                  194.223.128.0/19
                  195.68.0.0/17
                  195.110.64.0/19
                  212.0.96.0/19
                  212.23.224.0/19
                  212.31.224.0/19
                  212.35.96.0/19
                  212.36.128.0/18
                  212.74.64.0/19
                  212.78.160.0/19
                  212.121.128.0/19
                  212.123.192.0/18
                  212.161.0.0/17
                  212.203.64.0/18
                  213.27.128.0/17
                  213.41.0.0/17
                  213.61.0.0/16
                  213.86.0.0/16
                  213.164.0.0/19
                  213.173.160.0/19
                  213.185.160.0/19
                  213.208.192.0/18
                  213.215.128.0/17
                  213.229.128.0/18
                  213.246.192.0/18
                  217.110.0.0/15
                  217.173.96.0/20
                IPv6:
                  2001:920::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:fe:31:6c:41:80:26:1d:ee:8d:a2:22:9a:6e:a0:a6:b3:46:
         e9:37:aa:6f:b9:91:84:78:ea:f2:08:58:cf:ab:4d:9c:c8:2e:
         94:47:fe:27:10:d3:c0:0f:42:b2:63:24:4d:66:17:63:d6:48:
         2f:d4:09:5d:53:5a:f8:6f:71:fe:ee:f4:68:92:e4:1a:37:2b:
         b3:ad:c2:0f:30:d5:e1:a2:26:ff:bd:22:0e:d9:62:e8:d0:3e:
         1f:17:79:3e:bd:bb:69:53:ec:a3:6c:91:7c:48:ae:4b:bb:24:
         95:40:4a:5c:f6:89:ee:19:61:0c:43:be:61:38:e4:ad:aa:c4:
         27:2d:ab:52:9a:51:8d:39:19:9e:8b:d3:97:9d:cd:73:fd:3a:
         d7:b2:f9:da:71:93:dd:ed:ee:a2:fe:52:e2:fb:df:c8:66:dc:
         4a:e4:b2:8e:81:4c:3b:e4:0c:ab:bb:b1:4b:31:d2:e0:b1:2a:
         86:df:0a:da:58:b3:2e:72:5f:61:56:98:55:f8:17:8c:09:5a:
         d2:1f:3b:2c:bc:1e:34:11:84:33:fb:64:e2:2c:f7:fe:45:79:
         d2:e4:5d:00:51:1c:7d:b9:b5:bd:a7:94:b7:31:a8:a3:31:7d:
         5f:94:dc:13:5e:e4:33:0d:02:f7:77:bb:ee:b4:6d:97:ab:c3:
         d5:c0:8d:c2
-----BEGIN CERTIFICATE-----
MIIGWDCCBUCgAwIBAgIEEEP3SzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
Y2Y4ZmZjMDg4NTkxZTRmMjQzYmFhZmEyMWI0Mjk4YmZiMzY2MDI2MB4XDTIyMDMw
MjEzMTIyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2VkNTRiZmZjNWIx
ZGIwYjdlOTQ5MDMyY2FkNzc5MWY2YmIwNWVhYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMMJaVSNlf83Xg8heV0ZhfYiLdwoJZ/9wF7h51yAHYITeShB
HC6mcEXQxwdyJansK70aH0Q7FRdZ0VaKPfbt52ozb/yzjbZBBXOuaJj0STmWWhHn
OPprEzQo1I/H1svndKnqagMZaRvYzcDCgO0BV+rGprnRzNwzOplKzxngjpyN0bF+
6jX4ww/k7jFyZw+pKiHMrVnUCP6l3s1pV9PBAEyEFtGbuEh1rL1khI3aMzYu/82b
fYpQrQyN+3GA3HTcYrJ3GQfmBDlhPk7dCV+ZD3pPIF4BCRpqVwgsIwMJ4Bs8Qw9r
hJWyMNY5ohBUWX5Abhjlwe+0ZDvj3MOb7e5oft8CAwEAAaOCA3IwggNuMB0GA1Ud
DgQWBBR+1Uv/xbHbC36UkDLK13kfa7BeqzAfBgNVHSMEGDAWgBRM+P/AiFkeTyQ7
qvohtCmL+zZgJjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RQal93SWhaSGs4a082cjZJYlFwaV9zMllDWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvYTBhMzljLWJlMDMtNDdiYi1iZGIzLWIzYjc4YjBiNjZlYS8x
L2Z0VkxfOFd4Mnd0LWxKQXl5dGQ1SDJ1d1hxcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
YTBhMzljLWJlMDMtNDdiYi1iZGIzLWIzYjc4YjBiNjZlYS8xL1RQal93SWhaSGs4
a082cjZJYlFwaV9zMllDWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AYYGCCsGAQUFBwEHAQH/BIIBdTCCAXEwggFeBAIAATCCAVYwCwMDARtuAwQCG24Q
AwQFLviAAwMAOYUDAwA+FwMEBT5IYAMEBT5UwAMDAD5gAwQGPmFAAwQFPphgAwQF
PsAAAwQGTo8AAwQFTpxAAwQFUFAAAwMAUKkDBAVQ+6ADBAVScMADAwBUDgMEBVQQ
oAMEBVVYgAMEBlfxAAMEBXZD4AMEA5144DALAwQCnXjsAwMAnXgDBAbBUgADBALB
XVADBAXBcqADBAbBdIADBAXBduADBAHBvIQDBAXC34ADBAfDRAADBAXDbkADBAXU
AGADBAXUF+ADBAXUH+ADBAXUI2ADBAbUJIADBAXUSkADBAXUTqADBAXUeYADBAbU
e8ADBAfUoQADBAbUy0ADBAfVG4ADBAfVKQADAwDVPQMDANVWAwQF1aQAAwQF1a2g
AwQF1bmgAwQG1dDAAwQH1deAAwQG1eWAAwQG1fbAAwMB2W4DBATZrWAwDQQCAAIw
BwMFAyABCSAwDQYJKoZIhvcNAQELBQADggEBACf+MWxBgCYd7o2iIppuoKazRuk3
qm+5kYR46vIIWM+rTZzILpRH/icQ08APQrJjJE1mF2PWSC/UCV1TWvhvcf7u9GiS
5Bo3K7Otwg8w1eGiJv+9Ig7ZYujQPh8XeT69u2lT7KNskXxIrku7JJVASlz2ie4Z
YQxDvmE45K2qxCctq1KaUY05GZ6L05edzXP9Otey+dpxk93t7qL+UuL738hm3Erk
so6BTDvkDKu7sUsx0uCxKobfCtpYsy5yX2FWmFX4F4wJWtIfOyy8HjQRhDP7ZOIs
9/5FedLkXQBRHH25tb2nlLcxqKMxfV+U3BNe5DMNAvd3u+60bZerw9XAjcI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org