Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/cfWEDF30hxQ21LSKYByxeIMxNu0.roa
File:                     cfWEDF30hxQ21LSKYByxeIMxNu0.roa (raw, json)
Hash identifier:          js8nAAK5WEwUA5naJL3IEsDFYdasWD+hPq9WeuNOOmo=
Subject key identifier:   71:F5:84:0C:5D:F4:87:14:36:D4:B4:8A:60:1C:B1:78:83:31:36:ED
Certificate issuer:       /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial:       018BB8F21F4F26DD88873044F8BE7D17DA56
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/cfWEDF30hxQ21LSKYByxeIMxNu0.roa
Signing time:             Fri 10 Nov 2023 11:15:57 +0000
ROA not before:           Fri 10 Nov 2023 11:15:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9105
IP address blocks:        213.208.64.0/18 maxlen: 24
                          193.218.99.0/24 maxlen: 24
                          212.159.128.0/18 maxlen: 24
                          81.178.0.0/15 maxlen: 24
                          195.112.0.0/18 maxlen: 24
                          212.139.0.0/16 maxlen: 24
                          80.40.0.0/13 maxlen: 24
                          212.1.128.0/19 maxlen: 24
                          81.170.0.0/17 maxlen: 24
                          82.133.0.0/17 maxlen: 24
                          88.106.0.0/15 maxlen: 24
                          81.1.64.0/18 maxlen: 24
                          83.67.0.0/16 maxlen: 24
                          84.12.0.0/16 maxlen: 24
                          212.74.96.0/19 maxlen: 24
                          194.247.224.0/19 maxlen: 24
                          79.76.0.0/14 maxlen: 24
                          88.108.0.0/14 maxlen: 24
                          185.175.144.0/22 maxlen: 24
                          194.106.32.0/19 maxlen: 24
                          81.6.192.0/18 maxlen: 24
                          89.168.128.0/17 maxlen: 24
                          81.86.0.0/16 maxlen: 24
                          195.149.0.0/18 maxlen: 24
                          195.137.0.0/17 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b8:f2:1f:4f:26:dd:88:87:30:44:f8:be:7d:17:da:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
        Validity
            Not Before: Nov 10 11:15:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=71f5840c5df4871436d4b48a601cb178833136ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ad:71:90:60:81:15:a2:17:5d:3c:31:d9:42:
                    2b:09:33:b4:d8:72:55:b6:34:eb:e4:3b:1d:ce:80:
                    cf:c2:5e:92:f8:1b:5e:67:e1:8b:d1:ac:16:f0:d2:
                    63:fe:f8:f5:a4:07:95:00:84:e1:a6:51:9b:c1:55:
                    52:8e:48:d1:7c:54:71:8f:6a:b7:1d:d6:84:77:90:
                    8e:42:65:5f:ae:d4:39:d8:d4:56:a2:b2:7a:6c:fc:
                    3d:22:3e:9c:96:33:2d:00:50:74:21:8e:15:5f:9c:
                    29:e6:17:10:53:0b:15:e6:38:bf:6a:64:e9:5e:e8:
                    91:32:22:81:b6:a1:f4:42:27:3b:e4:e4:26:79:6d:
                    5c:65:82:c6:6a:5c:1b:65:13:ec:40:9e:be:f4:ff:
                    51:81:d5:bc:1e:36:3b:a3:34:fb:0a:e4:c7:c0:e4:
                    14:bf:2b:d8:c6:18:ac:ae:1d:08:9e:a8:59:61:37:
                    81:cd:51:6e:d9:2c:9b:76:4f:78:67:8f:06:f8:6a:
                    8f:d4:bb:84:9a:21:cd:b1:f7:e1:83:39:52:ec:69:
                    10:87:8e:44:47:63:1c:ae:b1:57:bb:dd:5b:db:54:
                    a3:f8:e0:79:c1:9f:f9:f3:55:63:84:8e:7b:ba:b3:
                    91:73:64:01:4c:3c:c5:f2:06:41:6c:f2:85:9c:11:
                    23:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F5:84:0C:5D:F4:87:14:36:D4:B4:8A:60:1C:B1:78:83:31:36:ED
            X509v3 Authority Key Identifier:
                keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/cfWEDF30hxQ21LSKYByxeIMxNu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.76.0.0/14
                  80.40.0.0/13
                  81.1.64.0/18
                  81.6.192.0/18
                  81.86.0.0/16
                  81.170.0.0/17
                  81.178.0.0/15
                  82.133.0.0/17
                  83.67.0.0/16
                  84.12.0.0/16
                  88.106.0.0-88.111.255.255
                  89.168.128.0/17
                  185.175.144.0/22
                  193.218.99.0/24
                  194.106.32.0/19
                  194.247.224.0/19
                  195.112.0.0/18
                  195.137.0.0/17
                  195.149.0.0/18
                  212.1.128.0/19
                  212.74.96.0/19
                  212.139.0.0/16
                  212.159.128.0/18
                  213.208.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         78:28:47:8a:59:a9:65:da:d2:d8:2e:d4:73:8b:90:69:24:fe:
         e3:c8:56:67:ed:2d:a3:da:02:a1:f1:3c:c2:bc:c9:29:e7:46:
         00:4c:a1:5f:56:a1:87:4c:92:b3:61:a8:e1:e0:02:14:72:6c:
         68:20:05:5e:ef:35:8b:6f:1a:9d:21:c7:db:c2:59:76:fc:09:
         ec:05:a2:04:a7:1f:b1:c3:19:3b:af:b7:8e:5f:e6:90:41:91:
         77:f5:e7:81:a3:ce:c2:df:1d:7f:cf:d4:5e:35:2c:5c:49:5d:
         b5:23:62:2c:a4:19:5d:14:07:b2:e3:34:e3:b8:e0:e1:47:cd:
         73:65:e6:29:ba:b4:3d:c3:8b:80:d6:f9:47:21:3e:a4:2c:5a:
         22:75:b1:66:d1:89:94:a4:d7:c2:9a:20:d2:70:23:34:3d:1a:
         3f:de:be:a8:12:91:e7:a7:10:03:2d:0d:a0:0c:1d:3f:08:f4:
         cb:de:87:92:77:b8:0b:4e:1c:e1:85:a0:40:bc:d9:05:e0:ec:
         a0:33:d3:7c:9f:f2:87:61:3f:c6:72:76:5c:d4:03:33:26:d1:
         4a:1c:3c:d5:86:1f:ef:86:0c:1e:31:5a:c3:b8:d9:ea:a8:72:
         ff:86:11:88:f9:ec:a4:53:d6:94:d4:85:a6:b7:2f:0b:bc:00:
         2d:35:9c:f6
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgISAYu48h9PJt2IhzBE+L59F9pWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMxMTEwMTExNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWY1ODQwYzVkZjQ4NzE0MzZkNGI0OGE2MDFjYjE3ODgzMzEzNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAga1xkGCBFaIXXTwx2UIrCTO02HJV
tjTr5DsdzoDPwl6S+BteZ+GL0awW8NJj/vj1pAeVAIThplGbwVVSjkjRfFRxj2q3
HdaEd5COQmVfrtQ52NRWorJ6bPw9Ij6cljMtAFB0IY4VX5wp5hcQUwsV5ji/amTp
XuiRMiKBtqH0Qic75OQmeW1cZYLGalwbZRPsQJ6+9P9RgdW8HjY7ozT7CuTHwOQU
vyvYxhisrh0InqhZYTeBzVFu2Sybdk94Z48G+GqP1LuEmiHNsffhgzlS7GkQh45E
R2McrrFXu91b21Sj+OB5wZ/581VjhI57urORc2QBTDzF8gZBbPKFnBEjCwIDAQAB
o4IClzCCApMwHQYDVR0OBBYEFHH1hAxd9IcUNtS0imAcsXiDMTbtMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvY2ZXRURGMzBoeFEyMUxTS1lCeXhlSU14TnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGsBggrBgEFBQcBBwEB/wSBnDCBmTCBlgQCAAEwgY8DAwJP
TAMDA1AoAwQGUQFAAwQGUQbAAwMAUVYDBAdRqgADAwFRsgMEB1KFAAMDAFNDAwMA
VAwwCgMDAVhqAwMEWGADBAdZqIADBAK5r5ADBADB2mMDBAXCaiADBAXC9+ADBAbD
cAADBAfDiQADBAbDlQADBAXUAYADBAXUSmADAwDUiwMEBtSfgAMEBtXQQDANBgkq
hkiG9w0BAQsFAAOCAQEAeChHilmpZdrS2C7Uc4uQaST+48hWZ+0to9oCofE8wrzJ
KedGAEyhX1ahh0ySs2Go4eACFHJsaCAFXu81i28anSHH28JZdvwJ7AWiBKcfscMZ
O6+3jl/mkEGRd/XngaPOwt8df8/UXjUsXEldtSNiLKQZXRQHsuM047jg4UfNc2Xm
Kbq0PcOLgNb5RyE+pCxaInWxZtGJlKTXwpog0nAjND0aP96+qBKR56cQAy0NoAwd
Pwj0y96Hkne4C04c4YWgQLzZBeDsoDPTfJ/yh2E/xnJ2XNQDMybRShw81YYf74YM
HjFaw7jZ6qhy/4YRiPnspFPWlNSFprcvC7wALTWc9g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:29 2024 by rpki-client on console-ams.rpki-client.org