Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/5_hdx_9lWhIXIHdlw9C5YmzdYzU.roa
File:                     5_hdx_9lWhIXIHdlw9C5YmzdYzU.roa (raw, json)
Hash identifier:          mwOf5H/rbN1njSElRcNinNHx/6CMfySmXV3mY1/o/Vc=
Subject key identifier:   E7:F8:5D:C7:FF:65:5A:12:17:20:77:65:C3:D0:B9:62:6C:DD:63:35
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       018C0FEB33A66CC2116C1450C99808591BD8
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/5_hdx_9lWhIXIHdlw9C5YmzdYzU.roa
Signing time:             Mon 27 Nov 2023 08:35:21 +0000
ROA not before:           Mon 27 Nov 2023 08:35:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8612
IP address blocks:        84.220.0.0/16 maxlen: 24
                          195.130.224.0/19 maxlen: 19
                          193.43.3.180/30 maxlen: 30
                          213.205.0.0/18 maxlen: 18
                          193.43.3.192/26 maxlen: 26
                          193.43.2.0/24 maxlen: 24
                          82.85.26.128/26 maxlen: 26
                          82.85.53.64/26 maxlen: 26
                          82.85.53.0/26 maxlen: 26
                          82.84.0.0/15 maxlen: 24
                          193.207.24.0/21 maxlen: 24
                          217.133.0.0/16 maxlen: 16
                          193.207.32.0/19 maxlen: 24
                          217.73.208.0/20 maxlen: 20
                          193.207.96.0/20 maxlen: 21
                          193.43.3.184/29 maxlen: 29
                          212.123.64.0/19 maxlen: 19
                          193.207.128.0/17 maxlen: 22
                          84.221.0.0/16 maxlen: 24
                          193.207.64.0/18 maxlen: 24
                          94.32.0.0/14 maxlen: 14
                          213.205.0.251/32 maxlen: 32
                          94.32.115.0/24 maxlen: 24
                          217.133.170.0/24 maxlen: 24
                          2a01:7d0:4800:1::/64 maxlen: 64
                          2a01:7d0::/32 maxlen: 32
                          2a01:7d0:4811::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:0f:eb:33:a6:6c:c2:11:6c:14:50:c9:98:08:59:1b:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Nov 27 08:35:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e7f85dc7ff655a1217207765c3d0b9626cdd6335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:66:a6:50:ea:b6:a4:89:4d:01:d1:23:9b:e2:
                    ca:18:3b:f0:6b:82:cd:ab:7a:34:e2:53:b3:ad:6f:
                    85:9e:df:b2:5f:27:7d:bc:26:ee:84:bf:25:15:76:
                    99:cf:35:7c:41:03:65:42:55:76:1f:60:7a:b4:df:
                    52:d1:1a:f5:ee:0f:07:f8:1e:23:55:11:87:2c:d7:
                    20:d1:d6:aa:13:28:7f:f3:18:ed:3c:d6:92:7c:4a:
                    37:22:02:18:3b:a9:a8:42:9a:e7:25:1e:e7:7e:15:
                    e1:ef:f0:9b:84:b8:82:90:cc:e4:ac:86:05:99:25:
                    b9:78:4e:3a:c8:31:c4:c5:11:4e:bb:26:7e:a4:bd:
                    83:cb:09:a1:de:a1:70:61:38:1d:0e:ed:19:68:58:
                    c9:2a:ed:5e:89:1c:85:3a:b3:ed:f4:80:a3:05:a9:
                    e9:60:02:cd:1d:b5:8a:97:ed:e9:4c:85:de:5e:39:
                    b9:1b:13:53:bd:eb:93:ca:49:54:31:39:6f:99:5a:
                    6c:cb:b0:59:b7:1c:85:e2:0b:0d:b4:24:5a:e1:3d:
                    84:16:38:68:75:24:43:4e:15:66:7d:1e:f1:a9:ca:
                    4b:1c:c6:01:6b:4d:cf:65:b8:31:16:bf:74:d2:3c:
                    ef:f4:b1:b2:41:9e:82:2b:17:3f:b5:42:09:06:a2:
                    68:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F8:5D:C7:FF:65:5A:12:17:20:77:65:C3:D0:B9:62:6C:DD:63:35
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/5_hdx_9lWhIXIHdlw9C5YmzdYzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.84.0.0/15
                  84.220.0.0/15
                  94.32.0.0/14
                  193.43.2.0/24
                  193.43.3.180-193.43.3.255
                  193.207.24.0-193.207.255.255
                  195.130.224.0/19
                  212.123.64.0/19
                  213.205.0.0/18
                  217.73.208.0/20
                  217.133.0.0/16
                IPv6:
                  2a01:7d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:86:66:13:12:a2:2d:a2:62:2c:5a:9b:3b:87:89:67:3c:c3:
         34:3a:e2:09:d6:5d:3d:73:3c:f8:24:c7:31:0b:b6:6e:a4:11:
         ef:72:61:bb:44:8f:32:f4:54:01:6b:4c:99:73:92:6a:04:7a:
         9a:d2:98:51:7b:2c:1e:bf:72:c0:06:c6:e6:0c:30:67:6e:06:
         de:2e:00:c6:7e:14:0a:a6:3a:6d:7b:74:65:de:69:ec:b6:11:
         e8:a0:be:b5:83:47:74:83:d7:e5:07:c3:f0:37:31:a6:fd:42:
         f5:57:ec:67:13:c6:a0:c4:71:42:29:a2:bd:50:6f:5e:e3:f8:
         b6:9a:a7:a5:a8:af:18:6d:43:4a:61:55:cd:6b:07:98:52:13:
         46:e0:32:16:39:2e:5f:e8:14:dc:cd:a5:8d:ea:3a:32:4d:17:
         c4:aa:c2:29:97:ae:08:78:2f:e5:e8:db:b7:60:c2:35:f3:af:
         ed:77:62:81:6e:cc:82:07:cc:4b:28:66:be:5a:76:9a:6d:88:
         cb:fd:66:01:73:b6:73:46:82:5c:29:78:a0:c9:bc:c2:e5:39:
         5e:a8:2c:34:d0:c1:26:32:f0:15:09:a8:9e:de:43:d9:79:71:
         ea:10:7c:f7:6c:a5:f3:83:f0:db:43:a4:b6:be:a4:2b:30:85:
         10:f3:be:6c
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYwP6zOmbMIRbBRQyZgIWRvYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMxMTI3MDgzNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2Y4NWRjN2ZmNjU1YTEyMTcyMDc3NjVjM2QwYjk2MjZjZGQ2MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmamUOq2pIlNAdEjm+LKGDvwa4LN
q3o04lOzrW+Fnt+yXyd9vCbuhL8lFXaZzzV8QQNlQlV2H2B6tN9S0Rr17g8H+B4j
VRGHLNcg0daqEyh/8xjtPNaSfEo3IgIYO6moQprnJR7nfhXh7/CbhLiCkMzkrIYF
mSW5eE46yDHExRFOuyZ+pL2Dywmh3qFwYTgdDu0ZaFjJKu1eiRyFOrPt9ICjBanp
YALNHbWKl+3pTIXeXjm5GxNTveuTyklUMTlvmVpsy7BZtxyF4gsNtCRa4T2EFjho
dSRDThVmfR7xqcpLHMYBa03PZbgxFr900jzv9LGyQZ6CKxc/tUIJBqJoDQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFOf4Xcf/ZVoSFyB3ZcPQuWJs3WM1MB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvNV9oZHhfOWxXaElYSUhkbHc5QzVZbXpkWXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwMBUlQDAwFU
3AMDAl4gAwQAwSsCMA0DBQLBKwO0AwQCwSsAMAsDBAPBzxgDAwTBwAMEBcOC4AME
BdR7QAMEBtXNAAMEBNlJ0AMDANmFMA0EAgACMAcDBQAqAQfQMA0GCSqGSIb3DQEB
CwUAA4IBAQAXhmYTEqItomIsWps7h4lnPMM0OuIJ1l09czz4JMcxC7ZupBHvcmG7
RI8y9FQBa0yZc5JqBHqa0phReywev3LABsbmDDBnbgbeLgDGfhQKpjpte3Rl3mns
thHooL61g0d0g9flB8PwNzGm/UL1V+xnE8agxHFCKaK9UG9e4/i2mqelqK8YbUNK
YVXNaweYUhNG4DIWOS5f6BTczaWN6joyTRfEqsIpl64IeC/l6Nu3YMI186/td2KB
bsyCB8xLKGa+WnaabYjL/WYBc7ZzRoJcKXigybzC5TleqCw00MEmMvAVCaie3kPZ
eXHqEHz3bKXzg/DbQ6S2vqQrMIUQ875s
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:45 2024 by rpki-client on console-fra.rpki-client.org