Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/8RdtLM-QMfhnZRGc6v0-_qRcBrg.roa
File:                     8RdtLM-QMfhnZRGc6v0-_qRcBrg.roa (raw, json)
Hash identifier:          +3mLZvYrYWCzypxarwL4/LDLba5uaM8YQDrrMDLe094=
Subject key identifier:   F1:17:6D:2C:CF:90:31:F8:67:65:11:9C:EA:FD:3E:FE:A4:5C:06:B8
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       018354CB87AD0BE8C2E94F7A99C379E0CFEC
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/8RdtLM-QMfhnZRGc6v0-_qRcBrg.roa
Signing time:             Mon 19 Sep 2022 08:09:28 +0000
ROA not before:           Mon 19 Sep 2022 08:09:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8612
IP address blocks:        84.220.0.0/14 maxlen: 24
                          195.130.224.0/19 maxlen: 19
                          213.205.0.0/18 maxlen: 18
                          193.43.3.192/26 maxlen: 26
                          193.43.2.0/24 maxlen: 24
                          82.85.26.128/26 maxlen: 26
                          82.85.53.64/26 maxlen: 26
                          82.85.53.0/26 maxlen: 26
                          82.84.0.0/15 maxlen: 24
                          193.207.24.0/21 maxlen: 24
                          62.10.0.0/15 maxlen: 24
                          217.133.0.0/16 maxlen: 16
                          193.207.32.0/19 maxlen: 24
                          217.73.208.0/20 maxlen: 20
                          94.32.0.0/13 maxlen: 24
                          193.207.96.0/20 maxlen: 21
                          212.123.64.0/19 maxlen: 19
                          94.199.8.0/24 maxlen: 24
                          193.207.128.0/17 maxlen: 22
                          193.207.64.0/18 maxlen: 24
                          94.32.0.0/14 maxlen: 14
                          94.36.0.0/14 maxlen: 14
                          213.205.0.251/32 maxlen: 32
                          193.43.3.176/28 maxlen: 28
                          217.133.170.0/24 maxlen: 24
                          2a01:7d0:4800:1::/64 maxlen: 64
                          2a01:7d0::/32 maxlen: 32
                          2a01:7d0:4811::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:54:cb:87:ad:0b:e8:c2:e9:4f:7a:99:c3:79:e0:cf:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Sep 19 08:09:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f1176d2ccf9031f86765119ceafd3efea45c06b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d7:5b:e9:90:a7:25:67:9c:d7:73:a6:e6:46:
                    75:5e:e3:a5:18:ee:79:cd:c9:a9:51:b8:c1:08:a8:
                    b4:06:5b:f2:7c:4c:f7:fd:bf:d3:7b:90:c1:81:e3:
                    20:88:03:7a:b7:9c:b1:2d:bf:86:01:18:31:64:37:
                    4b:31:dd:15:6e:8f:3d:36:08:65:0d:b1:5b:13:57:
                    3d:37:d6:b4:4d:a6:d5:67:98:14:ae:48:67:4a:29:
                    3c:f0:22:e6:8b:e9:32:fe:55:49:95:23:ea:d2:56:
                    58:ae:ae:37:0a:77:6c:03:ac:a7:b3:a1:39:cd:2b:
                    b9:73:1b:1e:2b:55:03:7a:eb:ac:8c:3e:6a:51:ab:
                    fd:95:b9:6a:b5:24:07:c3:7f:51:c2:34:28:3f:84:
                    dc:9f:b1:5a:e6:12:59:bd:54:88:2b:05:b0:db:d6:
                    1d:c1:01:63:80:9b:54:f0:a0:bd:12:0d:4e:a0:df:
                    d7:56:07:3b:ae:f4:d5:f5:98:3d:0a:68:40:1f:95:
                    89:ab:e7:15:4e:c7:d8:1a:6f:cf:1a:7e:39:06:e5:
                    b8:fb:5c:ef:aa:31:1f:ec:85:f4:36:b8:36:ba:34:
                    85:40:db:f9:d8:ec:8d:7f:08:cd:20:a3:fb:9f:1a:
                    b6:6e:0b:90:80:4b:1c:61:66:ba:b1:93:86:a6:f7:
                    c9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:17:6D:2C:CF:90:31:F8:67:65:11:9C:EA:FD:3E:FE:A4:5C:06:B8
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/8RdtLM-QMfhnZRGc6v0-_qRcBrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.10.0.0/15
                  82.84.0.0/15
                  84.220.0.0/14
                  94.32.0.0/13
                  94.199.8.0/24
                  193.43.2.0/24
                  193.43.3.176-193.43.3.255
                  193.207.24.0-193.207.255.255
                  195.130.224.0/19
                  212.123.64.0/19
                  213.205.0.0/18
                  217.73.208.0/20
                  217.133.0.0/16
                IPv6:
                  2a01:7d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:e8:84:f7:b1:4f:14:5b:42:75:7a:b7:6d:6a:46:82:89:c0:
         9e:59:33:ee:37:3d:a9:6f:b9:6d:75:92:d1:2a:78:eb:e0:cb:
         70:f2:31:1a:9d:3e:ba:54:53:c0:f8:c4:3f:45:c6:99:08:54:
         03:f0:c1:d1:46:3e:06:48:70:45:af:65:6d:d3:7d:58:d0:46:
         4d:f8:71:69:a8:28:3a:f2:16:bb:6d:33:f3:7a:4a:76:f0:f2:
         d5:cc:b6:df:6e:a4:c8:14:7c:97:da:31:c8:ea:d6:43:a6:c1:
         fb:66:24:bf:e5:d6:4d:2b:9f:82:01:cc:ae:a1:f3:87:52:64:
         12:9d:f8:56:d4:a5:ed:31:7d:cb:15:0e:fa:f1:8a:2b:b3:3b:
         01:cc:73:aa:e8:84:12:2d:3c:9b:04:6e:ce:b4:80:7e:17:2a:
         49:ab:ca:a4:13:d9:21:b1:58:e3:a4:0d:04:1a:7b:11:e3:c9:
         e1:30:1f:fb:76:7f:75:1e:b6:7d:98:7e:8c:a1:57:69:ca:43:
         ce:e6:40:d9:36:bc:8c:a5:fd:bd:b7:b3:90:9a:45:ab:4f:03:
         eb:ce:67:e7:7c:37:4d:19:e8:57:76:31:c0:1e:4f:7d:ca:c9:
         2b:ef:ec:95:e2:83:ea:19:44:ca:80:05:9b:e1:ff:31:db:ca:
         8e:32:3c:4b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYNUy4etC+jC6U96mcN54M/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjIwOTE5MDgwOTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTE3NmQyY2NmOTAzMWY4Njc2NTExOWNlYWZkM2VmZWE0NWMwNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltdb6ZCnJWec13Om5kZ1XuOlGO55
zcmpUbjBCKi0BlvyfEz3/b/Te5DBgeMgiAN6t5yxLb+GARgxZDdLMd0Vbo89Nghl
DbFbE1c9N9a0TabVZ5gUrkhnSik88CLmi+ky/lVJlSPq0lZYrq43CndsA6yns6E5
zSu5cxseK1UDeuusjD5qUav9lblqtSQHw39RwjQoP4Tcn7Fa5hJZvVSIKwWw29Yd
wQFjgJtU8KC9Eg1OoN/XVgc7rvTV9Zg9CmhAH5WJq+cVTsfYGm/PGn45BuW4+1zv
qjEf7IX0Nrg2ujSFQNv52OyNfwjNIKP7nxq2bguQgEscYWa6sZOGpvfJvQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFPEXbSzPkDH4Z2URnOr9Pv6kXAa4MB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvOFJkdExNLVFNZmhuWlJHYzZ2MC1fcVJjQnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwXwQCAAEwWQMDAT4KAwMB
UlQDAwJU3AMDA14gAwQAXscIAwQAwSsCMA0DBQTBKwOwAwQCwSsAMAsDBAPBzxgD
AwTBwAMEBcOC4AMEBdR7QAMEBtXNAAMEBNlJ0AMDANmFMA0EAgACMAcDBQAqAQfQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAM6IT3sU8UW0J1erdtakaCicCeWTPuNz2pb7lt
dZLRKnjr4Mtw8jEanT66VFPA+MQ/RcaZCFQD8MHRRj4GSHBFr2Vt031Y0EZN+HFp
qCg68ha7bTPzekp28PLVzLbfbqTIFHyX2jHI6tZDpsH7ZiS/5dZNK5+CAcyuofOH
UmQSnfhW1KXtMX3LFQ768YorszsBzHOq6IQSLTybBG7OtIB+FypJq8qkE9khsVjj
pA0EGnsR48nhMB/7dn91HrZ9mH6MoVdpykPO5kDZNryMpf29t7OQmkWrTwPrzmfn
fDdNGehXdjHAHk99yskr7+yV4oPqGUTKgAWb4f8x28qOMjxL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:42 2024 by rpki-client on console-ams.rpki-client.org