Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/kDcG00q-BPRwtwdLFhrLb6lnHaU.roa
File:                     kDcG00q-BPRwtwdLFhrLb6lnHaU.roa (raw, json)
Hash identifier:          wQmwFmRZf5IFkoEv2f/jEWs6QTA9seNqE7al8L7j6nE=
Subject key identifier:   90:37:06:D3:4A:BE:04:F4:70:B7:07:4B:16:1A:CB:6F:A9:67:1D:A5
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       0183A6F6F56865534FD6F739542D31FB58FE
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/kDcG00q-BPRwtwdLFhrLb6lnHaU.roa
Signing time:             Wed 05 Oct 2022 07:05:45 +0000
ROA not before:           Wed 05 Oct 2022 07:05:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8612
IP address blocks:        84.220.0.0/14 maxlen: 24
                          195.130.224.0/19 maxlen: 19
                          193.43.3.180/30 maxlen: 30
                          213.205.0.0/18 maxlen: 18
                          193.43.3.192/26 maxlen: 26
                          193.43.2.0/24 maxlen: 24
                          82.85.26.128/26 maxlen: 26
                          82.85.53.64/26 maxlen: 26
                          82.85.53.0/26 maxlen: 26
                          82.84.0.0/15 maxlen: 24
                          193.207.24.0/21 maxlen: 24
                          62.10.0.0/15 maxlen: 24
                          217.133.0.0/16 maxlen: 16
                          193.207.32.0/19 maxlen: 24
                          217.73.208.0/20 maxlen: 20
                          94.32.0.0/13 maxlen: 24
                          193.207.96.0/20 maxlen: 21
                          193.43.3.184/29 maxlen: 29
                          212.123.64.0/19 maxlen: 19
                          94.199.8.0/24 maxlen: 24
                          193.207.128.0/17 maxlen: 22
                          193.207.64.0/18 maxlen: 24
                          94.32.0.0/14 maxlen: 14
                          94.36.0.0/14 maxlen: 14
                          213.205.0.251/32 maxlen: 32
                          217.133.170.0/24 maxlen: 24
                          2a01:7d0:4800:1::/64 maxlen: 64
                          2a01:7d0::/32 maxlen: 32
                          2a01:7d0:4811::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a6:f6:f5:68:65:53:4f:d6:f7:39:54:2d:31:fb:58:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Oct  5 07:05:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=903706d34abe04f470b7074b161acb6fa9671da5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2d:9a:3d:89:b6:e0:49:05:35:96:15:68:62:
                    ed:74:dc:dc:9f:3f:1a:57:ab:f2:97:ae:cd:05:79:
                    cc:ea:67:aa:8d:be:6f:e8:77:e1:be:3b:8d:c2:d0:
                    f9:61:c9:cf:c7:bf:dd:2f:e3:d7:16:08:b5:aa:93:
                    c5:29:ce:4a:3e:26:22:2b:74:eb:f0:5f:fc:12:23:
                    35:e7:8a:e4:ef:3c:cd:56:b3:c9:9c:41:a1:fb:14:
                    1d:d4:a8:7a:6a:bc:a4:c8:d6:ad:c2:a1:82:52:58:
                    a6:f8:ad:dd:ad:e3:22:6c:a8:94:d3:80:5e:dd:22:
                    0f:c9:16:78:f6:62:77:0f:b7:cc:13:7a:60:d4:19:
                    d2:87:4d:1e:6c:4c:41:e8:95:6b:36:06:59:f7:ac:
                    65:c4:e2:7f:29:00:29:67:dc:d0:10:a2:a0:64:f1:
                    3d:10:0e:a3:47:45:98:24:26:e8:dc:9b:33:60:ce:
                    18:66:22:0e:1e:49:c4:bf:80:30:d4:42:48:f4:22:
                    98:ac:1e:6e:9d:1d:c7:8c:e0:03:c6:9a:0f:ec:d7:
                    72:39:55:bd:a8:ea:f2:44:ab:18:73:ce:81:67:70:
                    a1:6e:c6:4e:10:57:b5:ec:7d:9a:a4:69:aa:09:29:
                    89:31:d8:fc:e1:04:17:22:0b:74:6f:32:22:73:12:
                    a7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:37:06:D3:4A:BE:04:F4:70:B7:07:4B:16:1A:CB:6F:A9:67:1D:A5
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/kDcG00q-BPRwtwdLFhrLb6lnHaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.10.0.0/15
                  82.84.0.0/15
                  84.220.0.0/14
                  94.32.0.0/13
                  94.199.8.0/24
                  193.43.2.0/24
                  193.43.3.180-193.43.3.255
                  193.207.24.0-193.207.255.255
                  195.130.224.0/19
                  212.123.64.0/19
                  213.205.0.0/18
                  217.73.208.0/20
                  217.133.0.0/16
                IPv6:
                  2a01:7d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:e0:3b:c2:c6:d2:ff:39:68:67:ad:86:ff:b8:9c:cb:c8:65:
         7a:01:73:57:5b:47:c9:d1:c2:f8:f9:fc:49:c1:39:9c:af:3f:
         ec:3c:80:fe:76:83:05:73:ca:9c:8c:c3:06:b4:72:4a:d6:29:
         86:ef:30:5a:36:16:d6:91:e6:6f:aa:ee:3a:b6:7e:16:18:47:
         b3:d2:a7:5f:f7:cb:87:be:34:86:b1:28:33:67:90:64:16:b5:
         03:b6:d5:af:65:b8:2c:15:36:b2:52:6e:3a:a7:f5:ba:4b:e7:
         7f:3e:74:9c:79:a9:de:49:2c:cc:a3:31:e1:db:de:9e:c1:1e:
         f2:67:49:4b:9a:e2:e5:a2:d4:ea:b9:8b:db:a8:a9:49:4e:6b:
         87:87:28:be:6d:a8:93:18:90:6a:9b:a8:c1:e2:e7:e6:51:0d:
         f6:5b:9b:05:c0:e2:77:07:e7:ad:ed:6c:6f:ff:c9:39:c8:91:
         05:14:e2:65:f0:6d:b1:56:6a:4a:b8:be:02:43:fb:23:d3:26:
         67:a8:8b:24:c7:d2:38:d7:d6:92:07:42:a1:bd:cb:50:c7:11:
         85:77:5a:fd:cb:7e:cb:24:6a:a4:5d:ba:cf:d0:51:ee:ea:8f:
         f8:66:96:9c:14:ca:20:61:e3:4d:f7:bc:1f:e0:ba:c9:6d:78:
         0a:a9:2f:fa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYOm9vVoZVNP1vc5VC0x+1j+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjIxMDA1MDcwNTQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM3MDZkMzRhYmUwNGY0NzBiNzA3NGIxNjFhY2I2ZmE5NjcxZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly2aPYm24EkFNZYVaGLtdNzcnz8a
V6vyl67NBXnM6meqjb5v6HfhvjuNwtD5YcnPx7/dL+PXFgi1qpPFKc5KPiYiK3Tr
8F/8EiM154rk7zzNVrPJnEGh+xQd1Kh6arykyNatwqGCUlim+K3dreMibKiU04Be
3SIPyRZ49mJ3D7fME3pg1BnSh00ebExB6JVrNgZZ96xlxOJ/KQApZ9zQEKKgZPE9
EA6jR0WYJCbo3JszYM4YZiIOHknEv4Aw1EJI9CKYrB5unR3HjOADxpoP7NdyOVW9
qOryRKsYc86BZ3ChbsZOEFe17H2apGmqCSmJMdj84QQXIgt0bzIicxKnEQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFJA3BtNKvgT0cLcHSxYay2+pZx2lMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEva0RjRzAwcS1CUFJ3dHdkTEZockxiNmxuSGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwXwQCAAEwWQMDAT4KAwMB
UlQDAwJU3AMDA14gAwQAXscIAwQAwSsCMA0DBQLBKwO0AwQCwSsAMAsDBAPBzxgD
AwTBwAMEBcOC4AMEBdR7QAMEBtXNAAMEBNlJ0AMDANmFMA0EAgACMAcDBQAqAQfQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAh4DvCxtL/OWhnrYb/uJzLyGV6AXNXW0fJ0cL4
+fxJwTmcrz/sPID+doMFc8qcjMMGtHJK1imG7zBaNhbWkeZvqu46tn4WGEez0qdf
98uHvjSGsSgzZ5BkFrUDttWvZbgsFTayUm46p/W6S+d/PnSceaneSSzMozHh296e
wR7yZ0lLmuLlotTquYvbqKlJTmuHhyi+baiTGJBqm6jB4ufmUQ32W5sFwOJ3B+et
7Wxv/8k5yJEFFOJl8G2xVmpKuL4CQ/sj0yZnqIskx9I419aSB0KhvctQxxGFd1r9
y37LJGqkXbrP0FHu6o/4ZpacFMogYeNN97wf4LrJbXgKqS/6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:42 2024 by rpki-client on console-ams.rpki-client.org