Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/O_q4Ws6HVrNEAb4lqaZI2iAx9Q4.roa
File:                     O_q4Ws6HVrNEAb4lqaZI2iAx9Q4.roa (raw, json)
Hash identifier:          T47lKQ10ONCzRbkQrUtmzwAVSUnwcRCQpGKt1VN6JWo=
Subject key identifier:   3B:FA:B8:5A:CE:87:56:B3:44:01:BE:25:A9:A6:48:DA:20:31:F5:0E
Certificate issuer:       /CN=8777b5b36f66e13c4388c9934da507856515d073
Certificate serial:       38B78FA9
Authority key identifier: 87:77:B5:B3:6F:66:E1:3C:43:88:C9:93:4D:A5:07:85:65:15:D0:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/O_q4Ws6HVrNEAb4lqaZI2iAx9Q4.roa
Signing time:             Fri 21 Jan 2022 10:07:08 +0000
ROA not before:           Fri 21 Jan 2022 10:07:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6696
IP address blocks:        94.139.39.0/24 maxlen: 24
                          109.69.217.16/28 maxlen: 28
                          62.112.29.0/24 maxlen: 24
                          62.112.31.0/24 maxlen: 24
                          94.139.37.0/24 maxlen: 24
                          94.139.36.0/24 maxlen: 24
                          94.139.38.0/24 maxlen: 24
                          94.139.34.0/23 maxlen: 23
                          46.18.36.0/22 maxlen: 24
                          46.18.34.0/23 maxlen: 24
                          46.18.33.0/24 maxlen: 24
                          87.238.225.0/24 maxlen: 24
                          87.238.228.0/22 maxlen: 24
                          185.64.64.0/22 maxlen: 24
                          85.119.216.0/21 maxlen: 24
                          109.69.221.192/28 maxlen: 28
                          185.185.229.0/24 maxlen: 24
                          185.185.228.0/24 maxlen: 24
                          109.69.216.0/23 maxlen: 24
                          109.69.219.0/24 maxlen: 24
                          109.69.220.0/24 maxlen: 24
                          109.69.222.0/24 maxlen: 24
                          109.69.221.0/24 maxlen: 24
                          37.19.8.0/21 maxlen: 24
                          85.88.34.0/24 maxlen: 24
                          2a00:1528::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 951553961 (0x38b78fa9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8777b5b36f66e13c4388c9934da507856515d073
        Validity
            Not Before: Jan 21 10:07:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3bfab85ace8756b34401be25a9a648da2031f50e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5b:92:86:0f:fe:36:03:85:7f:f9:58:55:ec:
                    72:6c:5f:40:84:57:42:a6:ab:ea:b9:2e:65:5f:ef:
                    7a:4d:cf:c9:a6:3a:a3:27:ea:2a:f9:3c:34:6f:6c:
                    68:4b:bd:15:b8:79:bf:33:7e:33:12:39:95:05:b7:
                    13:64:3f:49:05:23:05:3d:d3:c9:19:4a:e1:15:c2:
                    4a:4a:33:14:e5:9b:02:f4:2d:4e:d5:37:77:7b:39:
                    94:df:cb:ee:a0:1a:82:b2:c4:67:9f:e2:81:d1:15:
                    73:fe:0f:58:82:11:5b:fd:4a:1a:68:a7:7c:f8:6f:
                    a2:02:69:3a:f5:8e:08:95:ec:b1:3f:0a:f1:81:b6:
                    e8:99:27:2e:86:6b:51:b7:a2:cc:78:bd:79:ba:e6:
                    f5:04:93:4e:e2:21:cc:b1:68:f0:df:c8:8c:f0:de:
                    ef:e6:7b:c2:ac:e2:ac:cb:0d:fe:f5:b7:f7:36:18:
                    0a:f4:ad:5e:bd:4a:68:b7:42:81:de:4c:5d:7a:0b:
                    34:56:69:f0:12:97:5b:80:eb:0a:f1:dd:2f:ef:0c:
                    ee:37:48:b3:2a:5f:32:00:c7:01:fd:f6:aa:7a:b4:
                    0f:3b:14:d8:05:93:bd:87:91:af:89:53:1b:b5:3c:
                    4c:55:43:b2:60:fb:3e:1e:6e:bb:9e:1d:41:2b:42:
                    6c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FA:B8:5A:CE:87:56:B3:44:01:BE:25:A9:A6:48:DA:20:31:F5:0E
            X509v3 Authority Key Identifier:
                keyid:87:77:B5:B3:6F:66:E1:3C:43:88:C9:93:4D:A5:07:85:65:15:D0:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3e1s29m4TxDiMmTTaUHhWUV0HM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/O_q4Ws6HVrNEAb4lqaZI2iAx9Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f92e2a-e1e4-487d-9acc-ed1f30cc1c57/1/h3e1s29m4TxDiMmTTaUHhWUV0HM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.8.0/21
                  46.18.33.0-46.18.39.255
                  62.112.29.0/24
                  62.112.31.0/24
                  85.88.34.0/24
                  85.119.216.0/21
                  87.238.225.0/24
                  87.238.228.0/22
                  94.139.34.0-94.139.39.255
                  109.69.216.0/23
                  109.69.219.0-109.69.222.255
                  185.64.64.0/22
                  185.185.228.0/23
                IPv6:
                  2a00:1528::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:c2:7e:78:0e:de:15:8e:89:76:ae:cf:17:5d:37:dc:55:07:
         3f:9f:24:ef:99:ca:04:22:18:d4:80:77:bc:bd:32:13:7a:09:
         15:45:17:99:4f:96:46:ea:c7:f7:c7:ee:1e:d4:8c:20:63:4a:
         69:bf:3b:02:b1:ff:22:7d:71:6f:9f:47:9b:c2:fd:f8:02:c5:
         9d:f5:c1:8d:f0:8b:84:71:f8:ab:65:fd:b8:e0:4d:60:08:47:
         76:3e:3a:0d:98:d0:f9:e5:69:ab:f7:6c:8e:33:03:2c:4a:8b:
         6e:68:92:95:5e:cc:bc:08:a6:5c:20:ae:0b:87:b7:d4:b1:74:
         80:a7:9c:5e:35:0f:a4:02:f5:e1:7f:02:29:ae:38:22:e5:67:
         52:71:46:c7:f4:49:cf:70:6c:cd:5d:b7:0b:b2:2b:57:1c:d3:
         10:7a:37:9a:8c:e6:16:24:3e:a8:35:64:ab:31:96:34:a7:3b:
         1b:84:b9:86:90:8d:51:d3:b8:bd:2b:7d:0b:aa:28:e7:fd:26:
         3f:2b:79:24:9c:33:e7:8d:17:fa:18:19:21:7a:04:1c:00:ac:
         51:a5:53:99:72:e4:cd:3a:55:35:53:d9:a3:f9:51:8b:f4:c3:
         f2:6b:ff:0a:32:c2:57:24:3b:e4:52:29:58:44:da:06:76:f8:
         0c:06:40:73
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIEOLePqTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
Nzc3YjViMzZmNjZlMTNjNDM4OGM5OTM0ZGE1MDc4NTY1MTVkMDczMB4XDTIyMDEy
MTEwMDcwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2JmYWI4NWFjZTg3
NTZiMzQ0MDFiZTI1YTlhNjQ4ZGEyMDMxZjUwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALpbkoYP/jYDhX/5WFXscmxfQIRXQqar6rkuZV/vek3PyaY6
oyfqKvk8NG9saEu9Fbh5vzN+MxI5lQW3E2Q/SQUjBT3TyRlK4RXCSkozFOWbAvQt
TtU3d3s5lN/L7qAagrLEZ5/igdEVc/4PWIIRW/1KGminfPhvogJpOvWOCJXssT8K
8YG26JknLoZrUbeizHi9ebrm9QSTTuIhzLFo8N/IjPDe7+Z7wqzirMsN/vW39zYY
CvStXr1KaLdCgd5MXXoLNFZp8BKXW4DrCvHdL+8M7jdIsypfMgDHAf32qnq0DzsU
2AWTvYeRr4lTG7U8TFVDsmD7Ph5uu54dQStCbNcCAwEAAaOCAnkwggJ1MB0GA1Ud
DgQWBBQ7+rhazodWs0QBviWppkjaIDH1DjAfBgNVHSMEGDAWgBSHd7Wzb2bhPEOI
yZNNpQeFZRXQczAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2gzZTFzMjltNFR4RGlNbVRUYVVIaFdVVjBITS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjEvZjkyZTJhLWUxZTQtNDg3ZC05YWNjLWVkMWYzMGNjMWM1Ny8x
L09fcTRXczZIVnJORUFiNGxxYVpJMmlBeDlRNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEv
ZjkyZTJhLWUxZTQtNDg3ZC05YWNjLWVkMWYzMGNjMWM1Ny8xL2gzZTFzMjltNFR4
RGlNbVRUYVVIaFdVVjBITS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
jgYIKwYBBQUHAQcBAf8EfzB9MGwEAgABMGYDBAMlEwgwDAMEAC4SIQMEAy4SIAME
AD5wHQMEAD5wHwMEAFVYIgMEA1V32AMEAFfu4QMEAlfu5DAMAwQBXosiAwQDXosg
AwQBbUXYMAwDBABtRdsDBABtRd4DBAK5QEADBAG5ueQwDQQCAAIwBwMFACoAFSgw
DQYJKoZIhvcNAQELBQADggEBAK3CfngO3hWOiXauzxddN9xVBz+fJO+ZygQiGNSA
d7y9MhN6CRVFF5lPlkbqx/fH7h7UjCBjSmm/OwKx/yJ9cW+fR5vC/fgCxZ31wY3w
i4Rx+Ktl/bjgTWAIR3Y+Og2Y0Pnlaav3bI4zAyxKi25okpVezLwIplwgrguHt9Sx
dICnnF41D6QC9eF/AimuOCLlZ1JxRsf0Sc9wbM1dtwuyK1cc0xB6N5qM5hYkPqg1
ZKsxljSnOxuEuYaQjVHTuL0rfQuqKOf9Jj8reSScM+eNF/oYGSF6BBwArFGlU5ly
5M06VTVT2aP5UYv0w/Jr/woywlckO+RSKVhE2gZ2+AwGQHM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:22 2024 by rpki-client on console-ams.rpki-client.org