Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/fpmBlzGEdWar9C81n-noFPCORlI.roa
File:                     fpmBlzGEdWar9C81n-noFPCORlI.roa (raw, json)
Hash identifier:          tnM/Owvkfwhv+9DDR6Jz7VeJ/bR/i3GTN9nTluykAOg=
Subject key identifier:   7E:99:81:97:31:84:75:66:AB:F4:2F:35:9F:E9:E8:14:F0:8E:46:52
Certificate issuer:       /CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
Certificate serial:       01835A9E57F72D00A5B313D92BD0BC8079EA
Authority key identifier: 17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/fpmBlzGEdWar9C81n-noFPCORlI.roa
Signing time:             Tue 20 Sep 2022 11:17:50 +0000
ROA not before:           Tue 20 Sep 2022 11:17:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15685
IP address blocks:        82.208.56.0/24 maxlen: 24
                          82.208.58.0/24 maxlen: 24
                          82.208.60.0/22 maxlen: 22
                          109.123.202.0/23 maxlen: 23
                          109.123.205.0/24 maxlen: 24
                          109.123.206.0/23 maxlen: 23
                          82.208.4.0/22 maxlen: 22
                          82.208.8.0/22 maxlen: 22
                          109.123.209.0/24 maxlen: 24
                          109.123.208.0/22 maxlen: 22
                          109.123.216.0/21 maxlen: 21
                          82.208.14.0/24 maxlen: 24
                          82.208.16.0/23 maxlen: 23
                          82.208.17.0/24 maxlen: 24
                          82.208.16.0/24 maxlen: 24
                          109.123.214.0/23 maxlen: 23
                          82.208.12.0/24 maxlen: 24
                          109.123.224.0/23 maxlen: 23
                          82.208.18.0/24 maxlen: 24
                          82.208.28.0/23 maxlen: 23
                          109.123.232.0/21 maxlen: 21
                          109.123.227.0/24 maxlen: 24
                          82.208.26.0/23 maxlen: 23
                          109.123.228.0/22 maxlen: 22
                          82.208.32.0/22 maxlen: 22
                          82.208.44.0/24 maxlen: 24
                          82.208.39.0/24 maxlen: 24
                          82.208.40.0/23 maxlen: 23
                          82.208.50.0/24 maxlen: 24
                          82.208.46.0/23 maxlen: 23
                          82.208.48.0/23 maxlen: 23
                          217.11.254.0/24 maxlen: 24
                          217.11.224.0/23 maxlen: 23
                          217.11.230.0/24 maxlen: 24
                          217.11.232.0/23 maxlen: 23
                          217.11.227.0/24 maxlen: 24
                          217.11.228.0/23 maxlen: 23
                          217.11.236.0/24 maxlen: 24
                          217.11.235.0/24 maxlen: 24
                          217.11.245.0/24 maxlen: 24
                          217.11.246.0/23 maxlen: 23
                          217.11.242.0/23 maxlen: 23
                          217.11.251.0/24 maxlen: 24
                          217.11.248.0/23 maxlen: 23
                          217.11.249.0/24 maxlen: 24
                          109.123.192.0/21 maxlen: 21
                          81.0.217.0/24 maxlen: 24
                          81.0.218.0/23 maxlen: 23
                          81.0.214.0/24 maxlen: 24
                          81.0.226.0/24 maxlen: 24
                          81.0.225.0/24 maxlen: 24
                          81.0.220.0/23 maxlen: 23
                          81.0.230.0/23 maxlen: 23
                          77.78.96.0/20 maxlen: 20
                          81.0.232.0/21 maxlen: 21
                          77.78.94.0/23 maxlen: 23
                          81.0.228.0/24 maxlen: 24
                          81.0.240.0/22 maxlen: 22
                          81.0.246.0/23 maxlen: 23
                          77.78.112.0/21 maxlen: 21
                          81.0.248.0/23 maxlen: 23
                          81.0.250.0/24 maxlen: 24
                          77.78.123.0/24 maxlen: 24
                          77.78.124.0/22 maxlen: 22
                          81.0.254.0/23 maxlen: 23
                          77.78.120.0/23 maxlen: 23
                          85.239.230.0/23 maxlen: 23
                          85.239.227.0/24 maxlen: 24
                          85.239.232.0/21 maxlen: 21
                          81.0.192.0/22 maxlen: 22
                          81.0.199.0/24 maxlen: 24
                          77.78.70.0/23 maxlen: 23
                          85.239.240.0/21 maxlen: 21
                          81.0.206.0/23 maxlen: 23
                          85.239.250.0/24 maxlen: 24
                          77.78.76.0/22 maxlen: 22
                          85.239.252.0/23 maxlen: 23
                          77.78.72.0/23 maxlen: 23
                          81.0.208.0/23 maxlen: 23
                          85.239.248.0/23 maxlen: 23
                          81.0.212.0/23 maxlen: 23
                          2001:1528::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:5a:9e:57:f7:2d:00:a5:b3:13:d9:2b:d0:bc:80:79:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
        Validity
            Not Before: Sep 20 11:17:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7e99819731847566abf42f359fe9e814f08e4652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b5:25:d0:63:d3:32:d5:67:a6:10:61:c7:d8:
                    dd:ec:49:b3:0a:18:9a:53:98:1c:70:38:d1:bb:63:
                    81:95:36:11:9a:e4:de:1b:3f:31:54:23:e0:32:41:
                    9c:a3:11:9e:ea:74:b7:3d:f3:49:3f:ab:06:c2:52:
                    7c:02:9e:7c:f7:0e:3a:9c:62:87:a9:6d:72:d0:0f:
                    4c:21:5c:8f:2c:65:6c:3e:9a:d3:84:c1:d8:14:91:
                    aa:dd:91:7a:8f:14:72:e4:59:36:27:52:24:4c:a5:
                    95:dc:b3:a7:45:64:fc:d3:86:52:14:58:e9:a3:fd:
                    3b:17:a1:27:09:f2:5b:ac:f7:54:8b:4d:5c:7f:8e:
                    9f:c6:83:ad:40:00:96:75:3a:49:d4:74:f0:a1:cd:
                    ac:32:57:3a:7e:04:af:11:fa:f6:83:9c:22:7f:c9:
                    3c:22:4c:1a:4e:a1:86:fd:0b:e0:91:82:48:6b:72:
                    71:3d:ae:31:93:26:d5:69:0c:c8:81:31:fe:df:a6:
                    b5:60:01:6a:76:a5:6e:61:9d:ea:85:c7:01:49:8d:
                    53:1c:d4:9e:9e:09:60:eb:d6:db:3e:93:ec:a0:40:
                    44:52:77:9f:34:ce:a9:10:cd:6d:ec:af:49:7a:3a:
                    5e:d4:94:69:19:b9:ea:5c:86:8f:76:ad:75:43:73:
                    3e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:99:81:97:31:84:75:66:AB:F4:2F:35:9F:E9:E8:14:F0:8E:46:52
            X509v3 Authority Key Identifier:
                keyid:17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/fpmBlzGEdWar9C81n-noFPCORlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.70.0-77.78.73.255
                  77.78.76.0/22
                  77.78.94.0-77.78.121.255
                  77.78.123.0-77.78.127.255
                  81.0.192.0/22
                  81.0.199.0/24
                  81.0.206.0-81.0.209.255
                  81.0.212.0-81.0.214.255
                  81.0.217.0-81.0.221.255
                  81.0.225.0-81.0.226.255
                  81.0.228.0/24
                  81.0.230.0-81.0.243.255
                  81.0.246.0-81.0.250.255
                  81.0.254.0/23
                  82.208.4.0-82.208.12.255
                  82.208.14.0/24
                  82.208.16.0-82.208.18.255
                  82.208.26.0-82.208.29.255
                  82.208.32.0/22
                  82.208.39.0-82.208.41.255
                  82.208.44.0/24
                  82.208.46.0-82.208.50.255
                  82.208.56.0/24
                  82.208.58.0/24
                  82.208.60.0/22
                  85.239.227.0/24
                  85.239.230.0-85.239.250.255
                  85.239.252.0/23
                  109.123.192.0/21
                  109.123.202.0/23
                  109.123.205.0-109.123.211.255
                  109.123.214.0-109.123.225.255
                  109.123.227.0-109.123.239.255
                  217.11.224.0/23
                  217.11.227.0-217.11.230.255
                  217.11.232.0/23
                  217.11.235.0-217.11.236.255
                  217.11.242.0/23
                  217.11.245.0-217.11.249.255
                  217.11.251.0/24
                  217.11.254.0/24
                IPv6:
                  2001:1528::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:01:6b:b1:88:03:e6:f0:23:c6:cd:7a:20:3f:08:40:1d:58:
         48:b9:44:b9:a2:1d:d0:af:f6:db:0a:06:fb:ff:15:2d:fc:66:
         12:4d:1a:4c:4b:6b:84:2f:ef:83:a1:79:b1:3d:06:08:6f:1a:
         cd:f6:af:d0:68:e0:ce:25:f1:92:86:0f:26:c4:8f:1c:7c:25:
         d7:b9:5a:c8:5b:a7:54:c5:dd:1f:e5:e2:4c:27:98:d7:f1:97:
         31:ee:59:36:0e:21:86:5a:fa:68:8e:2e:7a:b4:6b:e9:de:17:
         c4:8b:b1:8b:78:f2:16:e9:2c:49:d2:3c:01:85:26:f3:70:70:
         e3:4a:e2:9e:75:ef:3d:6b:b1:b3:bc:eb:fd:32:a6:88:0e:f3:
         69:f9:0c:6d:49:22:c0:94:9e:90:27:df:60:20:3a:9a:57:08:
         e7:71:b8:a4:a2:b0:43:c1:60:f6:91:61:94:db:89:05:bd:0d:
         2b:56:e4:0d:09:3e:00:98:6f:76:b6:74:29:66:7d:f6:83:0e:
         89:ce:a3:59:84:c7:6f:34:bd:45:7c:9d:2f:78:c2:0d:0c:3b:
         3a:f3:6f:34:96:7b:87:8b:2a:93:7b:5c:36:70:e9:01:8c:2d:
         bb:ef:66:dd:8e:b1:c1:d1:a0:51:71:a0:03:9e:42:f2:f2:6b:
         96:0b:3f:0c
-----BEGIN CERTIFICATE-----
MIIGrjCCBZagAwIBAgISAYNanlf3LQClsxPZK9C8gHnqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDg0N2Y4NjY3ZDUyZmEyY2Y5Y2Y5YWZjYzQzYTA3OTE1
NTc1Y2EwHhcNMjIwOTIwMTExNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTk5ODE5NzMxODQ3NTY2YWJmNDJmMzU5ZmU5ZTgxNGYwOGU0NjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7Ul0GPTMtVnphBhx9jd7EmzChia
U5gccDjRu2OBlTYRmuTeGz8xVCPgMkGcoxGe6nS3PfNJP6sGwlJ8Ap589w46nGKH
qW1y0A9MIVyPLGVsPprThMHYFJGq3ZF6jxRy5Fk2J1IkTKWV3LOnRWT804ZSFFjp
o/07F6EnCfJbrPdUi01cf46fxoOtQACWdTpJ1HTwoc2sMlc6fgSvEfr2g5wif8k8
IkwaTqGG/QvgkYJIa3JxPa4xkybVaQzIgTH+36a1YAFqdqVuYZ3qhccBSY1THNSe
nglg69bbPpPsoEBEUnefNM6pEM1t7K9Jejpe1JRpGbnqXIaPdq11Q3M+ywIDAQAB
o4IDujCCA7YwHQYDVR0OBBYEFH6ZgZcxhHVmq/QvNZ/p6BTwjkZSMB8GA1UdIwQY
MBaAFBdIR/hmfVL6LPnPmvzEOgeRVXXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2Ut
MTQ1NGZmZTYxODJjLzEvZnBtQmx6R0VkV2FyOUM4MW4tbm9GUENPUmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2UtMTQ1NGZmZTYxODJj
LzEvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzgYIKwYBBQUHAQcBAf8EggG9MIIBuTCCAaYEAgABMIIB
njAMAwQBTU5GAwQBTU5IAwQCTU5MMAwDBAFNTl4DBAFNTngwDAMEAE1OewMEB01O
AAMEAlEAwAMEAFEAxzAMAwQBUQDOAwQBUQDQMAwDBAJRANQDBABRANYwDAMEAFEA
2QMEAVEA3DAMAwQAUQDhAwQAUQDiAwQAUQDkMAwDBAFRAOYDBAJRAPAwDAMEAVEA
9gMEAFEA+gMEAVEA/jAMAwQCUtAEAwQAUtAMAwQAUtAOMAwDBARS0BADBABS0BIw
DAMEAVLQGgMEAVLQHAMEAlLQIDAMAwQAUtAnAwQBUtAoAwQAUtAsMAwDBAFS0C4D
BABS0DIDBABS0DgDBABS0DoDBAJS0DwDBABV7+MwDAMEAVXv5gMEAFXv+gMEAVXv
/AMEA217wAMEAW17yjAMAwQAbXvNAwQCbXvQMAwDBAFte9YDBAFte+AwDAMEAG17
4wMEBG174AMEAdkL4DAMAwQA2QvjAwQA2QvmAwQB2QvoMAwDBADZC+sDBADZC+wD
BAHZC/IwDAMEANkL9QMEAdkL+AMEANkL+wMEANkL/jANBAIAAjAHAwUAIAEVKDAN
BgkqhkiG9w0BAQsFAAOCAQEASgFrsYgD5vAjxs16ID8IQB1YSLlEuaId0K/22woG
+/8VLfxmEk0aTEtrhC/vg6F5sT0GCG8azfav0GjgziXxkoYPJsSPHHwl17layFun
VMXdH+XiTCeY1/GXMe5ZNg4hhlr6aI4uerRr6d4XxIuxi3jyFuksSdI8AYUm83Bw
40rinnXvPWuxs7zr/TKmiA7zafkMbUkiwJSekCffYCA6mlcI53G4pKKwQ8Fg9pFh
lNuJBb0NK1bkDQk+AJhvdrZ0KWZ99oMOic6jWYTHbzS9RXydL3jCDQw7OvNvNJZ7
h4sqk3tcNnDpAYwtu+9m3Y6xwdGgUXGgA55C8vJrlgs/DA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:38 2024 by rpki-client on console-ams.rpki-client.org