Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/qUeOjPMSlJXCkT7yADj_Kizn5uU.roa
File:                     qUeOjPMSlJXCkT7yADj_Kizn5uU.roa (raw, json)
Hash identifier:          7IYsagunxrgxawbYdEb0Fs7Y+ayKbVGfKS4o44ItlQU=
Subject key identifier:   A9:47:8E:8C:F3:12:94:95:C2:91:3E:F2:00:38:FF:2A:2C:E7:E6:E5
Certificate issuer:       /CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
Certificate serial:       08085A69
Authority key identifier: 17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/qUeOjPMSlJXCkT7yADj_Kizn5uU.roa
Signing time:             Sat 01 Jan 2022 15:02:55 +0000
ROA not before:           Sat 01 Jan 2022 15:02:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21430
IP address blocks:        82.208.52.0/22 maxlen: 22
                          82.208.57.0/24 maxlen: 24
                          82.208.59.0/24 maxlen: 24
                          109.123.200.0/23 maxlen: 23
                          109.123.204.0/24 maxlen: 24
                          82.208.0.0/22 maxlen: 22
                          109.123.212.0/23 maxlen: 23
                          82.208.13.0/24 maxlen: 24
                          82.208.15.0/24 maxlen: 24
                          82.208.24.0/23 maxlen: 23
                          82.208.19.0/24 maxlen: 24
                          109.123.226.0/24 maxlen: 24
                          82.208.25.0/24 maxlen: 24
                          82.208.30.0/23 maxlen: 23
                          82.208.36.0/23 maxlen: 23
                          82.208.38.0/24 maxlen: 24
                          82.208.42.0/23 maxlen: 23
                          82.208.51.0/24 maxlen: 24
                          82.208.45.0/24 maxlen: 24
                          217.11.255.0/24 maxlen: 24
                          217.11.226.0/24 maxlen: 24
                          217.11.231.0/24 maxlen: 24
                          217.11.234.0/24 maxlen: 24
                          217.11.237.0/24 maxlen: 24
                          217.11.238.0/23 maxlen: 23
                          217.11.240.0/23 maxlen: 23
                          217.11.244.0/24 maxlen: 24
                          217.11.250.0/24 maxlen: 24
                          217.11.252.0/23 maxlen: 23
                          85.239.254.0/23 maxlen: 23
                          77.78.80.0/21 maxlen: 21
                          81.0.216.0/24 maxlen: 24
                          81.0.215.0/24 maxlen: 24
                          77.78.88.0/22 maxlen: 22
                          81.0.222.0/23 maxlen: 23
                          81.0.224.0/24 maxlen: 24
                          77.78.92.0/23 maxlen: 23
                          81.0.227.0/24 maxlen: 24
                          81.0.229.0/24 maxlen: 24
                          81.0.245.0/24 maxlen: 24
                          81.0.244.0/23 maxlen: 23
                          81.0.252.0/23 maxlen: 23
                          81.0.251.0/24 maxlen: 24
                          77.78.122.0/24 maxlen: 24
                          85.239.224.0/23 maxlen: 23
                          85.239.226.0/24 maxlen: 24
                          85.239.228.0/23 maxlen: 23
                          81.0.196.0/23 maxlen: 23
                          81.0.198.0/24 maxlen: 24
                          77.78.64.0/22 maxlen: 22
                          81.0.200.0/22 maxlen: 22
                          81.0.204.0/23 maxlen: 23
                          77.78.68.0/23 maxlen: 23
                          77.78.68.0/24 maxlen: 24
                          77.78.74.0/23 maxlen: 23
                          85.239.251.0/24 maxlen: 24
                          77.78.75.0/24 maxlen: 24
                          81.0.210.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 134765161 (0x8085a69)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
        Validity
            Not Before: Jan  1 15:02:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a9478e8cf3129495c2913ef20038ff2a2ce7e6e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:87:e2:9b:a3:b7:8f:2b:13:87:23:d2:d1:29:
                    aa:cc:82:5e:1f:92:57:a4:c6:2e:85:00:c6:8c:d9:
                    33:34:37:10:53:2d:55:01:20:e9:cc:8e:3b:fb:fd:
                    08:88:cc:bc:9a:04:11:94:7e:24:45:65:8c:2d:cb:
                    04:40:0e:8b:28:3e:8f:9b:76:e4:b9:09:da:15:2a:
                    d1:cc:f7:99:e6:ff:38:5f:60:48:4a:24:79:1a:98:
                    6f:a1:62:5d:39:f4:cd:7c:8b:b0:d2:34:f3:c1:0a:
                    67:04:5e:42:52:37:a1:4b:42:7b:46:99:aa:df:bb:
                    e6:6a:af:69:3b:2a:1c:d9:23:d0:c3:37:73:5e:66:
                    47:39:2f:8c:7f:a7:db:12:a9:f7:9f:94:d7:4a:a5:
                    84:bc:dc:d3:0e:14:00:75:7e:ec:84:5c:18:37:35:
                    79:93:09:43:96:b7:42:af:35:cb:86:af:a8:0e:49:
                    8e:3d:3c:85:2d:69:29:ab:4d:d4:52:a1:62:95:8b:
                    0b:0a:96:e1:b4:46:69:eb:8b:c8:30:4f:d7:61:bf:
                    87:5e:5e:81:c7:da:fa:2c:7d:12:f2:e4:3a:29:de:
                    9e:94:7c:8e:98:1b:0d:b2:f4:4c:fe:de:a8:57:36:
                    70:38:83:7c:b8:36:9c:b3:8d:77:4f:5f:45:47:63:
                    a3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:47:8E:8C:F3:12:94:95:C2:91:3E:F2:00:38:FF:2A:2C:E7:E6:E5
            X509v3 Authority Key Identifier:
                keyid:17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/qUeOjPMSlJXCkT7yADj_Kizn5uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.64.0-77.78.69.255
                  77.78.74.0/23
                  77.78.80.0-77.78.93.255
                  77.78.122.0/24
                  81.0.196.0-81.0.198.255
                  81.0.200.0-81.0.205.255
                  81.0.210.0/23
                  81.0.215.0-81.0.216.255
                  81.0.222.0-81.0.224.255
                  81.0.227.0/24
                  81.0.229.0/24
                  81.0.244.0/23
                  81.0.251.0-81.0.253.255
                  82.208.0.0/22
                  82.208.13.0/24
                  82.208.15.0/24
                  82.208.19.0/24
                  82.208.24.0/23
                  82.208.30.0/23
                  82.208.36.0-82.208.38.255
                  82.208.42.0/23
                  82.208.45.0/24
                  82.208.51.0-82.208.55.255
                  82.208.57.0/24
                  82.208.59.0/24
                  85.239.224.0-85.239.226.255
                  85.239.228.0/23
                  85.239.251.0/24
                  85.239.254.0/23
                  109.123.200.0/23
                  109.123.204.0/24
                  109.123.212.0/23
                  109.123.226.0/24
                  217.11.226.0/24
                  217.11.231.0/24
                  217.11.234.0/24
                  217.11.237.0-217.11.241.255
                  217.11.244.0/24
                  217.11.250.0/24
                  217.11.252.0/23
                  217.11.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ae:28:fe:1c:8a:0d:71:3a:07:35:43:76:52:74:11:da:52:
         63:82:fa:05:a9:a9:b2:1b:87:cd:87:59:7f:4e:59:4f:c1:dc:
         29:a2:45:b2:e7:d2:89:77:ef:49:bd:5d:89:86:be:91:bf:b9:
         f7:9e:14:ef:f0:0c:dc:eb:e7:17:ca:43:e7:e5:16:da:53:8e:
         b1:b6:f4:e0:23:55:20:b7:11:80:51:ea:39:97:63:9e:ea:34:
         5f:ae:7e:f1:ee:68:31:5b:73:e2:d2:0e:f2:f7:e5:ad:75:c5:
         b3:f4:97:09:72:ba:d4:44:6f:63:5e:3b:e8:e4:69:cb:62:bc:
         19:1f:1c:bb:8a:27:c1:f6:09:40:43:2f:bc:9e:1a:5e:1a:24:
         00:64:ea:df:24:b0:65:e3:b6:a3:0e:94:33:bd:5c:15:c2:4f:
         4d:d8:1c:10:c2:51:fd:a6:ce:8c:24:1d:44:6f:25:7c:1d:f5:
         91:36:57:e2:f1:22:d6:f6:01:94:7d:7a:93:14:cf:d3:5d:a2:
         9f:1c:40:50:1e:6e:da:67:aa:c1:c0:3a:c1:ef:b7:ef:9f:bd:
         70:25:e0:a4:fc:61:67:19:b6:21:58:a8:0b:3e:01:13:31:1c:
         c3:4f:ee:7c:f5:93:87:bb:3d:48:1e:a3:35:ae:1a:1f:bd:07:
         c5:22:af:d2
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgIECAhaaTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
NzQ4NDdmODY2N2Q1MmZhMmNmOWNmOWFmY2M0M2EwNzkxNTU3NWNhMB4XDTIyMDEw
MTE1MDI1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTk0NzhlOGNmMzEy
OTQ5NWMyOTEzZWYyMDAzOGZmMmEyY2U3ZTZlNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANWH4pujt48rE4cj0tEpqsyCXh+SV6TGLoUAxozZMzQ3EFMt
VQEg6cyOO/v9CIjMvJoEEZR+JEVljC3LBEAOiyg+j5t25LkJ2hUq0cz3meb/OF9g
SEokeRqYb6FiXTn0zXyLsNI088EKZwReQlI3oUtCe0aZqt+75mqvaTsqHNkj0MM3
c15mRzkvjH+n2xKp95+U10qlhLzc0w4UAHV+7IRcGDc1eZMJQ5a3Qq81y4avqA5J
jj08hS1pKatN1FKhYpWLCwqW4bRGaeuLyDBP12G/h15egcfa+ix9EvLkOinenpR8
jpgbDbL0TP7eqFc2cDiDfLg2nLONd09fRUdjo/cCAwEAAaOCA1swggNXMB0GA1Ud
DgQWBBSpR46M8xKUlcKRPvIAOP8qLOfm5TAfBgNVHSMEGDAWgBQXSEf4Zn1S+iz5
z5r8xDoHkVV1yjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0YwaEgtR1o5VXZvcy1jLWFfTVE2QjVGVmRjby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjMvNzJjYzRhLTJkOWMtNDgwOC04MjNlLTE0NTRmZmU2MTgyYy8x
L3FVZU9qUE1TbEpYQ2tUN3lBRGpfS2l6bjV1VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjMv
NzJjYzRhLTJkOWMtNDgwOC04MjNlLTE0NTRmZmU2MTgyYy8xL0YwaEgtR1o5VXZv
cy1jLWFfTVE2QjVGVmRjby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AW8GCCsGAQUFBwEHAQH/BIIBXjCCAVowggFWBAIAATCCAU4wDAMEBk1OQAMEAU1O
RAMEAU1OSjAMAwQETU5QAwQBTU5cAwQATU56MAwDBAJRAMQDBABRAMYwDAMEA1EA
yAMEAVEAzAMEAVEA0jAMAwQAUQDXAwQAUQDYMAwDBAFRAN4DBABRAOADBABRAOMD
BABRAOUDBAFRAPQwDAMEAFEA+wMEAVEA/AMEAlLQAAMEAFLQDQMEAFLQDwMEAFLQ
EwMEAVLQGAMEAVLQHjAMAwQCUtAkAwQAUtAmAwQBUtAqAwQAUtAtMAwDBABS0DMD
BANS0DADBABS0DkDBABS0DswDAMEBVXv4AMEAFXv4gMEAVXv5AMEAFXv+wMEAVXv
/gMEAW17yAMEAG17zAMEAW171AMEAG174gMEANkL4gMEANkL5wMEANkL6jAMAwQA
2QvtAwQB2QvwAwQA2Qv0AwQA2Qv6AwQB2Qv8AwQA2Qv/MA0GCSqGSIb3DQEBCwUA
A4IBAQAlrij+HIoNcToHNUN2UnQR2lJjgvoFqamyG4fNh1l/TllPwdwpokWy59KJ
d+9JvV2Jhr6Rv7n3nhTv8Azc6+cXykPn5RbaU46xtvTgI1UgtxGAUeo5l2Oe6jRf
rn7x7mgxW3Pi0g7y9+WtdcWz9JcJcrrURG9jXjvo5GnLYrwZHxy7iifB9glAQy+8
nhpeGiQAZOrfJLBl47ajDpQzvVwVwk9N2BwQwlH9ps6MJB1EbyV8HfWRNlfi8SLW
9gGUfXqTFM/TXaKfHEBQHm7aZ6rBwDrB77fvn71wJeCk/GFnGbYhWKgLPgETMRzD
T+589ZOHuz1IHqM1rhofvQfFIq/S
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:40 2024 by rpki-client on console-fra.rpki-client.org