Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/u-Pek7R8cLdhHtSjiwtsen4X_YI.roa
File:                     u-Pek7R8cLdhHtSjiwtsen4X_YI.roa (raw, json)
Hash identifier:          aoQFOw5mKQlb1Ms9nHmYbqXxWZtRvwNIQ6/89PUJkPQ=
Subject key identifier:   BB:E3:DE:93:B4:7C:70:B7:61:1E:D4:A3:8B:0B:6C:7A:7E:17:FD:82
Certificate issuer:       /CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
Certificate serial:       0182DFD6245F452A44EDC911CAD30BF55368
Authority key identifier: 17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/u-Pek7R8cLdhHtSjiwtsen4X_YI.roa
Signing time:             Sat 27 Aug 2022 15:05:29 +0000
ROA not before:           Sat 27 Aug 2022 15:05:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15685
IP address blocks:        82.208.56.0/24 maxlen: 24
                          82.208.58.0/24 maxlen: 24
                          82.208.60.0/22 maxlen: 22
                          109.123.202.0/23 maxlen: 23
                          109.123.205.0/24 maxlen: 24
                          109.123.206.0/23 maxlen: 23
                          82.208.4.0/22 maxlen: 22
                          82.208.8.0/22 maxlen: 22
                          109.123.209.0/24 maxlen: 24
                          109.123.208.0/22 maxlen: 22
                          109.123.216.0/21 maxlen: 21
                          82.208.14.0/24 maxlen: 24
                          82.208.16.0/23 maxlen: 23
                          82.208.17.0/24 maxlen: 24
                          82.208.16.0/24 maxlen: 24
                          109.123.214.0/23 maxlen: 23
                          82.208.12.0/24 maxlen: 24
                          109.123.224.0/23 maxlen: 23
                          82.208.18.0/24 maxlen: 24
                          82.208.28.0/23 maxlen: 23
                          109.123.232.0/21 maxlen: 21
                          109.123.227.0/24 maxlen: 24
                          82.208.26.0/23 maxlen: 23
                          109.123.228.0/22 maxlen: 22
                          82.208.32.0/22 maxlen: 22
                          82.208.44.0/24 maxlen: 24
                          109.123.240.0/20 maxlen: 20
                          82.208.39.0/24 maxlen: 24
                          82.208.40.0/23 maxlen: 23
                          82.208.50.0/24 maxlen: 24
                          82.208.46.0/23 maxlen: 23
                          82.208.48.0/23 maxlen: 23
                          217.11.254.0/24 maxlen: 24
                          217.11.224.0/23 maxlen: 23
                          217.11.230.0/24 maxlen: 24
                          217.11.232.0/23 maxlen: 23
                          217.11.227.0/24 maxlen: 24
                          217.11.228.0/23 maxlen: 23
                          217.11.236.0/24 maxlen: 24
                          217.11.235.0/24 maxlen: 24
                          217.11.245.0/24 maxlen: 24
                          217.11.246.0/23 maxlen: 23
                          217.11.242.0/23 maxlen: 23
                          217.11.251.0/24 maxlen: 24
                          217.11.248.0/23 maxlen: 23
                          217.11.249.0/24 maxlen: 24
                          109.123.192.0/21 maxlen: 21
                          81.0.217.0/24 maxlen: 24
                          81.0.218.0/23 maxlen: 23
                          81.0.214.0/24 maxlen: 24
                          81.0.226.0/24 maxlen: 24
                          81.0.225.0/24 maxlen: 24
                          81.0.220.0/23 maxlen: 23
                          81.0.230.0/23 maxlen: 23
                          77.78.96.0/20 maxlen: 20
                          81.0.232.0/21 maxlen: 21
                          77.78.94.0/23 maxlen: 23
                          81.0.228.0/24 maxlen: 24
                          81.0.240.0/22 maxlen: 22
                          81.0.246.0/23 maxlen: 23
                          77.78.112.0/21 maxlen: 21
                          81.0.248.0/23 maxlen: 23
                          81.0.250.0/24 maxlen: 24
                          77.78.123.0/24 maxlen: 24
                          77.78.124.0/22 maxlen: 22
                          81.0.254.0/23 maxlen: 23
                          77.78.120.0/23 maxlen: 23
                          85.239.230.0/23 maxlen: 23
                          85.239.227.0/24 maxlen: 24
                          85.239.232.0/21 maxlen: 21
                          81.0.192.0/22 maxlen: 22
                          81.0.199.0/24 maxlen: 24
                          77.78.70.0/23 maxlen: 23
                          85.239.240.0/21 maxlen: 21
                          81.0.206.0/23 maxlen: 23
                          85.239.250.0/24 maxlen: 24
                          77.78.76.0/22 maxlen: 22
                          85.239.252.0/23 maxlen: 23
                          77.78.72.0/23 maxlen: 23
                          81.0.208.0/23 maxlen: 23
                          85.239.248.0/23 maxlen: 23
                          81.0.212.0/23 maxlen: 23
                          2001:1528::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:df:d6:24:5f:45:2a:44:ed:c9:11:ca:d3:0b:f5:53:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
        Validity
            Not Before: Aug 27 15:05:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bbe3de93b47c70b7611ed4a38b0b6c7a7e17fd82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b3:25:72:b9:7a:fa:09:09:fd:f5:fd:86:e6:
                    4c:4e:11:b0:17:83:fb:5e:c3:2d:4f:5b:91:cf:11:
                    8a:95:8e:32:fb:ae:89:38:ca:29:7b:3d:a0:b0:27:
                    41:0b:e1:01:0e:9e:0b:62:a5:f1:1d:69:99:79:e5:
                    ef:11:47:10:b7:04:e7:b5:fb:88:6d:7c:94:e4:bc:
                    56:d3:21:77:11:e8:f2:d9:ad:20:af:ff:52:04:0f:
                    b2:e1:7a:e0:05:52:91:92:7a:7b:d4:86:52:c1:73:
                    58:87:a3:0b:19:8e:6b:5d:f2:cd:2a:04:bf:a9:09:
                    ff:fb:95:80:de:4f:f9:c8:7d:66:27:6c:6e:63:94:
                    bf:7e:35:5d:06:3e:22:86:7f:43:5e:28:74:61:6c:
                    eb:d9:47:6a:b7:53:84:9b:14:5d:b6:96:ca:ed:95:
                    6b:1d:83:41:45:a0:b0:cb:78:5a:15:b8:08:b4:56:
                    1c:b8:fb:e9:59:16:ec:ad:cc:b0:c3:06:91:14:fd:
                    01:76:d7:b4:b5:cf:43:c1:34:92:1d:76:b3:b7:2d:
                    d1:4f:d7:42:0b:c0:74:d7:d1:ec:d2:ff:5d:96:5a:
                    fe:e6:11:7c:ed:b9:eb:c2:fb:11:62:0d:43:db:1a:
                    0f:60:1a:cf:9b:cd:0b:e4:64:27:7e:c2:7a:2a:c8:
                    20:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E3:DE:93:B4:7C:70:B7:61:1E:D4:A3:8B:0B:6C:7A:7E:17:FD:82
            X509v3 Authority Key Identifier:
                keyid:17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/u-Pek7R8cLdhHtSjiwtsen4X_YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.70.0-77.78.73.255
                  77.78.76.0/22
                  77.78.94.0-77.78.121.255
                  77.78.123.0-77.78.127.255
                  81.0.192.0/22
                  81.0.199.0/24
                  81.0.206.0-81.0.209.255
                  81.0.212.0-81.0.214.255
                  81.0.217.0-81.0.221.255
                  81.0.225.0-81.0.226.255
                  81.0.228.0/24
                  81.0.230.0-81.0.243.255
                  81.0.246.0-81.0.250.255
                  81.0.254.0/23
                  82.208.4.0-82.208.12.255
                  82.208.14.0/24
                  82.208.16.0-82.208.18.255
                  82.208.26.0-82.208.29.255
                  82.208.32.0/22
                  82.208.39.0-82.208.41.255
                  82.208.44.0/24
                  82.208.46.0-82.208.50.255
                  82.208.56.0/24
                  82.208.58.0/24
                  82.208.60.0/22
                  85.239.227.0/24
                  85.239.230.0-85.239.250.255
                  85.239.252.0/23
                  109.123.192.0/21
                  109.123.202.0/23
                  109.123.205.0-109.123.211.255
                  109.123.214.0-109.123.225.255
                  109.123.227.0-109.123.255.255
                  217.11.224.0/23
                  217.11.227.0-217.11.230.255
                  217.11.232.0/23
                  217.11.235.0-217.11.236.255
                  217.11.242.0/23
                  217.11.245.0-217.11.249.255
                  217.11.251.0/24
                  217.11.254.0/24
                IPv6:
                  2001:1528::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:51:f1:11:e7:66:50:3e:52:0e:ba:04:d8:7b:66:69:cc:fb:
         28:da:98:dd:55:8c:fc:1b:2f:9f:32:f4:6b:b5:76:76:c6:f3:
         56:15:fa:a8:71:93:4f:71:ef:cc:bb:93:46:9b:f6:6e:f3:c5:
         b7:35:7b:73:3f:67:63:45:fa:d6:18:56:a9:ab:f7:d1:19:42:
         e5:44:d0:26:69:c5:f4:03:6b:83:81:1d:dd:ff:f3:ec:86:8e:
         48:31:98:e1:80:8f:95:6a:32:2d:3f:55:e0:12:72:0d:74:d0:
         2d:a9:c1:32:f2:02:6e:99:b4:70:67:df:61:06:33:62:70:08:
         79:dd:90:98:1d:9e:d2:be:44:cb:ce:83:69:50:10:57:ca:f5:
         51:e4:e7:c2:fd:bd:07:ff:bc:2b:fd:a5:e1:0c:dd:71:c7:83:
         18:c7:5b:8c:92:8a:1e:78:e8:f7:e4:20:92:29:46:5d:7f:8e:
         ce:ed:f1:3f:2a:49:c0:ea:9d:55:71:c0:5d:37:01:25:3a:c3:
         15:37:05:c7:76:d5:bc:09:26:f8:9f:b6:48:3b:b6:b2:c7:1c:
         b9:e6:0b:8f:2f:ee:ee:29:f0:02:1f:ac:60:44:a9:6a:17:ef:
         74:3e:20:9c:3c:c7:ac:e9:4a:1f:a6:4d:cf:0f:44:17:1d:81:
         71:28:f1:17
-----BEGIN CERTIFICATE-----
MIIGrTCCBZWgAwIBAgISAYLf1iRfRSpE7ckRytML9VNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDg0N2Y4NjY3ZDUyZmEyY2Y5Y2Y5YWZjYzQzYTA3OTE1
NTc1Y2EwHhcNMjIwODI3MTUwNTI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmUzZGU5M2I0N2M3MGI3NjExZWQ0YTM4YjBiNmM3YTdlMTdmZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7Mlcrl6+gkJ/fX9huZMThGwF4P7
XsMtT1uRzxGKlY4y+66JOMopez2gsCdBC+EBDp4LYqXxHWmZeeXvEUcQtwTntfuI
bXyU5LxW0yF3Eejy2a0gr/9SBA+y4XrgBVKRknp71IZSwXNYh6MLGY5rXfLNKgS/
qQn/+5WA3k/5yH1mJ2xuY5S/fjVdBj4ihn9DXih0YWzr2Udqt1OEmxRdtpbK7ZVr
HYNBRaCwy3haFbgItFYcuPvpWRbsrcywwwaRFP0Bdte0tc9DwTSSHXazty3RT9dC
C8B019Hs0v9dllr+5hF87bnrwvsRYg1D2xoPYBrPm80L5GQnfsJ6KsgguwIDAQAB
o4IDuTCCA7UwHQYDVR0OBBYEFLvj3pO0fHC3YR7Uo4sLbHp+F/2CMB8GA1UdIwQY
MBaAFBdIR/hmfVL6LPnPmvzEOgeRVXXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2Ut
MTQ1NGZmZTYxODJjLzEvdS1QZWs3UjhjTGRoSHRTaml3dHNlbjRYX1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2UtMTQ1NGZmZTYxODJj
LzEvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzQYIKwYBBQUHAQcBAf8EggG8MIIBuDCCAaUEAgABMIIB
nTAMAwQBTU5GAwQBTU5IAwQCTU5MMAwDBAFNTl4DBAFNTngwDAMEAE1OewMEB01O
AAMEAlEAwAMEAFEAxzAMAwQBUQDOAwQBUQDQMAwDBAJRANQDBABRANYwDAMEAFEA
2QMEAVEA3DAMAwQAUQDhAwQAUQDiAwQAUQDkMAwDBAFRAOYDBAJRAPAwDAMEAVEA
9gMEAFEA+gMEAVEA/jAMAwQCUtAEAwQAUtAMAwQAUtAOMAwDBARS0BADBABS0BIw
DAMEAVLQGgMEAVLQHAMEAlLQIDAMAwQAUtAnAwQBUtAoAwQAUtAsMAwDBAFS0C4D
BABS0DIDBABS0DgDBABS0DoDBAJS0DwDBABV7+MwDAMEAVXv5gMEAFXv+gMEAVXv
/AMEA217wAMEAW17yjAMAwQAbXvNAwQCbXvQMAwDBAFte9YDBAFte+AwCwMEAG17
4wMDAm14AwQB2QvgMAwDBADZC+MDBADZC+YDBAHZC+gwDAMEANkL6wMEANkL7AME
AdkL8jAMAwQA2Qv1AwQB2Qv4AwQA2Qv7AwQA2Qv+MA0EAgACMAcDBQAgARUoMA0G
CSqGSIb3DQEBCwUAA4IBAQBLUfER52ZQPlIOugTYe2ZpzPso2pjdVYz8Gy+fMvRr
tXZ2xvNWFfqocZNPce/Mu5NGm/Zu88W3NXtzP2djRfrWGFapq/fRGULlRNAmacX0
A2uDgR3d//Psho5IMZjhgI+VajItP1XgEnINdNAtqcEy8gJumbRwZ99hBjNicAh5
3ZCYHZ7SvkTLzoNpUBBXyvVR5OfC/b0H/7wr/aXhDN1xx4MYx1uMkooeeOj35CCS
KUZdf47O7fE/KknA6p1VccBdNwElOsMVNwXHdtW8CSb4n7ZIO7ayxxy55guPL+7u
KfACH6xgRKlqF+90PiCcPMes6Uofpk3PD0QXHYFxKPEX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:38 2024 by rpki-client on console-ams.rpki-client.org