Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/wAm8A7Y8iVcO2J1rpQ5RdmrcJC8.roa
File:                     wAm8A7Y8iVcO2J1rpQ5RdmrcJC8.roa (raw, json)
Hash identifier:          gA0sJi/dP7xlMIQk5NmCXKYwg3C+Bk7jpvkvdzDW3GA=
Subject key identifier:   C0:09:BC:03:B6:3C:89:57:0E:D8:9D:6B:A5:0E:51:76:6A:DC:24:2F
Certificate issuer:       /CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
Certificate serial:       0183C16761F44D3820501F86887227BD0EF0
Authority key identifier: 17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/wAm8A7Y8iVcO2J1rpQ5RdmrcJC8.roa
Signing time:             Mon 10 Oct 2022 10:18:41 +0000
ROA not before:           Mon 10 Oct 2022 10:18:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15685
IP address blocks:        82.208.56.0/24 maxlen: 24
                          82.208.58.0/24 maxlen: 24
                          82.208.60.0/24 maxlen: 24
                          82.208.60.0/22 maxlen: 22
                          109.123.202.0/23 maxlen: 23
                          109.123.205.0/24 maxlen: 24
                          109.123.206.0/23 maxlen: 23
                          82.208.4.0/22 maxlen: 22
                          82.208.8.0/22 maxlen: 22
                          109.123.209.0/24 maxlen: 24
                          109.123.208.0/22 maxlen: 22
                          109.123.216.0/21 maxlen: 21
                          82.208.14.0/24 maxlen: 24
                          82.208.16.0/23 maxlen: 23
                          82.208.17.0/24 maxlen: 24
                          82.208.16.0/24 maxlen: 24
                          109.123.214.0/23 maxlen: 23
                          82.208.12.0/24 maxlen: 24
                          109.123.224.0/23 maxlen: 23
                          82.208.18.0/24 maxlen: 24
                          82.208.28.0/23 maxlen: 23
                          109.123.232.0/21 maxlen: 21
                          109.123.227.0/24 maxlen: 24
                          82.208.26.0/23 maxlen: 23
                          109.123.228.0/22 maxlen: 22
                          82.208.32.0/22 maxlen: 22
                          82.208.44.0/24 maxlen: 24
                          82.208.39.0/24 maxlen: 24
                          82.208.40.0/23 maxlen: 23
                          82.208.50.0/24 maxlen: 24
                          82.208.46.0/23 maxlen: 23
                          82.208.48.0/23 maxlen: 23
                          217.11.254.0/24 maxlen: 24
                          217.11.224.0/23 maxlen: 23
                          217.11.230.0/24 maxlen: 24
                          217.11.232.0/23 maxlen: 23
                          217.11.227.0/24 maxlen: 24
                          217.11.228.0/23 maxlen: 23
                          217.11.236.0/24 maxlen: 24
                          217.11.235.0/24 maxlen: 24
                          217.11.245.0/24 maxlen: 24
                          217.11.246.0/23 maxlen: 23
                          217.11.242.0/23 maxlen: 23
                          217.11.251.0/24 maxlen: 24
                          217.11.248.0/23 maxlen: 23
                          217.11.249.0/24 maxlen: 24
                          109.123.192.0/21 maxlen: 21
                          81.0.217.0/24 maxlen: 24
                          81.0.218.0/23 maxlen: 23
                          81.0.214.0/24 maxlen: 24
                          81.0.226.0/24 maxlen: 24
                          81.0.225.0/24 maxlen: 24
                          81.0.220.0/23 maxlen: 23
                          81.0.230.0/23 maxlen: 23
                          77.78.96.0/20 maxlen: 20
                          81.0.232.0/21 maxlen: 21
                          77.78.94.0/23 maxlen: 23
                          81.0.228.0/24 maxlen: 24
                          81.0.240.0/22 maxlen: 22
                          81.0.246.0/23 maxlen: 23
                          77.78.112.0/21 maxlen: 21
                          81.0.248.0/23 maxlen: 23
                          81.0.250.0/24 maxlen: 24
                          77.78.123.0/24 maxlen: 24
                          77.78.124.0/22 maxlen: 22
                          81.0.254.0/23 maxlen: 23
                          77.78.120.0/23 maxlen: 23
                          85.239.230.0/23 maxlen: 23
                          85.239.227.0/24 maxlen: 24
                          85.239.232.0/21 maxlen: 21
                          81.0.192.0/22 maxlen: 22
                          81.0.199.0/24 maxlen: 24
                          77.78.70.0/23 maxlen: 23
                          85.239.240.0/21 maxlen: 21
                          81.0.206.0/23 maxlen: 23
                          85.239.250.0/24 maxlen: 24
                          77.78.76.0/22 maxlen: 22
                          85.239.252.0/23 maxlen: 23
                          77.78.72.0/23 maxlen: 23
                          81.0.208.0/23 maxlen: 23
                          85.239.248.0/23 maxlen: 23
                          81.0.212.0/23 maxlen: 23
                          2001:1528::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c1:67:61:f4:4d:38:20:50:1f:86:88:72:27:bd:0e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174847f8667d52fa2cf9cf9afcc43a07915575ca
        Validity
            Not Before: Oct 10 10:18:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c009bc03b63c89570ed89d6ba50e51766adc242f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:90:c0:65:3e:a4:71:20:a9:b6:94:35:03:a7:
                    ef:08:f2:7f:ce:4c:05:6a:cb:64:9e:d2:2c:ad:54:
                    f1:e9:e8:6a:33:ea:a5:fc:48:c4:73:4a:aa:d3:54:
                    b9:b5:8e:53:e3:85:04:4e:22:4a:f9:12:01:e7:47:
                    2d:71:df:d0:68:0b:34:94:73:de:6e:56:06:f8:87:
                    16:42:fa:2e:56:2e:82:55:9b:0d:42:68:a0:e0:a2:
                    ec:87:9f:10:9b:04:71:7a:eb:cd:ac:08:34:13:ec:
                    32:e7:a0:00:24:83:27:8a:d0:b8:c0:10:70:0e:ad:
                    26:82:99:8e:ca:91:30:fe:4b:9d:da:47:5c:03:84:
                    3f:53:ae:0d:3e:f8:06:d4:9d:0a:ca:de:82:75:aa:
                    56:ca:a2:6c:7b:44:8a:8a:f8:43:77:bc:71:2f:23:
                    94:18:52:83:43:65:72:a9:82:14:2a:09:21:76:63:
                    42:2c:4a:20:b3:29:30:70:38:f4:e3:4a:eb:ca:fb:
                    ae:60:aa:0c:e6:a0:20:1a:c4:c6:c9:6b:4b:2d:91:
                    26:36:45:78:79:ca:5b:eb:d0:1b:88:ea:00:23:52:
                    59:01:90:e3:e8:3b:1e:2e:9c:74:46:c9:5e:aa:95:
                    f4:61:8b:3c:97:de:4b:b3:de:65:28:ba:3f:06:82:
                    35:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:09:BC:03:B6:3C:89:57:0E:D8:9D:6B:A5:0E:51:76:6A:DC:24:2F
            X509v3 Authority Key Identifier:
                keyid:17:48:47:F8:66:7D:52:FA:2C:F9:CF:9A:FC:C4:3A:07:91:55:75:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/wAm8A7Y8iVcO2J1rpQ5RdmrcJC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/72cc4a-2d9c-4808-823e-1454ffe6182c/1/F0hH-GZ9Uvos-c-a_MQ6B5FVdco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.78.70.0-77.78.73.255
                  77.78.76.0/22
                  77.78.94.0-77.78.121.255
                  77.78.123.0-77.78.127.255
                  81.0.192.0/22
                  81.0.199.0/24
                  81.0.206.0-81.0.209.255
                  81.0.212.0-81.0.214.255
                  81.0.217.0-81.0.221.255
                  81.0.225.0-81.0.226.255
                  81.0.228.0/24
                  81.0.230.0-81.0.243.255
                  81.0.246.0-81.0.250.255
                  81.0.254.0/23
                  82.208.4.0-82.208.12.255
                  82.208.14.0/24
                  82.208.16.0-82.208.18.255
                  82.208.26.0-82.208.29.255
                  82.208.32.0/22
                  82.208.39.0-82.208.41.255
                  82.208.44.0/24
                  82.208.46.0-82.208.50.255
                  82.208.56.0/24
                  82.208.58.0/24
                  82.208.60.0/22
                  85.239.227.0/24
                  85.239.230.0-85.239.250.255
                  85.239.252.0/23
                  109.123.192.0/21
                  109.123.202.0/23
                  109.123.205.0-109.123.211.255
                  109.123.214.0-109.123.225.255
                  109.123.227.0-109.123.239.255
                  217.11.224.0/23
                  217.11.227.0-217.11.230.255
                  217.11.232.0/23
                  217.11.235.0-217.11.236.255
                  217.11.242.0/23
                  217.11.245.0-217.11.249.255
                  217.11.251.0/24
                  217.11.254.0/24
                IPv6:
                  2001:1528::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:2f:54:c7:fd:06:7a:00:08:c1:a3:34:10:c6:ce:1a:7c:d2:
         8b:33:35:4d:fe:2b:dd:20:f0:4f:68:4a:a7:a7:c1:0f:3b:72:
         3f:cc:80:81:8d:5f:11:15:4e:59:6c:70:c3:ef:94:2b:2b:a3:
         79:4f:3e:73:5e:c2:e3:13:35:2e:0e:2c:6b:1a:66:28:1b:9f:
         9d:71:8a:00:07:59:c6:e6:84:54:07:88:27:61:84:4f:ed:a6:
         9f:53:05:e7:b0:2c:e5:97:a8:af:66:fa:32:e2:f0:dc:40:1b:
         cd:2f:a9:c4:d9:76:98:f0:f8:5e:a6:e0:be:3c:00:c4:51:ab:
         05:15:87:cf:de:e6:4e:c8:53:6b:bf:82:71:b9:4a:f3:34:c8:
         5a:69:9c:78:4f:72:e0:e0:9c:e4:1e:0e:66:21:e2:85:74:9b:
         01:a6:c6:86:14:d6:46:f7:18:ec:11:0c:cb:ce:a0:52:bd:a6:
         5e:7c:25:12:4e:e4:b9:d3:cb:0d:01:04:02:24:81:12:d1:fb:
         0d:e3:ed:39:48:ad:04:4e:2a:78:52:a8:cc:f6:77:b2:4c:e5:
         b6:c0:1d:15:b2:9f:b2:6b:54:c0:db:eb:d9:0d:f6:40:5f:2a:
         96:0d:62:e1:c8:36:89:ab:0b:1b:8c:e2:8f:dc:17:ae:5b:01:
         3e:e5:ab:33
-----BEGIN CERTIFICATE-----
MIIGrjCCBZagAwIBAgISAYPBZ2H0TTggUB+GiHInvQ7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDg0N2Y4NjY3ZDUyZmEyY2Y5Y2Y5YWZjYzQzYTA3OTE1
NTc1Y2EwHhcNMjIxMDEwMTAxODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDA5YmMwM2I2M2M4OTU3MGVkODlkNmJhNTBlNTE3NjZhZGMyNDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5DAZT6kcSCptpQ1A6fvCPJ/zkwF
astkntIsrVTx6ehqM+ql/EjEc0qq01S5tY5T44UETiJK+RIB50ctcd/QaAs0lHPe
blYG+IcWQvouVi6CVZsNQmig4KLsh58QmwRxeuvNrAg0E+wy56AAJIMnitC4wBBw
Dq0mgpmOypEw/kud2kdcA4Q/U64NPvgG1J0Kyt6CdapWyqJse0SKivhDd7xxLyOU
GFKDQ2VyqYIUKgkhdmNCLEogsykwcDj040rryvuuYKoM5qAgGsTGyWtLLZEmNkV4
ecpb69AbiOoAI1JZAZDj6DseLpx0RsleqpX0YYs8l95Ls95lKLo/BoI1cQIDAQAB
o4IDujCCA7YwHQYDVR0OBBYEFMAJvAO2PIlXDtida6UOUXZq3CQvMB8GA1UdIwQY
MBaAFBdIR/hmfVL6LPnPmvzEOgeRVXXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2Ut
MTQ1NGZmZTYxODJjLzEvd0FtOEE3WThpVmNPMkoxcnBRNVJkbXJjSkM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83MmNjNGEtMmQ5Yy00ODA4LTgyM2UtMTQ1NGZmZTYxODJj
LzEvRjBoSC1HWjlVdm9zLWMtYV9NUTZCNUZWZGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzgYIKwYBBQUHAQcBAf8EggG9MIIBuTCCAaYEAgABMIIB
njAMAwQBTU5GAwQBTU5IAwQCTU5MMAwDBAFNTl4DBAFNTngwDAMEAE1OewMEB01O
AAMEAlEAwAMEAFEAxzAMAwQBUQDOAwQBUQDQMAwDBAJRANQDBABRANYwDAMEAFEA
2QMEAVEA3DAMAwQAUQDhAwQAUQDiAwQAUQDkMAwDBAFRAOYDBAJRAPAwDAMEAVEA
9gMEAFEA+gMEAVEA/jAMAwQCUtAEAwQAUtAMAwQAUtAOMAwDBARS0BADBABS0BIw
DAMEAVLQGgMEAVLQHAMEAlLQIDAMAwQAUtAnAwQBUtAoAwQAUtAsMAwDBAFS0C4D
BABS0DIDBABS0DgDBABS0DoDBAJS0DwDBABV7+MwDAMEAVXv5gMEAFXv+gMEAVXv
/AMEA217wAMEAW17yjAMAwQAbXvNAwQCbXvQMAwDBAFte9YDBAFte+AwDAMEAG17
4wMEBG174AMEAdkL4DAMAwQA2QvjAwQA2QvmAwQB2QvoMAwDBADZC+sDBADZC+wD
BAHZC/IwDAMEANkL9QMEAdkL+AMEANkL+wMEANkL/jANBAIAAjAHAwUAIAEVKDAN
BgkqhkiG9w0BAQsFAAOCAQEAOi9Ux/0GegAIwaM0EMbOGnzSizM1Tf4r3SDwT2hK
p6fBDztyP8yAgY1fERVOWWxww++UKyujeU8+c17C4xM1Lg4saxpmKBufnXGKAAdZ
xuaEVAeIJ2GET+2mn1MF57As5Zeor2b6MuLw3EAbzS+pxNl2mPD4XqbgvjwAxFGr
BRWHz97mTshTa7+CcblK8zTIWmmceE9y4OCc5B4OZiHihXSbAabGhhTWRvcY7BEM
y86gUr2mXnwlEk7kudPLDQEEAiSBEtH7DePtOUitBE4qeFKozPZ3skzltsAdFbKf
smtUwNvr2Q32QF8qlg1i4cg2iasLG4zij9wXrlsBPuWrMw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:40 2024 by rpki-client on console-fra.rpki-client.org