Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/VjWTujUBrzdtN3zp_T245CzClhE.roa
File:                     VjWTujUBrzdtN3zp_T245CzClhE.roa (raw, json)
Hash identifier:          zA0WZgxGBCv+KQV7IpxPRaIp2kIPjW07fSrP2w4+nBc=
Subject key identifier:   56:35:93:BA:35:01:AF:37:6D:37:7C:E9:FD:3D:B8:E4:2C:C2:96:11
Certificate issuer:       /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial:       0195231103CA67CB9CD87E49F79E7733CA23
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/VjWTujUBrzdtN3zp_T245CzClhE.roa
Signing time:             Thu 20 Feb 2025 11:14:32 +0000
ROA not before:           Thu 20 Feb 2025 11:14:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58224
IP address blocks:        37.148.64.0/21 maxlen: 24
                          37.148.72.0/22 maxlen: 24
                          37.148.76.0/22 maxlen: 24
                          37.148.80.0/22 maxlen: 24
                          37.148.84.0/22 maxlen: 24
                          37.148.88.0/21 maxlen: 24
                          37.148.96.0/22 maxlen: 24
                          37.148.100.0/22 maxlen: 24
                          37.148.104.0/21 maxlen: 24
                          37.148.112.0/22 maxlen: 24
                          37.148.116.0/22 maxlen: 24
                          37.148.120.0/21 maxlen: 24
                          37.202.128.0/22 maxlen: 22
                          37.202.132.0/22 maxlen: 22
                          37.202.136.0/22 maxlen: 22
                          37.202.140.0/22 maxlen: 22
                          37.202.152.0/22 maxlen: 22
                          37.202.156.0/22 maxlen: 22
                          37.202.160.0/22 maxlen: 22
                          37.202.164.0/22 maxlen: 22
                          37.202.188.0/22 maxlen: 22
                          37.202.232.0/22 maxlen: 22
                          37.202.236.0/22 maxlen: 22
                          37.202.240.0/24 maxlen: 24
                          37.202.241.0/24 maxlen: 24
                          37.202.242.0/24 maxlen: 24
                          37.202.244.0/22 maxlen: 22
                          37.202.248.0/22 maxlen: 22
                          37.202.252.0/22 maxlen: 22
                          94.182.10.0/24 maxlen: 24
                          94.182.204.0/24 maxlen: 24
                          94.182.205.0/24 maxlen: 24
                          94.182.206.0/24 maxlen: 24
                          94.182.207.0/24 maxlen: 24
                          151.239.120.0/22 maxlen: 24
                          151.239.124.0/22 maxlen: 24
                          151.239.128.0/22 maxlen: 24
                          151.239.132.0/22 maxlen: 24
                          151.239.136.0/22 maxlen: 24
                          151.239.140.0/22 maxlen: 24
                          151.239.144.0/22 maxlen: 24
                          151.239.148.0/22 maxlen: 24
                          151.239.152.0/22 maxlen: 24
                          151.239.156.0/22 maxlen: 24
                          151.239.160.0/21 maxlen: 24
                          151.239.168.0/22 maxlen: 24
                          151.239.172.0/22 maxlen: 24
                          151.239.176.0/22 maxlen: 24
                          151.239.180.0/22 maxlen: 24
                          151.239.184.0/22 maxlen: 24
                          151.239.188.0/22 maxlen: 24
                          151.239.192.0/21 maxlen: 24
                          151.239.200.0/21 maxlen: 24
                          151.239.208.0/20 maxlen: 24
                          151.239.224.0/20 maxlen: 24
                          151.239.240.0/20 maxlen: 24
                          151.246.0.0/22 maxlen: 22
                          151.246.4.0/22 maxlen: 22
                          151.246.8.0/22 maxlen: 22
                          151.246.12.0/22 maxlen: 22
                          151.246.16.0/22 maxlen: 22
                          151.246.20.0/22 maxlen: 22
                          151.246.24.0/22 maxlen: 22
                          151.246.28.0/22 maxlen: 22
                          151.246.32.0/22 maxlen: 22
                          151.246.36.0/22 maxlen: 22
                          151.246.40.0/22 maxlen: 22
                          151.246.44.0/22 maxlen: 22
                          151.246.48.0/22 maxlen: 22
                          151.246.52.0/22 maxlen: 22
                          151.246.56.0/22 maxlen: 22
                          151.246.60.0/22 maxlen: 22
                          151.246.160.0/20 maxlen: 24
                          151.246.176.0/21 maxlen: 21
                          151.246.184.0/21 maxlen: 21
                          151.246.192.0/20 maxlen: 24
                          151.246.208.0/20 maxlen: 24
                          151.246.224.0/20 maxlen: 20
                          151.246.248.0/22 maxlen: 24
                          151.247.0.0/23 maxlen: 24
                          151.247.2.0/24 maxlen: 24
                          151.247.3.0/24 maxlen: 24
                          151.247.4.0/22 maxlen: 24
                          151.247.8.0/22 maxlen: 24
                          151.247.12.0/24 maxlen: 24
                          151.247.13.0/24 maxlen: 24
                          151.247.14.0/24 maxlen: 24
                          151.247.15.0/24 maxlen: 24
                          151.247.16.0/23 maxlen: 24
                          151.247.18.0/24 maxlen: 24
                          151.247.19.0/24 maxlen: 24
                          151.247.20.0/23 maxlen: 23
                          151.247.22.0/24 maxlen: 24
                          151.247.23.0/24 maxlen: 24
                          151.247.24.0/22 maxlen: 22
                          151.247.28.0/22 maxlen: 22
                          151.247.32.0/22 maxlen: 22
                          151.247.36.0/22 maxlen: 22
                          151.247.40.0/22 maxlen: 22
                          151.247.44.0/22 maxlen: 22
                          151.247.48.0/22 maxlen: 22
                          151.247.52.0/22 maxlen: 22
                          151.247.56.0/22 maxlen: 22
                          151.247.60.0/22 maxlen: 22
                          151.247.64.0/23 maxlen: 23
                          151.247.66.0/23 maxlen: 23
                          151.247.68.0/23 maxlen: 23
                          151.247.70.0/23 maxlen: 23
                          151.247.72.0/22 maxlen: 22
                          151.247.76.0/23 maxlen: 23
                          151.247.78.0/23 maxlen: 23
                          151.247.80.0/23 maxlen: 23
                          151.247.82.0/23 maxlen: 23
                          151.247.84.0/23 maxlen: 23
                          151.247.86.0/23 maxlen: 23
                          151.247.88.0/22 maxlen: 22
                          151.247.92.0/22 maxlen: 22
                          151.247.96.0/22 maxlen: 22
                          151.247.100.0/22 maxlen: 22
                          151.247.104.0/22 maxlen: 22
                          151.247.108.0/22 maxlen: 22
                          151.247.112.0/22 maxlen: 22
                          151.247.116.0/22 maxlen: 22
                          151.247.120.0/22 maxlen: 22
                          151.247.124.0/22 maxlen: 22
                          151.247.128.0/22 maxlen: 22
                          151.247.132.0/22 maxlen: 22
                          151.247.136.0/22 maxlen: 22
                          151.247.140.0/22 maxlen: 22
                          151.247.144.0/22 maxlen: 22
                          151.247.148.0/22 maxlen: 22
                          151.247.148.0/23 maxlen: 23
                          151.247.150.0/23 maxlen: 23
                          151.247.152.0/22 maxlen: 22
                          151.247.156.0/22 maxlen: 22
                          151.247.160.0/22 maxlen: 22
                          151.247.164.0/22 maxlen: 22
                          151.247.168.0/22 maxlen: 22
                          151.247.172.0/22 maxlen: 22
                          151.247.176.0/22 maxlen: 22
                          151.247.180.0/22 maxlen: 22
                          151.247.184.0/22 maxlen: 22
                          151.247.188.0/22 maxlen: 24
                          151.247.192.0/22 maxlen: 22
                          151.247.196.0/22 maxlen: 22
                          151.247.200.0/22 maxlen: 22
                          151.247.204.0/22 maxlen: 22
                          151.247.204.0/23 maxlen: 23
                          151.247.206.0/24 maxlen: 24
                          151.247.207.0/24 maxlen: 24
                          151.247.208.0/22 maxlen: 22
                          151.247.212.0/23 maxlen: 23
                          151.247.228.0/23 maxlen: 24
                          151.247.230.0/23 maxlen: 24
                          151.247.232.0/22 maxlen: 22
                          151.247.236.0/23 maxlen: 24
                          151.247.238.0/24 maxlen: 24
                          151.247.239.0/24 maxlen: 24
                          151.247.240.0/23 maxlen: 24
                          151.247.242.0/24 maxlen: 24
                          151.247.243.0/24 maxlen: 24
                          151.247.244.0/22 maxlen: 24
                          151.247.252.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:23:11:03:ca:67:cb:9c:d8:7e:49:f7:9e:77:33:ca:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
        Validity
            Not Before: Feb 20 11:14:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=563593ba3501af376d377ce9fd3db8e42cc29611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ff:1e:38:2a:cf:c9:a7:d4:9a:1d:16:0e:09:
                    d4:bb:56:8e:eb:5a:d4:b3:04:c5:7d:f2:06:b4:af:
                    85:e1:c1:56:20:90:7d:a3:d1:97:92:f2:e2:6a:5c:
                    e3:8e:87:58:9f:1f:a0:ff:6c:6d:db:a2:f5:e2:3b:
                    9f:d9:4a:48:7a:8f:e7:c2:d3:1a:6d:93:af:11:be:
                    a2:98:4b:fe:e9:0d:80:df:02:8a:d3:0d:e6:af:68:
                    c8:16:2d:4c:5d:64:5d:70:5e:d6:f3:9a:94:c0:8d:
                    52:68:80:d2:0e:20:e5:07:1d:26:81:0b:9b:14:19:
                    b5:a5:a6:4d:a2:9b:42:43:66:d7:2a:a9:b7:a3:a5:
                    cd:53:1f:dc:c9:b8:2c:f1:39:63:1f:74:db:c5:1a:
                    55:eb:ad:03:fb:bf:af:51:50:17:49:9c:72:18:e0:
                    e9:75:3c:ac:57:22:a6:e8:b5:05:c1:3c:c3:83:73:
                    87:bd:ec:4f:5d:af:87:9d:8a:b9:77:e3:31:2b:4c:
                    98:2e:00:47:4b:fb:b4:d1:a2:c5:c9:aa:a6:1e:48:
                    61:a3:99:fb:af:c1:f1:c9:53:91:05:18:d3:db:9e:
                    2c:6c:4d:a7:ab:fc:98:a0:40:67:90:e6:c5:78:84:
                    cf:57:71:ac:a3:cf:95:4b:20:ed:ee:ec:39:fa:bf:
                    ff:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:35:93:BA:35:01:AF:37:6D:37:7C:E9:FD:3D:B8:E4:2C:C2:96:11
            X509v3 Authority Key Identifier:
                keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/VjWTujUBrzdtN3zp_T245CzClhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.64.0/18
                  37.202.128.0/20
                  37.202.152.0-37.202.167.255
                  37.202.188.0/22
                  37.202.232.0-37.202.242.255
                  37.202.244.0-37.202.255.255
                  94.182.10.0/24
                  94.182.204.0/22
                  151.239.120.0-151.239.255.255
                  151.246.0.0/18
                  151.246.160.0-151.246.239.255
                  151.246.248.0/22
                  151.247.0.0-151.247.213.255
                  151.247.228.0-151.247.247.255
                  151.247.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:30:2e:b7:e4:f6:bd:28:0b:5d:a8:6e:7a:af:99:3d:85:b8:
         a3:6e:ee:57:0c:64:ce:c7:1c:82:1a:a7:9f:9d:58:d5:f4:0e:
         fb:12:dd:fd:7d:cd:90:26:07:68:26:c6:b8:72:8a:ba:d9:88:
         7d:d0:0a:ad:3f:9d:4c:75:4a:f3:66:a8:6a:e0:00:de:86:1a:
         8a:11:7c:3f:05:bf:0b:ff:b3:6e:2c:ed:c2:4f:a7:e0:09:4d:
         84:45:6a:e4:a1:0a:00:eb:18:a3:84:39:80:68:eb:fb:6d:5c:
         1a:ab:ac:be:fb:e6:a5:2b:02:2d:46:99:45:94:83:09:b2:ac:
         4a:4e:5f:07:37:62:eb:f1:9e:30:e4:67:91:51:70:50:da:88:
         e8:5c:4b:db:00:36:57:ca:1e:af:ac:45:72:cb:8e:5c:5b:32:
         49:41:89:7c:b2:b0:6a:d5:89:73:b2:4c:69:eb:1a:2e:c8:bc:
         0d:46:07:ff:07:10:78:7c:f1:65:85:8b:b7:6c:99:a4:0b:17:
         43:5e:a2:5d:a4:3d:85:84:d0:0f:f2:39:c4:d9:d1:4f:b0:5c:
         6e:01:53:33:d4:8b:c0:ab:b8:03:9e:f1:26:fd:84:83:87:a0:
         1f:3c:85:1c:e0:24:be:9d:d1:87:34:ee:4b:e2:e0:6f:fa:0f:
         fe:2a:94:40
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgISAZUjEQPKZ8uc2H5J9553M8ojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjUwMjIwMTExNDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjM1OTNiYTM1MDFhZjM3NmQzNzdjZTlmZDNkYjhlNDJjYzI5NjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/8eOCrPyafUmh0WDgnUu1aO61rU
swTFffIGtK+F4cFWIJB9o9GXkvLialzjjodYnx+g/2xt26L14juf2UpIeo/nwtMa
bZOvEb6imEv+6Q2A3wKK0w3mr2jIFi1MXWRdcF7W85qUwI1SaIDSDiDlBx0mgQub
FBm1paZNoptCQ2bXKqm3o6XNUx/cybgs8TljH3TbxRpV660D+7+vUVAXSZxyGODp
dTysVyKm6LUFwTzDg3OHvexPXa+HnYq5d+MxK0yYLgBHS/u00aLFyaqmHkhho5n7
r8HxyVORBRjT254sbE2nq/yYoEBnkObFeITPV3Gso8+VSyDt7uw5+r//PQIDAQAB
o4IClzCCApMwHQYDVR0OBBYEFFY1k7o1Aa83bTd86f09uOQswpYRMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvVmpXVHVqVUJyemR0TjN6cF9UMjQ1Q3pDbGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGsBggrBgEFBQcBBwEB/wSBnDCBmTCBlgQCAAEwgY8DBAYl
lEADBAQlyoAwDAMEAyXKmAMEAyXKoAMEAiXKvDAMAwQDJcroAwQAJcryMAsDBAIl
yvQDAwAlygMEAF62CgMEAl62zDALAwQDl+94AwMEl+ADBAaX9gAwDAMEBZf2oAME
BJf24AMEApf2+DALAwMAl/cDBAGX99QwDAMEApf35AMEA5f38AMEApf3/DANBgkq
hkiG9w0BAQsFAAOCAQEAIDAut+T2vSgLXahueq+ZPYW4o27uVwxkzsccghqnn51Y
1fQO+xLd/X3NkCYHaCbGuHKKutmIfdAKrT+dTHVK82aoauAA3oYaihF8PwW/C/+z
biztwk+n4AlNhEVq5KEKAOsYo4Q5gGjr+21cGqusvvvmpSsCLUaZRZSDCbKsSk5f
Bzdi6/GeMORnkVFwUNqI6FxL2wA2V8oer6xFcsuOXFsySUGJfLKwatWJc7JMaesa
Lsi8DUYH/wcQeHzxZYWLt2yZpAsXQ16iXaQ9hYTQD/I5xNnRT7BcbgFTM9SLwKu4
A57xJv2Eg4egHzyFHOAkvp3RhzTuS+Lgb/oP/iqUQA==
-----END CERTIFICATE-----
Generated at Mon Jun 9 20:57:20 2025 by rpki-client