Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/ewNlixfsjQIPQiEiLdSGU7PuHUE.roa
File:                     ewNlixfsjQIPQiEiLdSGU7PuHUE.roa (raw, json)
Hash identifier:          L6ObG9GysNR/DJvObOFPtaHD381weIlQgzLGOmaBOxs=
Subject key identifier:   7B:03:65:8B:17:EC:8D:02:0F:42:21:22:2D:D4:86:53:B3:EE:1D:41
Certificate issuer:       /CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
Certificate serial:       018E1B08BC675136C4CEB38323782131EAF0
Authority key identifier: B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/ewNlixfsjQIPQiEiLdSGU7PuHUE.roa
Signing time:             Thu 07 Mar 2024 22:29:01 +0000
ROA not before:           Thu 07 Mar 2024 22:29:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25459
IP address blocks:        83.172.128.0/19 maxlen: 19
                          83.172.128.0/21 maxlen: 21
                          83.172.136.0/24 maxlen: 24
                          83.172.138.0/23 maxlen: 23
                          83.172.140.0/22 maxlen: 22
                          83.172.144.0/21 maxlen: 21
                          83.172.152.0/23 maxlen: 23
                          83.172.158.0/23 maxlen: 23
                          83.172.160.0/21 maxlen: 21
                          83.172.160.0/22 maxlen: 22
                          83.172.164.0/23 maxlen: 23
                          83.172.168.0/22 maxlen: 22
                          83.172.168.0/23 maxlen: 23
                          83.172.180.0/22 maxlen: 22
                          83.172.184.0/21 maxlen: 21
                          83.172.186.0/24 maxlen: 24
                          83.172.188.0/23 maxlen: 23
                          83.172.190.0/24 maxlen: 24
                          2a02:cec0::/30 maxlen: 30

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1b:08:bc:67:51:36:c4:ce:b3:83:23:78:21:31:ea:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
        Validity
            Not Before: Mar  7 22:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b03658b17ec8d020f4221222dd48653b3ee1d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:cd:ad:d6:5b:79:b5:5d:fa:1d:63:25:be:69:
                    57:ce:d5:44:40:e4:0f:2f:49:70:5c:6b:ea:26:5a:
                    06:1a:e3:1d:e0:ef:5f:b8:7b:5f:fb:eb:d3:9b:59:
                    7e:e7:5e:af:55:92:98:18:79:d3:d9:0e:34:fb:ba:
                    90:cf:9f:32:1f:c2:9c:b3:56:df:16:02:48:71:2f:
                    c2:03:ec:22:d7:57:24:b9:d3:3e:8c:9e:19:9c:72:
                    da:fb:29:18:2a:11:e2:31:2f:32:da:f6:7a:bc:99:
                    09:00:59:51:f0:4b:e9:84:6e:ab:a1:22:1a:5e:43:
                    7e:96:65:c0:bd:39:6b:d4:b4:c9:a6:2d:9a:d9:b9:
                    98:dd:38:d3:df:66:7f:09:ba:0e:20:74:96:3f:b5:
                    fe:0c:c5:7e:02:8c:13:f0:54:15:23:35:27:b6:19:
                    40:06:69:14:bd:f1:a5:5f:58:b4:8c:19:64:2e:7b:
                    a1:3b:8e:82:b3:4a:c6:23:e9:22:59:26:cc:11:08:
                    c2:8c:eb:ed:75:71:84:a1:64:6d:c2:9d:da:86:7c:
                    6a:66:6e:f0:2c:f5:f2:3d:c4:c1:7c:b0:84:cc:85:
                    b8:cb:b3:97:fa:f4:fd:73:c8:da:ec:cc:14:fd:e3:
                    17:64:34:34:ee:d1:bd:c2:be:57:e0:09:6a:5c:51:
                    64:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:03:65:8B:17:EC:8D:02:0F:42:21:22:2D:D4:86:53:B3:EE:1D:41
            X509v3 Authority Key Identifier:
                keyid:B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/ewNlixfsjQIPQiEiLdSGU7PuHUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/syj-JYobm_YUimzg6KcS8YhAkEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.172.128.0-83.172.171.255
                  83.172.180.0-83.172.191.255
                IPv6:
                  2a02:cec0::/30

    Signature Algorithm: sha256WithRSAEncryption
         b5:96:58:9f:6e:8b:45:20:6e:07:d2:e9:80:a0:64:75:5f:09:
         2b:c4:21:3e:29:e5:b2:bc:d2:70:ef:aa:38:74:e2:bc:93:89:
         61:75:18:fd:75:10:8f:e0:34:d9:69:46:f7:b7:42:6c:49:c8:
         d9:11:f6:7b:69:3d:a9:56:74:fb:bb:04:8a:f3:49:3c:ef:18:
         63:68:71:46:15:58:b4:3b:f3:21:e9:72:13:c4:01:17:72:5e:
         ea:c4:88:95:18:9d:22:b8:24:98:22:17:63:49:7c:a2:81:58:
         5e:9a:40:fb:ad:be:c9:21:77:14:1d:d8:5c:dd:ba:da:96:ce:
         ec:de:24:45:e3:ce:b6:ad:fb:71:cb:0b:0b:a0:86:5c:20:e8:
         17:40:fb:dc:0f:7e:29:ad:66:44:d5:b2:ba:68:2e:88:9e:ed:
         53:62:36:8e:89:21:cf:a3:7b:16:b4:52:1e:3a:b6:02:ba:41:
         7c:d2:93:34:5d:38:35:b1:44:52:60:16:04:dd:66:33:d6:42:
         d3:e5:fb:ef:5e:93:8d:c8:62:25:99:8f:84:59:c5:97:3f:89:
         bf:c0:44:d5:d6:f0:a4:35:a3:2d:0d:96:34:55:1d:41:93:00:
         ca:92:2d:83:10:be:cb:b3:a0:65:37:c3:d7:48:9a:b5:73:7c:
         17:10:8c:e4
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAY4bCLxnUTbEzrODI3ghMerwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMjhmZTI1OGExYjliZjYxNDhhNmNlMGU4YTcxMmYxODg0
MDkwNGMwHhcNMjQwMzA3MjIyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjAzNjU4YjE3ZWM4ZDAyMGY0MjIxMjIyZGQ0ODY1M2IzZWUxZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c2t1lt5tV36HWMlvmlXztVEQOQP
L0lwXGvqJloGGuMd4O9fuHtf++vTm1l+516vVZKYGHnT2Q40+7qQz58yH8Kcs1bf
FgJIcS/CA+wi11ckudM+jJ4ZnHLa+ykYKhHiMS8y2vZ6vJkJAFlR8EvphG6roSIa
XkN+lmXAvTlr1LTJpi2a2bmY3TjT32Z/CboOIHSWP7X+DMV+AowT8FQVIzUnthlA
BmkUvfGlX1i0jBlkLnuhO46Cs0rGI+kiWSbMEQjCjOvtdXGEoWRtwp3ahnxqZm7w
LPXyPcTBfLCEzIW4y7OX+vT9c8ja7MwU/eMXZDQ07tG9wr5X4AlqXFFkSQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFHsDZYsX7I0CD0IhIi3UhlOz7h1BMB8GA1UdIwQY
MBaAFLMo/iWKG5v2FIps4OinEvGIQJBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODkt
ZWQ4NGEwMDU4YTlmLzEvZXdObGl4ZnNqUUlQUWlFaUxkU0dVN1B1SFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODktZWQ4NGEwMDU4YTlm
LzEvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAiBAIAATAcMAwDBAdTrIAD
BAJTrKgwDAMEAlOstAMEBlOsgDANBAIAAjAHAwUCKgLOwDANBgkqhkiG9w0BAQsF
AAOCAQEAtZZYn26LRSBuB9LpgKBkdV8JK8QhPinlsrzScO+qOHTivJOJYXUY/XUQ
j+A02WlG97dCbEnI2RH2e2k9qVZ0+7sEivNJPO8YY2hxRhVYtDvzIelyE8QBF3Je
6sSIlRidIrgkmCIXY0l8ooFYXppA+62+ySF3FB3YXN262pbO7N4kRePOtq37ccsL
C6CGXCDoF0D73A9+Ka1mRNWyumguiJ7tU2I2jokhz6N7FrRSHjq2ArpBfNKTNF04
NbFEUmAWBN1mM9ZC0+X7716TjchiJZmPhFnFlz+Jv8BE1dbwpDWjLQ2WNFUdQZMA
ypItgxC+y7OgZTfD10iatXN8FxCM5A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:23 2024 by rpki-client on console-fra.rpki-client.org