Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/evi02eZ3oz4z2Q-kE899ruTNV-c.roa
File:                     evi02eZ3oz4z2Q-kE899ruTNV-c.roa (raw, json)
Hash identifier:          GuLQR6JoQokL4oZi68ikhdPWlmpuLSAvJEXhqeUz+Uc=
Subject key identifier:   7A:F8:B4:D9:E6:77:A3:3E:33:D9:0F:A4:13:CF:7D:AE:E4:CD:57:E7
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       3683880C
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/evi02eZ3oz4z2Q-kE899ruTNV-c.roa
Signing time:             Thu 20 Jan 2022 13:30:22 +0000
ROA not before:           Thu 20 Jan 2022 13:30:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57324
IP address blocks:        202.164.192.0/24 maxlen: 24
                          109.230.112.0/24 maxlen: 24
                          202.164.194.0/24 maxlen: 24
                          202.164.195.0/24 maxlen: 24
                          202.164.196.0/24 maxlen: 24
                          202.164.197.0/24 maxlen: 24
                          202.164.198.0/24 maxlen: 24
                          202.164.199.0/24 maxlen: 24
                          202.164.193.0/24 maxlen: 24
                          79.132.198.0/24 maxlen: 24
                          122.102.117.0/24 maxlen: 24
                          109.230.117.0/24 maxlen: 24
                          109.230.116.0/24 maxlen: 24
                          109.230.118.0/24 maxlen: 24
                          79.132.199.0/24 maxlen: 24
                          79.132.197.0/24 maxlen: 24
                          122.102.118.0/24 maxlen: 24
                          122.102.116.0/24 maxlen: 24
                          109.230.115.0/24 maxlen: 24
                          109.230.114.0/24 maxlen: 24
                          109.230.113.0/24 maxlen: 24
                          79.132.196.0/24 maxlen: 24
                          79.132.195.0/24 maxlen: 24
                          79.132.194.0/24 maxlen: 24
                          109.230.122.0/24 maxlen: 24
                          109.230.124.0/24 maxlen: 24
                          109.230.125.0/24 maxlen: 24
                          109.230.123.0/24 maxlen: 24
                          109.230.120.0/24 maxlen: 24
                          109.230.121.0/24 maxlen: 24
                          109.230.119.0/24 maxlen: 24
                          122.102.119.0/24 maxlen: 24
                          202.164.205.0/24 maxlen: 24
                          202.164.203.0/24 maxlen: 24
                          202.164.201.0/24 maxlen: 24
                          202.164.200.0/24 maxlen: 24
                          202.164.202.0/24 maxlen: 24
                          202.164.204.0/24 maxlen: 24
                          109.230.127.0/24 maxlen: 24
                          109.230.126.0/24 maxlen: 24
                          86.111.144.0/24 maxlen: 24
                          86.111.145.0/24 maxlen: 24
                          86.111.146.0/24 maxlen: 24
                          86.111.147.0/24 maxlen: 24
                          185.113.105.0/24 maxlen: 24
                          185.113.107.0/24 maxlen: 24
                          2a03:c340::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 914589708 (0x3683880c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Jan 20 13:30:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7af8b4d9e677a33e33d90fa413cf7daee4cd57e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8c:69:f9:67:da:74:ec:91:64:24:08:99:d4:
                    6c:17:70:e1:58:44:14:0b:d0:10:5c:12:c6:3d:70:
                    9d:7c:f5:2f:59:55:34:d2:3e:da:c9:33:6f:86:c1:
                    f8:d3:8d:c1:ba:3f:d1:7d:e7:c1:f3:d9:48:de:c0:
                    22:4d:6f:d9:c9:62:58:1a:a3:6b:17:4d:e2:de:fe:
                    ac:13:70:da:49:8d:08:78:66:2d:01:43:58:c2:e6:
                    3a:7a:55:f9:db:5a:b3:ba:47:ac:bb:3b:d8:a8:65:
                    71:ec:b3:61:81:35:c5:4c:b6:42:30:14:d5:ca:c4:
                    24:c5:88:4c:bd:a2:8a:05:62:3c:52:da:33:dd:a9:
                    c2:af:5e:9a:12:b7:0a:e5:ed:4b:df:f4:72:25:c6:
                    16:0f:70:bc:5e:2a:87:57:89:a1:23:18:91:0d:10:
                    33:da:05:0d:f8:cb:b0:cf:fc:a3:8a:67:61:13:15:
                    61:dc:47:71:4b:f0:59:b9:6d:b5:bc:6b:66:3b:a4:
                    56:93:85:e2:d3:75:4a:4f:89:a9:34:a7:d3:61:e2:
                    5b:13:56:ee:3d:a3:de:c3:86:df:1f:80:0a:09:6f:
                    27:d4:8f:33:04:5e:05:77:d0:90:cf:45:79:03:88:
                    e8:31:37:4c:c2:3a:90:6b:9c:4b:d6:b5:8a:28:da:
                    9a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F8:B4:D9:E6:77:A3:3E:33:D9:0F:A4:13:CF:7D:AE:E4:CD:57:E7
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/evi02eZ3oz4z2Q-kE899ruTNV-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.194.0-79.132.199.255
                  86.111.144.0/22
                  109.230.112.0/20
                  122.102.116.0/22
                  185.113.105.0/24
                  185.113.107.0/24
                  202.164.192.0-202.164.205.255
                IPv6:
                  2a03:c340::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:95:84:83:30:f3:71:9c:9f:e2:02:dd:da:9e:c4:55:35:f5:
         c3:70:47:ed:37:a2:98:e8:46:fd:56:c5:ab:6b:a7:e0:a5:7b:
         7f:1e:73:58:a0:f0:13:30:fb:9d:eb:89:dd:06:4e:9b:27:95:
         ba:8c:c5:bf:27:8e:85:c8:09:4f:c0:41:df:40:3e:46:6b:07:
         05:ac:82:da:dd:d6:92:45:28:5d:b2:bd:d0:49:3c:1a:2d:1c:
         9b:23:71:32:e0:d3:30:8a:63:e6:9a:d3:bd:be:e3:ac:9e:ac:
         df:b3:6e:97:b5:af:ab:1b:92:fa:6d:f1:5a:73:60:52:4a:a4:
         b0:bf:c3:bf:6f:a4:4e:e6:e0:3d:fe:be:18:10:a3:b4:83:48:
         56:c7:24:c4:82:36:22:7c:d4:23:70:bf:3c:e8:6e:ee:05:bd:
         c2:33:2f:8a:2f:c9:e7:7e:07:14:ae:58:47:c5:dd:78:e7:a8:
         c2:56:58:5d:bb:22:d4:3b:18:43:51:e8:fe:3f:99:34:02:9e:
         ad:99:06:82:37:3e:73:e8:03:05:a0:db:27:eb:1e:d8:fa:c6:
         37:39:e7:e4:d7:c6:79:e9:c1:9a:ab:a5:4d:70:fe:3d:86:7a:
         aa:25:39:1f:b4:9b:14:9a:36:61:11:24:8c:e6:68:aa:66:d0:
         8e:c7:a5:6c
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIENoOIDDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MTA5OGExOTA1YmJkMzM4MTUzMzgyOGY2YjdmZDIyNzE3MDQzMWVmMB4XDTIyMDEy
MDEzMzAyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2FmOGI0ZDllNjc3
YTMzZTMzZDkwZmE0MTNjZjdkYWVlNGNkNTdlNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALeMafln2nTskWQkCJnUbBdw4VhEFAvQEFwSxj1wnXz1L1lV
NNI+2skzb4bB+NONwbo/0X3nwfPZSN7AIk1v2cliWBqjaxdN4t7+rBNw2kmNCHhm
LQFDWMLmOnpV+dtas7pHrLs72KhlceyzYYE1xUy2QjAU1crEJMWITL2iigViPFLa
M92pwq9emhK3CuXtS9/0ciXGFg9wvF4qh1eJoSMYkQ0QM9oFDfjLsM/8o4pnYRMV
YdxHcUvwWblttbxrZjukVpOF4tN1Sk+JqTSn02HiWxNW7j2j3sOG3x+ACglvJ9SP
MwReBXfQkM9FeQOI6DE3TMI6kGucS9a1iijams0CAwEAAaOCAkwwggJIMB0GA1Ud
DgQWBBR6+LTZ5nejPjPZD6QTz32u5M1X5zAfBgNVHSMEGDAWgBTBCYoZBbvTOBUz
go9rf9InFwQx7zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3dRbUtHUVc3MHpnVk00S1BhM19TSnhjRU1lOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODIvMmVlZDcxLTQ2NjUtNDk0OC1hM2M1LWIyYTcxM2QyZWFiMi8x
L2V2aTAyZVozb3o0ejJRLWtFODk5cnVUTlYtYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIv
MmVlZDcxLTQ2NjUtNDk0OC1hM2M1LWIyYTcxM2QyZWFiMi8xL3dRbUtHUVc3MHpn
Vk00S1BhM19TSnhjRU1lOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBi
BggrBgEFBQcBBwEB/wRTMFEwQAQCAAEwOjAMAwQBT4TCAwQDT4TAAwQCVm+QAwQE
beZwAwQCemZ0AwQAuXFpAwQAuXFrMAwDBAbKpMADBAHKpMwwDQQCAAIwBwMFACoD
w0AwDQYJKoZIhvcNAQELBQADggEBAFiVhIMw83Gcn+IC3dqexFU19cNwR+03opjo
Rv1Wxatrp+Cle38ec1ig8BMw+53rid0GTpsnlbqMxb8njoXICU/AQd9APkZrBwWs
gtrd1pJFKF2yvdBJPBotHJsjcTLg0zCKY+aa072+46yerN+zbpe1r6sbkvpt8Vpz
YFJKpLC/w79vpE7m4D3+vhgQo7SDSFbHJMSCNiJ81CNwvzzobu4FvcIzL4ovyed+
BxSuWEfF3XjnqMJWWF27ItQ7GENR6P4/mTQCnq2ZBoI3PnPoAwWg2yfrHtj6xjc5
5+TXxnnpwZqrpU1w/j2GeqolOR+0mxSaNmERJIzmaKpm0I7HpWw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:08 2024 by rpki-client on console-fra.rpki-client.org