Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/8vN6s8-PXgnI6RdC7ggsyj_-qyY.roa
File:                     8vN6s8-PXgnI6RdC7ggsyj_-qyY.roa (raw, json)
Hash identifier:          TNxozGIaR9YQCL8qaRb6BwthkaYMtbD6SH/+39Qrrpo=
Subject key identifier:   F2:F3:7A:B3:CF:8F:5E:09:C8:E9:17:42:EE:08:2C:CA:3F:FE:AB:26
Certificate issuer:       /CN=1372e0c2b83dd5109013c7f1c0bb9716d3618dd2
Certificate serial:       018833FE50A8D9BB199A027C9E39E3BCDBBD
Authority key identifier: 13:72:E0:C2:B8:3D:D5:10:90:13:C7:F1:C0:BB:97:16:D3:61:8D:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E3Lgwrg91RCQE8fxwLuXFtNhjdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/8vN6s8-PXgnI6RdC7ggsyj_-qyY.roa
Signing time:             Fri 19 May 2023 12:31:24 +0000
ROA not before:           Fri 19 May 2023 12:31:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        92.118.44.0/24 maxlen: 24
                          92.118.47.0/24 maxlen: 24
                          92.118.45.0/24 maxlen: 24
                          45.146.120.0/24 maxlen: 24
                          45.146.121.0/24 maxlen: 24
                          45.85.0.0/24 maxlen: 24
                          45.85.1.0/24 maxlen: 24
                          45.85.3.0/24 maxlen: 24
                          45.90.143.0/24 maxlen: 24
                          45.90.141.0/24 maxlen: 24
                          5.252.197.0/24 maxlen: 24
                          2.56.151.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:33:fe:50:a8:d9:bb:19:9a:02:7c:9e:39:e3:bc:db:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1372e0c2b83dd5109013c7f1c0bb9716d3618dd2
        Validity
            Not Before: May 19 12:31:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f2f37ab3cf8f5e09c8e91742ee082cca3ffeab26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7d:a2:19:6d:d7:14:be:eb:2c:71:8e:11:d5:
                    d6:1d:5f:85:65:0b:a0:f3:74:2c:47:87:6d:89:68:
                    09:51:75:32:37:94:d6:1b:a5:36:e5:d5:ad:57:12:
                    02:21:f9:13:7e:9b:96:5b:f3:5d:6e:89:b9:0d:d7:
                    8f:8e:ea:98:1b:91:80:34:4b:12:62:3f:d9:03:e1:
                    ba:cf:b2:3e:0b:ea:55:e6:21:4d:31:bb:5b:00:09:
                    d9:5d:b7:d2:6d:d6:a6:3d:ee:6f:83:ed:12:41:28:
                    d5:aa:1f:53:71:cf:64:7f:5f:aa:43:68:d6:95:35:
                    3b:14:6c:0a:5f:3e:67:09:57:12:34:0f:50:c1:6e:
                    1e:1a:dc:c0:c5:98:e2:d5:ab:f8:e7:75:54:85:cd:
                    01:4c:b0:e2:a7:6e:6c:04:17:5b:93:95:f9:ab:37:
                    db:3d:bf:7f:77:4b:12:20:0a:03:9d:5d:c7:6f:de:
                    1a:c6:5d:9b:90:00:2c:4b:9c:35:ae:d6:49:ff:3e:
                    36:27:60:95:e2:c6:97:20:15:9a:6c:d0:ca:d1:49:
                    92:e9:26:92:d7:9a:ff:b5:8d:61:45:4b:55:bb:db:
                    ba:a7:28:ec:63:f5:e8:ca:3b:59:fa:fe:55:42:04:
                    21:db:e1:ff:a5:01:5d:0c:c2:b6:d8:f7:e6:2c:fc:
                    26:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:F3:7A:B3:CF:8F:5E:09:C8:E9:17:42:EE:08:2C:CA:3F:FE:AB:26
            X509v3 Authority Key Identifier:
                keyid:13:72:E0:C2:B8:3D:D5:10:90:13:C7:F1:C0:BB:97:16:D3:61:8D:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E3Lgwrg91RCQE8fxwLuXFtNhjdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/8vN6s8-PXgnI6RdC7ggsyj_-qyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/E3Lgwrg91RCQE8fxwLuXFtNhjdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.151.0/24
                  5.252.197.0/24
                  45.85.0.0/23
                  45.85.3.0/24
                  45.90.141.0/24
                  45.90.143.0/24
                  45.146.120.0/23
                  92.118.44.0/23
                  92.118.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:47:cc:81:87:ab:da:e6:bb:f7:46:63:72:77:33:1d:87:d7:
         2d:be:db:74:7c:da:1e:53:08:f9:f2:3a:b9:58:dc:46:14:94:
         39:92:b8:99:c3:c1:21:5b:5b:b1:44:4d:f4:4f:5d:7f:3c:3e:
         23:80:e9:96:9d:3b:16:b1:96:ce:62:c6:a5:2d:51:dd:50:a2:
         b9:34:9c:79:6b:17:18:5f:9e:11:27:93:cc:49:9a:24:43:e5:
         c4:4c:91:43:02:f1:fa:0c:a8:8a:7e:9e:fb:57:08:1b:38:ad:
         9d:18:92:3f:51:92:61:e8:45:05:ac:9f:43:4d:ee:36:cc:48:
         b3:31:8c:bb:11:98:da:7d:ee:42:fa:24:81:1f:7e:fb:22:2b:
         f0:15:fd:90:a4:12:6d:16:d1:83:03:34:56:5b:bc:3e:93:25:
         fb:aa:d0:13:b3:96:f4:0f:5e:00:61:9a:c6:27:a8:57:19:ce:
         d0:53:46:0b:0f:78:68:cd:83:92:d0:ea:e7:da:2b:70:2c:dc:
         95:e7:e2:00:c4:d5:7e:f8:8e:2e:8e:14:0c:11:9e:3c:00:4e:
         91:75:b4:a9:5b:63:ae:bd:62:ba:e2:e0:3b:cf:48:2d:ba:ce:
         20:dd:52:54:e4:c3:0f:a4:ae:ad:f3:cb:77:3f:f2:a4:da:44:
         f3:a2:97:62
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYgz/lCo2bsZmgJ8njnjvNu9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNzJlMGMyYjgzZGQ1MTA5MDEzYzdmMWMwYmI5NzE2ZDM2
MThkZDIwHhcNMjMwNTE5MTIzMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmYzN2FiM2NmOGY1ZTA5YzhlOTE3NDJlZTA4MmNjYTNmZmVhYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiH2iGW3XFL7rLHGOEdXWHV+FZQug
83QsR4dtiWgJUXUyN5TWG6U25dWtVxICIfkTfpuWW/Ndbom5DdePjuqYG5GANEsS
Yj/ZA+G6z7I+C+pV5iFNMbtbAAnZXbfSbdamPe5vg+0SQSjVqh9Tcc9kf1+qQ2jW
lTU7FGwKXz5nCVcSNA9QwW4eGtzAxZji1av453VUhc0BTLDip25sBBdbk5X5qzfb
Pb9/d0sSIAoDnV3Hb94axl2bkAAsS5w1rtZJ/z42J2CV4saXIBWabNDK0UmS6SaS
15r/tY1hRUtVu9u6pyjsY/XoyjtZ+v5VQgQh2+H/pQFdDMK22PfmLPwmlwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPLzerPPj14JyOkXQu4ILMo//qsmMB8GA1UdIwQY
MBaAFBNy4MK4PdUQkBPH8cC7lxbTYY3SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTNMZ3dyZzkxUkNRRThmeHdMdVhGdE5oamRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8yMjFmZDYtZTRmNi00M2UzLTk0NmQt
ZGQxZWM1N2Q3ZTc0LzEvOHZONnM4LVBYZ25JNlJkQzdnZ3N5al8tcXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8yMjFmZDYtZTRmNi00M2UzLTk0NmQtZGQxZWM1N2Q3ZTc0
LzEvRTNMZ3dyZzkxUkNRRThmeHdMdVhGdE5oamRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAjiXAwQA
BfzFAwQBLVUAAwQALVUDAwQALVqNAwQALVqPAwQBLZJ4AwQBXHYsAwQAXHYvMA0G
CSqGSIb3DQEBCwUAA4IBAQA6R8yBh6va5rv3RmNydzMdh9ctvtt0fNoeUwj58jq5
WNxGFJQ5kriZw8EhW1uxRE30T11/PD4jgOmWnTsWsZbOYsalLVHdUKK5NJx5axcY
X54RJ5PMSZokQ+XETJFDAvH6DKiKfp77VwgbOK2dGJI/UZJh6EUFrJ9DTe42zEiz
MYy7EZjafe5C+iSBH377IivwFf2QpBJtFtGDAzRWW7w+kyX7qtATs5b0D14AYZrG
J6hXGc7QU0YLD3hozYOS0Orn2itwLNyV5+IAxNV++I4ujhQMEZ48AE6RdbSpW2Ou
vWK64uA7z0gtus4g3VJU5MMPpK6t88t3P/Kk2kTzopdi
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:20 2024 by rpki-client on console-ams.rpki-client.org