Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/EOdnSeqNuh4mFioDQyQzYQDrTgg.roa
File:                     EOdnSeqNuh4mFioDQyQzYQDrTgg.roa (raw, json)
Hash identifier:          QxiAa3FxRBNbxrlPWPuAPjDG/yicoY/0b988cXeXr0E=
Subject key identifier:   10:E7:67:49:EA:8D:BA:1E:26:16:2A:03:43:24:33:61:00:EB:4E:08
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018570F0988FD053C775B5A28B8BDAC1DE17
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/EOdnSeqNuh4mFioDQyQzYQDrTgg.roa
Signing time:             Mon 02 Jan 2023 05:24:53 +0000
ROA not before:           Mon 02 Jan 2023 05:24:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203020
IP address blocks:        91.132.114.0/23 maxlen: 32
                          103.53.82.0/23 maxlen: 32
                          193.28.237.0/24 maxlen: 32
                          45.114.8.0/22 maxlen: 32
                          45.114.12.0/22 maxlen: 32
                          193.28.182.0/24 maxlen: 32
                          193.28.191.0/24 maxlen: 32
                          170.245.40.0/22 maxlen: 32
                          193.28.202.0/24 maxlen: 32
                          168.205.72.0/22 maxlen: 32
                          103.240.180.0/22 maxlen: 32
                          103.53.216.0/22 maxlen: 32
                          193.19.204.0/24 maxlen: 24
                          193.19.205.0/24 maxlen: 32
                          193.19.206.0/24 maxlen: 32
                          193.19.207.0/24 maxlen: 32
                          45.66.48.0/22 maxlen: 32
                          45.145.104.0/22 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:f0:98:8f:d0:53:c7:75:b5:a2:8b:8b:da:c1:de:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  2 05:24:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=10e76749ea8dba1e26162a034324336100eb4e08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9c:6d:41:df:b3:4e:47:eb:03:ea:30:47:b8:
                    38:dd:01:68:4a:3b:ad:d7:4b:c7:f1:5c:23:55:2e:
                    d5:b1:bc:34:b2:0b:14:2e:c6:6a:55:d8:2a:df:53:
                    dc:7c:b9:c2:d7:94:6a:a6:c7:1d:28:e7:0a:ca:46:
                    90:ba:0c:3a:48:d7:dc:52:57:78:5e:84:70:60:c1:
                    47:9d:6c:25:f1:38:84:b5:af:25:f2:04:c2:a4:eb:
                    c1:e2:c6:af:82:37:86:5d:7c:de:b1:56:63:11:ee:
                    b6:91:d0:83:33:bd:4d:fb:64:48:db:01:b7:d8:fa:
                    42:69:81:7e:6c:87:cb:96:20:fc:77:38:a4:a6:17:
                    11:12:64:ea:e5:7f:fa:2e:29:52:d0:cf:b8:3b:77:
                    c1:27:3c:c3:57:22:db:80:f2:dc:eb:6b:56:18:7a:
                    8f:96:d0:d7:77:b3:a2:c2:2a:51:48:7f:c6:d9:72:
                    49:9a:3f:3e:d5:73:a8:1c:8f:09:4c:6a:17:f4:8f:
                    d2:c2:da:b3:ec:62:89:e0:ec:5d:f1:48:39:5e:be:
                    d5:b9:54:c7:fd:68:1d:f2:32:6b:42:da:34:b3:21:
                    74:c2:10:0c:67:5b:37:62:2f:73:e7:9b:1f:d6:a3:
                    dc:fc:19:40:25:eb:f8:4c:d3:07:8a:b7:38:4d:9f:
                    2e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:E7:67:49:EA:8D:BA:1E:26:16:2A:03:43:24:33:61:00:EB:4E:08
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/EOdnSeqNuh4mFioDQyQzYQDrTgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.48.0/22
                  45.114.8.0/21
                  45.145.104.0/22
                  91.132.114.0/23
                  103.53.82.0/23
                  103.53.216.0/22
                  103.240.180.0/22
                  168.205.72.0/22
                  170.245.40.0/22
                  193.19.204.0/22
                  193.28.182.0/24
                  193.28.191.0/24
                  193.28.202.0/24
                  193.28.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:20:db:74:0f:65:2f:02:c5:93:f6:b5:cf:1f:1a:25:0c:5f:
         77:fa:29:cc:43:6c:41:e3:32:5d:07:34:8d:a8:42:07:b1:63:
         ad:8f:0b:b0:02:e2:7c:83:de:23:6f:7a:cc:69:21:c5:80:c5:
         27:28:c3:69:71:1e:a1:55:b0:66:4b:69:88:80:a1:2e:b8:ef:
         71:2e:01:19:87:86:54:15:9a:28:08:2a:5d:59:31:33:08:47:
         f6:3b:02:cd:76:1e:1a:2c:1c:a8:ce:bf:ab:08:4a:2d:3d:44:
         27:59:ef:dc:36:e3:da:08:55:70:1a:c0:b1:57:5b:30:5f:42:
         2c:65:d3:23:7b:88:7b:0c:dd:6f:a4:64:7f:5b:70:c4:62:6d:
         c2:42:d5:a3:b6:e6:ce:af:74:62:2d:b9:81:83:30:bb:e0:ef:
         dc:72:e4:aa:e6:67:6b:5f:b3:6c:3c:69:95:c1:67:88:88:6c:
         5a:9c:6d:0c:d4:3c:87:7b:f9:06:0b:e7:38:e5:9e:6c:69:14:
         7d:a9:7d:3a:17:a6:dc:c0:67:3d:bd:e4:c7:46:fb:cd:c6:43:
         d1:1a:2a:12:dc:be:72:19:c9:30:39:e2:85:4f:a9:1c:d9:a2:
         03:30:8e:50:98:4f:52:b6:dd:c9:7e:64:f0:43:64:a6:8f:eb:
         24:93:29:6c
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVw8JiP0FPHdbWii4vawd4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjMwMTAyMDUyNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGU3Njc0OWVhOGRiYTFlMjYxNjJhMDM0MzI0MzM2MTAwZWI0ZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZxtQd+zTkfrA+owR7g43QFoSjut
10vH8VwjVS7Vsbw0sgsULsZqVdgq31PcfLnC15RqpscdKOcKykaQugw6SNfcUld4
XoRwYMFHnWwl8TiEta8l8gTCpOvB4savgjeGXXzesVZjEe62kdCDM71N+2RI2wG3
2PpCaYF+bIfLliD8dzikphcREmTq5X/6LilS0M+4O3fBJzzDVyLbgPLc62tWGHqP
ltDXd7OiwipRSH/G2XJJmj8+1XOoHI8JTGoX9I/Swtqz7GKJ4Oxd8Ug5Xr7VuVTH
/Wgd8jJrQto0syF0whAMZ1s3Yi9z55sf1qPc/BlAJev4TNMHirc4TZ8ueQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFBDnZ0nqjboeJhYqA0MkM2EA604IMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvRU9kblNlcU51aDRtRmlvRFF5UXpZUURyVGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQCLUIwAwQD
LXIIAwQCLZFoAwQBW4RyAwQBZzVSAwQCZzXYAwQCZ/C0AwQCqM1IAwQCqvUoAwQC
wRPMAwQAwRy2AwQAwRy/AwQAwRzKAwQAwRztMA0GCSqGSIb3DQEBCwUAA4IBAQBQ
INt0D2UvAsWT9rXPHxolDF93+inMQ2xB4zJdBzSNqEIHsWOtjwuwAuJ8g94jb3rM
aSHFgMUnKMNpcR6hVbBmS2mIgKEuuO9xLgEZh4ZUFZooCCpdWTEzCEf2OwLNdh4a
LByozr+rCEotPUQnWe/cNuPaCFVwGsCxV1swX0IsZdMje4h7DN1vpGR/W3DEYm3C
QtWjtubOr3RiLbmBgzC74O/ccuSq5mdrX7NsPGmVwWeIiGxanG0M1DyHe/kGC+c4
5Z5saRR9qX06F6bcwGc9veTHRvvNxkPRGioS3L5yGckwOeKFT6kc2aIDMI5QmE9S
tt3JfmTwQ2Smj+skkyls
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:58 2024 by rpki-client on console-fra.rpki-client.org