Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/8-cGkM-APoybgqUeww6jDp8MsrY.roa
File:                     8-cGkM-APoybgqUeww6jDp8MsrY.roa (raw, json)
Hash identifier:          H2NDn/xDbTHA2WmQTBhMQ0t8lAeJ2lfTZlGiGF2yihE=
Subject key identifier:   F3:E7:06:90:CF:80:3E:8C:9B:82:A5:1E:C3:0E:A3:0E:9F:0C:B2:B6
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       0189C2B43BB5BA7BF16644D6718E62D4C604
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/8-cGkM-APoybgqUeww6jDp8MsrY.roa
Signing time:             Fri 04 Aug 2023 22:38:58 +0000
ROA not before:           Fri 04 Aug 2023 22:38:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42910
IP address blocks:        188.132.135.0/24 maxlen: 32
                          188.132.134.0/24 maxlen: 24
                          188.132.142.0/24 maxlen: 24
                          188.132.147.0/24 maxlen: 32
                          188.132.148.0/24 maxlen: 24
                          188.132.153.0/24 maxlen: 24
                          188.132.158.0/24 maxlen: 32
                          188.132.157.0/24 maxlen: 24
                          188.132.216.0/24 maxlen: 24
                          188.132.215.0/24 maxlen: 24
                          188.132.214.0/24 maxlen: 24
                          188.132.219.0/24 maxlen: 32
                          188.132.217.0/24 maxlen: 32
                          188.132.218.0/24 maxlen: 24
                          188.132.224.0/24 maxlen: 24
                          188.132.226.0/24 maxlen: 32
                          188.132.225.0/24 maxlen: 24
                          188.132.223.0/24 maxlen: 32
                          188.132.220.0/24 maxlen: 24
                          188.132.227.0/24 maxlen: 32
                          188.132.231.0/24 maxlen: 24
                          188.132.229.0/24 maxlen: 32
                          188.132.228.0/24 maxlen: 32
                          188.132.233.0/24 maxlen: 24
                          188.132.232.0/24 maxlen: 24
                          188.132.230.0/24 maxlen: 32
                          77.92.130.0/24 maxlen: 24
                          77.92.129.0/24 maxlen: 24
                          77.92.128.0/24 maxlen: 24
                          188.132.235.0/24 maxlen: 24
                          77.92.132.0/24 maxlen: 24
                          188.132.239.0/24 maxlen: 24
                          77.92.131.0/24 maxlen: 24
                          188.132.234.0/24 maxlen: 32
                          188.132.241.0/24 maxlen: 24
                          77.92.133.0/24 maxlen: 32
                          77.92.137.0/24 maxlen: 24
                          77.92.136.0/24 maxlen: 24
                          188.132.243.0/24 maxlen: 24
                          188.132.246.0/24 maxlen: 24
                          188.132.245.0/24 maxlen: 24
                          188.132.244.0/24 maxlen: 32
                          77.92.135.0/24 maxlen: 24
                          77.92.134.0/24 maxlen: 24
                          77.92.139.0/24 maxlen: 24
                          77.92.138.0/24 maxlen: 24
                          188.132.242.0/24 maxlen: 32
                          188.132.250.0/24 maxlen: 24
                          188.132.251.0/24 maxlen: 24
                          77.92.143.0/24 maxlen: 24
                          77.92.142.0/24 maxlen: 24
                          77.92.141.0/24 maxlen: 24
                          188.132.253.0/24 maxlen: 24
                          77.92.144.0/24 maxlen: 32
                          188.132.252.0/24 maxlen: 24
                          77.92.140.0/24 maxlen: 32
                          77.92.149.0/24 maxlen: 24
                          77.92.148.0/24 maxlen: 24
                          188.132.255.0/24 maxlen: 24
                          188.132.254.0/24 maxlen: 24
                          77.92.146.0/24 maxlen: 24
                          77.92.158.0/24 maxlen: 24
                          77.92.156.0/24 maxlen: 24
                          77.92.155.0/24 maxlen: 32
                          77.92.159.0/24 maxlen: 24
                          77.92.157.0/24 maxlen: 32
                          188.132.172.0/24 maxlen: 24
                          188.132.175.0/24 maxlen: 24
                          188.132.176.0/24 maxlen: 32
                          188.132.177.0/24 maxlen: 24
                          188.132.183.0/24 maxlen: 32
                          188.132.180.0/24 maxlen: 24
                          188.132.190.0/24 maxlen: 24
                          188.132.195.0/24 maxlen: 24
                          188.132.194.0/24 maxlen: 24
                          188.132.204.0/24 maxlen: 32
                          188.132.200.0/24 maxlen: 24
                          188.132.205.0/24 maxlen: 32
                          188.132.206.0/24 maxlen: 24
                          188.132.210.0/24 maxlen: 24
                          188.132.211.0/24 maxlen: 32
                          188.132.207.0/24 maxlen: 24
                          188.132.208.0/24 maxlen: 32
                          188.132.213.0/24 maxlen: 24
                          188.132.212.0/24 maxlen: 24
                          212.68.55.0/24 maxlen: 24
                          212.68.57.0/24 maxlen: 32
                          212.68.56.0/24 maxlen: 32
                          212.68.61.0/24 maxlen: 32
                          31.210.33.0/24 maxlen: 24
                          31.210.32.0/24 maxlen: 24
                          31.210.36.0/24 maxlen: 24
                          31.210.35.0/24 maxlen: 24
                          31.210.44.0/24 maxlen: 24
                          31.210.40.0/24 maxlen: 32
                          31.210.41.0/24 maxlen: 24
                          31.210.46.0/24 maxlen: 24
                          31.210.47.0/24 maxlen: 24
                          31.210.51.0/24 maxlen: 32
                          31.210.50.0/24 maxlen: 32
                          31.210.45.0/24 maxlen: 32
                          31.210.49.0/24 maxlen: 24
                          31.210.48.0/24 maxlen: 24
                          31.210.58.0/24 maxlen: 24
                          31.210.57.0/24 maxlen: 24
                          31.210.56.0/24 maxlen: 24
                          31.210.60.0/24 maxlen: 24
                          31.210.59.0/24 maxlen: 24
                          31.210.61.0/24 maxlen: 32
                          78.135.98.0/24 maxlen: 24
                          78.135.103.0/24 maxlen: 24
                          78.135.99.0/24 maxlen: 32
                          78.135.108.0/24 maxlen: 32
                          78.135.113.0/24 maxlen: 32
                          78.135.116.0/24 maxlen: 24
                          78.135.115.0/24 maxlen: 24
                          78.135.114.0/24 maxlen: 32
                          212.68.32.0/24 maxlen: 32
                          212.68.37.0/24 maxlen: 32
                          212.68.33.0/24 maxlen: 32
                          212.68.38.0/24 maxlen: 24
                          212.68.36.0/24 maxlen: 32
                          212.68.41.0/24 maxlen: 32
                          212.68.40.0/24 maxlen: 32
                          212.68.43.0/24 maxlen: 32
                          212.68.44.0/24 maxlen: 24
                          212.68.42.0/24 maxlen: 32
                          212.68.39.0/24 maxlen: 24
                          212.68.45.0/24 maxlen: 32
                          212.68.46.0/24 maxlen: 32
                          212.68.49.0/24 maxlen: 24
                          212.68.50.0/24 maxlen: 32
                          212.68.51.0/24 maxlen: 24
                          78.135.79.0/24 maxlen: 24
                          2a02:26b0:8001::/48 maxlen: 48
                          2a02:26b0::/32 maxlen: 32
                          2a02:26b0:8000::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:c2:b4:3b:b5:ba:7b:f1:66:44:d6:71:8e:62:d4:c6:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Aug  4 22:38:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f3e70690cf803e8c9b82a51ec30ea30e9f0cb2b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:34:f9:c9:e1:c7:5e:86:2a:6b:5c:22:b3:9e:
                    af:3e:c1:ba:d2:f8:a6:81:c9:02:95:2c:9d:fb:33:
                    b9:41:c2:c8:01:ed:f2:c1:49:1c:18:34:a7:2d:99:
                    04:e0:d7:b0:fc:9a:b8:82:47:10:5c:62:06:f4:a0:
                    7e:82:21:d5:de:90:8f:b2:bf:cd:84:a3:23:32:76:
                    12:53:fd:fe:74:8c:56:80:d4:18:0b:73:c2:82:16:
                    2a:a4:c9:22:5a:2a:56:fb:d1:34:d0:2a:4c:1b:b5:
                    cc:c2:99:dc:f7:f4:af:8a:11:e5:71:e0:38:a4:b2:
                    fa:e4:67:b8:c7:e5:62:7f:a6:c3:0e:1b:44:69:81:
                    32:58:9f:b2:88:77:57:83:d5:99:33:7a:9f:33:c0:
                    97:66:58:67:72:da:42:f3:74:13:37:cb:b7:b5:7b:
                    66:a3:33:3f:ee:ce:35:4a:a9:7a:8b:1d:0b:65:b9:
                    aa:0f:3c:91:b7:91:04:fe:08:a8:f4:f3:73:96:bd:
                    c5:16:ca:19:c1:67:61:b4:84:cd:50:d5:2d:6c:12:
                    ce:f3:b2:83:bd:2b:22:45:c9:73:19:84:b5:98:de:
                    e9:c8:a6:ea:46:7b:51:2a:1c:41:07:96:75:f9:b1:
                    ab:de:c2:ae:ca:a7:66:b4:cf:6a:26:9b:ef:51:2a:
                    4e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:E7:06:90:CF:80:3E:8C:9B:82:A5:1E:C3:0E:A3:0E:9F:0C:B2:B6
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/8-cGkM-APoybgqUeww6jDp8MsrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.32.0/23
                  31.210.35.0-31.210.36.255
                  31.210.40.0/23
                  31.210.44.0-31.210.51.255
                  31.210.56.0-31.210.61.255
                  77.92.128.0-77.92.144.255
                  77.92.146.0/24
                  77.92.148.0/23
                  77.92.155.0-77.92.159.255
                  78.135.79.0/24
                  78.135.98.0/23
                  78.135.103.0/24
                  78.135.108.0/24
                  78.135.113.0-78.135.116.255
                  188.132.134.0/23
                  188.132.142.0/24
                  188.132.147.0-188.132.148.255
                  188.132.153.0/24
                  188.132.157.0-188.132.158.255
                  188.132.172.0/24
                  188.132.175.0-188.132.177.255
                  188.132.180.0/24
                  188.132.183.0/24
                  188.132.190.0/24
                  188.132.194.0/23
                  188.132.200.0/24
                  188.132.204.0-188.132.208.255
                  188.132.210.0-188.132.220.255
                  188.132.223.0-188.132.235.255
                  188.132.239.0/24
                  188.132.241.0-188.132.246.255
                  188.132.250.0-188.132.255.255
                  212.68.32.0/23
                  212.68.36.0-212.68.46.255
                  212.68.49.0-212.68.51.255
                  212.68.55.0-212.68.57.255
                  212.68.61.0/24
                IPv6:
                  2a02:26b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         d3:95:fb:fc:ed:6c:04:b9:82:b1:16:24:ef:be:54:65:24:c3:
         4a:42:27:7d:61:b7:20:e4:26:7f:62:0b:14:dc:c8:01:a0:18:
         5a:93:bb:84:30:3a:86:e8:12:68:3f:c1:0a:9a:96:9f:5f:08:
         9a:85:8b:c1:16:e8:35:72:57:b9:a0:87:8a:a8:5f:67:47:97:
         4b:4e:37:1b:4e:ca:ac:88:cf:af:6b:74:bf:3c:d6:4a:f0:79:
         95:47:11:d2:40:cb:de:89:56:17:ca:21:e2:ea:1c:88:a7:46:
         64:86:74:24:9b:29:1e:ec:3d:0a:f9:c0:15:77:a5:aa:5e:96:
         7c:2b:0a:ad:0b:4f:78:a9:5d:d5:89:bf:3c:d2:93:9a:77:a6:
         0b:6d:13:76:18:85:93:26:d8:a4:65:ae:31:be:2e:84:59:87:
         cb:6d:28:c8:cd:72:b2:b4:cf:30:d5:a8:e2:d0:5b:1f:a9:58:
         a8:16:57:1d:1d:15:5f:68:49:79:cc:d2:12:68:57:8b:f2:0a:
         b3:4b:db:e7:5a:3f:91:89:1f:2c:0b:a3:c2:81:92:a6:14:6e:
         7b:10:e3:af:69:95:fb:d1:69:b3:48:9c:fc:a6:a8:51:4c:db:
         3d:53:df:de:e7:52:8e:16:9f:25:92:ef:4c:e3:b3:7d:27:7f:
         28:73:b2:25
-----BEGIN CERTIFICATE-----
MIIGdTCCBV2gAwIBAgISAYnCtDu1unvxZkTWcY5i1MYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMwODA0MjIzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2U3MDY5MGNmODAzZThjOWI4MmE1MWVjMzBlYTMwZTlmMGNiMmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjT5yeHHXoYqa1wis56vPsG60vim
gckClSyd+zO5QcLIAe3ywUkcGDSnLZkE4New/Jq4gkcQXGIG9KB+giHV3pCPsr/N
hKMjMnYSU/3+dIxWgNQYC3PCghYqpMkiWipW+9E00CpMG7XMwpnc9/SvihHlceA4
pLL65Ge4x+Vif6bDDhtEaYEyWJ+yiHdXg9WZM3qfM8CXZlhnctpC83QTN8u3tXtm
ozM/7s41Sql6ix0LZbmqDzyRt5EE/gio9PNzlr3FFsoZwWdhtITNUNUtbBLO87KD
vSsiRclzGYS1mN7pyKbqRntRKhxBB5Z1+bGr3sKuyqdmtM9qJpvvUSpO4wIDAQAB
o4IDgTCCA30wHQYDVR0OBBYEFPPnBpDPgD6Mm4KlHsMOow6fDLK2MB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvOC1jR2tNLUFQb3liZ3FVZXd3NmpEcDhNc3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBlQYIKwYBBQUHAQcBAf8EggGEMIIBgDCCAW0EAgABMIIB
ZQMEAR/SIDAMAwQAH9IjAwQAH9IkAwQBH9IoMAwDBAIf0iwDBAIf0jAwDAMEAx/S
OAMEAR/SPDAMAwQHTVyAAwQATVyQAwQATVySAwQBTVyUMAwDBABNXJsDBAVNXIAD
BABOh08DBAFOh2IDBABOh2cDBABOh2wwDAMEAE6HcQMEAE6HdAMEAbyEhgMEALyE
jjAMAwQAvISTAwQAvISUAwQAvISZMAwDBAC8hJ0DBAC8hJ4DBAC8hKwwDAMEALyE
rwMEAbyEsAMEALyEtAMEALyEtwMEALyEvgMEAbyEwgMEALyEyDAMAwQCvITMAwQA
vITQMAwDBAG8hNIDBAC8hNwwDAMEALyE3wMEAryE6AMEALyE7zAMAwQAvITxAwQA
vIT2MAsDBAG8hPoDAwC8hAMEAdREIDAMAwQC1EQkAwQA1EQuMAwDBADURDEDBALU
RDAwDAMEANRENwMEAdREOAMEANREPTANBAIAAjAHAwUAKgImsDANBgkqhkiG9w0B
AQsFAAOCAQEA05X7/O1sBLmCsRYk775UZSTDSkInfWG3IOQmf2ILFNzIAaAYWpO7
hDA6hugSaD/BCpqWn18ImoWLwRboNXJXuaCHiqhfZ0eXS043G07KrIjPr2t0vzzW
SvB5lUcR0kDL3olWF8oh4uociKdGZIZ0JJspHuw9CvnAFXelql6WfCsKrQtPeKld
1Ym/PNKTmnemC20TdhiFkybYpGWuMb4uhFmHy20oyM1ysrTPMNWo4tBbH6lYqBZX
HR0VX2hJeczSEmhXi/IKs0vb51o/kYkfLAujwoGSphRuexDjr2mV+9Fps0ic/Kao
UUzbPVPf3udSjhafJZLvTOOzfSd/KHOyJQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:53 2024 by rpki-client on console-ams.rpki-client.org