Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/eEQPMUlCYZMPQK3hE3AH7QZq_gI.roa
File:                     eEQPMUlCYZMPQK3hE3AH7QZq_gI.roa (raw, json)
Hash identifier:          BXbkDAbydtAXOae8l0X8CqVfEV7yKmTtLhcvx2vIO84=
Subject key identifier:   78:44:0F:31:49:42:61:93:0F:40:AD:E1:13:70:07:ED:06:6A:FE:02
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018AAF94F75D138B1227C24578AB1610E93C
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/eEQPMUlCYZMPQK3hE3AH7QZq_gI.roa
Signing time:             Tue 19 Sep 2023 22:34:50 +0000
ROA not before:           Tue 19 Sep 2023 22:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42910
IP address blocks:        188.132.135.0/24 maxlen: 32
                          188.132.134.0/24 maxlen: 24
                          188.132.142.0/24 maxlen: 24
                          188.132.147.0/24 maxlen: 32
                          188.132.148.0/24 maxlen: 24
                          188.132.153.0/24 maxlen: 24
                          188.132.158.0/24 maxlen: 32
                          188.132.157.0/24 maxlen: 24
                          188.132.216.0/24 maxlen: 24
                          188.132.215.0/24 maxlen: 24
                          188.132.214.0/24 maxlen: 24
                          188.132.219.0/24 maxlen: 32
                          188.132.217.0/24 maxlen: 32
                          188.132.218.0/24 maxlen: 24
                          188.132.224.0/24 maxlen: 24
                          188.132.226.0/24 maxlen: 32
                          188.132.225.0/24 maxlen: 24
                          188.132.223.0/24 maxlen: 32
                          188.132.220.0/24 maxlen: 24
                          188.132.227.0/24 maxlen: 32
                          188.132.231.0/24 maxlen: 24
                          188.132.228.0/24 maxlen: 32
                          188.132.233.0/24 maxlen: 24
                          188.132.232.0/24 maxlen: 24
                          188.132.230.0/24 maxlen: 32
                          77.92.130.0/24 maxlen: 24
                          77.92.129.0/24 maxlen: 24
                          77.92.128.0/24 maxlen: 24
                          188.132.235.0/24 maxlen: 24
                          77.92.132.0/24 maxlen: 24
                          188.132.239.0/24 maxlen: 24
                          77.92.131.0/24 maxlen: 24
                          188.132.234.0/24 maxlen: 32
                          77.92.133.0/24 maxlen: 32
                          188.132.241.0/24 maxlen: 24
                          77.92.137.0/24 maxlen: 24
                          77.92.136.0/24 maxlen: 24
                          188.132.243.0/24 maxlen: 24
                          188.132.244.0/24 maxlen: 32
                          77.92.135.0/24 maxlen: 24
                          77.92.134.0/24 maxlen: 24
                          77.92.139.0/24 maxlen: 24
                          77.92.138.0/24 maxlen: 24
                          188.132.246.0/24 maxlen: 24
                          188.132.245.0/24 maxlen: 24
                          188.132.250.0/24 maxlen: 24
                          188.132.251.0/24 maxlen: 24
                          77.92.143.0/24 maxlen: 24
                          77.92.142.0/24 maxlen: 24
                          77.92.141.0/24 maxlen: 24
                          188.132.253.0/24 maxlen: 24
                          77.92.144.0/24 maxlen: 32
                          188.132.252.0/24 maxlen: 24
                          77.92.140.0/24 maxlen: 32
                          77.92.149.0/24 maxlen: 24
                          77.92.148.0/24 maxlen: 24
                          188.132.255.0/24 maxlen: 24
                          188.132.254.0/24 maxlen: 24
                          77.92.146.0/24 maxlen: 24
                          77.92.158.0/24 maxlen: 24
                          77.92.156.0/24 maxlen: 24
                          77.92.155.0/24 maxlen: 32
                          77.92.159.0/24 maxlen: 24
                          77.92.157.0/24 maxlen: 32
                          188.132.172.0/24 maxlen: 24
                          188.132.175.0/24 maxlen: 24
                          188.132.176.0/24 maxlen: 32
                          188.132.177.0/24 maxlen: 24
                          188.132.183.0/24 maxlen: 32
                          188.132.180.0/24 maxlen: 24
                          188.132.190.0/24 maxlen: 24
                          188.132.195.0/24 maxlen: 24
                          188.132.194.0/24 maxlen: 24
                          188.132.204.0/24 maxlen: 32
                          188.132.205.0/24 maxlen: 32
                          188.132.211.0/24 maxlen: 32
                          188.132.208.0/24 maxlen: 32
                          188.132.213.0/24 maxlen: 24
                          188.132.212.0/24 maxlen: 24
                          212.68.57.0/24 maxlen: 32
                          212.68.56.0/24 maxlen: 32
                          212.68.61.0/24 maxlen: 32
                          31.210.33.0/24 maxlen: 24
                          31.210.32.0/24 maxlen: 24
                          31.210.36.0/24 maxlen: 24
                          31.210.35.0/24 maxlen: 24
                          31.210.44.0/24 maxlen: 24
                          31.210.40.0/24 maxlen: 32
                          31.210.41.0/24 maxlen: 24
                          31.210.46.0/24 maxlen: 24
                          31.210.47.0/24 maxlen: 24
                          31.210.51.0/24 maxlen: 32
                          31.210.50.0/24 maxlen: 32
                          31.210.45.0/24 maxlen: 32
                          31.210.49.0/24 maxlen: 24
                          31.210.48.0/24 maxlen: 24
                          31.210.58.0/24 maxlen: 24
                          31.210.57.0/24 maxlen: 24
                          31.210.56.0/24 maxlen: 24
                          31.210.60.0/24 maxlen: 24
                          31.210.59.0/24 maxlen: 24
                          31.210.61.0/24 maxlen: 32
                          78.135.98.0/24 maxlen: 24
                          78.135.103.0/24 maxlen: 24
                          78.135.99.0/24 maxlen: 32
                          78.135.108.0/24 maxlen: 32
                          78.135.113.0/24 maxlen: 32
                          78.135.116.0/24 maxlen: 24
                          78.135.115.0/24 maxlen: 24
                          78.135.114.0/24 maxlen: 32
                          212.68.32.0/24 maxlen: 32
                          212.68.37.0/24 maxlen: 32
                          212.68.33.0/24 maxlen: 32
                          212.68.38.0/24 maxlen: 24
                          212.68.36.0/24 maxlen: 32
                          212.68.41.0/24 maxlen: 32
                          212.68.40.0/24 maxlen: 32
                          212.68.43.0/24 maxlen: 32
                          212.68.44.0/24 maxlen: 24
                          212.68.42.0/24 maxlen: 32
                          212.68.39.0/24 maxlen: 24
                          212.68.45.0/24 maxlen: 32
                          212.68.46.0/24 maxlen: 32
                          212.68.49.0/24 maxlen: 24
                          212.68.50.0/24 maxlen: 32
                          212.68.51.0/24 maxlen: 24
                          78.135.79.0/24 maxlen: 24
                          2a02:26b0:8001::/48 maxlen: 48
                          2a02:26b0::/32 maxlen: 32
                          2a02:26b0:8000::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:af:94:f7:5d:13:8b:12:27:c2:45:78:ab:16:10:e9:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Sep 19 22:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=78440f31494261930f40ade1137007ed066afe02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:5a:4e:ca:1c:f4:f5:fb:15:f4:c4:a4:9b:af:
                    72:d3:64:62:c6:13:cc:6d:2d:ad:cb:2f:a3:5c:24:
                    70:d5:f9:62:ef:92:2e:b7:b3:62:f1:98:85:5a:31:
                    ef:ca:77:ba:d3:a7:cf:63:4a:bd:11:3f:f9:56:31:
                    90:16:35:26:b7:f3:2e:0e:a7:cb:a4:ac:67:50:ac:
                    90:1d:d4:a3:3d:d1:e2:05:c7:38:bc:d6:57:c4:cb:
                    59:f7:13:f0:13:bc:0d:88:9c:55:88:b1:dd:bb:75:
                    85:56:f3:b3:c4:50:02:b8:03:08:3d:fe:2e:d0:a3:
                    16:c9:92:34:75:7e:a0:ef:c6:78:44:5a:84:54:a2:
                    9c:04:61:eb:16:cf:e9:a3:2c:a0:d2:99:4c:2a:66:
                    31:de:8e:25:2a:c3:43:ef:0a:a9:97:64:ab:e1:82:
                    f2:d1:85:41:70:0f:df:59:94:54:84:79:22:7c:80:
                    af:5e:3c:db:5e:0b:ab:4e:57:75:03:68:91:7f:71:
                    7b:0e:e5:1c:45:75:7d:1b:19:f3:0a:cd:97:4e:f4:
                    34:6b:55:4d:17:46:c1:e7:b8:b6:f7:75:56:e9:9c:
                    cc:8f:30:78:19:29:a8:4e:30:ca:70:17:0a:53:b3:
                    e3:e9:d1:11:52:92:8f:4e:0f:ec:f4:13:05:4a:7e:
                    a5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:44:0F:31:49:42:61:93:0F:40:AD:E1:13:70:07:ED:06:6A:FE:02
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/eEQPMUlCYZMPQK3hE3AH7QZq_gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.32.0/23
                  31.210.35.0-31.210.36.255
                  31.210.40.0/23
                  31.210.44.0-31.210.51.255
                  31.210.56.0-31.210.61.255
                  77.92.128.0-77.92.144.255
                  77.92.146.0/24
                  77.92.148.0/23
                  77.92.155.0-77.92.159.255
                  78.135.79.0/24
                  78.135.98.0/23
                  78.135.103.0/24
                  78.135.108.0/24
                  78.135.113.0-78.135.116.255
                  188.132.134.0/23
                  188.132.142.0/24
                  188.132.147.0-188.132.148.255
                  188.132.153.0/24
                  188.132.157.0-188.132.158.255
                  188.132.172.0/24
                  188.132.175.0-188.132.177.255
                  188.132.180.0/24
                  188.132.183.0/24
                  188.132.190.0/24
                  188.132.194.0/23
                  188.132.204.0/23
                  188.132.208.0/24
                  188.132.211.0-188.132.220.255
                  188.132.223.0-188.132.228.255
                  188.132.230.0-188.132.235.255
                  188.132.239.0/24
                  188.132.241.0/24
                  188.132.243.0-188.132.246.255
                  188.132.250.0-188.132.255.255
                  212.68.32.0/23
                  212.68.36.0-212.68.46.255
                  212.68.49.0-212.68.51.255
                  212.68.56.0/23
                  212.68.61.0/24
                IPv6:
                  2a02:26b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:2f:ed:fd:1b:3b:a0:56:22:12:aa:d5:ea:0d:45:7e:12:2c:
         60:5f:56:f7:74:2b:6f:d4:42:2d:22:cd:1d:2a:4d:fd:88:99:
         5e:04:dc:14:60:47:f9:fb:98:ed:f2:de:e5:95:e6:bf:b6:94:
         6b:4b:16:e4:d7:d5:f4:a1:a8:22:4e:7d:98:62:ca:1f:8a:4e:
         a8:8a:3f:11:4a:52:b3:11:51:e7:26:1a:11:be:7b:a8:ab:b1:
         0b:5d:79:ff:86:99:2b:28:cd:8f:0b:fc:1c:d5:6b:c2:f7:11:
         5f:3f:38:36:15:91:e1:72:58:bb:1b:23:17:26:06:d0:89:52:
         e0:01:49:5a:cd:f1:ca:63:f8:ac:0f:e4:bc:5e:e6:28:f2:f7:
         dd:22:b6:ad:cb:d8:aa:38:b2:d0:89:8c:90:b2:7a:7c:31:ee:
         84:cc:ab:a1:ed:9d:87:fb:57:c2:81:be:af:f8:d5:2f:49:b9:
         44:c2:83:3d:a0:1b:9f:4d:a9:b1:0f:4e:1a:0a:75:e6:80:74:
         d2:70:d5:71:af:73:03:c7:09:62:10:90:02:c8:db:2e:36:ba:
         2c:12:65:3f:d7:13:69:3d:23:d2:d7:e4:c0:8b:7c:c9:53:31:
         c4:43:f1:38:32:ca:20:16:9c:9d:3e:7e:56:a4:60:fb:ce:e1:
         f9:98:55:ce
-----BEGIN CERTIFICATE-----
MIIGeTCCBWGgAwIBAgISAYqvlPddE4sSJ8JFeKsWEOk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMwOTE5MjIzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODQ0MGYzMTQ5NDI2MTkzMGY0MGFkZTExMzcwMDdlZDA2NmFmZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+FpOyhz09fsV9MSkm69y02RixhPM
bS2tyy+jXCRw1fli75Iut7Ni8ZiFWjHvyne606fPY0q9ET/5VjGQFjUmt/MuDqfL
pKxnUKyQHdSjPdHiBcc4vNZXxMtZ9xPwE7wNiJxViLHdu3WFVvOzxFACuAMIPf4u
0KMWyZI0dX6g78Z4RFqEVKKcBGHrFs/poyyg0plMKmYx3o4lKsND7wqpl2Sr4YLy
0YVBcA/fWZRUhHkifICvXjzbXgurTld1A2iRf3F7DuUcRXV9GxnzCs2XTvQ0a1VN
F0bB57i293VW6ZzMjzB4GSmoTjDKcBcKU7Pj6dERUpKPTg/s9BMFSn6lvwIDAQAB
o4IDhTCCA4EwHQYDVR0OBBYEFHhEDzFJQmGTD0Ct4RNwB+0Gav4CMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvZUVRUE1VbENZWk1QUUszaEUzQUg3UVpxX2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBmQYIKwYBBQUHAQcBAf8EggGIMIIBhDCCAXEEAgABMIIB
aQMEAR/SIDAMAwQAH9IjAwQAH9IkAwQBH9IoMAwDBAIf0iwDBAIf0jAwDAMEAx/S
OAMEAR/SPDAMAwQHTVyAAwQATVyQAwQATVySAwQBTVyUMAwDBABNXJsDBAVNXIAD
BABOh08DBAFOh2IDBABOh2cDBABOh2wwDAMEAE6HcQMEAE6HdAMEAbyEhgMEALyE
jjAMAwQAvISTAwQAvISUAwQAvISZMAwDBAC8hJ0DBAC8hJ4DBAC8hKwwDAMEALyE
rwMEAbyEsAMEALyEtAMEALyEtwMEALyEvgMEAbyEwgMEAbyEzAMEALyE0DAMAwQA
vITTAwQAvITcMAwDBAC8hN8DBAC8hOQwDAMEAbyE5gMEAryE6AMEALyE7wMEALyE
8TAMAwQAvITzAwQAvIT2MAsDBAG8hPoDAwC8hAMEAdREIDAMAwQC1EQkAwQA1EQu
MAwDBADURDEDBALURDADBAHURDgDBADURD0wDQQCAAIwBwMFACoCJrAwDQYJKoZI
hvcNAQELBQADggEBAA4v7f0bO6BWIhKq1eoNRX4SLGBfVvd0K2/UQi0izR0qTf2I
mV4E3BRgR/n7mO3y3uWV5r+2lGtLFuTX1fShqCJOfZhiyh+KTqiKPxFKUrMRUecm
GhG+e6irsQtdef+GmSsozY8L/BzVa8L3EV8/ODYVkeFyWLsbIxcmBtCJUuABSVrN
8cpj+KwP5Lxe5ijy990itq3L2Ko4stCJjJCyenwx7oTMq6HtnYf7V8KBvq/41S9J
uUTCgz2gG59NqbEPThoKdeaAdNJw1XGvcwPHCWIQkALI2y42uiwSZT/XE2k9I9LX
5MCLfMlTMcRD8TgyyiAWnJ0+flakYPvO4fmYVc4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:01 2024 by rpki-client on console-fra.rpki-client.org