Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/vrn1aSJwdq4h0HzpR3VwUngwSn0.roa
File:                     vrn1aSJwdq4h0HzpR3VwUngwSn0.roa (raw, json)
Hash identifier:          4iUWvztAfzTB+shHYvdosUAWY9DEbOj6bJFRfewWx6I=
Subject key identifier:   BE:B9:F5:69:22:70:76:AE:21:D0:7C:E9:47:75:70:52:78:30:4A:7D
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018ACD6670619B14A18F05C1C09AA03704F3
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/vrn1aSJwdq4h0HzpR3VwUngwSn0.roa
Signing time:             Mon 25 Sep 2023 17:32:37 +0000
ROA not before:           Mon 25 Sep 2023 17:32:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60683
IP address blocks:        188.132.153.0/24 maxlen: 24
                          212.68.55.0/24 maxlen: 24
                          188.132.214.0/24 maxlen: 24
                          188.132.223.0/24 maxlen: 24
                          188.132.229.0/24 maxlen: 24
                          188.132.240.0/24 maxlen: 24
                          188.132.242.0/24 maxlen: 24
                          77.92.145.0/24 maxlen: 24
                          77.92.143.0/24 maxlen: 24
                          212.68.32.0/24 maxlen: 24
                          77.92.147.0/24 maxlen: 24
                          77.92.146.0/24 maxlen: 24
                          212.68.48.0/24 maxlen: 24
                          31.210.48.0/24 maxlen: 24
                          188.132.184.0/24 maxlen: 24
                          188.132.190.0/24 maxlen: 24
                          188.132.200.0/24 maxlen: 24
                          188.132.210.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cd:66:70:61:9b:14:a1:8f:05:c1:c0:9a:a0:37:04:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Sep 25 17:32:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=beb9f569227076ae21d07ce94775705278304a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:70:78:57:d7:a6:0d:97:bd:11:28:bf:a9:88:
                    3c:75:dc:d4:c3:10:f3:38:f5:a0:90:68:5c:f9:dc:
                    cc:3a:a7:0a:09:52:63:6e:4d:ad:ea:fd:cf:fb:10:
                    8e:f6:17:d9:db:18:26:9d:02:14:ae:89:c6:5f:82:
                    fd:eb:aa:d7:0c:cb:81:b3:7b:c1:d3:7d:30:7d:87:
                    74:c7:c1:7f:db:73:ea:93:33:a7:0b:50:9e:c1:a8:
                    46:a3:d4:81:55:a7:75:c4:31:ef:f4:c2:bc:6d:16:
                    96:e8:ab:6b:57:57:61:4d:59:dd:2a:ed:1e:3b:0d:
                    9c:2c:73:b1:dd:d5:6b:c1:f0:ac:10:90:41:87:e0:
                    68:66:0c:99:de:31:ed:9a:51:f8:b5:49:86:21:f1:
                    26:0d:e4:02:7a:e7:88:7f:b0:1b:65:61:22:f4:dc:
                    86:dc:37:3a:30:5c:f2:93:fc:85:47:3a:f4:f9:5e:
                    a8:df:0c:53:03:49:81:3e:ce:e1:e6:02:e0:ce:e5:
                    04:68:ae:81:cb:4b:ac:1f:ca:26:c3:d2:72:c1:0e:
                    95:cb:3d:ea:a9:2e:75:4c:69:47:d6:13:24:ec:91:
                    34:ec:78:c6:bb:57:1c:19:a2:c9:b8:9b:27:4b:73:
                    2f:ca:92:ab:48:35:c0:d9:9b:5d:cc:57:34:8d:f3:
                    fb:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B9:F5:69:22:70:76:AE:21:D0:7C:E9:47:75:70:52:78:30:4A:7D
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/vrn1aSJwdq4h0HzpR3VwUngwSn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.48.0/24
                  77.92.143.0/24
                  77.92.145.0-77.92.147.255
                  188.132.153.0/24
                  188.132.184.0/24
                  188.132.190.0/24
                  188.132.200.0/24
                  188.132.210.0/24
                  188.132.214.0/24
                  188.132.223.0/24
                  188.132.229.0/24
                  188.132.240.0/24
                  188.132.242.0/24
                  212.68.32.0/24
                  212.68.48.0/24
                  212.68.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:c8:8c:38:e8:e3:b1:b4:18:cb:3b:1c:35:9d:c1:ff:f9:d3:
         9f:0f:fe:74:fe:db:0e:9e:e5:c8:0e:dd:69:1a:ca:57:a1:b4:
         5d:d5:96:e3:ae:5a:d9:1a:d7:db:89:c9:b5:15:1f:25:2f:89:
         b2:94:7a:c8:00:24:d5:a8:8f:58:c1:ba:96:0f:b7:74:b5:53:
         c3:3f:e0:ce:e5:06:a8:c6:3b:ee:89:c5:2d:f8:16:92:1a:d4:
         42:ed:93:b7:d3:ac:c8:9b:aa:11:49:d2:d6:e3:5a:db:06:94:
         51:5e:a8:19:bc:5d:26:7e:c1:35:7d:d2:67:da:0e:b6:bf:c3:
         3a:0a:da:ec:b4:8e:24:d5:93:d5:ce:ed:70:74:d3:ac:ef:15:
         a8:6e:7b:d0:16:03:b6:fb:af:1f:e2:d2:6f:e9:f4:f1:95:03:
         3a:2a:3b:73:15:29:c1:d8:0b:01:85:6f:66:b1:35:3e:15:a1:
         36:c8:8f:38:04:b1:8b:e7:c1:c6:c7:35:a2:3f:81:6c:b4:fb:
         f2:9e:29:8d:1f:be:47:4f:a3:da:f2:f3:a0:c1:b7:3e:e4:4b:
         93:e4:b1:89:ae:f5:6b:09:d0:fb:d0:a8:dd:ea:47:9e:8e:a4:
         e0:2b:c3:d6:d2:3f:a2:28:61:33:3f:bc:0f:73:63:ee:14:16:
         06:27:b8:24
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYrNZnBhmxShjwXBwJqgNwTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMwOTI1MTczMjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWI5ZjU2OTIyNzA3NmFlMjFkMDdjZTk0Nzc1NzA1Mjc4MzA0YTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinB4V9emDZe9ESi/qYg8ddzUwxDz
OPWgkGhc+dzMOqcKCVJjbk2t6v3P+xCO9hfZ2xgmnQIUronGX4L966rXDMuBs3vB
030wfYd0x8F/23PqkzOnC1CewahGo9SBVad1xDHv9MK8bRaW6KtrV1dhTVndKu0e
Ow2cLHOx3dVrwfCsEJBBh+BoZgyZ3jHtmlH4tUmGIfEmDeQCeueIf7AbZWEi9NyG
3Dc6MFzyk/yFRzr0+V6o3wxTA0mBPs7h5gLgzuUEaK6By0usH8omw9JywQ6Vyz3q
qS51TGlH1hMk7JE07HjGu1ccGaLJuJsnS3MvypKrSDXA2ZtdzFc0jfP7jwIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFL659WkicHauIdB86Ud1cFJ4MEp9MB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvdnJuMWFTSndkcTRoMEh6cFIzVndVbmd3U24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAB/SMAME
AE1cjzAMAwQATVyRAwQCTVyQAwQAvISZAwQAvIS4AwQAvIS+AwQAvITIAwQAvITS
AwQAvITWAwQAvITfAwQAvITlAwQAvITwAwQAvITyAwQA1EQgAwQA1EQwAwQA1EQ3
MA0GCSqGSIb3DQEBCwUAA4IBAQB0yIw46OOxtBjLOxw1ncH/+dOfD/50/tsOnuXI
Dt1pGspXobRd1ZbjrlrZGtfbicm1FR8lL4mylHrIACTVqI9YwbqWD7d0tVPDP+DO
5QaoxjvuicUt+BaSGtRC7ZO306zIm6oRSdLW41rbBpRRXqgZvF0mfsE1fdJn2g62
v8M6CtrstI4k1ZPVzu1wdNOs7xWobnvQFgO2+68f4tJv6fTxlQM6KjtzFSnB2AsB
hW9msTU+FaE2yI84BLGL58HGxzWiP4FstPvynimNH75HT6Pa8vOgwbc+5EuT5LGJ
rvVrCdD70Kjd6keejqTgK8PW0j+iKGEzP7wPc2PuFBYGJ7gk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:01 2024 by rpki-client on console-fra.rpki-client.org