Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/DEs7Ls6qm2asCIGSJUTh2dLNiZY.roa
File:                     DEs7Ls6qm2asCIGSJUTh2dLNiZY.roa (raw, json)
Hash identifier:          npgYL6uz4UhqhU4ruxLhkMM6P9Yb+IkwCiEjdKmZyKg=
Subject key identifier:   0C:4B:3B:2E:CE:AA:9B:66:AC:08:81:92:25:44:E1:D9:D2:CD:89:96
Certificate issuer:       /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial:       018216BA4DF870487C48A2487F71398BDF98
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/DEs7Ls6qm2asCIGSJUTh2dLNiZY.roa
Signing time:             Tue 19 Jul 2022 13:51:24 +0000
ROA not before:           Tue 19 Jul 2022 13:51:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31708
IP address blocks:        185.96.220.0/22 maxlen: 22
                          109.70.136.0/21 maxlen: 21
                          109.70.143.0/24 maxlen: 24
                          109.70.141.0/24 maxlen: 24
                          145.255.224.0/22 maxlen: 22
                          145.255.224.0/21 maxlen: 21
                          145.255.231.0/24 maxlen: 24
                          145.255.230.0/24 maxlen: 24
                          145.255.230.0/23 maxlen: 23
                          193.26.222.0/24 maxlen: 24
                          31.193.168.0/21 maxlen: 21
                          31.193.170.0/24 maxlen: 24
                          86.105.196.0/24 maxlen: 24
                          85.13.192.0/24 maxlen: 24
                          185.101.80.0/23 maxlen: 23
                          185.101.80.0/22 maxlen: 22
                          185.101.83.0/24 maxlen: 24
                          85.13.192.0/18 maxlen: 18
                          89.187.64.0/19 maxlen: 19
                          85.13.199.0/24 maxlen: 24
                          85.13.208.0/24 maxlen: 24
                          89.187.72.0/24 maxlen: 24
                          85.13.209.0/24 maxlen: 24
                          89.187.78.0/24 maxlen: 24
                          89.187.85.0/24 maxlen: 24
                          89.187.80.0/24 maxlen: 24
                          89.187.81.0/24 maxlen: 24
                          85.13.214.0/24 maxlen: 24
                          89.187.79.0/24 maxlen: 24
                          89.187.84.0/24 maxlen: 24
                          85.13.216.0/24 maxlen: 24
                          85.13.222.0/24 maxlen: 24
                          89.187.86.0/24 maxlen: 24
                          89.187.91.0/24 maxlen: 24
                          62.197.32.0/19 maxlen: 19
                          62.197.44.0/24 maxlen: 24
                          83.142.28.0/24 maxlen: 24
                          83.142.29.0/24 maxlen: 24
                          89.187.95.0/24 maxlen: 24
                          85.13.228.0/24 maxlen: 24
                          89.187.93.0/24 maxlen: 24
                          85.13.230.0/24 maxlen: 24
                          85.13.234.0/24 maxlen: 24
                          85.13.247.0/24 maxlen: 24
                          83.142.24.0/21 maxlen: 21
                          2a01:c0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:16:ba:4d:f8:70:48:7c:48:a2:48:7f:71:39:8b:df:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
        Validity
            Not Before: Jul 19 13:51:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0c4b3b2eceaa9b66ac0881922544e1d9d2cd8996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ec:45:80:e7:92:4e:14:22:27:32:db:89:60:
                    78:b4:1d:e0:d0:b0:cc:3f:b2:2b:5e:04:3c:8d:c3:
                    f3:81:49:3f:d1:c2:fa:b8:ae:ec:79:6b:82:1a:48:
                    ff:2d:49:84:41:73:19:f4:24:3f:bd:84:10:7b:ac:
                    25:37:81:04:92:5a:d7:bc:59:4b:5a:26:c6:fa:72:
                    24:86:b2:1a:a3:88:e4:d0:59:cf:6a:a5:ba:12:77:
                    9d:a7:e5:0d:b8:30:bd:f0:91:e2:7d:fa:92:26:cc:
                    29:ec:2a:85:79:52:c3:91:b9:d9:88:0e:55:01:d4:
                    17:ad:a4:65:71:f7:cb:39:ed:1b:1a:1b:59:ad:89:
                    b4:88:c5:ef:17:d2:c6:c5:a5:15:e2:ee:4e:83:33:
                    41:6d:fc:63:99:00:ab:78:5b:7c:b0:d7:18:a4:da:
                    23:d4:56:3b:fe:03:1d:23:ae:26:d0:d9:bc:09:11:
                    83:76:39:70:6f:10:a7:4e:87:89:43:49:0f:98:33:
                    f2:f8:8f:63:0e:d5:aa:96:71:02:40:92:cb:3a:8f:
                    78:22:f4:2e:e3:74:16:c4:77:91:84:20:31:7f:a3:
                    1c:0c:98:b1:87:4b:11:ea:5b:3e:fa:30:24:0b:ca:
                    ea:7e:e1:9b:4e:f8:60:46:42:5d:de:f3:0f:c3:eb:
                    f5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:4B:3B:2E:CE:AA:9B:66:AC:08:81:92:25:44:E1:D9:D2:CD:89:96
            X509v3 Authority Key Identifier:
                keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/DEs7Ls6qm2asCIGSJUTh2dLNiZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.168.0/21
                  62.197.32.0/19
                  83.142.24.0/21
                  85.13.192.0/18
                  86.105.196.0/24
                  89.187.64.0/19
                  109.70.136.0/21
                  145.255.224.0/21
                  185.96.220.0/22
                  185.101.80.0/22
                  193.26.222.0/24
                IPv6:
                  2a01:c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:db:d7:cc:7f:61:ad:c3:3f:c5:da:6d:a8:08:3f:d4:49:45:
         50:f7:e1:34:8f:76:1d:57:a2:bf:ec:96:9c:8b:27:09:49:98:
         04:50:e6:37:ff:7f:9e:74:fc:28:93:6f:2b:39:11:42:1e:fa:
         4b:07:6a:cf:a4:1b:a0:ee:cd:09:df:54:5c:ba:e8:17:83:08:
         86:40:ca:64:04:35:7b:cc:23:11:96:c6:e7:32:36:c9:2a:0a:
         e5:a3:86:e1:d2:8d:6d:ae:15:45:44:14:df:35:fc:bb:6e:56:
         9d:5b:ba:d6:25:f6:a8:7e:1f:bf:8c:5a:b7:22:8c:4c:4e:a3:
         d7:ad:25:82:e8:7f:8e:35:44:44:fc:4e:f9:e1:c1:e6:81:49:
         1b:08:f4:95:cb:b6:19:84:10:3a:0a:d0:fe:e2:39:f9:63:33:
         8f:73:98:88:cb:ed:0d:dd:b1:f6:d2:f9:10:30:04:6d:15:3c:
         b8:1f:fb:1b:8c:88:9c:03:b4:d5:81:91:37:83:37:b0:a0:ee:
         00:28:a8:f1:00:71:95:96:f7:5e:b0:c0:5f:0c:40:86:c3:45:
         41:49:02:cd:3c:1d:8f:22:b6:e0:c7:3c:0e:46:c2:87:00:52:
         4a:b2:ba:9f:0a:a0:98:79:76:bb:14:1f:13:9e:a5:49:c2:d5:
         36:49:56:58
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYIWuk34cEh8SKJIf3E5i9+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjIwNzE5MTM1MTI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzRiM2IyZWNlYWE5YjY2YWMwODgxOTIyNTQ0ZTFkOWQyY2Q4OTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOxFgOeSThQiJzLbiWB4tB3g0LDM
P7IrXgQ8jcPzgUk/0cL6uK7seWuCGkj/LUmEQXMZ9CQ/vYQQe6wlN4EEklrXvFlL
WibG+nIkhrIao4jk0FnPaqW6Enedp+UNuDC98JHiffqSJswp7CqFeVLDkbnZiA5V
AdQXraRlcffLOe0bGhtZrYm0iMXvF9LGxaUV4u5OgzNBbfxjmQCreFt8sNcYpNoj
1FY7/gMdI64m0Nm8CRGDdjlwbxCnToeJQ0kPmDPy+I9jDtWqlnECQJLLOo94IvQu
43QWxHeRhCAxf6McDJixh0sR6ls++jAkC8rqfuGbTvhgRkJd3vMPw+v11wIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFAxLOy7OqptmrAiBkiVE4dnSzYmWMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvREVzN0xzNnFtMmFzQ0lHU0pVVGgyZExOaVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDH8GoAwQF
PsUgAwQDU44YAwQGVQ3AAwQAVmnEAwQFWbtAAwQDbUaIAwQDkf/gAwQCuWDcAwQC
uWVQAwQAwRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQB329fM
f2Gtwz/F2m2oCD/USUVQ9+E0j3YdV6K/7JaciycJSZgEUOY3/3+edPwok28rORFC
HvpLB2rPpBug7s0J31RcuugXgwiGQMpkBDV7zCMRlsbnMjbJKgrlo4bh0o1trhVF
RBTfNfy7bladW7rWJfaofh+/jFq3IoxMTqPXrSWC6H+ONURE/E754cHmgUkbCPSV
y7YZhBA6CtD+4jn5YzOPc5iIy+0N3bH20vkQMARtFTy4H/sbjIicA7TVgZE3gzew
oO4AKKjxAHGVlvdesMBfDECGw0VBSQLNPB2PIrbgxzwORsKHAFJKsrqfCqCYeXa7
FB8TnqVJwtU2SVZY
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:15 2024 by rpki-client on console-ams.rpki-client.org