Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/GC-HqA5phFnYV0tZ6CHADLUUguE.roa
File:                     GC-HqA5phFnYV0tZ6CHADLUUguE.roa (raw, json)
Hash identifier:          POzI9fMFKXhrNjwp1cQ5H7MF0d9l5fw/SKS2dL/LHdk=
Subject key identifier:   18:2F:87:A8:0E:69:84:59:D8:57:4B:59:E8:21:C0:0C:B5:14:82:E1
Certificate issuer:       /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial:       01856F796EB208438B6206288466B681AB5E
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/GC-HqA5phFnYV0tZ6CHADLUUguE.roa
Signing time:             Sun 01 Jan 2023 22:35:07 +0000
ROA not before:           Sun 01 Jan 2023 22:35:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31708
IP address blocks:        109.70.136.0/21 maxlen: 21
                          109.70.143.0/24 maxlen: 24
                          109.70.141.0/24 maxlen: 24
                          145.255.224.0/22 maxlen: 22
                          145.255.224.0/21 maxlen: 21
                          145.255.231.0/24 maxlen: 24
                          145.255.230.0/23 maxlen: 23
                          145.255.230.0/24 maxlen: 24
                          193.26.222.0/24 maxlen: 24
                          31.193.168.0/21 maxlen: 21
                          31.193.170.0/24 maxlen: 24
                          85.13.192.0/24 maxlen: 24
                          185.101.80.0/23 maxlen: 23
                          185.101.80.0/22 maxlen: 24
                          185.101.83.0/24 maxlen: 24
                          85.13.192.0/18 maxlen: 18
                          89.187.64.0/19 maxlen: 19
                          85.13.199.0/24 maxlen: 24
                          85.13.208.0/24 maxlen: 24
                          89.187.72.0/24 maxlen: 24
                          85.13.209.0/24 maxlen: 24
                          89.187.78.0/24 maxlen: 24
                          89.187.85.0/24 maxlen: 24
                          89.187.80.0/24 maxlen: 24
                          89.187.81.0/24 maxlen: 24
                          85.13.214.0/24 maxlen: 24
                          89.187.79.0/24 maxlen: 24
                          89.187.84.0/24 maxlen: 24
                          85.13.216.0/24 maxlen: 24
                          85.13.222.0/24 maxlen: 24
                          89.187.86.0/24 maxlen: 24
                          89.187.91.0/24 maxlen: 24
                          62.197.44.0/24 maxlen: 24
                          62.197.44.0/23 maxlen: 23
                          62.197.40.0/23 maxlen: 23
                          62.197.50.0/23 maxlen: 23
                          83.142.28.0/24 maxlen: 24
                          83.142.29.0/24 maxlen: 24
                          89.187.95.0/24 maxlen: 24
                          85.13.228.0/24 maxlen: 24
                          89.187.93.0/24 maxlen: 24
                          85.13.230.0/24 maxlen: 24
                          85.13.234.0/24 maxlen: 24
                          85.13.247.0/24 maxlen: 24
                          83.142.24.0/21 maxlen: 21
                          2a01:c0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:79:6e:b2:08:43:8b:62:06:28:84:66:b6:81:ab:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
        Validity
            Not Before: Jan  1 22:35:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=182f87a80e698459d8574b59e821c00cb51482e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fd:4c:1e:e1:52:6a:6d:61:26:2d:c6:77:fd:
                    f9:18:3f:1e:3d:17:d6:b9:c9:47:bd:be:a5:b0:c3:
                    07:93:e9:8e:e1:2f:54:d5:83:5f:e4:b7:49:a8:89:
                    cf:b9:e8:f7:af:14:73:8b:91:fc:f7:d4:01:7e:59:
                    0c:92:9a:dc:50:76:86:9d:34:8c:99:67:d7:57:bb:
                    e8:81:10:3e:b6:ec:8b:bd:13:95:3b:34:f8:b7:70:
                    1e:a0:25:1d:3e:64:93:6b:39:4c:ff:c9:63:e1:46:
                    1b:55:54:00:eb:7f:69:03:46:b0:54:54:e4:4a:62:
                    b1:04:ca:ec:14:2c:a9:b0:b8:75:1a:08:c8:d1:20:
                    7a:3b:ec:e2:bf:ed:76:94:2d:8b:61:eb:8f:7f:a3:
                    05:75:77:1c:80:b7:56:54:2c:06:af:e1:cf:92:d7:
                    40:1f:ca:ed:eb:da:d6:a3:37:ae:0c:01:09:7e:4a:
                    f3:87:3b:57:38:03:06:dd:58:83:d7:35:37:c4:7e:
                    3c:64:1a:c1:7d:37:cf:ae:91:e7:07:57:64:61:02:
                    3f:4f:c1:4c:01:d1:04:9d:6f:5e:85:1b:21:6a:ae:
                    02:a7:ef:0d:45:35:9a:9c:1f:c3:1d:19:05:60:5a:
                    97:e5:d5:7e:9f:f5:30:cf:4f:2a:74:ca:42:ee:37:
                    e0:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:2F:87:A8:0E:69:84:59:D8:57:4B:59:E8:21:C0:0C:B5:14:82:E1
            X509v3 Authority Key Identifier:
                keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/GC-HqA5phFnYV0tZ6CHADLUUguE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.168.0/21
                  62.197.40.0/23
                  62.197.44.0/23
                  62.197.50.0/23
                  83.142.24.0/21
                  85.13.192.0/18
                  89.187.64.0/19
                  109.70.136.0/21
                  145.255.224.0/21
                  185.101.80.0/22
                  193.26.222.0/24
                IPv6:
                  2a01:c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:71:e2:99:63:7a:72:bf:d8:57:36:ba:f6:9e:f8:52:ea:5e:
         aa:30:77:7f:0d:e4:94:78:c5:ce:12:f4:f9:a2:0c:a8:35:29:
         b7:95:63:4a:26:34:44:ba:83:3c:a2:4a:21:75:8d:c3:3c:d2:
         03:7a:83:f6:1e:16:e3:03:62:f7:b9:27:2e:7e:e5:06:33:95:
         b7:e7:d5:1a:eb:14:1f:4c:95:4c:b0:c3:a6:72:9f:3b:ea:60:
         87:a1:9f:c0:7f:da:78:11:d4:cf:81:4e:0c:16:93:31:65:30:
         1c:89:c6:72:cb:31:ff:d3:e4:1b:e1:98:87:2c:d8:1a:87:7d:
         00:b8:09:65:68:25:cb:81:7f:c1:7a:f5:6f:19:39:08:6f:87:
         0a:d3:da:29:c7:ed:ac:4f:ce:87:95:80:2d:e8:a9:a6:25:3c:
         06:3a:48:46:ea:19:8e:94:07:2f:ab:fa:86:8c:78:39:a7:e2:
         49:22:4f:8f:88:f4:84:73:00:31:cd:7d:26:6e:41:24:37:9a:
         c0:b0:ae:67:ae:1a:f6:0f:eb:6c:73:c5:da:ba:b8:eb:3d:39:
         e4:8a:3e:61:10:0f:3d:38:51:c7:c2:c3:ec:c6:b6:0d:70:45:
         a0:e9:bd:1c:25:cb:21:ee:d6:d0:11:ea:ec:5a:a8:c1:1e:87:
         e1:62:6f:1e
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVveW6yCEOLYgYohGa2gateMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjMwMTAxMjIzNTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODJmODdhODBlNjk4NDU5ZDg1NzRiNTllODIxYzAwY2I1MTQ4MmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/1MHuFSam1hJi3Gd/35GD8ePRfW
uclHvb6lsMMHk+mO4S9U1YNf5LdJqInPuej3rxRzi5H899QBflkMkprcUHaGnTSM
mWfXV7vogRA+tuyLvROVOzT4t3AeoCUdPmSTazlM/8lj4UYbVVQA639pA0awVFTk
SmKxBMrsFCypsLh1GgjI0SB6O+ziv+12lC2LYeuPf6MFdXccgLdWVCwGr+HPktdA
H8rt69rWozeuDAEJfkrzhztXOAMG3ViD1zU3xH48ZBrBfTfPrpHnB1dkYQI/T8FM
AdEEnW9ehRshaq4Cp+8NRTWanB/DHRkFYFqX5dV+n/Uwz08qdMpC7jfgsQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFBgvh6gOaYRZ2FdLWeghwAy1FILhMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvR0MtSHFBNXBoRm5ZVjB0WjZDSEFETFVVZ3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDH8GoAwQB
PsUoAwQBPsUsAwQBPsUyAwQDU44YAwQGVQ3AAwQFWbtAAwQDbUaIAwQDkf/gAwQC
uWVQAwQAwRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQBIceKZ
Y3pyv9hXNrr2nvhS6l6qMHd/DeSUeMXOEvT5ogyoNSm3lWNKJjREuoM8okohdY3D
PNIDeoP2HhbjA2L3uScufuUGM5W359Ua6xQfTJVMsMOmcp876mCHoZ/Af9p4EdTP
gU4MFpMxZTAcicZyyzH/0+Qb4ZiHLNgah30AuAllaCXLgX/BevVvGTkIb4cK09op
x+2sT86HlYAt6KmmJTwGOkhG6hmOlAcvq/qGjHg5p+JJIk+PiPSEcwAxzX0mbkEk
N5rAsK5nrhr2D+tsc8XaurjrPTnkij5hEA89OFHHwsPsxrYNcEWg6b0cJcsh7tbQ
EersWqjBHofhYm8e
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:57 2024 by rpki-client on console-fra.rpki-client.org