Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/HgYm993JreyaAbKI3-egjVq9Szw.roa
File:                     HgYm993JreyaAbKI3-egjVq9Szw.roa (raw, json)
Hash identifier:          +VKYafioNnGJglxiz/Vsm2rETU20qQgk63Sz5FbVpuc=
Subject key identifier:   1E:06:26:F7:DD:C9:AD:EC:9A:01:B2:88:DF:E7:A0:8D:5A:BD:4B:3C
Certificate issuer:       /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial:       01847A670B7C05E285D07FAA3AB8715A9BC7
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/HgYm993JreyaAbKI3-egjVq9Szw.roa
Signing time:             Tue 15 Nov 2022 08:28:04 +0000
ROA not before:           Tue 15 Nov 2022 08:28:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31708
IP address blocks:        109.70.136.0/21 maxlen: 21
                          109.70.143.0/24 maxlen: 24
                          109.70.141.0/24 maxlen: 24
                          145.255.224.0/22 maxlen: 22
                          145.255.224.0/21 maxlen: 21
                          145.255.231.0/24 maxlen: 24
                          145.255.230.0/23 maxlen: 23
                          145.255.230.0/24 maxlen: 24
                          193.26.222.0/24 maxlen: 24
                          31.193.168.0/21 maxlen: 21
                          31.193.170.0/24 maxlen: 24
                          85.13.192.0/24 maxlen: 24
                          185.101.80.0/23 maxlen: 23
                          185.101.80.0/22 maxlen: 24
                          185.101.83.0/24 maxlen: 24
                          85.13.192.0/18 maxlen: 18
                          89.187.64.0/19 maxlen: 19
                          85.13.199.0/24 maxlen: 24
                          85.13.208.0/24 maxlen: 24
                          89.187.72.0/24 maxlen: 24
                          85.13.209.0/24 maxlen: 24
                          89.187.78.0/24 maxlen: 24
                          89.187.85.0/24 maxlen: 24
                          89.187.80.0/24 maxlen: 24
                          89.187.81.0/24 maxlen: 24
                          85.13.214.0/24 maxlen: 24
                          89.187.79.0/24 maxlen: 24
                          89.187.84.0/24 maxlen: 24
                          85.13.216.0/24 maxlen: 24
                          85.13.222.0/24 maxlen: 24
                          89.187.86.0/24 maxlen: 24
                          89.187.91.0/24 maxlen: 24
                          62.197.44.0/24 maxlen: 24
                          62.197.44.0/23 maxlen: 23
                          62.197.40.0/23 maxlen: 23
                          62.197.50.0/23 maxlen: 23
                          83.142.28.0/24 maxlen: 24
                          83.142.29.0/24 maxlen: 24
                          89.187.95.0/24 maxlen: 24
                          85.13.228.0/24 maxlen: 24
                          89.187.93.0/24 maxlen: 24
                          85.13.230.0/24 maxlen: 24
                          85.13.234.0/24 maxlen: 24
                          85.13.247.0/24 maxlen: 24
                          83.142.24.0/21 maxlen: 21
                          2a01:c0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7a:67:0b:7c:05:e2:85:d0:7f:aa:3a:b8:71:5a:9b:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
        Validity
            Not Before: Nov 15 08:28:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1e0626f7ddc9adec9a01b288dfe7a08d5abd4b3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:2f:69:f2:28:30:31:86:04:9d:d5:9d:d9:da:
                    12:7e:4c:f8:96:f7:c6:84:47:c9:26:37:de:30:f2:
                    15:49:b1:74:53:f3:c6:bf:9e:d1:57:ac:d5:6f:a8:
                    e7:ae:93:e3:8d:ae:1e:8c:8c:71:df:06:7f:9b:3d:
                    9b:c9:fb:a9:6d:5c:09:48:25:d4:f9:c8:d1:2e:28:
                    83:7d:8a:97:f0:4e:a3:31:47:56:39:d3:7d:fa:cc:
                    a1:94:5f:33:5a:42:c2:01:73:54:3b:97:f5:a7:1d:
                    95:53:47:1e:1d:52:c4:ee:8c:98:16:26:96:45:40:
                    cc:b3:3a:0e:58:00:fd:8e:88:92:b5:58:2c:35:4b:
                    e6:b7:0c:2b:3e:cb:13:a4:87:e9:c3:1d:fd:09:a1:
                    f1:9a:c6:35:0e:8a:a4:b5:0c:f3:12:4f:35:bd:c7:
                    be:1f:6f:24:27:3e:5d:28:87:3f:ed:e3:a3:25:26:
                    05:ec:f9:5f:34:62:bc:a4:8e:2f:58:42:f5:ad:77:
                    af:53:48:b6:ee:90:0e:58:79:5b:d6:64:85:72:7b:
                    46:e9:e6:f2:6a:6d:57:5c:52:b0:1f:a2:40:cc:3e:
                    d0:a6:67:2d:7c:71:3d:21:4c:65:4a:c7:5b:b8:01:
                    cf:23:d0:60:ca:13:33:52:76:5c:5d:52:07:4c:2c:
                    fe:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:06:26:F7:DD:C9:AD:EC:9A:01:B2:88:DF:E7:A0:8D:5A:BD:4B:3C
            X509v3 Authority Key Identifier:
                keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/HgYm993JreyaAbKI3-egjVq9Szw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.168.0/21
                  62.197.40.0/23
                  62.197.44.0/23
                  62.197.50.0/23
                  83.142.24.0/21
                  85.13.192.0/18
                  89.187.64.0/19
                  109.70.136.0/21
                  145.255.224.0/21
                  185.101.80.0/22
                  193.26.222.0/24
                IPv6:
                  2a01:c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:c8:6f:08:7d:72:f7:b1:30:a0:80:17:3f:e4:1d:94:9f:eb:
         42:05:c5:b8:7a:28:24:8e:81:62:6c:a4:86:68:c9:01:19:28:
         14:9d:cb:8f:df:a3:fe:f0:b8:f8:68:d2:45:58:7f:15:79:9b:
         69:58:49:33:1b:2c:19:52:1c:7c:6f:4d:2b:e9:ba:3f:c6:7f:
         52:33:b9:a1:69:6b:bf:8f:96:68:12:07:f1:db:27:f2:d3:9d:
         8f:10:27:ea:5d:6a:0a:f7:61:a4:fa:b0:ae:85:a6:08:93:9d:
         0c:4d:66:a3:4b:fc:d9:67:6f:5f:9c:a5:67:ee:8c:50:d1:d7:
         af:09:57:d2:db:76:e1:68:ad:de:71:98:e8:1c:9e:aa:5c:54:
         7f:8f:42:0e:88:ce:35:2f:c7:26:3d:36:b0:8c:35:b7:84:92:
         e7:35:f9:22:81:a1:bd:14:56:94:53:37:61:fa:24:d1:ed:3b:
         ee:8c:6f:8d:b9:d3:5e:8f:e3:f3:bf:1d:1c:e2:db:a4:6d:77:
         dc:6b:3b:50:8f:f6:ff:c2:ba:dd:69:89:24:c1:b1:c4:44:1a:
         0b:15:ec:0a:49:33:7a:a6:d6:f9:f3:5b:a5:66:3b:09:0e:e1:
         95:ea:71:1a:9e:a3:4f:53:f7:db:46:ca:e0:47:26:93:80:50:
         ad:42:5d:30
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYR6Zwt8BeKF0H+qOrhxWpvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjIxMTE1MDgyODA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTA2MjZmN2RkYzlhZGVjOWEwMWIyODhkZmU3YTA4ZDVhYmQ0YjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhy9p8igwMYYEndWd2doSfkz4lvfG
hEfJJjfeMPIVSbF0U/PGv57RV6zVb6jnrpPjja4ejIxx3wZ/mz2byfupbVwJSCXU
+cjRLiiDfYqX8E6jMUdWOdN9+syhlF8zWkLCAXNUO5f1px2VU0ceHVLE7oyYFiaW
RUDMszoOWAD9joiStVgsNUvmtwwrPssTpIfpwx39CaHxmsY1DoqktQzzEk81vce+
H28kJz5dKIc/7eOjJSYF7PlfNGK8pI4vWEL1rXevU0i27pAOWHlb1mSFcntG6eby
am1XXFKwH6JAzD7QpmctfHE9IUxlSsdbuAHPI9BgyhMzUnZcXVIHTCz+swIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFB4GJvfdya3smgGyiN/noI1avUs8MB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvSGdZbTk5M0pyZXlhQWJLSTMtZWdqVnE5U3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDH8GoAwQB
PsUoAwQBPsUsAwQBPsUyAwQDU44YAwQGVQ3AAwQFWbtAAwQDbUaIAwQDkf/gAwQC
uWVQAwQAwRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQCQyG8I
fXL3sTCggBc/5B2Un+tCBcW4eigkjoFibKSGaMkBGSgUncuP36P+8Lj4aNJFWH8V
eZtpWEkzGywZUhx8b00r6bo/xn9SM7mhaWu/j5ZoEgfx2yfy052PECfqXWoK92Gk
+rCuhaYIk50MTWajS/zZZ29fnKVn7oxQ0devCVfS23bhaK3ecZjoHJ6qXFR/j0IO
iM41L8cmPTawjDW3hJLnNfkigaG9FFaUUzdh+iTR7TvujG+NudNej+Pzvx0c4tuk
bXfcaztQj/b/wrrdaYkkwbHERBoLFewKSTN6ptb581ulZjsJDuGV6nEanqNPU/fb
RsrgRyaTgFCtQl0w
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:15 2024 by rpki-client on console-ams.rpki-client.org