Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/Cy-8WRK7YZO2QsNFsrvphPiRlt4.roa
File:                     Cy-8WRK7YZO2QsNFsrvphPiRlt4.roa (raw, json)
Hash identifier:          vIGy0z8pJSFLUXODlugdQso1wyanFzfyvZMynlpzPng=
Subject key identifier:   0B:2F:BC:59:12:BB:61:93:B6:42:C3:45:B2:BB:E9:84:F8:91:96:DE
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       018F38C74DD73345D33D9EEF1B55280DF864
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/Cy-8WRK7YZO2QsNFsrvphPiRlt4.roa
Signing time:             Thu 02 May 2024 10:08:56 +0000
ROA not before:           Thu 02 May 2024 10:08:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204175
IP address blocks:        185.177.42.0/24 maxlen: 24
                          185.177.43.0/24 maxlen: 24
                          185.220.166.0/23 maxlen: 23
                          185.220.166.0/24 maxlen: 24
                          185.220.167.0/24 maxlen: 24
                          185.232.132.0/24 maxlen: 24
                          185.232.133.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:c7:4d:d7:33:45:d3:3d:9e:ef:1b:55:28:0d:f8:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: May  2 10:08:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b2fbc5912bb6193b642c345b2bbe984f89196de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:59:0e:5d:08:e9:4e:29:b3:d4:1f:17:c8:61:
                    4a:db:73:33:6b:65:a5:4e:65:36:10:1b:08:69:4f:
                    17:8f:a6:5b:28:fd:fa:f5:16:ed:2b:65:8c:4f:df:
                    07:6d:7f:e7:24:11:26:88:46:62:17:06:c3:9d:ef:
                    22:1c:02:8c:43:1f:84:50:d4:6c:6f:72:c8:72:8a:
                    e9:ec:83:c3:83:bc:48:cf:e9:37:bc:7e:6f:21:eb:
                    a4:1a:9a:b4:85:e0:d9:4f:17:22:af:a3:ef:32:4e:
                    10:eb:28:ae:7e:69:6c:58:d5:8d:a9:4b:e5:04:0d:
                    36:8e:88:61:6e:88:77:af:4a:d7:0c:e8:0b:f4:3e:
                    cd:a8:c3:db:3b:bf:ba:f9:c2:03:75:51:93:32:a2:
                    2f:19:9d:0c:09:18:21:09:da:9f:92:d2:4e:b8:91:
                    01:f2:3e:08:8a:e6:71:98:03:5a:98:a3:7a:4f:44:
                    9d:bf:34:e6:88:87:fe:52:22:6e:a9:28:b4:95:b9:
                    20:3a:79:9c:e8:95:55:eb:da:21:3a:ff:04:62:27:
                    c3:81:6a:48:05:9d:c8:14:64:0e:5a:9a:24:af:b6:
                    6e:f6:b2:4e:a4:25:9c:8e:b8:7b:c4:ee:30:4e:fc:
                    f4:3f:25:b8:b7:7e:df:1b:8e:53:1c:43:62:06:77:
                    ef:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2F:BC:59:12:BB:61:93:B6:42:C3:45:B2:BB:E9:84:F8:91:96:DE
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/Cy-8WRK7YZO2QsNFsrvphPiRlt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.42.0/23
                  185.220.166.0/23
                  185.232.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:9e:e3:36:70:2a:0e:a3:a7:e4:76:c2:9b:de:3d:41:45:0b:
         d1:ba:cc:6e:1d:43:6f:a9:b7:78:7f:75:13:b1:47:01:0a:00:
         ef:0e:fa:07:ca:5a:8b:c3:40:dd:6e:cb:21:76:a8:47:43:16:
         bc:79:45:7b:d9:8c:17:a4:c8:24:19:27:98:1f:c1:53:e7:bc:
         18:fd:f9:8a:28:bc:7a:25:59:28:23:eb:3e:b2:40:01:3b:c9:
         a0:0d:4b:af:a8:aa:48:1c:c2:70:bf:17:50:82:39:ab:ea:d3:
         bf:9d:68:06:95:75:bd:65:bb:28:29:ad:bc:ad:93:03:2e:e6:
         ff:9f:7c:e6:fe:ea:d0:5f:95:f8:cd:2c:c1:35:0b:d1:f2:a5:
         cb:c7:4a:e2:91:ba:c3:13:4b:02:ec:a1:45:1e:f8:13:6f:0a:
         92:2f:9c:f1:a8:c3:7e:db:da:68:e5:39:c5:d5:71:55:8a:b1:
         b8:4a:3a:58:fb:2e:2b:27:1b:ca:9e:1b:aa:8d:9f:5f:69:8e:
         88:26:75:6a:35:90:13:76:40:f5:c7:c3:60:06:05:2c:bf:ad:
         e2:34:af:75:44:f5:fe:cf:9e:bb:6f:b7:63:bf:c9:bf:0b:d3:
         5c:f0:0a:32:19:52:87:4e:ab:64:5f:3c:74:fc:87:ea:1f:19:
         b6:8f:4a:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY84x03XM0XTPZ7vG1UoDfhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjQwNTAyMTAwODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjJmYmM1OTEyYmI2MTkzYjY0MmMzNDViMmJiZTk4NGY4OTE5NmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FkOXQjpTimz1B8XyGFK23Mza2Wl
TmU2EBsIaU8Xj6ZbKP369RbtK2WMT98HbX/nJBEmiEZiFwbDne8iHAKMQx+EUNRs
b3LIcorp7IPDg7xIz+k3vH5vIeukGpq0heDZTxcir6PvMk4Q6yiufmlsWNWNqUvl
BA02johhboh3r0rXDOgL9D7NqMPbO7+6+cIDdVGTMqIvGZ0MCRghCdqfktJOuJEB
8j4IiuZxmANamKN6T0SdvzTmiIf+UiJuqSi0lbkgOnmc6JVV69ohOv8EYifDgWpI
BZ3IFGQOWpokr7Zu9rJOpCWcjrh7xO4wTvz0PyW4t37fG45THENiBnfvlwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAsvvFkSu2GTtkLDRbK76YT4kZbeMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvQ3ktOFdSSzdZWk8yUXNORnNydnBoUGlSbHQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBubEqAwQB
udymAwQBueiEMA0GCSqGSIb3DQEBCwUAA4IBAQCOnuM2cCoOo6fkdsKb3j1BRQvR
usxuHUNvqbd4f3UTsUcBCgDvDvoHylqLw0DdbsshdqhHQxa8eUV72YwXpMgkGSeY
H8FT57wY/fmKKLx6JVkoI+s+skABO8mgDUuvqKpIHMJwvxdQgjmr6tO/nWgGlXW9
ZbsoKa28rZMDLub/n3zm/urQX5X4zSzBNQvR8qXLx0rikbrDE0sC7KFFHvgTbwqS
L5zxqMN+29po5TnF1XFVirG4SjpY+y4rJxvKnhuqjZ9faY6IJnVqNZATdkD1x8Ng
BgUsv63iNK91RPX+z567b7djv8m/C9Nc8AoyGVKHTqtkXzx0/IfqHxm2j0oi
-----END CERTIFICATE-----
Generated at Tue Jul 16 12:52:53 2024 by rpki-client on console-ams.rpki-client.org