Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/92PS5YZyVMxsema4Anc1dtREIfo.roa
File:                     92PS5YZyVMxsema4Anc1dtREIfo.roa (raw, json)
Hash identifier:          xT5DsABVoQd7gRQrxiQ8fq7ZdFLfjgdpsXnqoVA/Uoc=
Subject key identifier:   F7:63:D2:E5:86:72:54:CC:6C:7A:66:B8:02:77:35:76:D4:44:21:FA
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018AFF8692A5AAD5C3CD6EB735FEABCA7C29
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/92PS5YZyVMxsema4Anc1dtREIfo.roa
Signing time:             Thu 05 Oct 2023 11:08:44 +0000
ROA not before:           Thu 05 Oct 2023 11:08:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202423
IP address blocks:        212.60.22.0/24 maxlen: 24
                          5.44.43.0/24 maxlen: 24
                          5.44.45.0/24 maxlen: 24
                          45.129.186.0/24 maxlen: 24
                          185.247.185.0/24 maxlen: 24
                          89.191.225.0/24 maxlen: 24
                          89.191.227.0/24 maxlen: 24
                          89.191.230.0/24 maxlen: 24
                          89.191.231.0/24 maxlen: 24
                          89.191.233.0/24 maxlen: 24
                          89.191.235.0/24 maxlen: 24
                          194.116.162.0/24 maxlen: 24
                          194.116.163.0/24 maxlen: 24
                          45.89.188.0/24 maxlen: 24
                          45.89.189.0/24 maxlen: 24
                          45.89.191.0/24 maxlen: 24
                          91.107.119.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ff:86:92:a5:aa:d5:c3:cd:6e:b7:35:fe:ab:ca:7c:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Oct  5 11:08:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f763d2e5867254cc6c7a66b802773576d44421fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:17:7e:b5:ec:07:8f:ac:09:d6:55:05:4e:6a:
                    8d:b6:67:4d:18:ec:83:4e:fe:b8:52:b0:dd:49:93:
                    6b:cf:40:b3:1e:8f:66:4b:d7:18:5a:69:3a:1c:c6:
                    f8:c6:61:7a:49:96:af:89:a8:95:43:14:32:89:0d:
                    c9:ca:3d:54:98:4b:81:00:d1:d7:8c:a2:54:ec:47:
                    39:5e:40:d5:0b:75:3a:95:a8:84:7e:35:cb:39:64:
                    09:4b:dc:4c:34:3c:1f:4d:d0:07:ac:1e:c3:e1:0c:
                    d1:79:b0:83:10:36:2a:26:53:c9:50:3d:ea:a6:1e:
                    54:29:1f:29:cf:52:f1:fa:12:15:ce:5d:65:f0:d7:
                    a9:6c:8d:cd:c5:27:57:3f:15:96:6c:c4:59:b4:d5:
                    2b:71:97:76:1f:5a:12:4d:99:a0:c5:c6:5c:a2:85:
                    ed:fb:95:b5:cd:ae:56:1b:06:55:1c:bc:56:13:de:
                    e7:6a:8d:f7:ec:d3:27:87:98:d4:a1:aa:96:61:03:
                    d3:47:ed:42:96:99:24:3d:af:f1:94:ac:b8:1c:eb:
                    71:29:b8:46:2f:b8:92:70:ee:90:1e:4f:1e:9b:41:
                    37:a0:01:a4:be:c2:b2:7e:7d:9f:ef:c7:00:77:d8:
                    67:08:59:d2:27:a5:d7:22:f3:48:66:b9:ca:20:c8:
                    cc:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:63:D2:E5:86:72:54:CC:6C:7A:66:B8:02:77:35:76:D4:44:21:FA
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/92PS5YZyVMxsema4Anc1dtREIfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.43.0/24
                  5.44.45.0/24
                  45.89.188.0/23
                  45.89.191.0/24
                  45.129.186.0/24
                  89.191.225.0/24
                  89.191.227.0/24
                  89.191.230.0/23
                  89.191.233.0/24
                  89.191.235.0/24
                  91.107.119.0/24
                  185.247.185.0/24
                  194.116.162.0/23
                  212.60.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:89:ac:a7:68:1e:c9:e4:2a:2d:e3:28:d7:f6:de:d1:94:a3:
         c7:91:6b:22:58:73:fc:4d:6d:da:d3:f9:37:d6:17:56:96:22:
         77:e0:ee:c9:0b:fb:b3:ba:fa:cd:a4:19:63:81:e7:ec:17:1e:
         88:92:29:83:7f:a2:96:d3:8c:1b:dc:d7:96:10:60:ce:cb:84:
         59:4a:0f:bb:c4:cf:0e:cf:ce:16:e2:0d:fd:fa:ea:c3:64:d3:
         f0:bf:12:1b:0c:4f:24:49:ba:87:19:20:f0:69:0d:a9:48:ed:
         c6:6e:06:c7:ad:c0:69:e6:c8:89:f4:70:a2:a2:65:4f:d5:91:
         a2:94:18:85:b4:79:7b:3b:8b:05:7f:65:04:76:bf:27:a7:cd:
         89:9b:92:fe:2e:ae:28:c1:c5:36:c5:3a:ab:c0:29:6f:bf:6e:
         67:7e:78:27:60:87:aa:1b:37:1f:70:6e:a9:b8:10:7c:20:34:
         45:16:63:7f:82:03:06:83:bb:49:63:d7:38:91:4d:09:2a:21:
         7c:61:30:71:ae:df:68:53:45:37:1c:e7:51:dc:0a:20:e8:13:
         16:e5:da:95:39:66:3a:dd:69:97:cd:0b:67:18:be:8e:b7:9b:
         f5:96:43:20:04:f6:3f:cd:79:35:4f:87:06:40:1e:54:15:3c:
         c3:4d:9c:8f
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYr/hpKlqtXDzW63Nf6rynwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMxMDA1MTEwODQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzYzZDJlNTg2NzI1NGNjNmM3YTY2YjgwMjc3MzU3NmQ0NDQyMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxd+tewHj6wJ1lUFTmqNtmdNGOyD
Tv64UrDdSZNrz0CzHo9mS9cYWmk6HMb4xmF6SZaviaiVQxQyiQ3Jyj1UmEuBANHX
jKJU7Ec5XkDVC3U6laiEfjXLOWQJS9xMNDwfTdAHrB7D4QzRebCDEDYqJlPJUD3q
ph5UKR8pz1Lx+hIVzl1l8NepbI3NxSdXPxWWbMRZtNUrcZd2H1oSTZmgxcZcooXt
+5W1za5WGwZVHLxWE97nao337NMnh5jUoaqWYQPTR+1ClpkkPa/xlKy4HOtxKbhG
L7iScO6QHk8em0E3oAGkvsKyfn2f78cAd9hnCFnSJ6XXIvNIZrnKIMjMsQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFPdj0uWGclTMbHpmuAJ3NXbURCH6MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvOTJQUzVZWnlWTXhzZW1hNEFuYzFkdFJFSWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQABSwrAwQA
BSwtAwQBLVm8AwQALVm/AwQALYG6AwQAWb/hAwQAWb/jAwQBWb/mAwQAWb/pAwQA
Wb/rAwQAW2t3AwQAufe5AwQBwnSiAwQA1DwWMA0GCSqGSIb3DQEBCwUAA4IBAQAr
iaynaB7J5Cot4yjX9t7RlKPHkWsiWHP8TW3a0/k31hdWliJ34O7JC/uzuvrNpBlj
gefsFx6IkimDf6KW04wb3NeWEGDOy4RZSg+7xM8Oz84W4g39+urDZNPwvxIbDE8k
SbqHGSDwaQ2pSO3GbgbHrcBp5siJ9HCiomVP1ZGilBiFtHl7O4sFf2UEdr8np82J
m5L+Lq4owcU2xTqrwClvv25nfngnYIeqGzcfcG6puBB8IDRFFmN/ggMGg7tJY9c4
kU0JKiF8YTBxrt9oU0U3HOdR3Aog6BMW5dqVOWY63WmXzQtnGL6Ot5v1lkMgBPY/
zXk1T4cGQB5UFTzDTZyP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org