Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/HOcBTjBNekePKtmeWh805z1-4dE.roa
File:                     HOcBTjBNekePKtmeWh805z1-4dE.roa (raw, json)
Hash identifier:          jWR9JhD+6/RFbQamU/pWmobzVK9lUBCm28bT5TdcJlo=
Subject key identifier:   1C:E7:01:4E:30:4D:7A:47:8F:2A:D9:9E:5A:1F:34:E7:3D:7E:E1:D1
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       0189E319132668CC3E7102CE62EED38B71EB
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/HOcBTjBNekePKtmeWh805z1-4dE.roa
Signing time:             Fri 11 Aug 2023 05:36:58 +0000
ROA not before:           Fri 11 Aug 2023 05:36:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207713
IP address blocks:        31.129.22.0/24 maxlen: 24
                          212.60.23.0/24 maxlen: 24
                          5.44.44.0/24 maxlen: 24
                          5.44.42.0/24 maxlen: 24
                          141.98.233.0/24 maxlen: 24
                          141.98.234.0/24 maxlen: 24
                          45.129.184.0/24 maxlen: 24
                          185.166.199.0/24 maxlen: 24
                          45.129.187.0/24 maxlen: 24
                          194.28.192.0/24 maxlen: 24
                          185.247.184.0/24 maxlen: 24
                          195.80.49.0/24 maxlen: 24
                          195.80.48.0/24 maxlen: 24
                          45.95.232.0/24 maxlen: 24
                          45.95.233.0/24 maxlen: 24
                          91.107.116.0/24 maxlen: 24
                          92.118.112.0/24 maxlen: 24
                          37.220.86.0/24 maxlen: 24
                          37.220.87.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e3:19:13:26:68:cc:3e:71:02:ce:62:ee:d3:8b:71:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Aug 11 05:36:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ce7014e304d7a478f2ad99e5a1f34e73d7ee1d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c2:ac:af:ad:0c:f5:96:bf:0b:e0:e8:9b:62:
                    68:1e:5a:d0:23:e0:79:48:2e:4e:83:51:07:ac:4f:
                    4f:40:2f:cc:c0:e1:79:cc:10:7e:1a:53:22:76:b7:
                    65:ba:ef:af:2a:a9:3e:7e:6a:78:27:75:33:a2:e2:
                    b9:52:dc:f7:6d:78:01:a4:13:bb:7c:0f:b9:85:cb:
                    98:e7:00:7a:ba:ed:8b:a7:d9:dd:86:8b:bd:78:dd:
                    4d:2f:01:50:e5:2d:ca:7c:81:ff:12:ca:19:07:12:
                    88:2d:3a:b8:b9:a6:0c:c3:59:61:9b:26:49:18:cd:
                    96:ef:99:7b:8f:75:8f:2d:5c:21:fd:cc:f6:d4:40:
                    de:25:9e:04:f9:87:6a:a2:7f:15:fe:66:ee:cc:69:
                    e5:e8:8e:ac:a8:ac:9e:87:4d:19:a6:7e:ae:bf:eb:
                    08:76:98:36:2c:fb:1e:83:41:1b:3c:e2:d8:f2:f4:
                    83:1e:ad:cb:21:77:9d:8f:92:12:47:1d:62:a9:06:
                    66:8f:f0:bf:f2:b3:60:8b:32:97:90:36:b2:ee:6f:
                    62:54:86:7c:8e:74:cd:9c:f9:e6:cd:f2:53:96:57:
                    a3:74:29:27:33:2a:68:84:df:a1:b6:0c:3e:17:6e:
                    95:ae:12:0b:4c:a8:1b:10:38:be:9e:dc:71:97:b6:
                    04:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:E7:01:4E:30:4D:7A:47:8F:2A:D9:9E:5A:1F:34:E7:3D:7E:E1:D1
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/HOcBTjBNekePKtmeWh805z1-4dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.42.0/24
                  5.44.44.0/24
                  31.129.22.0/24
                  37.220.86.0/23
                  45.95.232.0/23
                  45.129.184.0/24
                  45.129.187.0/24
                  91.107.116.0/24
                  92.118.112.0/24
                  141.98.233.0-141.98.234.255
                  185.166.199.0/24
                  185.247.184.0/24
                  194.28.192.0/24
                  195.80.48.0/23
                  212.60.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:99:44:5a:00:24:4a:53:83:8b:2a:80:56:54:29:b4:79:b3:
         1c:20:85:68:41:9c:eb:f7:9c:d7:be:4e:0b:f3:ac:97:db:69:
         23:09:36:c2:7b:ca:2d:8a:15:a5:53:89:29:54:43:7a:2b:eb:
         d9:1f:7e:69:95:0b:d4:6e:9b:66:28:e8:77:04:ea:b1:69:0a:
         4a:80:98:f9:d5:94:9b:a2:26:87:9a:db:08:02:8c:a7:11:f7:
         a6:40:be:c7:03:a4:d6:df:df:43:31:61:ac:ec:48:57:cd:15:
         3c:7b:21:bf:2f:ef:ef:9d:a6:da:0f:e8:89:d4:23:70:25:13:
         4a:5b:46:c2:66:bc:fb:2c:32:a4:c8:ab:22:68:6f:81:e9:ca:
         fa:99:07:cd:da:de:27:15:18:af:59:f2:f1:8c:0c:39:64:9f:
         df:8d:a3:80:4f:4e:d7:4d:73:33:64:b5:e3:ed:16:cc:bc:36:
         83:ff:cc:b8:5a:1f:76:e0:22:01:d6:63:09:d7:ba:75:6f:0f:
         54:37:d5:19:21:a7:bc:3b:1e:25:b1:1f:25:3f:60:5a:00:4d:
         20:b9:20:73:ee:c1:27:a8:02:48:2a:51:3b:7a:00:15:50:2f:
         d2:b7:7e:18:df:c5:d3:9a:99:d4:43:ea:8b:bc:2a:29:fc:51:
         ee:f0:a0:4d
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYnjGRMmaMw+cQLOYu7Ti3HrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwODExMDUzNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2U3MDE0ZTMwNGQ3YTQ3OGYyYWQ5OWU1YTFmMzRlNzNkN2VlMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcKsr60M9Za/C+Dom2JoHlrQI+B5
SC5Og1EHrE9PQC/MwOF5zBB+GlMidrdluu+vKqk+fmp4J3UzouK5Utz3bXgBpBO7
fA+5hcuY5wB6uu2Lp9ndhou9eN1NLwFQ5S3KfIH/EsoZBxKILTq4uaYMw1lhmyZJ
GM2W75l7j3WPLVwh/cz21EDeJZ4E+Ydqon8V/mbuzGnl6I6sqKyeh00Zpn6uv+sI
dpg2LPseg0EbPOLY8vSDHq3LIXedj5ISRx1iqQZmj/C/8rNgizKXkDay7m9iVIZ8
jnTNnPnmzfJTllejdCknMypohN+htgw+F26VrhILTKgbEDi+ntxxl7YENQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFBznAU4wTXpHjyrZnlofNOc9fuHRMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvSE9jQlRqQk5la2VQS3RtZVdoODA1ejEtNGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQABSwqAwQA
BSwsAwQAH4EWAwQBJdxWAwQBLV/oAwQALYG4AwQALYG7AwQAW2t0AwQAXHZwMAwD
BACNYukDBACNYuoDBAC5pscDBAC597gDBADCHMADBAHDUDADBADUPBcwDQYJKoZI
hvcNAQELBQADggEBAFGZRFoAJEpTg4sqgFZUKbR5sxwghWhBnOv3nNe+TgvzrJfb
aSMJNsJ7yi2KFaVTiSlUQ3or69kffmmVC9Rum2Yo6HcE6rFpCkqAmPnVlJuiJoea
2wgCjKcR96ZAvscDpNbf30MxYazsSFfNFTx7Ib8v7++dptoP6InUI3AlE0pbRsJm
vPssMqTIqyJob4HpyvqZB83a3icVGK9Z8vGMDDlkn9+No4BPTtdNczNktePtFsy8
NoP/zLhaH3bgIgHWYwnXunVvD1Q31Rkhp7w7HiWxHyU/YFoATSC5IHPuwSeoAkgq
UTt6ABVQL9K3fhjfxdOamdRD6ou8Kin8Ue7woE0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org