Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/UYmGEotUGGPsFuzhnM5k9pgjO70.roa
File:                     UYmGEotUGGPsFuzhnM5k9pgjO70.roa (raw, json)
Hash identifier:          p5r+OVZCA9mYcdHpJpLVA2f5/FrQ7QBGsV+KAiMBwAo=
Subject key identifier:   51:89:86:12:8B:54:18:63:EC:16:EC:E1:9C:CE:64:F6:98:23:3B:BD
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       0185ED8D36A6839CF797857F256B342CC388
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/UYmGEotUGGPsFuzhnM5k9pgjO70.roa
Signing time:             Thu 26 Jan 2023 10:08:52 +0000
ROA not before:           Thu 26 Jan 2023 10:08:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.21.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          212.60.23.0/24 maxlen: 24
                          141.98.233.0/24 maxlen: 24
                          141.98.234.0/24 maxlen: 24
                          46.16.12.0/24 maxlen: 24
                          46.16.15.0/24 maxlen: 24
                          46.16.14.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24
                          85.92.109.0/24 maxlen: 24
                          89.191.232.0/24 maxlen: 24
                          91.107.116.0/24 maxlen: 24
                          45.80.130.0/23 maxlen: 23
                          45.80.129.0/24 maxlen: 24
                          37.220.80.0/22 maxlen: 22
                          194.31.174.0/24 maxlen: 24
                          194.31.173.0/24 maxlen: 24
                          194.5.93.0/24 maxlen: 24
                          5.44.46.0/24 maxlen: 24
                          5.44.47.0/24 maxlen: 24
                          185.166.196.0/23 maxlen: 24
                          45.129.187.0/24 maxlen: 24
                          194.28.192.0/24 maxlen: 24
                          94.198.216.0/22 maxlen: 24
                          94.198.220.0/23 maxlen: 24
                          81.200.144.0/21 maxlen: 24
                          81.200.152.0/22 maxlen: 24
                          81.200.156.0/23 maxlen: 24
                          46.19.64.0/22 maxlen: 24
                          45.66.117.0/24 maxlen: 24
                          45.66.119.0/24 maxlen: 24
                          109.236.56.0/23 maxlen: 23
                          109.236.58.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ed:8d:36:a6:83:9c:f7:97:85:7f:25:6b:34:2c:c3:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan 26 10:08:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=518986128b541863ec16ece19cce64f698233bbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4b:70:bc:61:b6:fa:20:30:34:41:c0:14:ed:
                    0d:ca:4f:61:80:b2:59:0b:60:5b:e7:78:68:6d:93:
                    4c:db:c6:59:8d:91:d2:16:71:db:1e:25:80:14:72:
                    d7:64:bd:2b:d1:a1:a6:35:6e:53:a4:32:aa:b9:59:
                    9e:8a:c4:c3:09:bd:b9:da:f8:d8:73:24:a9:a3:8f:
                    3d:ad:a1:5d:db:c3:88:ae:7d:3f:28:2f:9d:2f:8c:
                    39:83:c7:0c:79:ae:68:b2:28:15:17:15:47:27:89:
                    5d:4d:3f:9a:55:20:d4:ed:b5:73:74:07:a4:7b:4f:
                    4c:8a:36:d5:3f:1c:56:82:5b:b2:f2:e9:e9:ad:d5:
                    e2:16:8a:33:91:1e:fb:ec:00:3c:13:c5:14:da:fa:
                    5b:93:0f:58:59:68:a4:a4:f4:af:e5:33:fe:f5:ea:
                    f8:b5:f9:fa:4e:14:c1:7d:f7:35:b5:93:0d:14:59:
                    08:f8:4b:97:58:3f:2a:2d:ed:d8:35:57:f3:35:b6:
                    9f:fe:5c:0f:7e:1b:b8:20:eb:f6:3c:63:2c:67:e5:
                    21:74:12:2b:0a:87:48:8a:64:89:20:c8:ec:03:c1:
                    b5:a7:e4:58:f3:c6:14:f4:be:10:e7:5d:41:8b:65:
                    de:d9:00:89:3e:e2:7b:6e:d5:e6:0e:d4:5b:53:d6:
                    db:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:89:86:12:8B:54:18:63:EC:16:EC:E1:9C:CE:64:F6:98:23:3B:BD
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/UYmGEotUGGPsFuzhnM5k9pgjO70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.46.0/23
                  31.129.0.0-31.129.21.255
                  31.129.23.0-31.129.29.255
                  31.129.31.0/24
                  37.220.80.0/22
                  45.66.117.0/24
                  45.66.119.0/24
                  45.80.129.0-45.80.131.255
                  45.129.187.0/24
                  46.16.12.0/24
                  46.16.14.0/23
                  46.19.64.0/22
                  81.200.144.0-81.200.157.255
                  85.92.109.0/24
                  89.191.232.0/24
                  91.107.116.0/24
                  94.198.216.0-94.198.221.255
                  109.236.56.0-109.236.58.255
                  141.98.233.0-141.98.234.255
                  185.166.196.0/23
                  194.5.93.0/24
                  194.28.192.0/24
                  194.31.173.0-194.31.174.255
                  212.60.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:74:75:75:57:f6:9f:02:49:4d:d8:6e:0c:2a:73:3e:43:b1:
         a0:29:5c:5a:37:d3:fe:e4:d1:b0:2f:4b:8c:16:55:e2:60:7b:
         67:a8:98:97:2b:f9:a6:2d:32:89:8c:70:d5:df:c7:58:6f:6e:
         cd:32:d3:9d:70:c3:ab:4a:6e:9a:ab:96:2d:e3:2c:b2:84:3f:
         20:b2:d9:95:dc:49:7b:78:4d:dc:53:2b:16:71:f6:d5:eb:5a:
         33:99:2c:d2:d9:de:63:c0:24:19:4f:31:5c:3f:c1:13:26:c1:
         2e:21:90:14:68:cf:5e:c9:92:9b:db:c6:fc:1b:41:68:4e:5e:
         bd:fe:c3:62:7b:dc:f1:65:53:6f:3c:e6:e5:b4:a6:48:44:38:
         9b:30:d5:6a:7a:24:2c:ea:2c:95:b2:a8:ce:c6:8c:9e:57:46:
         3b:93:ed:48:f4:d6:b9:6b:96:77:69:8a:a6:08:bd:d0:41:85:
         96:73:97:6c:2c:3f:fe:d6:66:a9:3e:ae:e3:e7:9c:fd:0b:59:
         a4:7c:c7:e6:1b:87:68:e4:d6:6f:f1:23:19:8f:d6:16:d8:61:
         d6:1e:e5:72:2f:3a:13:65:8c:a8:31:65:e5:b3:17:dd:1c:6a:
         cb:c2:02:67:40:b2:e2:2f:05:d5:9b:5b:e7:79:a2:7e:c9:c7:
         a4:47:58:5c
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgISAYXtjTamg5z3l4V/JWs0LMOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTI2MTAwODUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTg5ODYxMjhiNTQxODYzZWMxNmVjZTE5Y2NlNjRmNjk4MjMzYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEtwvGG2+iAwNEHAFO0Nyk9hgLJZ
C2Bb53hobZNM28ZZjZHSFnHbHiWAFHLXZL0r0aGmNW5TpDKquVmeisTDCb252vjY
cySpo489raFd28OIrn0/KC+dL4w5g8cMea5osigVFxVHJ4ldTT+aVSDU7bVzdAek
e09MijbVPxxWgluy8unprdXiFoozkR777AA8E8UU2vpbkw9YWWikpPSv5TP+9er4
tfn6ThTBffc1tZMNFFkI+EuXWD8qLe3YNVfzNbaf/lwPfhu4IOv2PGMsZ+UhdBIr
CodIimSJIMjsA8G1p+RY88YU9L4Q511Bi2Xe2QCJPuJ7btXmDtRbU9bbCQIDAQAB
o4IC1zCCAtMwHQYDVR0OBBYEFFGJhhKLVBhj7Bbs4ZzOZPaYIzu9MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvVVltR0VvdFVHR1BzRnV6aG5NNWs5cGdqTzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHsBggrBgEFBQcBBwEB/wSB3DCB2TCB1gQCAAEwgc8DBAEF
LC4wCwMDAB+BAwQBH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FADBAAtQnUD
BAAtQncwDAMEAC1QgQMEAi1QgAMEAC2BuwMEAC4QDAMEAS4QDgMEAi4TQDAMAwQE
UciQAwQBUcicAwQAVVxtAwQAWb/oAwQAW2t0MAwDBANextgDBAFextwwDAMEA23s
OAMEAG3sOjAMAwQAjWLpAwQAjWLqAwQBuabEAwQAwgVdAwQAwhzAMAwDBADCH60D
BADCH64DBADUPBcwDQYJKoZIhvcNAQELBQADggEBACp0dXVX9p8CSU3Ybgwqcz5D
saApXFo30/7k0bAvS4wWVeJge2eomJcr+aYtMomMcNXfx1hvbs0y051ww6tKbpqr
li3jLLKEPyCy2ZXcSXt4TdxTKxZx9tXrWjOZLNLZ3mPAJBlPMVw/wRMmwS4hkBRo
z17JkpvbxvwbQWhOXr3+w2J73PFlU2885uW0pkhEOJsw1Wp6JCzqLJWyqM7GjJ5X
RjuT7Uj01rlrlndpiqYIvdBBhZZzl2wsP/7WZqk+ruPnnP0LWaR8x+Ybh2jk1m/x
IxmP1hbYYdYe5XIvOhNljKgxZeWzF90casvCAmdAsuIvBdWbW+d5on7Jx6RHWFw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org