Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sSqx7i-zS50s61RAeo1OOZEdC-0.roa
File:                     sSqx7i-zS50s61RAeo1OOZEdC-0.roa (raw, json)
Hash identifier:          gXL4hrAkQjIcLzlqop+WxfzvlI2oJJu2c1IcNj+9kmw=
Subject key identifier:   B1:2A:B1:EE:2F:B3:4B:9D:2C:EB:54:40:7A:8D:4E:39:91:1D:0B:ED
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       0187C873BF04C731A992D32C9405E185D571
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sSqx7i-zS50s61RAeo1OOZEdC-0.roa
Signing time:             Fri 28 Apr 2023 15:20:41 +0000
ROA not before:           Fri 28 Apr 2023 15:20:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          141.98.233.0/24 maxlen: 24
                          141.98.234.0/24 maxlen: 24
                          46.16.12.0/24 maxlen: 24
                          46.16.15.0/24 maxlen: 24
                          46.16.14.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24
                          45.80.129.0/24 maxlen: 24
                          45.80.130.0/23 maxlen: 23
                          37.220.80.0/22 maxlen: 22
                          185.166.196.0/23 maxlen: 24
                          94.198.216.0/22 maxlen: 24
                          94.198.220.0/23 maxlen: 24
                          81.200.144.0/21 maxlen: 24
                          81.200.152.0/22 maxlen: 24
                          81.200.156.0/23 maxlen: 24
                          46.19.64.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c8:73:bf:04:c7:31:a9:92:d3:2c:94:05:e1:85:d5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Apr 28 15:20:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b12ab1ee2fb34b9d2ceb54407a8d4e39911d0bed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d1:8b:6c:a3:76:46:ed:27:a0:26:96:c1:7f:
                    72:35:21:53:ea:8a:d1:06:09:cb:9b:41:5b:42:71:
                    e1:94:6a:06:03:05:6e:00:ef:93:01:30:d9:b8:cd:
                    a4:70:7c:43:e4:2e:5a:12:fb:0d:26:20:cc:0d:48:
                    42:3d:00:7d:18:7f:74:38:33:f8:15:12:5b:cc:53:
                    6a:c1:66:c6:d5:7b:4b:89:95:93:1f:69:9d:eb:21:
                    8d:10:5e:b7:c9:86:ad:31:2f:6d:7f:89:6e:f3:4f:
                    77:65:93:9b:52:ce:c9:b4:c3:8d:0f:52:60:a6:8d:
                    b6:e2:30:23:cf:cb:6d:9b:39:67:0d:0c:1d:77:b4:
                    83:50:0d:bc:72:48:fd:71:40:57:88:7b:8a:f4:78:
                    0c:40:44:1f:a1:9b:59:d1:0d:a5:4a:17:6e:df:a7:
                    f0:c7:94:97:bc:13:01:b5:85:26:c8:d9:1e:b9:e8:
                    9b:69:37:cb:70:5b:a0:fb:14:da:01:24:c0:95:e1:
                    e2:b6:d6:3a:e8:8a:ef:e3:c8:72:df:a8:85:9a:f2:
                    41:db:ed:95:de:50:87:09:79:d2:64:ff:ef:e5:b3:
                    8a:63:eb:6b:c6:a1:4a:33:0c:20:d4:98:19:db:4b:
                    c5:4c:4a:bd:89:4a:80:75:21:94:41:d7:59:02:05:
                    c6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2A:B1:EE:2F:B3:4B:9D:2C:EB:54:40:7A:8D:4E:39:91:1D:0B:ED
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/sSqx7i-zS50s61RAeo1OOZEdC-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.20.255
                  31.129.23.0-31.129.29.255
                  31.129.31.0/24
                  37.220.80.0/22
                  45.80.129.0-45.80.131.255
                  46.16.12.0/24
                  46.16.14.0/23
                  46.19.64.0/22
                  81.200.144.0-81.200.157.255
                  94.198.216.0-94.198.221.255
                  141.98.233.0-141.98.234.255
                  185.166.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:14:fd:e5:df:4d:a0:d2:09:46:9c:82:31:ff:77:6d:fc:b5:
         1f:3c:00:40:7e:b8:9b:f7:4e:aa:ed:b8:2f:33:94:4f:46:2f:
         3a:de:1b:46:27:53:c2:8a:ff:54:da:1c:c1:f1:9d:16:f9:79:
         45:0e:2e:7c:61:c7:ac:45:0e:3e:41:b3:6a:b7:b1:78:28:f6:
         a6:22:4c:6a:2c:7d:2c:cf:ed:d2:d4:a8:d8:62:7c:5b:ae:30:
         49:40:56:91:ae:60:b0:6f:02:13:cc:7b:09:70:40:e3:ca:39:
         92:9d:5c:0c:77:55:d4:4e:6a:12:34:32:d0:f7:69:7e:48:1f:
         bb:da:e6:ea:dc:e4:08:36:4f:39:fb:47:19:c7:4f:62:29:d0:
         8e:80:7e:4e:5c:a6:bf:b4:0c:18:d4:42:79:12:e2:e6:f6:7b:
         85:40:aa:fd:1f:90:51:0f:f3:b4:40:70:5f:35:c1:dc:8c:59:
         45:7f:e7:86:17:4a:cf:77:df:54:8d:52:e3:c1:56:c2:df:93:
         8d:0f:01:4a:99:5a:26:df:53:1b:dd:77:ce:64:ac:ad:96:ab:
         ba:d6:46:56:64:e1:a3:49:e9:4b:4c:37:75:8b:ba:2d:41:23:
         ac:82:05:bf:7f:06:b0:cb:b3:5e:c0:02:81:c8:54:ba:66:77:
         33:8b:96:57
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAYfIc78ExzGpktMslAXhhdVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNDI4MTUyMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTJhYjFlZTJmYjM0YjlkMmNlYjU0NDA3YThkNGUzOTkxMWQwYmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNGLbKN2Ru0noCaWwX9yNSFT6orR
BgnLm0FbQnHhlGoGAwVuAO+TATDZuM2kcHxD5C5aEvsNJiDMDUhCPQB9GH90ODP4
FRJbzFNqwWbG1XtLiZWTH2md6yGNEF63yYatMS9tf4lu8093ZZObUs7JtMOND1Jg
po224jAjz8ttmzlnDQwdd7SDUA28ckj9cUBXiHuK9HgMQEQfoZtZ0Q2lShdu36fw
x5SXvBMBtYUmyNkeueibaTfLcFug+xTaASTAleHittY66Irv48hy36iFmvJB2+2V
3lCHCXnSZP/v5bOKY+trxqFKMwwg1JgZ20vFTEq9iUqAdSGUQddZAgXGnwIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFLEqse4vs0udLOtUQHqNTjmRHQvtMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvc1NxeDdpLXpTNTBzNjFSQWVvMU9PWkVkQy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MH0EAgABMHcwCwMDAB+B
AwQAH4EUMAwDBAAfgRcDBAEfgRwDBAAfgR8DBAIl3FAwDAMEAC1QgQMEAi1QgAME
AC4QDAMEAS4QDgMEAi4TQDAMAwQEUciQAwQBUcicMAwDBANextgDBAFextwwDAME
AI1i6QMEAI1i6gMEAbmmxDANBgkqhkiG9w0BAQsFAAOCAQEAeBT95d9NoNIJRpyC
Mf93bfy1HzwAQH64m/dOqu24LzOUT0YvOt4bRidTwor/VNocwfGdFvl5RQ4ufGHH
rEUOPkGzarexeCj2piJMaix9LM/t0tSo2GJ8W64wSUBWka5gsG8CE8x7CXBA48o5
kp1cDHdV1E5qEjQy0Pdpfkgfu9rm6tzkCDZPOftHGcdPYinQjoB+Tlymv7QMGNRC
eRLi5vZ7hUCq/R+QUQ/ztEBwXzXB3IxZRX/nhhdKz3ffVI1S48FWwt+TjQ8BSpla
Jt9TG913zmSsrZarutZGVmTho0npS0w3dYu6LUEjrIIFv38GsMuzXsACgchUumZ3
M4uWVw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org