Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/4fYJeypLPlCA6-P0WugZYc0n_5o.roa
File:                     4fYJeypLPlCA6-P0WugZYc0n_5o.roa (raw, json)
Hash identifier:          0t28/rVZM4mLmV+qxQzhluRLF+vYt943QxQdPq1a+jo=
Subject key identifier:   E1:F6:09:7B:2A:4B:3E:50:80:EB:E3:F4:5A:E8:19:61:CD:27:FF:9A
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       06926F4A
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/4fYJeypLPlCA6-P0WugZYc0n_5o.roa
Signing time:             Thu 31 Mar 2022 17:05:34 +0000
ROA not before:           Thu 31 Mar 2022 17:05:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50129
IP address blocks:        185.188.16.0/23 maxlen: 23
                          185.194.209.0/24 maxlen: 24
                          185.194.210.0/24 maxlen: 24
                          185.194.211.0/24 maxlen: 24
                          185.188.18.0/24 maxlen: 24
                          185.188.19.0/24 maxlen: 24
                          185.194.208.0/24 maxlen: 24
                          185.157.212.0/23 maxlen: 23
                          185.157.214.0/24 maxlen: 24
                          185.157.215.0/24 maxlen: 24
                          185.86.211.0/24 maxlen: 24
                          185.104.60.0/24 maxlen: 24
                          185.104.61.0/24 maxlen: 24
                          185.84.44.0/24 maxlen: 24
                          134.255.242.0/24 maxlen: 24
                          185.84.45.0/24 maxlen: 24
                          185.84.46.0/24 maxlen: 24
                          185.84.47.0/24 maxlen: 24
                          89.43.196.0/24 maxlen: 24
                          89.43.197.0/24 maxlen: 24
                          93.114.131.0/24 maxlen: 24
                          5.187.39.0/24 maxlen: 24
                          185.92.238.0/24 maxlen: 24
                          95.156.204.0/24 maxlen: 24
                          95.156.205.0/24 maxlen: 24
                          95.156.206.0/24 maxlen: 24
                          5.187.38.0/24 maxlen: 24
                          95.156.207.0/24 maxlen: 24
                          185.191.20.0/24 maxlen: 24
                          185.191.21.0/24 maxlen: 24
                          185.191.22.0/24 maxlen: 24
                          185.191.23.0/24 maxlen: 24
                          212.237.231.0/24 maxlen: 24
                          185.204.64.0/24 maxlen: 24
                          185.204.65.0/24 maxlen: 24
                          185.204.66.0/24 maxlen: 24
                          185.204.67.0/24 maxlen: 24
                          185.76.78.0/24 maxlen: 24
                          185.76.79.0/24 maxlen: 24
                          5.61.212.0/24 maxlen: 24
                          5.61.213.0/24 maxlen: 24
                          5.61.214.0/24 maxlen: 24
                          5.61.215.0/24 maxlen: 24
                          185.75.20.0/24 maxlen: 24
                          185.75.21.0/24 maxlen: 24
                          185.122.187.0/24 maxlen: 24
                          185.89.31.0/24 maxlen: 24
                          185.89.28.0/24 maxlen: 24
                          185.89.29.0/24 maxlen: 24
                          217.61.241.0/24 maxlen: 24
                          217.61.242.0/24 maxlen: 24
                          217.61.243.0/24 maxlen: 24
                          185.122.186.0/24 maxlen: 24
                          185.161.184.0/24 maxlen: 24
                          185.161.185.0/24 maxlen: 24
                          195.181.252.0/24 maxlen: 24
                          195.181.253.0/24 maxlen: 24
                          185.104.153.0/24 maxlen: 24
                          185.104.154.0/24 maxlen: 24
                          185.104.155.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 110260042 (0x6926f4a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Mar 31 17:05:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e1f6097b2a4b3e5080ebe3f45ae81961cd27ff9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:56:ff:8f:84:ce:04:7f:6f:ef:d8:81:2f:77:
                    ec:bc:71:bf:82:89:c0:c1:c4:07:e0:38:c0:4a:2f:
                    0b:81:06:d1:0e:43:10:28:c6:62:07:d3:ae:80:a9:
                    19:54:52:4f:5c:2c:2d:7f:2f:f2:0d:61:a9:7d:de:
                    42:5f:42:7c:59:a7:31:63:2b:79:5e:37:cd:88:81:
                    fa:66:3d:c0:03:93:a6:a5:4c:a3:08:03:7a:a3:be:
                    57:c4:0e:5c:21:d4:35:c3:a9:bf:f3:0d:4c:ba:92:
                    94:fe:70:71:4c:00:06:9e:c7:e4:11:8b:02:7f:6f:
                    23:7e:23:fc:a1:c6:c8:f2:cb:1d:f3:b8:3f:9a:d2:
                    d0:eb:e1:b2:5d:19:34:f4:7b:e8:81:fb:f4:72:3b:
                    0b:42:ed:b5:c2:a5:77:b6:00:d2:02:8e:e6:05:97:
                    bd:77:49:60:9a:ca:dd:c5:36:94:aa:3f:82:90:58:
                    c3:c5:f0:31:72:96:d6:88:93:4f:86:42:3b:3f:4d:
                    72:49:d5:36:8f:07:58:54:2e:cc:a3:54:a1:6a:89:
                    c4:61:9d:44:41:43:2b:cd:c1:58:60:99:49:3d:9f:
                    07:bc:31:7e:8e:1b:56:e5:50:87:7f:3c:5b:f8:1d:
                    0a:27:95:25:e4:0f:3d:2d:c9:dd:cd:e7:04:93:a6:
                    e9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F6:09:7B:2A:4B:3E:50:80:EB:E3:F4:5A:E8:19:61:CD:27:FF:9A
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/4fYJeypLPlCA6-P0WugZYc0n_5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.212.0/22
                  5.187.38.0/23
                  89.43.196.0/23
                  93.114.131.0/24
                  95.156.204.0/22
                  134.255.242.0/24
                  185.75.20.0/23
                  185.76.78.0/23
                  185.84.44.0/22
                  185.86.211.0/24
                  185.89.28.0/23
                  185.89.31.0/24
                  185.92.238.0/24
                  185.104.60.0/23
                  185.104.153.0-185.104.155.255
                  185.122.186.0/23
                  185.157.212.0/22
                  185.161.184.0/23
                  185.188.16.0/22
                  185.191.20.0/22
                  185.194.208.0/22
                  185.204.64.0/22
                  195.181.252.0/23
                  212.237.231.0/24
                  217.61.241.0-217.61.243.255

    Signature Algorithm: sha256WithRSAEncryption
         29:fb:57:ab:0b:11:c7:8f:46:ca:b9:b2:5c:eb:ee:bd:1d:ce:
         fd:94:44:2e:0a:0f:95:ec:50:3e:7d:50:3f:c7:96:c2:29:06:
         db:8d:2b:01:67:b2:15:3b:f9:17:6b:6e:38:05:75:e9:c3:f8:
         d7:7c:eb:e9:37:49:19:71:72:67:4b:6e:4e:93:c2:85:f0:47:
         53:72:f0:b4:b4:42:76:fa:3c:0f:f3:a8:a3:53:5b:e3:50:5c:
         90:f9:c8:2e:61:bd:f8:6d:44:2f:5b:69:87:1b:b9:ae:ca:51:
         47:a2:0d:c2:1f:d5:00:83:47:a6:df:f8:17:06:4d:62:54:a2:
         35:62:f2:32:c0:73:c3:6e:42:cc:d0:49:3f:05:fb:71:dc:48:
         09:a1:4e:11:69:46:3c:44:03:01:13:8f:2b:e3:71:3f:a2:05:
         34:ef:2a:3a:2b:bf:ce:0c:f2:7d:97:11:9a:6b:28:d7:3c:17:
         62:a4:5d:b3:83:c5:94:4f:ed:d5:88:77:d0:d1:b5:f9:22:c0:
         bb:73:19:e2:1f:3e:db:1a:ae:a6:a5:69:2f:b1:79:90:b3:43:
         58:20:a1:23:7f:c0:e4:94:cc:59:44:14:2e:3e:8c:fb:36:9e:
         34:3c:46:ba:4b:2f:00:eb:5d:3f:99:3f:fd:68:1b:79:65:89:
         80:20:03:3c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgIEBpJvSjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YmM1ZGU3ZDcyNTViN2Q1ODI2MGM2NWExMjBiMTY0ZWYxMGVmOTAzMB4XDTIyMDMz
MTE3MDUzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTFmNjA5N2IyYTRi
M2U1MDgwZWJlM2Y0NWFlODE5NjFjZDI3ZmY5YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL9W/4+EzgR/b+/YgS937Lxxv4KJwMHEB+A4wEovC4EG0Q5D
ECjGYgfTroCpGVRST1wsLX8v8g1hqX3eQl9CfFmnMWMreV43zYiB+mY9wAOTpqVM
owgDeqO+V8QOXCHUNcOpv/MNTLqSlP5wcUwABp7H5BGLAn9vI34j/KHGyPLLHfO4
P5rS0Ovhsl0ZNPR76IH79HI7C0LttcKld7YA0gKO5gWXvXdJYJrK3cU2lKo/gpBY
w8XwMXKW1oiTT4ZCOz9NcknVNo8HWFQuzKNUoWqJxGGdREFDK83BWGCZST2fB7wx
fo4bVuVQh388W/gdCieVJeQPPS3J3c3nBJOm6T0CAwEAAaOCAq4wggKqMB0GA1Ud
DgQWBBTh9gl7Kks+UIDr4/Ra6BlhzSf/mjAfBgNVHSMEGDAWgBRrxd59clW31YJg
xloSCxZO8Q75AzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2E4WGVmWEpWdDlXQ1lNWmFFZ3NXVHZFTy1RTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmIvMzIxMDllLTI0YzktNGM4OC1hOGU4LWZkZjY2MzhkMmMwNC8x
LzRmWUpleXBMUGxDQTYtUDBXdWdaWWMwbl81by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIv
MzIxMDllLTI0YzktNGM4OC1hOGU4LWZkZjY2MzhkMmMwNC8xL2E4WGVmWEpWdDlX
Q1lNWmFFZ3NXVHZFTy1RTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
wwYIKwYBBQUHAQcBAf8EgbMwgbAwga0EAgABMIGmAwQCBT3UAwQBBbsmAwQBWSvE
AwQAXXKDAwQCX5zMAwQAhv/yAwQBuUsUAwQBuUxOAwQCuVQsAwQAuVbTAwQBuVkc
AwQAuVkfAwQAuVzuAwQBuWg8MAwDBAC5aJkDBAK5aJgDBAG5eroDBAK5ndQDBAG5
obgDBAK5vBADBAK5vxQDBAK5wtADBAK5zEADBAHDtfwDBADU7ecwDAMEANk98QME
Atk98DANBgkqhkiG9w0BAQsFAAOCAQEAKftXqwsRx49GyrmyXOvuvR3O/ZRELgoP
lexQPn1QP8eWwikG240rAWeyFTv5F2tuOAV16cP413zr6TdJGXFyZ0tuTpPChfBH
U3LwtLRCdvo8D/Ooo1Nb41BckPnILmG9+G1EL1tphxu5rspRR6INwh/VAINHpt/4
FwZNYlSiNWLyMsBzw25CzNBJPwX7cdxICaFOEWlGPEQDAROPK+NxP6IFNO8qOiu/
zgzyfZcRmmso1zwXYqRds4PFlE/t1Yh30NG1+SLAu3MZ4h8+2xqupqVpL7F5kLND
WCChI3/A5JTMWUQULj6M+zaeNDxGuksvAOtdP5k//WgbeWWJgCADPA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:54 2024 by rpki-client on console-ams.rpki-client.org