Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/ADZ2yZ_2zHTN5f5FD79ESn63PM8.roa
File:                     ADZ2yZ_2zHTN5f5FD79ESn63PM8.roa (raw, json)
Hash identifier:          zIisSjVf9C14lPlkgTP2MUMUtoRQD2ihUxXPSJ9vE4c=
Subject key identifier:   00:36:76:C9:9F:F6:CC:74:CD:E5:FE:45:0F:BF:44:4A:7E:B7:3C:CF
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       018D59BCC4608E6089B19F944F83BA9B7260
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/ADZ2yZ_2zHTN5f5FD79ESn63PM8.roa
Signing time:             Tue 30 Jan 2024 09:39:19 +0000
ROA not before:           Tue 30 Jan 2024 09:39:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        5.61.212.0/24 maxlen: 24
                          5.61.213.0/24 maxlen: 24
                          5.61.214.0/24 maxlen: 24
                          5.61.215.0/24 maxlen: 24
                          5.187.38.0/24 maxlen: 24
                          5.187.39.0/24 maxlen: 24
                          95.156.204.0/24 maxlen: 24
                          95.156.205.0/24 maxlen: 24
                          95.156.206.0/24 maxlen: 24
                          95.156.207.0/24 maxlen: 24
                          185.89.28.0/24 maxlen: 24
                          185.89.29.0/24 maxlen: 24
                          185.89.31.0/24 maxlen: 24
                          185.104.60.0/24 maxlen: 24
                          185.104.61.0/24 maxlen: 24
                          185.104.153.0/24 maxlen: 24
                          185.104.154.0/24 maxlen: 24
                          185.104.155.0/24 maxlen: 24
                          185.122.186.0/24 maxlen: 24
                          185.122.187.0/24 maxlen: 24
                          185.157.212.0/24 maxlen: 24
                          185.157.214.0/24 maxlen: 24
                          185.157.215.0/24 maxlen: 24
                          185.161.184.0/24 maxlen: 24
                          185.188.17.0/24 maxlen: 24
                          195.181.252.0/24 maxlen: 24
                          195.181.253.0/24 maxlen: 24
                          217.61.242.0/24 maxlen: 24
                          217.61.243.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:bc:c4:60:8e:60:89:b1:9f:94:4f:83:ba:9b:72:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Jan 30 09:39:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=003676c99ff6cc74cde5fe450fbf444a7eb73ccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:dd:3f:96:f1:c3:14:9c:2a:a8:22:15:21:98:
                    8e:99:76:76:81:44:6d:29:f3:f0:4b:d3:36:d1:49:
                    7b:11:dd:82:b2:f6:0d:67:ee:ab:90:df:b8:af:b5:
                    49:ff:b2:c6:f8:7d:3c:2b:32:53:b8:57:3d:c8:2a:
                    48:9e:c4:b1:ad:71:ff:42:de:2a:64:c9:0c:3a:91:
                    76:11:7c:3c:58:48:66:55:e7:28:52:1f:75:56:6d:
                    ee:a4:b0:7e:d1:8d:9d:8f:a8:cd:b9:8f:f0:8b:3c:
                    40:3c:53:0e:a4:64:52:f1:d3:4f:43:09:06:9a:3d:
                    1e:ec:e7:7a:8e:8f:ef:1a:89:9f:93:ea:bc:01:38:
                    43:37:fd:c7:1c:4c:d6:c4:c8:9d:48:62:91:b2:a9:
                    e5:03:e8:72:39:67:09:62:62:e9:26:65:b8:2b:91:
                    c6:a4:2f:c2:c4:aa:dd:af:19:ef:a6:dd:e2:79:27:
                    ba:a7:de:ed:45:84:9a:bc:7e:0a:02:68:4f:c3:c7:
                    56:89:a3:6b:82:9a:76:52:3b:35:a6:0c:b1:cd:c5:
                    3e:2f:f1:da:49:a0:ee:9a:b8:51:c5:d7:9b:03:eb:
                    a8:b8:0f:ff:23:fe:48:c7:16:21:5e:d7:77:25:17:
                    23:2a:35:03:ac:da:91:ed:62:66:3e:1b:51:f6:ce:
                    20:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:36:76:C9:9F:F6:CC:74:CD:E5:FE:45:0F:BF:44:4A:7E:B7:3C:CF
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/ADZ2yZ_2zHTN5f5FD79ESn63PM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.212.0/22
                  5.187.38.0/23
                  95.156.204.0/22
                  185.89.28.0/23
                  185.89.31.0/24
                  185.104.60.0/23
                  185.104.153.0-185.104.155.255
                  185.122.186.0/23
                  185.157.212.0/24
                  185.157.214.0/23
                  185.161.184.0/24
                  185.188.17.0/24
                  195.181.252.0/23
                  217.61.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:16:a7:58:ec:27:7d:89:42:3a:0d:0d:13:0a:71:25:fb:ec:
         65:44:5f:08:9a:db:cc:57:e4:73:4d:f3:0a:19:26:87:10:fd:
         0b:b9:3c:eb:bd:f4:75:63:41:71:40:46:0b:1d:da:3d:0a:fc:
         61:7c:1f:a1:a9:f5:03:74:99:ab:af:f3:d9:69:d5:55:14:0f:
         db:a6:49:5f:d7:c0:1f:63:ad:01:ed:ea:97:d5:6c:9e:66:1d:
         c1:ab:c6:be:5f:1c:8d:7d:c2:39:af:eb:c7:dc:0c:39:43:fe:
         b5:01:b5:0f:c4:e3:28:dd:f9:66:f8:d8:e5:c6:76:92:05:7e:
         1e:df:0b:73:26:a9:f9:08:07:14:a6:cb:6d:09:9f:54:e6:d2:
         81:1e:a5:d5:66:ab:5c:aa:5f:9f:43:9a:67:2b:b5:ff:63:32:
         6c:f3:5e:d6:c1:3d:d4:6d:d0:4e:61:52:5e:38:72:f4:ae:f0:
         e4:86:82:33:79:97:bd:e6:11:a6:35:ba:d1:eb:68:f1:3a:12:
         3c:79:23:71:0f:f0:25:21:04:0d:1d:a3:94:45:c2:74:29:16:
         2a:e8:7c:b4:db:d3:5e:ff:5f:88:58:10:b7:4b:55:c8:7d:cb:
         42:23:47:4c:9e:67:8c:05:a0:7b:ea:49:4a:73:dd:d7:fb:2a:
         cf:5f:8f:fd
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAY1ZvMRgjmCJsZ+UT4O6m3JgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwMTMwMDkzOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDM2NzZjOTlmZjZjYzc0Y2RlNWZlNDUwZmJmNDQ0YTdlYjczY2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjN0/lvHDFJwqqCIVIZiOmXZ2gURt
KfPwS9M20Ul7Ed2CsvYNZ+6rkN+4r7VJ/7LG+H08KzJTuFc9yCpInsSxrXH/Qt4q
ZMkMOpF2EXw8WEhmVecoUh91Vm3upLB+0Y2dj6jNuY/wizxAPFMOpGRS8dNPQwkG
mj0e7Od6jo/vGomfk+q8AThDN/3HHEzWxMidSGKRsqnlA+hyOWcJYmLpJmW4K5HG
pC/CxKrdrxnvpt3ieSe6p97tRYSavH4KAmhPw8dWiaNrgpp2Ujs1pgyxzcU+L/Ha
SaDumrhRxdebA+uouA//I/5IxxYhXtd3JRcjKjUDrNqR7WJmPhtR9s4gwwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFAA2dsmf9sx0zeX+RQ+/REp+tzzPMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvQURaMnlaXzJ6SFRONWY1RkQ3OUVTbjYzUE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQCBT3UAwQB
BbsmAwQCX5zMAwQBuVkcAwQAuVkfAwQBuWg8MAwDBAC5aJkDBAK5aJgDBAG5eroD
BAC5ndQDBAG5ndYDBAC5obgDBAC5vBEDBAHDtfwDBAHZPfIwDQYJKoZIhvcNAQEL
BQADggEBADkWp1jsJ32JQjoNDRMKcSX77GVEXwia28xX5HNN8woZJocQ/Qu5POu9
9HVjQXFARgsd2j0K/GF8H6Gp9QN0mauv89lp1VUUD9umSV/XwB9jrQHt6pfVbJ5m
HcGrxr5fHI19wjmv68fcDDlD/rUBtQ/E4yjd+Wb42OXGdpIFfh7fC3MmqfkIBxSm
y20Jn1Tm0oEepdVmq1yqX59Dmmcrtf9jMmzzXtbBPdRt0E5hUl44cvSu8OSGgjN5
l73mEaY1utHraPE6Ejx5I3EP8CUhBA0do5RFwnQpFirofLTb017/X4hYELdLVch9
y0IjR0yeZ4wFoHvqSUpz3df7Ks9fj/0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:54 2024 by rpki-client on console-ams.rpki-client.org