Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/LlxfYRvDz_mNyk7fDiykfNQNtog.roa
File:                     LlxfYRvDz_mNyk7fDiykfNQNtog.roa (raw, json)
Hash identifier:          XtldrYOFI/SmnmJiNhWdIJDz7W2nPL75YivXQjcLvTI=
Subject key identifier:   2E:5C:5F:61:1B:C3:CF:F9:8D:CA:4E:DF:0E:2C:A4:7C:D4:0D:B6:88
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       018A70C2E111E7FA001CC555BC2586FA07FD
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/LlxfYRvDz_mNyk7fDiykfNQNtog.roa
Signing time:             Thu 07 Sep 2023 17:48:54 +0000
ROA not before:           Thu 07 Sep 2023 17:48:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        185.188.17.0/24 maxlen: 24
                          185.188.16.0/24 maxlen: 24
                          185.188.19.0/24 maxlen: 24
                          185.194.208.0/24 maxlen: 24
                          185.188.18.0/24 maxlen: 24
                          185.194.211.0/24 maxlen: 24
                          185.194.210.0/24 maxlen: 24
                          185.194.209.0/24 maxlen: 24
                          185.157.212.0/24 maxlen: 24
                          185.157.215.0/24 maxlen: 24
                          185.157.214.0/24 maxlen: 24
                          185.104.61.0/24 maxlen: 24
                          185.104.60.0/24 maxlen: 24
                          185.84.44.0/24 maxlen: 24
                          185.84.47.0/24 maxlen: 24
                          185.84.46.0/24 maxlen: 24
                          185.84.45.0/24 maxlen: 24
                          5.187.39.0/24 maxlen: 24
                          95.156.206.0/24 maxlen: 24
                          95.156.205.0/24 maxlen: 24
                          95.156.204.0/24 maxlen: 24
                          5.187.38.0/24 maxlen: 24
                          95.156.207.0/24 maxlen: 24
                          185.191.23.0/24 maxlen: 24
                          185.191.22.0/24 maxlen: 24
                          185.191.21.0/24 maxlen: 24
                          185.191.20.0/24 maxlen: 24
                          212.237.231.0/24 maxlen: 24
                          185.204.64.0/24 maxlen: 24
                          185.204.67.0/24 maxlen: 24
                          185.204.66.0/24 maxlen: 24
                          185.204.65.0/24 maxlen: 24
                          185.76.78.0/24 maxlen: 24
                          185.76.79.0/24 maxlen: 24
                          5.61.213.0/24 maxlen: 24
                          5.61.212.0/24 maxlen: 24
                          5.61.215.0/24 maxlen: 24
                          5.61.214.0/24 maxlen: 24
                          185.75.21.0/24 maxlen: 24
                          185.75.20.0/24 maxlen: 24
                          185.122.187.0/24 maxlen: 24
                          185.89.29.0/24 maxlen: 24
                          185.89.28.0/24 maxlen: 24
                          185.89.31.0/24 maxlen: 24
                          217.61.243.0/24 maxlen: 24
                          217.61.242.0/24 maxlen: 24
                          217.61.241.0/24 maxlen: 24
                          185.122.186.0/24 maxlen: 24
                          185.161.184.0/24 maxlen: 24
                          195.181.253.0/24 maxlen: 24
                          195.181.252.0/24 maxlen: 24
                          185.104.153.0/24 maxlen: 24
                          185.104.155.0/24 maxlen: 24
                          185.104.154.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:70:c2:e1:11:e7:fa:00:1c:c5:55:bc:25:86:fa:07:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Sep  7 17:48:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e5c5f611bc3cff98dca4edf0e2ca47cd40db688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ed:9a:52:e0:89:ad:54:2a:a9:d0:51:10:72:
                    76:f9:be:77:97:e8:25:00:b3:c8:82:22:dc:43:2a:
                    07:2d:2c:8c:7a:43:3c:70:b5:ac:0a:f8:8d:06:c3:
                    e9:d7:3f:bc:27:a1:47:71:3c:a6:5d:65:a9:5a:0b:
                    40:01:ac:ba:3d:7b:94:43:12:28:0f:71:0f:37:03:
                    38:ca:d3:59:b2:ec:94:85:59:e7:10:23:d3:1f:8a:
                    5e:80:90:36:66:e7:3c:b8:d0:46:8a:72:c6:3c:e3:
                    e3:32:54:cd:5e:c9:7b:05:07:54:75:b0:0f:8a:48:
                    9c:a2:62:21:7b:aa:b1:3f:78:3c:a8:52:90:15:20:
                    d9:1c:6f:f9:bd:55:3f:73:ff:c3:00:0b:b1:dc:d8:
                    9f:28:bc:6c:40:79:be:62:1c:2d:84:3b:c3:71:b8:
                    99:4d:54:ab:36:08:81:99:86:d5:3a:bb:19:74:70:
                    d0:9f:77:86:eb:c6:50:9c:c4:fa:b0:d7:05:ee:aa:
                    21:8c:10:b6:32:02:02:8f:ad:69:40:65:c6:fa:4f:
                    c9:8a:a2:10:67:11:70:00:9c:3f:0a:c9:11:fb:b1:
                    5d:c1:a1:c4:ad:52:4d:81:a8:1e:8e:fe:7e:e5:38:
                    9f:aa:51:c8:41:9f:8f:59:f4:ed:1a:a8:eb:ed:58:
                    8b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:5C:5F:61:1B:C3:CF:F9:8D:CA:4E:DF:0E:2C:A4:7C:D4:0D:B6:88
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/LlxfYRvDz_mNyk7fDiykfNQNtog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.212.0/22
                  5.187.38.0/23
                  95.156.204.0/22
                  185.75.20.0/23
                  185.76.78.0/23
                  185.84.44.0/22
                  185.89.28.0/23
                  185.89.31.0/24
                  185.104.60.0/23
                  185.104.153.0-185.104.155.255
                  185.122.186.0/23
                  185.157.212.0/24
                  185.157.214.0/23
                  185.161.184.0/24
                  185.188.16.0/22
                  185.191.20.0/22
                  185.194.208.0/22
                  185.204.64.0/22
                  195.181.252.0/23
                  212.237.231.0/24
                  217.61.241.0-217.61.243.255

    Signature Algorithm: sha256WithRSAEncryption
         21:b5:a5:e2:4f:85:91:dc:3f:b0:76:51:e6:68:aa:75:27:99:
         83:e1:63:4d:1d:7c:19:81:f1:93:45:43:de:f5:ce:59:3a:8a:
         d5:26:a9:a6:ef:8d:e2:0f:31:9d:50:8f:27:ec:7d:bc:f4:3a:
         b3:9c:ee:ea:4c:50:7a:81:86:0e:7f:50:c2:c3:08:5c:f5:6d:
         54:79:d1:59:39:28:51:95:76:18:1d:bc:86:9f:cf:1c:68:fc:
         67:65:30:15:eb:16:2c:46:c9:4a:ee:ff:9b:3e:f4:f1:2c:cf:
         85:2a:03:42:fb:98:52:65:23:85:dc:85:73:2c:73:12:05:2b:
         06:82:91:4f:be:e0:30:25:2b:04:3c:2b:e5:43:63:b8:84:8e:
         df:ce:ac:ea:75:b6:43:8f:9b:86:11:47:91:d1:22:bc:27:bd:
         78:b5:9b:fb:2f:26:4c:d9:1b:78:16:ee:01:cf:60:cd:10:fd:
         a6:c3:c8:05:c4:62:35:0f:38:e7:1d:dd:7a:20:06:99:23:5e:
         61:27:97:57:65:08:2f:40:b5:ae:4a:1b:32:d4:44:d8:17:f5:
         0b:64:81:a2:4b:97:dd:f3:76:1a:b4:77:14:05:da:ec:64:55:
         b0:0f:56:db:af:7a:57:ee:5a:51:16:bc:0e:e0:35:aa:15:35:
         c9:69:96:b1
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYpwwuER5/oAHMVVvCWG+gf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjMwOTA3MTc0ODU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTVjNWY2MTFiYzNjZmY5OGRjYTRlZGYwZTJjYTQ3Y2Q0MGRiNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAje2aUuCJrVQqqdBREHJ2+b53l+gl
ALPIgiLcQyoHLSyMekM8cLWsCviNBsPp1z+8J6FHcTymXWWpWgtAAay6PXuUQxIo
D3EPNwM4ytNZsuyUhVnnECPTH4pegJA2Zuc8uNBGinLGPOPjMlTNXsl7BQdUdbAP
ikicomIhe6qxP3g8qFKQFSDZHG/5vVU/c//DAAux3NifKLxsQHm+YhwthDvDcbiZ
TVSrNgiBmYbVOrsZdHDQn3eG68ZQnMT6sNcF7qohjBC2MgICj61pQGXG+k/JiqIQ
ZxFwAJw/CskR+7FdwaHErVJNgagejv5+5TifqlHIQZ+PWfTtGqjr7ViLywIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFC5cX2Ebw8/5jcpO3w4spHzUDbaIMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvTGx4ZllSdkR6X21OeWs3ZkRpeWtmTlFOdG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAIF
PdQDBAEFuyYDBAJfnMwDBAG5SxQDBAG5TE4DBAK5VCwDBAG5WRwDBAC5WR8DBAG5
aDwwDAMEALlomQMEArlomAMEAbl6ugMEALmd1AMEAbmd1gMEALmhuAMEArm8EAME
Arm/FAMEArnC0AMEArnMQAMEAcO1/AMEANTt5zAMAwQA2T3xAwQC2T3wMA0GCSqG
SIb3DQEBCwUAA4IBAQAhtaXiT4WR3D+wdlHmaKp1J5mD4WNNHXwZgfGTRUPe9c5Z
OorVJqmm743iDzGdUI8n7H289DqznO7qTFB6gYYOf1DCwwhc9W1UedFZOShRlXYY
HbyGn88caPxnZTAV6xYsRslK7v+bPvTxLM+FKgNC+5hSZSOF3IVzLHMSBSsGgpFP
vuAwJSsEPCvlQ2O4hI7fzqzqdbZDj5uGEUeR0SK8J714tZv7LyZM2Rt4Fu4Bz2DN
EP2mw8gFxGI1DzjnHd16IAaZI15hJ5dXZQgvQLWuShsy1ETYF/ULZIGiS5fd83Ya
tHcUBdrsZFWwD1bbr3pX7lpRFrwO4DWqFTXJaZax
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:34 2024 by rpki-client on console-fra.rpki-client.org