Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/S8ivUYDcEw9sXz8n3D5B8_fI4NI.roa
File:                     S8ivUYDcEw9sXz8n3D5B8_fI4NI.roa (raw, json)
Hash identifier:          QzSY4yRDcmsMlUrXXLjuiue/YiRY7RhF6fS3Iy+zcao=
Subject key identifier:   4B:C8:AF:51:80:DC:13:0F:6C:5F:3F:27:DC:3E:41:F3:F7:C8:E0:D2
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       0654B82F
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/S8ivUYDcEw9sXz8n3D5B8_fI4NI.roa
Signing time:             Tue 08 Mar 2022 08:58:28 +0000
ROA not before:           Tue 08 Mar 2022 08:58:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50129
IP address blocks:        185.188.16.0/23 maxlen: 23
                          185.194.209.0/24 maxlen: 24
                          185.194.210.0/24 maxlen: 24
                          185.194.211.0/24 maxlen: 24
                          185.188.18.0/24 maxlen: 24
                          185.188.19.0/24 maxlen: 24
                          185.194.208.0/24 maxlen: 24
                          185.157.212.0/23 maxlen: 23
                          185.157.214.0/24 maxlen: 24
                          185.157.215.0/24 maxlen: 24
                          185.86.211.0/24 maxlen: 24
                          185.75.20.0/24 maxlen: 24
                          185.75.21.0/24 maxlen: 24
                          185.122.187.0/24 maxlen: 24
                          185.104.60.0/24 maxlen: 24
                          185.104.61.0/24 maxlen: 24
                          185.89.31.0/24 maxlen: 24
                          185.89.28.0/24 maxlen: 24
                          185.84.44.0/24 maxlen: 24
                          185.84.45.0/24 maxlen: 24
                          185.84.46.0/24 maxlen: 24
                          185.84.47.0/24 maxlen: 24
                          185.122.186.0/24 maxlen: 24
                          185.92.238.0/24 maxlen: 24
                          185.161.184.0/24 maxlen: 24
                          185.161.185.0/24 maxlen: 24
                          185.104.153.0/24 maxlen: 24
                          185.104.154.0/24 maxlen: 24
                          185.104.155.0/24 maxlen: 24
                          185.191.20.0/24 maxlen: 24
                          185.191.21.0/24 maxlen: 24
                          185.191.22.0/24 maxlen: 24
                          185.191.23.0/24 maxlen: 24
                          185.204.64.0/24 maxlen: 24
                          185.204.65.0/24 maxlen: 24
                          185.204.66.0/24 maxlen: 24
                          185.204.67.0/24 maxlen: 24
                          185.76.78.0/24 maxlen: 24
                          185.76.79.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 106215471 (0x654b82f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Mar  8 08:58:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4bc8af5180dc130f6c5f3f27dc3e41f3f7c8e0d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:9d:a3:7b:ea:b7:45:03:38:37:9a:37:00:4e:
                    c6:b9:ae:c8:5e:e8:77:3f:f7:3d:a2:0d:b3:9a:19:
                    4a:29:36:50:ce:ea:ff:4e:09:5c:e4:05:b7:da:d8:
                    81:26:bc:18:71:c6:f3:11:8f:61:1c:d4:4e:e6:08:
                    0a:1b:52:3b:ca:6d:c4:19:be:4a:7a:d1:a1:08:51:
                    18:29:cf:c7:74:8f:a8:95:ee:2a:7e:5c:b0:f1:85:
                    e0:b9:78:c5:16:fa:b9:48:0a:3d:13:46:be:00:0b:
                    c5:57:97:f7:90:a6:cf:24:49:90:b4:1e:13:a6:db:
                    08:fe:83:7c:be:0c:9e:77:03:e3:04:53:8d:4f:18:
                    ad:e7:2c:10:5a:54:3a:8a:3e:fc:b6:aa:02:9b:00:
                    fd:6a:0e:d5:64:71:59:21:e1:cb:ac:52:1c:4a:54:
                    3a:df:da:56:2b:49:50:cd:a7:af:49:23:b7:b7:3b:
                    cf:d3:75:d6:a7:8c:de:ea:87:7e:d0:7d:f1:bc:d6:
                    c5:a7:07:a6:c5:8f:74:e9:a6:ee:86:22:10:d2:bd:
                    de:41:8c:8c:0d:6d:39:5d:86:29:1c:a3:fe:e9:a8:
                    cb:cf:4c:e6:21:30:dd:e5:2c:98:64:cd:19:69:a3:
                    f7:98:13:34:2b:d8:cf:27:49:e3:82:6b:ca:47:19:
                    14:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C8:AF:51:80:DC:13:0F:6C:5F:3F:27:DC:3E:41:F3:F7:C8:E0:D2
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/S8ivUYDcEw9sXz8n3D5B8_fI4NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.20.0/23
                  185.76.78.0/23
                  185.84.44.0/22
                  185.86.211.0/24
                  185.89.28.0/24
                  185.89.31.0/24
                  185.92.238.0/24
                  185.104.60.0/23
                  185.104.153.0-185.104.155.255
                  185.122.186.0/23
                  185.157.212.0/22
                  185.161.184.0/23
                  185.188.16.0/22
                  185.191.20.0/22
                  185.194.208.0/22
                  185.204.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:11:52:f5:8d:a4:5e:14:61:4f:ab:ce:42:5a:04:51:b7:56:
         81:42:96:ac:e7:a8:e3:b3:24:63:f6:d4:bd:57:1b:eb:33:d3:
         62:48:fd:8b:29:47:fb:42:38:ab:e6:f1:5c:45:24:85:c5:2f:
         ed:aa:b2:87:fc:0c:a0:98:a9:00:bc:43:26:37:44:2c:88:4e:
         6f:12:ea:b2:43:c3:6e:c3:02:5b:92:b7:5b:c1:51:2b:d9:66:
         ba:f0:bf:8a:81:6c:6d:ff:9c:5c:95:11:7f:52:9f:f3:76:a4:
         60:ca:db:a0:7f:20:d7:e3:6c:14:35:88:93:64:76:9f:8f:0c:
         ca:72:43:ac:d0:85:24:9c:1a:6b:53:3e:33:9e:95:eb:93:41:
         7d:5c:09:5f:f4:6a:4d:76:c3:92:3d:4c:b8:a9:a8:f5:62:f3:
         b1:0a:10:21:79:16:ff:cb:ef:d6:48:04:79:6d:4b:90:83:75:
         6f:a8:9a:ac:34:de:1c:3a:89:78:d8:22:d0:92:bb:f6:73:27:
         b0:c3:fb:c2:fa:c1:d5:87:68:c2:e3:5b:db:14:fa:18:ca:11:
         60:1e:d1:0f:6e:0a:dc:22:64:05:01:c5:50:27:ab:df:f4:8e:
         42:e5:b0:8a:7a:7a:b5:5f:e9:c2:dd:c3:1b:b9:38:97:b0:bb:
         40:72:f6:63
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIEBlS4LzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YmM1ZGU3ZDcyNTViN2Q1ODI2MGM2NWExMjBiMTY0ZWYxMGVmOTAzMB4XDTIyMDMw
ODA4NTgyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGJjOGFmNTE4MGRj
MTMwZjZjNWYzZjI3ZGMzZTQxZjNmN2M4ZTBkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOWdo3vqt0UDODeaNwBOxrmuyF7odz/3PaINs5oZSik2UM7q
/04JXOQFt9rYgSa8GHHG8xGPYRzUTuYIChtSO8ptxBm+SnrRoQhRGCnPx3SPqJXu
Kn5csPGF4Ll4xRb6uUgKPRNGvgALxVeX95CmzyRJkLQeE6bbCP6DfL4MnncD4wRT
jU8YrecsEFpUOoo+/LaqApsA/WoO1WRxWSHhy6xSHEpUOt/aVitJUM2nr0kjt7c7
z9N11qeM3uqHftB98bzWxacHpsWPdOmm7oYiENK93kGMjA1tOV2GKRyj/umoy89M
5iEw3eUsmGTNGWmj95gTNCvYzydJ44JrykcZFNECAwEAAaOCAmwwggJoMB0GA1Ud
DgQWBBRLyK9RgNwTD2xfPyfcPkHz98jg0jAfBgNVHSMEGDAWgBRrxd59clW31YJg
xloSCxZO8Q75AzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2E4WGVmWEpWdDlXQ1lNWmFFZ3NXVHZFTy1RTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmIvMzIxMDllLTI0YzktNGM4OC1hOGU4LWZkZjY2MzhkMmMwNC8x
L1M4aXZVWURjRXc5c1h6OG4zRDVCOF9mSTROSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIv
MzIxMDllLTI0YzktNGM4OC1hOGU4LWZkZjY2MzhkMmMwNC8xL2E4WGVmWEpWdDlX
Q1lNWmFFZ3NXVHZFTy1RTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
gQYIKwYBBQUHAQcBAf8EcjBwMG4EAgABMGgDBAG5SxQDBAG5TE4DBAK5VCwDBAC5
VtMDBAC5WRwDBAC5WR8DBAC5XO4DBAG5aDwwDAMEALlomQMEArlomAMEAbl6ugME
Armd1AMEAbmhuAMEArm8EAMEArm/FAMEArnC0AMEArnMQDANBgkqhkiG9w0BAQsF
AAOCAQEAbBFS9Y2kXhRhT6vOQloEUbdWgUKWrOeo47MkY/bUvVcb6zPTYkj9iylH
+0I4q+bxXEUkhcUv7aqyh/wMoJipALxDJjdELIhObxLqskPDbsMCW5K3W8FRK9lm
uvC/ioFsbf+cXJURf1Kf83akYMrboH8g1+NsFDWIk2R2n48MynJDrNCFJJwaa1M+
M56V65NBfVwJX/RqTXbDkj1MuKmo9WLzsQoQIXkW/8vv1kgEeW1LkIN1b6iarDTe
HDqJeNgi0JK79nMnsMP7wvrB1YdowuNb2xT6GMoRYB7RD24K3CJkBQHFUCer3/SO
QuWwinp6tV/pwt3DG7k4l7C7QHL2Yw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:54 2024 by rpki-client on console-ams.rpki-client.org