Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/An_423GBpPH1BnC2d9AdHbj7rJI.roa
File:                     An_423GBpPH1BnC2d9AdHbj7rJI.roa (raw, json)
Hash identifier:          cB1c2zx1u/EJGWXgwxWGc4Aic6JUYLZGwYGX8eIOYmg=
Subject key identifier:   02:7F:F8:DB:71:81:A4:F1:F5:06:70:B6:77:D0:1D:1D:B8:FB:AC:92
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0189829BCC536B8164915EFB9170837AD6F7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/An_423GBpPH1BnC2d9AdHbj7rJI.roa
Signing time:             Sun 23 Jul 2023 11:56:35 +0000
ROA not before:           Sun 23 Jul 2023 11:56:35 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.33.14.0/24 maxlen: 24
                          193.19.106.0/24 maxlen: 24
                          213.32.250.0/24 maxlen: 24
                          213.32.248.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24
                          213.32.251.0/24 maxlen: 24
                          103.205.24.0/24 maxlen: 24
                          103.205.26.0/24 maxlen: 24
                          103.205.25.0/24 maxlen: 24
                          103.205.27.0/24 maxlen: 24
                          188.214.27.0/24 maxlen: 24
                          185.230.250.0/24 maxlen: 24
                          185.230.248.0/24 maxlen: 24
                          185.230.251.0/24 maxlen: 24
                          185.230.249.0/24 maxlen: 24
                          192.166.212.0/22 maxlen: 24
                          193.42.52.0/24 maxlen: 24
                          193.42.53.0/24 maxlen: 24
                          193.42.54.0/23 maxlen: 24
                          185.9.54.0/24 maxlen: 24
                          62.197.132.0/24 maxlen: 24
                          62.197.134.0/24 maxlen: 24
                          62.197.133.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.103.74.0/24 maxlen: 24
                          185.103.73.0/24 maxlen: 24
                          185.115.146.0/24 maxlen: 24
                          185.115.147.0/24 maxlen: 24
                          77.75.62.0/24 maxlen: 24
                          77.75.60.0/24 maxlen: 24
                          77.75.63.0/24 maxlen: 24
                          194.4.158.0/24 maxlen: 24
                          194.4.156.0/23 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          185.115.144.0/24 maxlen: 24
                          185.115.144.0/23 maxlen: 24
                          185.115.145.0/24 maxlen: 24
                          78.142.242.0/24 maxlen: 24
                          78.142.242.0/23 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24
                          45.159.153.0/24 maxlen: 24
                          45.159.155.0/24 maxlen: 24
                          89.38.101.0/24 maxlen: 24
                          89.40.160.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          185.229.105.0/24 maxlen: 24
                          185.229.106.0/24 maxlen: 24
                          185.229.107.0/24 maxlen: 24
                          89.43.211.0/24 maxlen: 24
                          89.43.210.0/23 maxlen: 24
                          185.245.238.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          185.245.236.0/24 maxlen: 24
                          89.43.209.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24
                          89.43.212.0/22 maxlen: 24
                          89.43.210.0/24 maxlen: 24
                          185.245.239.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          103.212.82.0/24 maxlen: 24
                          89.47.89.0/24 maxlen: 24
                          185.121.229.0/24 maxlen: 24
                          178.239.201.0/24 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          178.239.203.0/24 maxlen: 24
                          185.121.228.0/24 maxlen: 24
                          178.239.200.0/24 maxlen: 24
                          178.239.202.0/24 maxlen: 24
                          185.121.230.0/24 maxlen: 24
                          93.114.246.0/24 maxlen: 24
                          185.236.60.0/24 maxlen: 24
                          185.236.62.0/24 maxlen: 24
                          185.236.63.0/24 maxlen: 24
                          185.236.61.0/24 maxlen: 24
                          223.27.112.0/24 maxlen: 24
                          178.239.192.0/23 maxlen: 24
                          178.239.192.0/24 maxlen: 24
                          178.239.193.0/24 maxlen: 24
                          178.239.195.0/24 maxlen: 24
                          178.239.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:82:9b:cc:53:6b:81:64:91:5e:fb:91:70:83:7a:d6:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jul 23 11:56:35 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=027ff8db7181a4f1f50670b677d01d1db8fbac92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5f:97:01:21:20:ba:d2:75:6f:39:33:41:e2:
                    27:0f:8c:70:5b:67:3a:85:89:19:43:4e:1f:6d:e0:
                    a9:c4:de:37:df:21:bc:4d:87:8e:dd:a3:b7:8f:84:
                    32:c7:20:0e:36:6e:07:89:c6:8f:89:aa:c6:6b:c1:
                    e7:04:7d:54:8b:f3:09:bf:ea:fa:65:c1:a2:b9:05:
                    9d:de:0d:b4:1a:ba:51:3c:61:1b:48:01:76:dc:d1:
                    2d:92:04:ab:bb:89:35:82:fd:74:53:f2:75:ef:aa:
                    70:62:51:3e:47:36:71:d6:18:02:f7:3c:68:15:0a:
                    3b:19:45:d1:9c:7f:a2:98:da:4d:05:36:52:4a:66:
                    d3:a3:1f:34:68:8f:a7:b9:d2:59:74:88:7a:58:08:
                    32:54:40:d3:52:4b:26:bc:e6:4a:80:ee:e1:dd:8d:
                    0e:b4:a9:c5:c8:51:94:9c:fe:2d:a5:d4:37:72:a8:
                    3b:f7:11:f5:9f:06:b9:d4:3d:b3:72:ae:7a:24:04:
                    5a:17:0e:d4:b0:2a:a6:cf:9c:72:9e:a4:63:1d:d0:
                    fa:d3:76:f4:4f:e9:f8:0d:88:49:5b:67:c1:60:dd:
                    96:a2:07:bd:3e:e2:ee:87:ec:8d:51:81:87:6d:9a:
                    2a:11:b1:a8:04:48:4e:1f:0e:ed:4b:18:de:c9:1e:
                    53:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:7F:F8:DB:71:81:A4:F1:F5:06:70:B6:77:D0:1D:1D:B8:FB:AC:92
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/An_423GBpPH1BnC2d9AdHbj7rJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0/22
                  62.197.132.0/22
                  77.75.60.0/24
                  77.75.62.0/23
                  78.142.242.0/23
                  89.33.14.0/24
                  89.38.101.0/24
                  89.40.160.0/24
                  89.43.208.0/21
                  89.47.89.0/24
                  93.114.246.0/24
                  103.205.24.0/22
                  103.212.82.0/24
                  178.239.192.0/22
                  178.239.200.0/22
                  185.9.54.0/24
                  185.103.72.0-185.103.74.255
                  185.115.144.0/22
                  185.121.228.0/22
                  185.229.104.0/22
                  185.230.248.0/22
                  185.236.60.0/22
                  185.245.236.0/22
                  188.214.27.0/24
                  192.166.212.0/22
                  193.19.106.0/24
                  193.42.52.0/22
                  194.4.156.0/22
                  203.0.8.0/24
                  213.32.248.0/22
                  223.27.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:ef:2d:86:6a:e3:86:20:63:71:49:50:2f:85:9b:bf:c2:91:
         8b:0d:98:c2:e5:fd:b6:48:2c:89:49:64:d7:28:f4:ca:bd:8b:
         34:42:3f:21:e5:64:78:4b:f6:56:1d:40:44:8d:a8:5e:3b:16:
         28:00:d3:4f:01:41:65:f4:f4:c9:36:db:70:9c:55:9c:fb:fa:
         97:17:f4:f7:62:b8:b2:af:b8:33:70:27:92:58:ce:be:5a:8d:
         30:b2:0e:44:70:10:56:a7:be:6e:07:da:1d:ad:20:99:89:5e:
         2a:bf:d2:a7:c1:31:72:df:cf:4a:c2:36:a1:a1:e1:75:3b:a4:
         a8:6d:cb:ff:b5:39:9a:fd:08:60:fd:40:52:50:d6:bc:61:f5:
         ed:cb:4c:14:96:ae:ae:42:95:e9:2b:08:dd:71:c3:d1:c5:0d:
         31:68:7f:c0:1b:a9:ef:06:5a:8a:dc:a8:34:3e:ae:f1:ea:cb:
         41:6e:65:31:4d:1b:e0:59:bb:73:ed:a8:6e:bc:91:d0:20:07:
         bd:d8:cd:d1:01:7f:3a:8a:8c:0e:42:bc:15:54:2c:b9:23:d3:
         c8:56:79:ab:a5:f1:b8:0d:ca:a6:3a:77:cc:85:4e:80:cd:2e:
         3c:f0:6a:89:35:98:c9:5c:8a:cf:0f:5f:2b:e5:6b:46:00:95:
         46:10:56:d9
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAYmCm8xTa4FkkV77kXCDetb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzIzMTE1NjM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjdmZjhkYjcxODFhNGYxZjUwNjcwYjY3N2QwMWQxZGI4ZmJhYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmV+XASEgutJ1bzkzQeInD4xwW2c6
hYkZQ04fbeCpxN433yG8TYeO3aO3j4QyxyAONm4HicaPiarGa8HnBH1Ui/MJv+r6
ZcGiuQWd3g20GrpRPGEbSAF23NEtkgSru4k1gv10U/J176pwYlE+RzZx1hgC9zxo
FQo7GUXRnH+imNpNBTZSSmbTox80aI+nudJZdIh6WAgyVEDTUksmvOZKgO7h3Y0O
tKnFyFGUnP4tpdQ3cqg79xH1nwa51D2zcq56JARaFw7UsCqmz5xynqRjHdD603b0
T+n4DYhJW2fBYN2Woge9PuLuh+yNUYGHbZoqEbGoBEhOHw7tSxjeyR5TPQIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFAJ/+NtxgaTx9QZwtnfQHR24+6ySMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQW5fNDIzR0JwUEgxQm5DMmQ5QWRIYmo3ckpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCByQQCAAEwgcIDBAIt
n5gDBAI+xYQDBABNSzwDBAFNSz4DBAFOjvIDBABZIQ4DBABZJmUDBABZKKADBANZ
K9ADBABZL1kDBABdcvYDBAJnzRgDBABn1FIDBAKy78ADBAKy78gDBAC5CTYwDAME
A7lnSAMEALlnSgMEArlzkAMEArl55AMEArnlaAMEArnm+AMEArnsPAMEArn17AME
ALzWGwMEAsCm1AMEAMETagMEAsEqNAMEAsIEnAMEAMsACAMEAtUg+AMEAN8bcDAN
BgkqhkiG9w0BAQsFAAOCAQEAlu8thmrjhiBjcUlQL4Wbv8KRiw2YwuX9tkgsiUlk
1yj0yr2LNEI/IeVkeEv2Vh1ARI2oXjsWKADTTwFBZfT0yTbbcJxVnPv6lxf092K4
sq+4M3AnkljOvlqNMLIORHAQVqe+bgfaHa0gmYleKr/Sp8Exct/PSsI2oaHhdTuk
qG3L/7U5mv0IYP1AUlDWvGH17ctMFJaurkKV6SsI3XHD0cUNMWh/wBup7wZaityo
ND6u8erLQW5lMU0b4Fm7c+2obryR0CAHvdjN0QF/OoqMDkK8FVQsuSPTyFZ5q6Xx
uA3Kpjp3zIVOgM0uPPBqiTWYyVyKzw9fK+VrRgCVRhBW2Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org