Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F37kVZPqm1GwdM65n8qfLP2epaA.roa
File:                     F37kVZPqm1GwdM65n8qfLP2epaA.roa (raw, json)
Hash identifier:          DFKV/pbdDwqTSAQT4YYv5/qCgG3G8byyK43CvBoKwso=
Subject key identifier:   17:7E:E4:55:93:EA:9B:51:B0:74:CE:B9:9F:CA:9F:2C:FD:9E:A5:A0
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186BFDF8105C095C435BD4780E674E1D95C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F37kVZPqm1GwdM65n8qfLP2epaA.roa
Signing time:             Wed 08 Mar 2023 06:19:01 +0000
ROA not before:           Wed 08 Mar 2023 06:19:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200482
IP address blocks:        91.209.12.0/24 maxlen: 24
                          185.229.105.0/24 maxlen: 24
                          89.43.211.0/24 maxlen: 24
                          89.43.209.0/24 maxlen: 24
                          185.245.236.0/24 maxlen: 24
                          178.239.200.0/24 maxlen: 24
                          62.197.132.0/24 maxlen: 24
                          62.197.128.0/24 maxlen: 24
                          45.159.153.0/24 maxlen: 24
                          103.205.27.0/24 maxlen: 24
                          103.205.25.0/24 maxlen: 24
                          223.27.114.0/24 maxlen: 24
                          178.239.193.0/24 maxlen: 24
                          178.239.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bf:df:81:05:c0:95:c4:35:bd:47:80:e6:74:e1:d9:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  8 06:19:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=177ee45593ea9b51b074ceb99fca9f2cfd9ea5a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:be:73:6c:93:18:1f:d1:b1:fc:c7:82:24:17:
                    97:77:78:cf:35:b5:96:d6:71:5c:40:d4:63:95:0e:
                    a9:00:4c:fb:b7:95:49:e4:96:7b:c2:8d:af:b5:c6:
                    65:59:5b:96:58:1f:4e:b6:06:38:d8:68:77:0b:17:
                    b6:80:a3:bf:62:c8:17:df:39:43:7e:3e:83:15:1a:
                    4f:1a:bc:70:e0:03:a7:bd:db:c0:4c:8d:79:3d:93:
                    3a:27:bf:e2:a3:c4:3d:7c:af:ae:22:75:b8:8f:23:
                    ac:84:29:16:e9:e6:45:e0:ec:7f:3a:46:3a:fc:66:
                    a1:98:cd:80:2a:36:21:75:a6:23:9c:ec:27:78:e4:
                    08:50:59:8d:8d:bb:ec:24:21:13:1e:37:c2:0c:23:
                    1f:1c:87:2b:a7:05:6c:93:ba:78:70:f3:6e:e0:b6:
                    02:c5:50:f2:69:66:dd:dc:da:09:68:46:90:b6:fb:
                    77:7e:5d:d3:2a:3c:fc:6b:5e:c3:4e:05:f1:93:16:
                    ed:95:4a:51:9d:0d:0f:8e:04:cb:e2:15:c2:d1:df:
                    09:c7:50:fe:4f:9f:c3:9a:8b:26:ce:02:fd:4b:6c:
                    a4:cf:b6:a8:7f:73:22:58:da:d5:1f:6f:7f:05:e3:
                    13:73:0c:4e:0f:f5:62:72:2d:cc:76:d4:46:a5:81:
                    ee:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:7E:E4:55:93:EA:9B:51:B0:74:CE:B9:9F:CA:9F:2C:FD:9E:A5:A0
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F37kVZPqm1GwdM65n8qfLP2epaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.153.0/24
                  62.197.128.0/24
                  62.197.132.0/24
                  89.43.209.0/24
                  89.43.211.0/24
                  91.209.12.0/24
                  103.205.25.0/24
                  103.205.27.0/24
                  178.239.193.0-178.239.194.255
                  178.239.200.0/24
                  185.229.105.0/24
                  185.245.236.0/24
                  223.27.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:d6:3f:5d:60:10:1c:6f:1b:43:28:2a:62:1f:df:c7:6e:de:
         eb:df:c4:1c:40:1b:1a:67:7c:6d:86:9a:e9:92:ad:ff:a4:18:
         24:71:22:48:1f:18:50:2e:51:26:99:bc:3c:cd:90:1e:ed:ec:
         3f:1d:1c:e8:f8:6a:54:bb:b7:ad:44:2e:1f:2d:22:14:0b:a3:
         8f:d9:e0:d1:b9:21:07:9b:fc:c9:b7:9c:8e:69:42:f7:ed:17:
         4a:ec:e1:1d:ba:d0:2f:13:68:2a:13:05:50:8f:1d:ec:bc:fd:
         a6:06:66:5a:21:df:8f:16:86:c0:50:cf:8b:94:0f:db:3f:5b:
         65:dc:28:43:7b:a6:40:d6:54:fc:35:c6:31:67:43:60:c2:5d:
         29:40:4d:aa:53:80:72:81:ff:0a:fe:d9:c8:bc:76:00:15:46:
         74:0e:cb:1f:d7:08:ee:47:1d:75:90:06:56:b0:4e:53:51:f3:
         40:92:d3:09:21:75:ce:05:0d:70:2d:f1:3a:52:01:b5:48:8d:
         03:64:5c:e4:95:24:38:ee:3d:a3:0f:69:4f:46:89:49:e0:d2:
         2e:c5:56:b4:00:71:68:71:e8:1d:4e:bc:5b:bd:69:e4:09:1a:
         ab:19:a7:f4:21:8c:3d:25:08:11:19:fe:15:d6:dc:f4:30:be:
         25:be:85:56
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYa/34EFwJXENb1HgOZ04dlcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA4MDYxOTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzdlZTQ1NTkzZWE5YjUxYjA3NGNlYjk5ZmNhOWYyY2ZkOWVhNWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmL5zbJMYH9Gx/MeCJBeXd3jPNbWW
1nFcQNRjlQ6pAEz7t5VJ5JZ7wo2vtcZlWVuWWB9OtgY42Gh3Cxe2gKO/YsgX3zlD
fj6DFRpPGrxw4AOnvdvATI15PZM6J7/io8Q9fK+uInW4jyOshCkW6eZF4Ox/OkY6
/GahmM2AKjYhdaYjnOwneOQIUFmNjbvsJCETHjfCDCMfHIcrpwVsk7p4cPNu4LYC
xVDyaWbd3NoJaEaQtvt3fl3TKjz8a17DTgXxkxbtlUpRnQ0PjgTL4hXC0d8Jx1D+
T5/DmosmzgL9S2ykz7aof3MiWNrVH29/BeMTcwxOD/Vici3MdtRGpYHuJQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFBd+5FWT6ptRsHTOuZ/Knyz9nqWgMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRjM3a1ZaUHFtMUd3ZE02NW44cWZMUDJlcGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALZ+ZAwQA
PsWAAwQAPsWEAwQAWSvRAwQAWSvTAwQAW9EMAwQAZ80ZAwQAZ80bMAwDBACy78ED
BACy78IDBACy78gDBAC55WkDBAC59ewDBADfG3IwDQYJKoZIhvcNAQELBQADggEB
ACjWP11gEBxvG0MoKmIf38du3uvfxBxAGxpnfG2GmumSrf+kGCRxIkgfGFAuUSaZ
vDzNkB7t7D8dHOj4alS7t61ELh8tIhQLo4/Z4NG5IQeb/Mm3nI5pQvftF0rs4R26
0C8TaCoTBVCPHey8/aYGZloh348WhsBQz4uUD9s/W2XcKEN7pkDWVPw1xjFnQ2DC
XSlATapTgHKB/wr+2ci8dgAVRnQOyx/XCO5HHXWQBlawTlNR80CS0wkhdc4FDXAt
8TpSAbVIjQNkXOSVJDjuPaMPaU9GiUng0i7FVrQAcWhx6B1OvFu9aeQJGqsZp/Qh
jD0lCBEZ/hXW3PQwviW+hVY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org