Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F7txrGSr80q8ifQ0NHSbm90sZgU.roa
File:                     F7txrGSr80q8ifQ0NHSbm90sZgU.roa (raw, json)
Hash identifier:          Rr8IxX4w7gnDK92pfb4Qnqv/KFh6xjYS5YR4Ks22tAk=
Subject key identifier:   17:BB:71:AC:64:AB:F3:4A:BC:89:F4:34:34:74:9B:9B:DD:2C:66:05
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0188D7237103F30C93F8F8286C66A720BC54
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F7txrGSr80q8ifQ0NHSbm90sZgU.roa
Signing time:             Tue 20 Jun 2023 04:50:04 +0000
ROA not before:           Tue 20 Jun 2023 04:50:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.33.14.0/24 maxlen: 24
                          193.19.106.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24
                          103.205.26.0/24 maxlen: 24
                          103.205.25.0/24 maxlen: 24
                          103.205.27.0/24 maxlen: 24
                          185.230.250.0/24 maxlen: 24
                          185.230.248.0/24 maxlen: 24
                          185.230.249.0/24 maxlen: 24
                          192.166.212.0/22 maxlen: 24
                          193.42.52.0/24 maxlen: 24
                          193.42.54.0/23 maxlen: 24
                          185.9.54.0/24 maxlen: 24
                          62.197.132.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          185.103.73.0/24 maxlen: 24
                          185.115.146.0/24 maxlen: 24
                          77.75.62.0/24 maxlen: 24
                          77.75.60.0/24 maxlen: 24
                          77.75.63.0/24 maxlen: 24
                          194.4.156.0/23 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          185.115.144.0/24 maxlen: 24
                          185.115.144.0/23 maxlen: 24
                          185.115.145.0/24 maxlen: 24
                          78.142.242.0/24 maxlen: 24
                          78.142.242.0/23 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24
                          45.159.153.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          185.229.105.0/24 maxlen: 24
                          185.229.106.0/24 maxlen: 24
                          185.229.107.0/24 maxlen: 24
                          89.43.211.0/24 maxlen: 24
                          89.43.210.0/23 maxlen: 24
                          185.245.238.0/24 maxlen: 24
                          185.245.236.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24
                          185.245.239.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          89.43.210.0/24 maxlen: 24
                          89.47.89.0/24 maxlen: 24
                          178.239.201.0/24 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          178.239.203.0/24 maxlen: 24
                          185.121.228.0/24 maxlen: 24
                          178.239.200.0/24 maxlen: 24
                          185.121.230.0/24 maxlen: 24
                          93.114.246.0/24 maxlen: 24
                          185.236.62.0/24 maxlen: 24
                          185.236.63.0/24 maxlen: 24
                          223.27.112.0/24 maxlen: 24
                          178.239.192.0/23 maxlen: 24
                          178.239.192.0/24 maxlen: 24
                          178.239.193.0/24 maxlen: 24
                          178.239.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d7:23:71:03:f3:0c:93:f8:f8:28:6c:66:a7:20:bc:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jun 20 04:50:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17bb71ac64abf34abc89f43434749b9bdd2c6605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b1:d2:84:79:58:de:96:f8:50:5a:ed:10:6c:
                    86:7e:87:1f:93:20:6c:43:20:0e:a7:d0:e5:6d:ef:
                    54:98:f0:b3:73:4a:8a:e8:04:ad:58:f6:86:8e:d6:
                    cd:22:2b:97:4a:30:84:13:3d:b7:9a:9e:ca:f0:f1:
                    f9:95:f8:4d:f8:d5:20:2a:98:f4:66:b8:af:6c:ab:
                    4f:1b:40:d4:23:0a:f0:f6:73:38:48:75:f2:d8:01:
                    90:bb:dc:7e:33:26:3d:22:e5:1c:fb:c4:86:42:8e:
                    3a:26:36:97:32:1c:c3:89:90:8e:2c:74:01:8a:d0:
                    70:a1:a5:b1:f4:60:e4:ef:8e:73:81:f8:96:b1:29:
                    3b:bb:13:d7:68:68:e2:40:fb:a0:ab:35:98:6c:cb:
                    bb:cc:d4:b3:ef:28:be:2b:bc:f2:9e:44:eb:18:19:
                    de:5f:b7:6e:ac:52:53:d8:d1:fd:e6:85:77:f8:23:
                    be:7c:9d:32:84:6c:e6:ec:67:f5:5a:dd:9f:a7:a4:
                    8f:6c:35:a1:5c:fd:62:79:9e:bd:22:a4:d7:f7:95:
                    e1:e8:39:f4:f7:ae:27:f7:1e:89:e7:a0:01:5b:f7:
                    81:11:92:db:5e:18:c5:64:18:06:5d:f7:3e:50:31:
                    41:d3:fe:58:20:04:d4:5f:93:ca:95:d9:45:54:6e:
                    e7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BB:71:AC:64:AB:F3:4A:BC:89:F4:34:34:74:9B:9B:DD:2C:66:05
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F7txrGSr80q8ifQ0NHSbm90sZgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0-45.159.154.255
                  62.197.132.0/24
                  62.197.135.0/24
                  77.75.60.0/24
                  77.75.62.0/23
                  78.142.242.0/23
                  89.33.14.0/24
                  89.43.208.0/24
                  89.43.210.0/23
                  89.47.89.0/24
                  93.114.246.0/24
                  103.205.25.0-103.205.27.255
                  178.239.192.0-178.239.194.255
                  178.239.200.0/23
                  178.239.203.0/24
                  185.9.54.0/24
                  185.103.73.0/24
                  185.115.144.0-185.115.146.255
                  185.121.228.0/24
                  185.121.230.0/23
                  185.229.104.0/22
                  185.230.248.0-185.230.250.255
                  185.236.62.0/23
                  185.245.236.0/22
                  192.166.212.0/22
                  193.19.106.0/24
                  193.42.52.0/24
                  193.42.54.0/23
                  194.4.156.0/23
                  194.4.159.0/24
                  203.0.8.0/24
                  213.32.249.0/24
                  223.27.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:65:d3:d1:f9:c8:a9:58:6d:b9:01:49:1e:57:b7:3a:07:a7:
         5a:8d:82:d2:fb:93:4f:0d:44:57:60:84:ae:33:8a:47:76:62:
         5f:2a:e5:e2:59:17:8f:a4:1f:ff:f5:c0:8e:2f:2e:f1:f3:21:
         8f:5a:6b:78:86:ef:84:bb:50:91:82:33:9d:71:da:45:44:b2:
         18:47:83:e7:15:0d:2a:94:72:d7:d3:38:66:6a:4d:a0:2c:16:
         07:ce:e6:b6:5b:66:45:48:6a:0c:85:8f:d9:8d:7c:76:40:91:
         33:4c:f4:a3:ef:fb:be:cd:73:d8:00:02:ff:ef:05:19:c6:34:
         f3:2f:91:78:4b:7d:3b:82:10:d8:73:bd:72:7c:bc:6a:16:3d:
         f1:55:d6:dd:ed:b3:12:2a:a4:90:d4:60:2f:da:96:89:64:1c:
         02:04:5f:6f:7d:71:05:2f:92:2d:5c:89:b6:fa:53:b3:e3:30:
         fc:87:d0:d1:6f:0d:d9:ca:58:39:c6:41:59:bd:3d:8d:5c:b6:
         c2:ed:ba:40:1b:6c:6f:b5:69:36:c5:e3:ba:21:1b:5b:01:9d:
         33:74:27:fb:a7:06:c1:d6:75:81:3a:bc:0e:fd:8f:c3:31:24:
         58:1e:9b:4d:ac:71:c8:4b:cd:d4:12:00:0b:99:7f:da:df:c2:
         70:8d:3b:49
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAYjXI3ED8wyT+PgobGanILxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjIwMDQ1MDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2JiNzFhYzY0YWJmMzRhYmM4OWY0MzQzNDc0OWI5YmRkMmM2NjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbHShHlY3pb4UFrtEGyGfocfkyBs
QyAOp9Dlbe9UmPCzc0qK6AStWPaGjtbNIiuXSjCEEz23mp7K8PH5lfhN+NUgKpj0
ZrivbKtPG0DUIwrw9nM4SHXy2AGQu9x+MyY9IuUc+8SGQo46JjaXMhzDiZCOLHQB
itBwoaWx9GDk745zgfiWsSk7uxPXaGjiQPugqzWYbMu7zNSz7yi+K7zynkTrGBne
X7durFJT2NH95oV3+CO+fJ0yhGzm7Gf1Wt2fp6SPbDWhXP1ieZ69IqTX95Xh6Dn0
964n9x6J56ABW/eBEZLbXhjFZBgGXfc+UDFB0/5YIATUX5PKldlFVG7nKwIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFBe7caxkq/NKvIn0NDR0m5vdLGYFMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRjd0eHJHU3I4MHE4aWZRME5IU2JtOTBzWmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCwYIKwYBBQUHAQcBAf8EgfswgfgwgfUEAgABMIHuMAwD
BAMtn5gDBAAtn5oDBAA+xYQDBAA+xYcDBABNSzwDBAFNSz4DBAFOjvIDBABZIQ4D
BABZK9ADBAFZK9IDBABZL1kDBABdcvYwDAMEAGfNGQMEAmfNGDAMAwQGsu/AAwQA
su/CAwQBsu/IAwQAsu/LAwQAuQk2AwQAuWdJMAwDBAS5c5ADBAC5c5IDBAC5eeQD
BAG5eeYDBAK55WgwDAMEA7nm+AMEALnm+gMEAbnsPgMEArn17AMEAsCm1AMEAMET
agMEAMEqNAMEAcEqNgMEAcIEnAMEAMIEnwMEAMsACAMEANUg+QMEAN8bcDANBgkq
hkiG9w0BAQsFAAOCAQEAEmXT0fnIqVhtuQFJHle3OgenWo2C0vuTTw1EV2CErjOK
R3ZiXyrl4lkXj6Qf//XAji8u8fMhj1preIbvhLtQkYIznXHaRUSyGEeD5xUNKpRy
19M4ZmpNoCwWB87mtltmRUhqDIWP2Y18dkCRM0z0o+/7vs1z2AAC/+8FGcY08y+R
eEt9O4IQ2HO9cny8ahY98VXW3e2zEiqkkNRgL9qWiWQcAgRfb31xBS+SLVyJtvpT
s+Mw/IfQ0W8N2cpYOcZBWb09jVy2wu26QBtsb7VpNsXjuiEbWwGdM3Qn+6cGwdZ1
gTq8Dv2PwzEkWB6bTaxxyEvN1BIAC5l/2t/CcI07SQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org