Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Jr5cWYfuhb5OP4VWyDeQQR_mc_g.roa
File:                     Jr5cWYfuhb5OP4VWyDeQQR_mc_g.roa (raw, json)
Hash identifier:          VkC2ZpdHfiPlpVe5B250XbwhhhRp365qCYNmPzuNROk=
Subject key identifier:   26:BE:5C:59:87:EE:85:BE:4E:3F:85:56:C8:37:90:41:1F:E6:73:F8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01877AA75EBF0A57C733368FDAE11F96CD80
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Jr5cWYfuhb5OP4VWyDeQQR_mc_g.roa
Signing time:             Thu 13 Apr 2023 12:46:41 +0000
ROA not before:           Thu 13 Apr 2023 12:46:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.230.248.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          185.229.106.0/24 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          193.19.106.0/24 maxlen: 24
                          192.166.208.0/22 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          178.239.203.0/24 maxlen: 24
                          78.142.242.0/23 maxlen: 24
                          185.121.230.0/24 maxlen: 24
                          185.9.54.0/24 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          185.103.75.0/24 maxlen: 24
                          178.239.192.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7a:a7:5e:bf:0a:57:c7:33:36:8f:da:e1:1f:96:cd:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 13 12:46:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=26be5c5987ee85be4e3f8556c83790411fe673f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0b:89:b1:57:53:d7:be:15:da:31:e3:51:b9:
                    3d:94:e9:47:34:15:17:9c:af:05:80:fa:af:09:a1:
                    d2:11:0b:52:1b:c9:8e:bd:e0:af:d8:17:b3:14:2d:
                    b2:fc:59:15:d5:78:28:f6:bd:35:9b:3f:95:45:6e:
                    d6:62:96:30:38:46:c9:54:f5:be:2c:59:bc:64:6f:
                    57:6e:14:77:5c:59:5c:09:f2:0b:bf:9c:1d:a1:20:
                    c4:1c:9b:6d:38:44:92:db:73:83:9f:4c:77:3b:16:
                    42:dc:34:9a:56:71:c0:c7:c0:fb:36:63:41:84:b7:
                    1b:df:22:ee:c5:e5:ee:8a:81:79:47:6f:fd:5f:ef:
                    59:f5:ce:8f:b8:53:82:00:de:8a:f7:9f:40:40:9e:
                    3f:84:5b:09:5c:f5:31:31:15:be:b5:28:64:c7:88:
                    b2:a5:c7:5f:5c:31:ab:98:06:8f:e9:e7:0c:59:f8:
                    de:60:4d:f2:ef:5c:00:b0:84:dd:f5:e6:d9:2e:bf:
                    6c:ee:e5:40:a1:78:91:15:49:a7:c3:8e:01:b5:c8:
                    7d:05:4b:26:40:22:40:45:75:46:96:08:0f:33:4a:
                    e4:50:47:ee:bb:8a:3d:4f:49:41:1c:ee:43:f9:fd:
                    94:bd:db:8f:4f:9f:f5:a7:8e:e4:45:28:a9:ba:a4:
                    d4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BE:5C:59:87:EE:85:BE:4E:3F:85:56:C8:37:90:41:1F:E6:73:F8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Jr5cWYfuhb5OP4VWyDeQQR_mc_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0/24
                  45.159.154.0/24
                  62.197.135.0/24
                  78.142.242.0/23
                  89.43.208.0/24
                  178.239.192.0/24
                  178.239.203.0/24
                  185.9.54.0/24
                  185.103.75.0/24
                  185.121.230.0/23
                  185.229.104.0/24
                  185.229.106.0/24
                  185.230.248.0/24
                  185.245.237.0/24
                  192.166.208.0/22
                  193.19.106.0/24
                  194.4.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:3e:2f:be:c6:d8:5f:1b:b5:ee:c7:89:25:26:21:85:e7:24:
         77:12:b7:de:ee:db:01:3b:8a:a0:dc:e2:f1:34:4b:a3:75:2f:
         ea:da:af:bf:98:68:aa:05:8c:d6:18:d7:df:57:06:e3:4a:4c:
         b7:bc:6d:1b:8d:9a:b2:88:14:cb:1f:3d:9b:b1:30:70:2a:14:
         f8:ad:20:5a:4e:fa:ba:35:fb:16:4b:7b:ad:7d:c3:a2:62:a4:
         4c:8f:39:6a:41:ca:45:fe:d4:5d:b0:5e:b9:bc:8a:83:4d:1f:
         64:78:ea:39:bc:27:8e:01:55:92:54:fe:f6:bb:7a:0f:bb:e4:
         85:d7:5b:62:79:51:30:f2:02:be:ca:bc:03:68:c7:95:74:fd:
         57:e3:b6:20:70:45:01:04:84:ae:19:ae:7f:f6:a5:55:11:92:
         d8:12:bf:e1:a0:e9:dd:24:73:40:8d:f3:49:fa:05:71:c3:fd:
         16:55:93:c5:ce:ad:b2:28:9d:ee:ba:8d:4b:f8:60:f2:eb:59:
         8e:05:5a:33:4b:57:18:59:7c:4b:c4:20:6b:da:99:9b:33:1e:
         d7:eb:da:32:4f:56:1a:f8:09:6d:a8:3f:cc:e1:ba:3f:66:66:
         9e:e2:3c:17:95:54:c6:34:ca:73:2e:f1:f0:9d:3c:c3:d7:b7:
         ff:3d:59:b7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYd6p16/ClfHMzaP2uEfls2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEzMTI0NjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmJlNWM1OTg3ZWU4NWJlNGUzZjg1NTZjODM3OTA0MTFmZTY3M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAuJsVdT174V2jHjUbk9lOlHNBUX
nK8FgPqvCaHSEQtSG8mOveCv2BezFC2y/FkV1Xgo9r01mz+VRW7WYpYwOEbJVPW+
LFm8ZG9XbhR3XFlcCfILv5wdoSDEHJttOESS23ODn0x3OxZC3DSaVnHAx8D7NmNB
hLcb3yLuxeXuioF5R2/9X+9Z9c6PuFOCAN6K959AQJ4/hFsJXPUxMRW+tShkx4iy
pcdfXDGrmAaP6ecMWfjeYE3y71wAsITd9ebZLr9s7uVAoXiRFUmnw44Btch9BUsm
QCJARXVGlggPM0rkUEfuu4o9T0lBHO5D+f2UvduPT5/1p47kRSipuqTU2QIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFCa+XFmH7oW+Tj+FVsg3kEEf5nP4MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSnI1Y1dZZnVoYjVPUDRWV3lEZVFRUl9tY19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQALZ+YAwQA
LZ+aAwQAPsWHAwQBTo7yAwQAWSvQAwQAsu/AAwQAsu/LAwQAuQk2AwQAuWdLAwQB
uXnmAwQAueVoAwQAueVqAwQAueb4AwQAufXtAwQCwKbQAwQAwRNqAwQAwgSfMA0G
CSqGSIb3DQEBCwUAA4IBAQBAPi++xthfG7Xux4klJiGF5yR3Erfe7tsBO4qg3OLx
NEujdS/q2q+/mGiqBYzWGNffVwbjSky3vG0bjZqyiBTLHz2bsTBwKhT4rSBaTvq6
NfsWS3utfcOiYqRMjzlqQcpF/tRdsF65vIqDTR9keOo5vCeOAVWSVP72u3oPu+SF
11tieVEw8gK+yrwDaMeVdP1X47YgcEUBBISuGa5/9qVVEZLYEr/hoOndJHNAjfNJ
+gVxw/0WVZPFzq2yKJ3uuo1L+GDy61mOBVozS1cYWXxLxCBr2pmbMx7X69oyT1Ya
+AltqD/M4bo/Zmae4jwXlVTGNMpzLvHwnTzD17f/PVm3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org