Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aqlaXflKbYUWM8a9IZZ6JE9S49M.roa
File:                     aqlaXflKbYUWM8a9IZZ6JE9S49M.roa (raw, json)
Hash identifier:          2siqO5lXCfAD2MfmIAMKaaYYzQQFUJqNBtTgZsMKg2o=
Subject key identifier:   6A:A9:5A:5D:F9:4A:6D:85:16:33:C6:BD:21:96:7A:24:4F:52:E3:D3
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01887A7B2B0D926C8CF1DB0646ABFB82CE8D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aqlaXflKbYUWM8a9IZZ6JE9S49M.roa
Signing time:             Fri 02 Jun 2023 05:01:12 +0000
ROA not before:           Fri 02 Jun 2023 05:01:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        193.19.106.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24
                          103.205.25.0/24 maxlen: 24
                          185.230.248.0/24 maxlen: 24
                          185.230.249.0/24 maxlen: 24
                          192.166.212.0/22 maxlen: 24
                          193.42.52.0/24 maxlen: 24
                          193.42.54.0/23 maxlen: 24
                          185.9.54.0/24 maxlen: 24
                          62.197.132.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          185.103.73.0/24 maxlen: 24
                          185.103.75.0/24 maxlen: 24
                          185.115.146.0/24 maxlen: 24
                          77.75.62.0/24 maxlen: 24
                          77.75.60.0/24 maxlen: 24
                          194.4.156.0/23 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          185.115.144.0/24 maxlen: 24
                          185.115.144.0/23 maxlen: 24
                          185.115.145.0/24 maxlen: 24
                          78.142.242.0/23 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24
                          45.159.153.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          185.229.105.0/24 maxlen: 24
                          185.229.106.0/24 maxlen: 24
                          185.229.107.0/24 maxlen: 24
                          89.43.210.0/23 maxlen: 24
                          89.43.211.0/24 maxlen: 24
                          185.245.238.0/24 maxlen: 24
                          185.245.236.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          89.43.210.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          178.239.203.0/24 maxlen: 24
                          185.121.228.0/24 maxlen: 24
                          178.239.200.0/24 maxlen: 24
                          185.121.230.0/24 maxlen: 24
                          185.236.62.0/24 maxlen: 24
                          185.236.63.0/24 maxlen: 24
                          223.27.112.0/24 maxlen: 24
                          178.239.192.0/23 maxlen: 24
                          178.239.192.0/24 maxlen: 24
                          178.239.193.0/24 maxlen: 24
                          178.239.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7a:7b:2b:0d:92:6c:8c:f1:db:06:46:ab:fb:82:ce:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jun  2 05:01:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6aa95a5df94a6d851633c6bd21967a244f52e3d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:13:72:01:f1:c7:10:e2:9d:c0:af:b1:fa:22:
                    cf:f8:7f:bd:1d:46:3a:cf:e5:53:19:a5:ad:58:7c:
                    fa:4a:25:62:dc:38:58:f1:bb:fe:33:bd:ba:56:91:
                    35:91:1e:7f:b2:e3:d5:49:da:8f:02:0b:bc:8c:32:
                    92:39:db:87:cb:17:e0:c6:d9:d5:9e:a3:1f:ba:0d:
                    ef:ab:46:e0:b4:d4:5c:12:87:0d:a2:41:fe:4a:9d:
                    2c:a4:0d:51:60:34:81:77:1e:67:5a:04:e2:6b:d7:
                    f1:09:2d:7b:43:43:01:ec:a8:27:01:7f:ce:5e:fa:
                    c1:01:ea:a8:be:de:86:a9:3e:5e:95:f4:83:97:39:
                    48:1e:3d:9f:a4:81:a2:86:8d:93:e7:1c:0c:84:9b:
                    1a:c6:07:e9:cb:b9:20:66:c8:ee:38:88:4a:15:08:
                    4b:99:3d:9e:5c:ba:b9:6d:e2:78:2b:6e:e1:1b:9c:
                    49:ec:98:d6:ea:8e:9d:0a:d2:da:80:94:fc:20:d5:
                    fe:72:95:16:04:50:ea:ce:cb:04:b7:73:65:92:47:
                    c3:77:fc:98:0d:cc:d0:61:72:53:2a:d2:d3:56:bd:
                    6f:e4:5a:70:ec:40:6f:0e:97:5e:bb:0c:2d:8e:33:
                    4a:f3:80:34:fa:da:2c:50:35:0f:db:c0:a5:20:6a:
                    64:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A9:5A:5D:F9:4A:6D:85:16:33:C6:BD:21:96:7A:24:4F:52:E3:D3
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/aqlaXflKbYUWM8a9IZZ6JE9S49M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0-45.159.154.255
                  62.197.132.0/24
                  62.197.135.0/24
                  77.75.60.0/24
                  77.75.62.0/24
                  78.142.242.0/23
                  89.43.208.0/24
                  89.43.210.0/23
                  103.205.25.0/24
                  178.239.192.0-178.239.194.255
                  178.239.200.0/24
                  178.239.203.0/24
                  185.9.54.0/24
                  185.103.73.0/24
                  185.103.75.0/24
                  185.115.144.0-185.115.146.255
                  185.121.228.0/24
                  185.121.230.0/23
                  185.229.104.0/22
                  185.230.248.0/23
                  185.236.62.0/23
                  185.245.236.0-185.245.238.255
                  192.166.212.0/22
                  193.19.106.0/24
                  193.42.52.0/24
                  193.42.54.0/23
                  194.4.156.0/23
                  194.4.159.0/24
                  203.0.8.0/24
                  213.32.249.0/24
                  223.27.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:d1:c5:44:9c:98:9a:92:73:f2:9c:2c:46:2b:3f:75:dc:1b:
         97:2b:80:5c:71:8f:83:2d:8d:e0:37:d9:ec:2b:21:7c:20:51:
         37:91:25:5f:ce:da:a9:5a:c8:4d:33:a2:92:f1:97:de:6f:57:
         60:29:06:1b:1c:56:bd:6d:47:d7:ab:97:f3:5d:ba:6a:82:3d:
         cd:44:7c:da:40:d0:26:c5:53:26:88:8f:fc:2c:6d:fc:f1:18:
         6a:8f:a0:f4:22:90:d7:4a:86:8e:a3:02:ae:97:0f:cc:92:74:
         24:9a:7a:65:72:a5:d2:27:9e:82:4e:79:d1:2d:68:ce:4a:24:
         b8:0c:3a:6e:9a:45:32:f4:73:d8:bf:84:0d:49:cf:83:7f:d2:
         34:35:d1:6d:2f:00:19:00:c1:92:91:be:9d:a4:a9:c4:99:1b:
         be:a9:07:7f:77:2e:6b:0e:4a:f4:d7:64:15:59:7c:ba:73:6b:
         6b:97:a7:c0:82:1b:74:a4:3d:65:82:7c:f7:fc:2e:f4:16:29:
         b4:f3:8f:e0:20:3c:6a:9d:33:41:78:ff:59:a1:44:4b:77:8f:
         1e:e5:87:81:ae:7b:c5:73:fb:0f:43:23:8e:61:7d:60:b3:77:
         43:18:ec:c2:57:93:54:e1:fa:2d:cc:7d:df:a9:5b:94:a3:7a:
         68:fd:ad:86
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAYh6eysNkmyM8dsGRqv7gs6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjAyMDUwMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE5NWE1ZGY5NGE2ZDg1MTYzM2M2YmQyMTk2N2EyNDRmNTJlM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hNyAfHHEOKdwK+x+iLP+H+9HUY6
z+VTGaWtWHz6SiVi3DhY8bv+M726VpE1kR5/suPVSdqPAgu8jDKSOduHyxfgxtnV
nqMfug3vq0bgtNRcEocNokH+Sp0spA1RYDSBdx5nWgTia9fxCS17Q0MB7KgnAX/O
XvrBAeqovt6GqT5elfSDlzlIHj2fpIGiho2T5xwMhJsaxgfpy7kgZsjuOIhKFQhL
mT2eXLq5beJ4K27hG5xJ7JjW6o6dCtLagJT8INX+cpUWBFDqzssEt3NlkkfDd/yY
DczQYXJTKtLTVr1v5Fpw7EBvDpdeuwwtjjNK84A0+tosUDUP28ClIGpkRQIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFGqpWl35Sm2FFjPGvSGWeiRPUuPTMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYXFsYVhmbEtiWVVXTThhOUlaWjZKRTlTNDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH3BggrBgEFBQcBBwEB/wSB5zCB5DCB4QQCAAEwgdowDAME
Ay2fmAMEAC2fmgMEAD7FhAMEAD7FhwMEAE1LPAMEAE1LPgMEAU6O8gMEAFkr0AME
AVkr0gMEAGfNGTAMAwQGsu/AAwQAsu/CAwQAsu/IAwQAsu/LAwQAuQk2AwQAuWdJ
AwQAuWdLMAwDBAS5c5ADBAC5c5IDBAC5eeQDBAG5eeYDBAK55WgDBAG55vgDBAG5
7D4wDAMEArn17AMEALn17gMEAsCm1AMEAMETagMEAMEqNAMEAcEqNgMEAcIEnAME
AMIEnwMEAMsACAMEANUg+QMEAN8bcDANBgkqhkiG9w0BAQsFAAOCAQEAI9HFRJyY
mpJz8pwsRis/ddwblyuAXHGPgy2N4DfZ7CshfCBRN5ElX87aqVrITTOikvGX3m9X
YCkGGxxWvW1H16uX8126aoI9zUR82kDQJsVTJoiP/Cxt/PEYao+g9CKQ10qGjqMC
rpcPzJJ0JJp6ZXKl0ieegk550S1ozkokuAw6bppFMvRz2L+EDUnPg3/SNDXRbS8A
GQDBkpG+naSpxJkbvqkHf3cuaw5K9NdkFVl8unNra5enwIIbdKQ9ZYJ89/wu9BYp
tPOP4CA8ap0zQXj/WaFES3ePHuWHga57xXP7D0MjjmF9YLN3QxjswleTVOH6Lcx9
36lblKN6aP2thg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org