Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cgrfepZdgsOaWtSgvPlDU9_qd14.roa
File:                     cgrfepZdgsOaWtSgvPlDU9_qd14.roa (raw, json)
Hash identifier:          E5BlFhR1sqrvH2M/dFLOqTVBswFHxa6e6cmMLttHtUQ=
Subject key identifier:   72:0A:DF:7A:96:5D:82:C3:9A:5A:D4:A0:BC:F9:43:53:DF:EA:77:5E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018A6958E4C43BE565C1EF10EAD9D9D52DE9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cgrfepZdgsOaWtSgvPlDU9_qd14.roa
Signing time:             Wed 06 Sep 2023 07:15:47 +0000
ROA not before:           Wed 06 Sep 2023 07:15:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.33.14.0/24 maxlen: 24
                          193.19.106.0/24 maxlen: 24
                          213.32.250.0/24 maxlen: 24
                          213.32.248.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24
                          213.32.251.0/24 maxlen: 24
                          103.205.24.0/24 maxlen: 24
                          103.205.26.0/24 maxlen: 24
                          103.205.25.0/24 maxlen: 24
                          103.205.27.0/24 maxlen: 24
                          188.214.27.0/24 maxlen: 24
                          185.230.250.0/24 maxlen: 24
                          185.230.248.0/24 maxlen: 24
                          185.230.251.0/24 maxlen: 24
                          185.230.249.0/24 maxlen: 24
                          192.166.212.0/22 maxlen: 24
                          193.42.52.0/24 maxlen: 24
                          193.42.53.0/24 maxlen: 24
                          193.42.54.0/23 maxlen: 24
                          185.9.54.0/24 maxlen: 24
                          62.197.132.0/24 maxlen: 24
                          62.197.134.0/24 maxlen: 24
                          62.197.133.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.103.74.0/24 maxlen: 24
                          185.103.73.0/24 maxlen: 24
                          185.115.146.0/24 maxlen: 24
                          185.115.147.0/24 maxlen: 24
                          77.75.62.0/24 maxlen: 24
                          77.75.60.0/24 maxlen: 24
                          77.75.63.0/24 maxlen: 24
                          194.4.158.0/24 maxlen: 24
                          194.4.156.0/23 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          185.115.144.0/24 maxlen: 24
                          185.115.144.0/23 maxlen: 24
                          185.115.145.0/24 maxlen: 24
                          78.142.242.0/24 maxlen: 24
                          78.142.242.0/23 maxlen: 24
                          78.142.241.0/24 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24
                          45.159.153.0/24 maxlen: 24
                          45.159.155.0/24 maxlen: 24
                          89.38.101.0/24 maxlen: 24
                          89.40.160.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          185.229.105.0/24 maxlen: 24
                          185.229.106.0/24 maxlen: 24
                          185.229.107.0/24 maxlen: 24
                          203.0.9.0/24 maxlen: 24
                          89.43.210.0/23 maxlen: 24
                          185.245.238.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          89.43.211.0/24 maxlen: 24
                          89.43.209.0/24 maxlen: 24
                          185.245.236.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          89.43.212.0/22 maxlen: 24
                          89.43.210.0/24 maxlen: 24
                          185.245.239.0/24 maxlen: 24
                          103.212.82.0/24 maxlen: 24
                          89.47.89.0/24 maxlen: 24
                          185.121.229.0/24 maxlen: 24
                          178.239.201.0/24 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          178.239.203.0/24 maxlen: 24
                          185.121.228.0/24 maxlen: 24
                          178.239.200.0/24 maxlen: 24
                          178.239.202.0/24 maxlen: 24
                          185.121.230.0/24 maxlen: 24
                          178.239.204.0/24 maxlen: 24
                          93.114.246.0/24 maxlen: 24
                          185.236.60.0/24 maxlen: 24
                          185.236.62.0/24 maxlen: 24
                          185.236.63.0/24 maxlen: 24
                          185.236.61.0/24 maxlen: 24
                          223.27.112.0/24 maxlen: 24
                          223.27.114.0/24 maxlen: 24
                          178.239.192.0/23 maxlen: 24
                          178.239.192.0/24 maxlen: 24
                          178.239.193.0/24 maxlen: 24
                          178.239.195.0/24 maxlen: 24
                          178.239.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:69:58:e4:c4:3b:e5:65:c1:ef:10:ea:d9:d9:d5:2d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Sep  6 07:15:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=720adf7a965d82c39a5ad4a0bcf94353dfea775e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c5:f2:3a:01:cc:59:8a:34:b2:78:1c:0d:f7:
                    bd:2a:5d:bb:4a:77:83:a2:f3:88:db:cf:fe:55:ef:
                    28:9d:24:74:6b:80:20:86:9b:c4:e8:0d:45:5a:22:
                    85:8f:6b:aa:12:0e:13:72:b0:2e:6e:b8:b8:39:02:
                    19:e7:f9:42:cc:0b:dc:33:f7:5b:3c:96:08:98:9c:
                    34:63:68:8c:da:e5:ca:a6:2e:fc:86:61:04:a8:64:
                    68:29:03:92:db:8d:41:1c:e4:3c:88:32:52:be:80:
                    9a:4b:ee:60:83:2e:1b:04:66:ff:4e:30:8a:26:6a:
                    ca:7d:2a:c3:e1:bf:49:51:34:32:e2:1f:9d:d0:25:
                    37:71:ca:ed:ee:14:fa:3f:01:0b:96:b2:19:a3:07:
                    6b:e8:14:98:38:07:74:50:cd:07:33:d8:18:5e:24:
                    d1:cb:33:83:74:f3:6e:0a:23:e4:31:58:04:db:91:
                    60:c1:8c:25:59:e7:95:53:58:d3:09:5d:23:22:c7:
                    22:5d:d3:1d:b4:0a:f5:14:5c:f1:32:f7:c0:84:a8:
                    b3:c3:36:da:4c:45:ab:31:9e:c0:cb:9b:f2:7f:a3:
                    98:d7:fb:c5:7f:d4:c8:32:d7:d1:d5:04:eb:aa:60:
                    61:90:62:c9:62:3c:64:9f:c0:a9:04:11:fd:64:61:
                    1a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0A:DF:7A:96:5D:82:C3:9A:5A:D4:A0:BC:F9:43:53:DF:EA:77:5E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cgrfepZdgsOaWtSgvPlDU9_qd14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0/22
                  62.197.132.0/22
                  77.75.60.0/24
                  77.75.62.0/23
                  78.142.241.0-78.142.243.255
                  89.33.14.0/24
                  89.38.101.0/24
                  89.40.160.0/24
                  89.43.208.0/21
                  89.47.89.0/24
                  93.114.246.0/24
                  103.205.24.0/22
                  103.212.82.0/24
                  178.239.192.0/22
                  178.239.200.0-178.239.204.255
                  185.9.54.0/24
                  185.103.72.0-185.103.74.255
                  185.115.144.0/22
                  185.121.228.0/22
                  185.229.104.0/22
                  185.230.248.0/22
                  185.236.60.0/22
                  185.245.236.0/22
                  188.214.27.0/24
                  192.166.212.0/22
                  193.19.106.0/24
                  193.42.52.0/22
                  194.4.156.0/22
                  203.0.8.0/23
                  213.32.248.0/22
                  223.27.112.0/24
                  223.27.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:62:8b:3e:5f:5d:9f:7a:c0:32:f8:e0:a3:d4:04:44:81:9a:
         48:13:bb:8b:e6:83:7f:d9:a8:25:1e:11:8a:26:1b:cc:dc:0d:
         3d:24:f4:5c:aa:4a:8d:83:bf:e0:7f:fa:bc:9a:02:52:1b:a4:
         f0:34:bd:c6:6f:3a:ee:51:dc:d4:c6:bd:fa:e7:8c:9a:5d:10:
         af:d2:9f:f4:ab:71:0e:24:ea:30:88:0a:ab:f4:2b:0d:33:1b:
         79:4e:de:4f:aa:7d:40:1c:d5:e6:76:44:4c:34:13:4a:13:d6:
         4a:d5:08:7b:5d:61:d3:16:9e:1a:d6:14:a7:38:35:df:b3:27:
         63:6d:35:b3:74:6d:45:25:2a:55:8d:03:28:c8:d9:12:ce:ef:
         f9:98:3f:57:00:f1:cb:8c:fb:17:14:1f:d7:07:43:d2:5b:61:
         5c:ad:5e:40:36:90:4f:2d:92:da:cc:88:08:65:e2:7c:3c:83:
         1f:3d:e2:bf:7b:02:05:a9:58:ca:be:d9:bc:a3:3e:f9:3b:a3:
         bf:93:78:50:d3:e5:d6:20:fe:dd:5a:af:d1:f6:ae:09:f6:ee:
         20:c8:01:fb:fb:bf:c5:2a:1b:2f:31:da:65:ab:1e:3f:95:5b:
         a9:7b:3c:b8:d1:7b:18:d2:c2:78:ea:af:91:f4:34:0e:3c:b9:
         33:72:d4:e8
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgISAYppWOTEO+Vlwe8Q6tnZ1S3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwOTA2MDcxNTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjBhZGY3YTk2NWQ4MmMzOWE1YWQ0YTBiY2Y5NDM1M2RmZWE3NzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcXyOgHMWYo0sngcDfe9Kl27SneD
ovOI28/+Ve8onSR0a4AghpvE6A1FWiKFj2uqEg4TcrAubri4OQIZ5/lCzAvcM/db
PJYImJw0Y2iM2uXKpi78hmEEqGRoKQOS241BHOQ8iDJSvoCaS+5ggy4bBGb/TjCK
JmrKfSrD4b9JUTQy4h+d0CU3ccrt7hT6PwELlrIZowdr6BSYOAd0UM0HM9gYXiTR
yzODdPNuCiPkMVgE25FgwYwlWeeVU1jTCV0jIsciXdMdtAr1FFzxMvfAhKizwzba
TEWrMZ7Ay5vyf6OY1/vFf9TIMtfR1QTrqmBhkGLJYjxkn8CpBBH9ZGEa4wIDAQAB
o4IC4DCCAtwwHQYDVR0OBBYEFHIK33qWXYLDmlrUoLz5Q1Pf6ndeMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvY2dyZmVwWmRnc09hV3RTZ3ZQbERVOV9xZDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH1BggrBgEFBQcBBwEB/wSB5TCB4jCB3wQCAAEwgdgDBAIt
n5gDBAI+xYQDBABNSzwDBAFNSz4wDAMEAE6O8QMEAk6O8AMEAFkhDgMEAFkmZQME
AFkooAMEA1kr0AMEAFkvWQMEAF1y9gMEAmfNGAMEAGfUUgMEArLvwDAMAwQDsu/I
AwQAsu/MAwQAuQk2MAwDBAO5Z0gDBAC5Z0oDBAK5c5ADBAK5eeQDBAK55WgDBAK5
5vgDBAK57DwDBAK59ewDBAC81hsDBALAptQDBADBE2oDBALBKjQDBALCBJwDBAHL
AAgDBALVIPgDBADfG3ADBADfG3IwDQYJKoZIhvcNAQELBQADggEBAE5iiz5fXZ96
wDL44KPUBESBmkgTu4vmg3/ZqCUeEYomG8zcDT0k9FyqSo2Dv+B/+ryaAlIbpPA0
vcZvOu5R3NTGvfrnjJpdEK/Sn/SrcQ4k6jCICqv0Kw0zG3lO3k+qfUAc1eZ2REw0
E0oT1krVCHtdYdMWnhrWFKc4Nd+zJ2NtNbN0bUUlKlWNAyjI2RLO7/mYP1cA8cuM
+xcUH9cHQ9JbYVytXkA2kE8tktrMiAhl4nw8gx894r97AgWpWMq+2byjPvk7o7+T
eFDT5dYg/t1ar9H2rgn27iDIAfv7v8UqGy8x2mWrHj+VW6l7PLjRexjSwnjqr5H0
NA48uTNy1Og=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org