Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dEWmy5YI_TuCyfBtEbq8DAZXFts.roa
File:                     dEWmy5YI_TuCyfBtEbq8DAZXFts.roa (raw, json)
Hash identifier:          MPbSLH43tWquznqvYwI2omD6+pzINJkkWxZdMtMmZN8=
Subject key identifier:   74:45:A6:CB:96:08:FD:3B:82:C9:F0:6D:11:BA:BC:0C:06:57:16:DB
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018958853423B17A8FB4CA2ADF9EF39152D1
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dEWmy5YI_TuCyfBtEbq8DAZXFts.roa
Signing time:             Sat 15 Jul 2023 07:47:51 +0000
ROA not before:           Sat 15 Jul 2023 07:47:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        188.241.243.0/24 maxlen: 24
                          185.255.39.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          188.241.214.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          188.213.203.0/24 maxlen: 24
                          188.213.202.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24
                          45.156.159.0/24 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.85.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          89.35.155.0/24 maxlen: 24
                          188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.155.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          87.247.150.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.230.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.233.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          188.241.110.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:58:85:34:23:b1:7a:8f:b4:ca:2a:df:9e:f3:91:52:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jul 15 07:47:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7445a6cb9608fd3b82c9f06d11babc0c065716db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6a:67:81:fa:b6:e6:02:15:ae:19:bf:f8:37:
                    cf:ff:d9:77:a2:c3:eb:c8:91:20:6d:6d:83:be:15:
                    26:99:7f:74:6c:3a:0b:bd:8e:93:a0:02:10:5c:11:
                    d4:8a:7a:5f:9a:43:89:09:b2:e4:0f:f3:01:b6:5b:
                    b0:8c:ea:5e:ea:c3:a1:9d:c6:e4:02:f1:b4:48:45:
                    4f:f2:8c:7a:aa:eb:53:3c:5d:44:2d:e7:ca:3a:b1:
                    ce:df:bb:65:12:ef:b0:9b:72:fe:7c:5d:62:d6:0b:
                    b4:d2:aa:4c:3e:dc:c8:78:47:c7:1a:b4:66:02:8c:
                    a1:a9:95:c4:54:5b:c7:b1:91:c1:83:a2:8e:97:2e:
                    99:95:c3:eb:60:fe:6b:c1:ec:3c:f2:27:29:c8:6b:
                    cf:fc:43:39:af:08:1a:6f:ce:65:75:12:fb:4f:9e:
                    09:e3:f7:c4:82:07:3a:a1:d3:e5:bc:e1:7a:49:8e:
                    d3:44:0a:d5:0d:7e:3f:16:d5:e3:fa:72:c9:0e:7c:
                    17:2d:0f:80:07:be:56:fb:6f:e1:b6:60:71:46:09:
                    32:2a:55:9d:f4:99:36:fc:e5:31:c3:22:f7:26:fd:
                    92:17:38:d8:10:1c:c7:26:a9:a0:ef:9c:15:94:ca:
                    ef:21:78:0f:ce:07:bf:5f:d5:00:e7:99:a2:0b:4e:
                    ef:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:45:A6:CB:96:08:FD:3B:82:C9:F0:6D:11:BA:BC:0C:06:57:16:DB
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dEWmy5YI_TuCyfBtEbq8DAZXFts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.157.0/24
                  45.156.159.0/24
                  87.247.148.0/22
                  89.33.84.0/23
                  89.35.154.0/23
                  89.37.63.0/24
                  91.188.204.0/22
                  93.115.254.0/23
                  185.103.72.0/24
                  185.135.140.0/24
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  185.255.169.0-185.255.171.255
                  188.212.132.0/23
                  188.212.155.0/24
                  188.212.158.0/24
                  188.213.202.0/23
                  188.214.209.0/24
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.230.0/24
                  188.240.232.0/23
                  188.241.110.0/24
                  188.241.214.0/24
                  188.241.243.0/24
                  193.23.128.0/23
                  213.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:e3:3c:72:20:68:25:3b:fe:f8:93:db:ff:62:56:98:48:f8:
         11:fd:81:3f:99:ba:53:81:10:4d:cb:9f:09:6e:90:d3:4b:a1:
         7d:04:39:2a:09:d1:04:9c:6f:f3:8e:3e:8d:9a:1f:eb:d1:d0:
         55:de:58:4f:09:b4:90:46:4c:58:bd:38:72:69:66:a6:10:45:
         8f:ec:d2:a2:fb:19:e7:d0:08:6f:8c:25:38:7b:64:aa:5a:b7:
         b4:b4:2b:b5:20:73:e4:a3:34:b4:a1:54:be:b9:59:42:d8:6d:
         95:11:0f:fd:96:7d:1f:97:91:c4:d9:04:94:be:f4:82:91:1b:
         db:ac:78:03:9d:07:7c:c2:62:ad:61:d4:cd:2a:3e:43:66:1a:
         85:1c:1c:8f:87:0d:55:c0:5f:08:e2:73:46:c3:2a:5f:ce:75:
         64:1f:99:09:d0:7b:a8:de:2f:a2:37:d4:22:a1:68:75:9c:74:
         6d:b2:fc:3d:01:c1:99:df:b7:25:24:a7:08:9d:8f:51:0e:f7:
         13:fc:64:26:a8:c8:d0:a4:02:68:4b:b7:76:2e:89:49:44:62:
         8e:c8:86:e8:e5:ca:80:b2:99:80:8e:af:17:8e:af:68:e1:fc:
         0a:ef:0c:ba:a0:b0:46:2e:43:35:0a:ac:84:a1:3d:76:a3:39:
         db:1c:75:45
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAYlYhTQjsXqPtMoq357zkVLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzE1MDc0NzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDQ1YTZjYjk2MDhmZDNiODJjOWYwNmQxMWJhYmMwYzA2NTcxNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGpngfq25gIVrhm/+DfP/9l3osPr
yJEgbW2DvhUmmX90bDoLvY6ToAIQXBHUinpfmkOJCbLkD/MBtluwjOpe6sOhncbk
AvG0SEVP8ox6qutTPF1ELefKOrHO37tlEu+wm3L+fF1i1gu00qpMPtzIeEfHGrRm
AoyhqZXEVFvHsZHBg6KOly6ZlcPrYP5rwew88icpyGvP/EM5rwgab85ldRL7T54J
4/fEggc6odPlvOF6SY7TRArVDX4/FtXj+nLJDnwXLQ+AB75W+2/htmBxRgkyKlWd
9Jk2/OUxwyL3Jv2SFzjYEBzHJqmg75wVlMrvIXgPzge/X9UA55miC07vDQIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFHRFpsuWCP07gsnwbRG6vAwGVxbbMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZEVXbXk1WUlfVHVDeWZCdEVicThEQVpYRnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHTBggrBgEFBQcBBwEB/wSBwzCBwDCBvQQCAAEwgbYDBAAt
nJ0DBAAtnJ8DBAJX95QDBAFZIVQDBAFZI5oDBABZJT8DBAJbvMwDBAFdc/4DBAC5
Z0gDBAC5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAME
AbzUhAMEALzUmwMEALzUngMEAbzVygMEALzW0QMEAbzw4AMEALzw4wMEALzw5gME
Abzw6AMEALzxbgMEALzx1gMEALzx8wMEAcEXgAMEAtXoXDANBgkqhkiG9w0BAQsF
AAOCAQEAYuM8ciBoJTv++JPb/2JWmEj4Ef2BP5m6U4EQTcufCW6Q00uhfQQ5KgnR
BJxv844+jZof69HQVd5YTwm0kEZMWL04cmlmphBFj+zSovsZ59AIb4wlOHtkqlq3
tLQrtSBz5KM0tKFUvrlZQthtlREP/ZZ9H5eRxNkElL70gpEb26x4A50HfMJirWHU
zSo+Q2YahRwcj4cNVcBfCOJzRsMqX851ZB+ZCdB7qN4vojfUIqFodZx0bbL8PQHB
md+3JSSnCJ2PUQ73E/xkJqjI0KQCaEu3di6JSURijsiG6OXKgLKZgI6vF46vaOH8
Cu8MuqCwRi5DNQqshKE9dqM52xx1RQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org