Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lJcY9OhDdK7sreLCfUwle_Ne118.roa
File:                     lJcY9OhDdK7sreLCfUwle_Ne118.roa (raw, json)
Hash identifier:          HuGnW9MErV6suqIbC+fEtcCf4XGxxhERFxgawRFtJfc=
Subject key identifier:   94:97:18:F4:E8:43:74:AE:EC:AD:E2:C2:7D:4C:25:7B:F3:5E:D7:5F
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01882086B98DCC7D8FDC84A7616938456D0B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lJcY9OhDdK7sreLCfUwle_Ne118.roa
Signing time:             Mon 15 May 2023 17:48:00 +0000
ROA not before:           Mon 15 May 2023 17:48:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.115.146.0/24 maxlen: 24
                          194.4.156.0/23 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24
                          185.115.145.0/24 maxlen: 24
                          78.142.242.0/23 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24
                          45.159.153.0/24 maxlen: 24
                          103.205.25.0/24 maxlen: 24
                          185.230.248.0/24 maxlen: 24
                          185.230.249.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          185.229.105.0/24 maxlen: 24
                          185.229.106.0/24 maxlen: 24
                          185.229.107.0/24 maxlen: 24
                          89.43.211.0/24 maxlen: 24
                          185.245.238.0/24 maxlen: 24
                          185.245.236.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          89.43.210.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          192.166.212.0/22 maxlen: 24
                          89.47.89.0/24 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          178.239.203.0/24 maxlen: 24
                          178.239.200.0/24 maxlen: 24
                          185.121.230.0/24 maxlen: 24
                          62.197.132.0/24 maxlen: 24
                          185.236.62.0/24 maxlen: 24
                          185.236.63.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          185.103.73.0/24 maxlen: 24
                          185.103.75.0/24 maxlen: 24
                          178.239.192.0/24 maxlen: 24
                          178.239.193.0/24 maxlen: 24
                          178.239.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:20:86:b9:8d:cc:7d:8f:dc:84:a7:61:69:38:45:6d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May 15 17:48:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=949718f4e84374aeecade2c27d4c257bf35ed75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6a:98:0a:d6:03:e0:a7:e5:3c:76:70:4b:cf:
                    64:e6:e0:c8:b1:c4:b6:80:ba:83:d8:1f:62:54:56:
                    de:fe:70:99:45:0d:02:a3:6f:34:d6:92:a2:16:e0:
                    0b:8b:be:3a:a8:84:19:5e:ad:05:4b:b9:e6:fd:51:
                    76:45:f6:16:72:d7:55:bf:3b:11:21:97:cb:b6:3b:
                    ba:a4:3e:8a:83:3d:38:18:fc:0b:58:34:4d:79:c2:
                    87:66:1c:45:a0:61:6f:df:ff:b3:31:6e:2d:20:56:
                    b3:b7:b8:57:25:15:52:4e:5a:99:8f:56:b2:b9:19:
                    ae:ff:a8:36:cb:81:25:de:0f:1c:ec:68:a7:42:1f:
                    1e:2a:5b:e9:51:7b:48:cc:6f:83:29:61:ff:f9:fe:
                    05:98:93:08:25:d4:ac:f1:e4:2c:6d:64:2f:80:bf:
                    68:c7:96:76:40:86:9c:2b:f7:4c:5b:b7:73:b4:d2:
                    20:e3:b7:27:cd:54:3a:de:ef:b7:77:63:6e:ea:4a:
                    fd:b9:19:bd:94:5c:de:54:dc:91:24:f4:1c:3b:36:
                    61:0b:22:89:e6:26:b4:48:29:f0:cb:3f:d6:8e:75:
                    23:0a:7c:0d:3f:d1:1d:0f:67:db:90:e3:17:1a:12:
                    ea:ec:bf:e7:14:d6:be:c2:4f:25:ad:29:dc:01:b1:
                    99:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:97:18:F4:E8:43:74:AE:EC:AD:E2:C2:7D:4C:25:7B:F3:5E:D7:5F
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lJcY9OhDdK7sreLCfUwle_Ne118.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0-45.159.154.255
                  62.197.132.0/24
                  62.197.135.0/24
                  78.142.242.0/23
                  89.43.208.0/24
                  89.43.210.0/23
                  89.47.89.0/24
                  103.205.25.0/24
                  178.239.192.0-178.239.194.255
                  178.239.200.0/24
                  178.239.203.0/24
                  185.103.73.0/24
                  185.103.75.0/24
                  185.115.145.0-185.115.146.255
                  185.121.230.0/23
                  185.229.104.0/22
                  185.230.248.0/23
                  185.236.62.0/23
                  185.245.236.0-185.245.238.255
                  192.166.212.0/22
                  194.4.156.0/23
                  194.4.159.0/24
                  213.32.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:da:1e:b3:27:43:9e:ad:10:31:af:36:84:13:be:21:b1:48:
         a1:00:36:a0:44:2c:f8:e6:8a:ee:44:46:d3:c0:c5:63:ea:64:
         f3:57:ab:55:a4:f9:91:a0:a7:5c:3b:e1:d3:b2:dc:42:68:5b:
         d2:e3:e4:92:1f:42:55:a7:2f:df:69:ea:44:07:bf:ad:f0:cc:
         41:1c:e8:06:44:14:6f:94:c5:a5:74:6f:a4:cb:87:3e:51:71:
         2e:5b:02:e6:fa:5b:50:69:56:75:c0:a7:fb:73:7e:7f:28:4f:
         d9:e1:ff:72:99:b1:ed:08:ec:3c:fb:1e:06:1b:0a:8c:61:3c:
         55:57:6c:72:65:1d:e1:8c:66:93:de:df:a1:9f:a0:54:32:d8:
         6b:1d:a6:af:d9:be:39:f9:8a:ca:0d:ef:a4:4f:86:1c:e1:50:
         f8:56:8f:e7:5e:c6:fb:83:6f:fb:51:9e:8c:4e:cf:af:cc:cb:
         25:10:b9:1c:cf:35:ab:28:43:8d:72:84:c8:88:27:60:c9:52:
         72:9c:5c:37:66:3e:30:60:c7:23:a4:86:08:77:8d:70:26:7d:
         b5:a1:93:b0:84:0c:fa:31:56:6e:8b:c1:a0:09:9c:2d:49:c7:
         bf:80:af:26:c0:50:8c:73:81:09:ee:67:84:08:32:3b:aa:ec:
         90:2d:52:ca
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYgghrmNzH2P3ISnYWk4RW0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE1MTc0ODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk3MThmNGU4NDM3NGFlZWNhZGUyYzI3ZDRjMjU3YmYzNWVkNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWqYCtYD4KflPHZwS89k5uDIscS2
gLqD2B9iVFbe/nCZRQ0Co2801pKiFuALi746qIQZXq0FS7nm/VF2RfYWctdVvzsR
IZfLtju6pD6Kgz04GPwLWDRNecKHZhxFoGFv3/+zMW4tIFazt7hXJRVSTlqZj1ay
uRmu/6g2y4El3g8c7GinQh8eKlvpUXtIzG+DKWH/+f4FmJMIJdSs8eQsbWQvgL9o
x5Z2QIacK/dMW7dztNIg47cnzVQ63u+3d2Nu6kr9uRm9lFzeVNyRJPQcOzZhCyKJ
5ia0SCnwyz/WjnUjCnwNP9EdD2fbkOMXGhLq7L/nFNa+wk8lrSncAbGZZwIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFJSXGPToQ3Su7K3iwn1MJXvzXtdfMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbEpjWTlPaERkSzdzcmVMQ2ZVd2xlX05lMTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaowDAME
Ay2fmAMEAC2fmgMEAD7FhAMEAD7FhwMEAU6O8gMEAFkr0AMEAVkr0gMEAFkvWQME
AGfNGTAMAwQGsu/AAwQAsu/CAwQAsu/IAwQAsu/LAwQAuWdJAwQAuWdLMAwDBAC5
c5EDBAC5c5IDBAG5eeYDBAK55WgDBAG55vgDBAG57D4wDAMEArn17AMEALn17gME
AsCm1AMEAcIEnAMEAMIEnwMEANUg+TANBgkqhkiG9w0BAQsFAAOCAQEAadoesydD
nq0QMa82hBO+IbFIoQA2oEQs+OaK7kRG08DFY+pk81erVaT5kaCnXDvh07LcQmhb
0uPkkh9CVacv32nqRAe/rfDMQRzoBkQUb5TFpXRvpMuHPlFxLlsC5vpbUGlWdcCn
+3N+fyhP2eH/cpmx7QjsPPseBhsKjGE8VVdscmUd4Yxmk97foZ+gVDLYax2mr9m+
OfmKyg3vpE+GHOFQ+FaP517G+4Nv+1GejE7Pr8zLJRC5HM81qyhDjXKEyIgnYMlS
cpxcN2Y+MGDHI6SGCHeNcCZ9taGTsIQM+jFWbovBoAmcLUnHv4CvJsBQjHOBCe5n
hAgyO6rskC1Syg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org