Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/r0OiaIVZIOdaJwsaJMEWUsmi8fI.roa
File:                     r0OiaIVZIOdaJwsaJMEWUsmi8fI.roa (raw, json)
Hash identifier:          za5h53reLZi+1dbsyKkdyZ1E2PQkpGBTW/YojQjKOdQ=
Subject key identifier:   AF:43:A2:68:85:59:20:E7:5A:27:0B:1A:24:C1:16:52:C9:A2:F1:F2
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018948AF63FA0C6FA1658EC5511C9F1101C5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/r0OiaIVZIOdaJwsaJMEWUsmi8fI.roa
Signing time:             Wed 12 Jul 2023 06:00:01 +0000
ROA not before:           Wed 12 Jul 2023 06:00:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.255.39.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          188.241.214.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          188.213.203.0/24 maxlen: 24
                          188.213.202.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24
                          45.156.159.0/24 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.85.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          89.35.155.0/24 maxlen: 24
                          188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.155.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          87.247.150.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.230.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.233.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          188.241.110.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:48:af:63:fa:0c:6f:a1:65:8e:c5:51:1c:9f:11:01:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jul 12 06:00:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=af43a268855920e75a270b1a24c11652c9a2f1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7d:c9:4a:e6:ec:20:89:17:01:3d:f6:dc:3a:
                    f5:25:40:08:7b:44:0e:ff:d5:81:28:e1:e1:4b:d4:
                    2c:7c:3d:f6:60:b7:50:ee:eb:47:58:8d:6b:06:2b:
                    37:06:41:a5:fe:68:76:8c:14:4c:b8:70:34:6a:82:
                    4c:28:d4:4c:4e:4b:ec:33:9d:be:80:88:dd:ad:76:
                    2d:7a:d8:6d:c5:df:70:12:38:2f:e7:01:d0:6d:bf:
                    bb:81:d0:57:fa:59:93:f3:bc:79:4d:7f:ed:26:f8:
                    ce:4c:a5:7f:5c:dd:1f:5d:ef:f4:79:74:48:b8:a7:
                    fa:6b:25:fa:31:11:ee:fb:fd:01:5a:d7:df:a9:cf:
                    c1:8e:27:e1:46:d3:d1:95:b6:fe:8e:e6:59:2d:62:
                    c9:87:d0:f6:ef:43:1b:a5:2b:f0:73:91:36:60:e8:
                    44:13:5e:8b:b9:12:db:54:8c:12:7e:ff:65:a2:fa:
                    91:29:25:a1:f5:80:b3:27:b1:4f:be:18:53:86:86:
                    5b:51:15:99:2b:49:f1:74:4b:64:ff:3c:50:d0:e2:
                    57:27:a8:8e:9c:86:38:98:ff:76:4b:a9:39:0e:59:
                    45:63:97:fe:b6:84:5e:83:59:e7:7f:e9:7d:20:8f:
                    48:94:70:7b:f4:fa:70:be:aa:8d:79:85:bb:4c:33:
                    e2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:43:A2:68:85:59:20:E7:5A:27:0B:1A:24:C1:16:52:C9:A2:F1:F2
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/r0OiaIVZIOdaJwsaJMEWUsmi8fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.157.0/24
                  45.156.159.0/24
                  87.247.148.0/22
                  89.33.84.0/23
                  89.35.154.0/23
                  89.37.63.0/24
                  91.188.204.0/22
                  93.115.254.0/23
                  185.103.72.0/24
                  185.135.140.0/24
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  185.255.169.0-185.255.171.255
                  188.212.132.0/23
                  188.212.155.0/24
                  188.212.158.0/24
                  188.213.202.0/23
                  188.214.209.0/24
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.230.0/24
                  188.240.232.0/23
                  188.241.110.0/24
                  188.241.214.0/24
                  193.23.128.0/23
                  213.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:e8:17:65:f7:88:1c:41:50:90:51:6e:54:87:c8:24:d0:bc:
         03:b8:11:54:3f:40:80:e9:96:83:e7:f8:ad:7e:24:dd:b0:86:
         ad:13:be:0c:f2:60:8c:39:b9:fe:98:1e:c4:0a:52:8d:aa:c8:
         ab:97:01:c2:76:fb:64:7c:44:2b:b9:3b:6a:cd:fa:6a:4a:bd:
         37:29:5b:2f:75:ec:f6:d9:84:7d:c6:53:d5:4c:80:1f:ee:28:
         25:2f:c5:b2:e4:7d:d9:12:4e:a7:87:04:c4:c6:33:9b:b0:fe:
         17:f1:3c:51:ab:c8:7a:39:33:7a:87:9d:81:7f:a1:b6:6c:d0:
         7a:8c:4b:90:47:7f:2b:40:9c:7b:bd:c7:ad:b5:08:4f:cb:50:
         9e:7c:3d:85:c1:30:ab:84:c5:ab:dd:ea:e1:de:79:3b:f8:73:
         54:73:0a:f8:f0:04:3d:55:42:c3:71:bc:7f:ff:9f:ad:39:7b:
         eb:29:0c:75:7a:e3:27:90:98:82:6c:2e:65:4f:73:e9:cf:dd:
         46:2f:ab:09:d0:f2:19:eb:b5:c9:38:04:66:23:98:a1:b6:b0:
         f2:59:5c:30:63:15:7f:79:dd:8c:18:c0:e7:aa:51:71:d0:cc:
         52:cf:0d:cf:ed:a3:79:11:21:f5:b5:84:c0:16:aa:f3:f6:7a:
         9a:2a:7c:28
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYlIr2P6DG+hZY7FURyfEQHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzEyMDYwMDAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQzYTI2ODg1NTkyMGU3NWEyNzBiMWEyNGMxMTY1MmM5YTJmMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzH3JSubsIIkXAT323Dr1JUAIe0QO
/9WBKOHhS9QsfD32YLdQ7utHWI1rBis3BkGl/mh2jBRMuHA0aoJMKNRMTkvsM52+
gIjdrXYtethtxd9wEjgv5wHQbb+7gdBX+lmT87x5TX/tJvjOTKV/XN0fXe/0eXRI
uKf6ayX6MRHu+/0BWtffqc/BjifhRtPRlbb+juZZLWLJh9D270MbpSvwc5E2YOhE
E16LuRLbVIwSfv9lovqRKSWh9YCzJ7FPvhhThoZbURWZK0nxdEtk/zxQ0OJXJ6iO
nIY4mP92S6k5DllFY5f+toReg1nnf+l9II9IlHB79PpwvqqNeYW7TDPiTwIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFK9DomiFWSDnWicLGiTBFlLJovHyMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcjBPaWFJVlpJT2RhSndzYUpNRVdVc21pOGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBAAt
nJ0DBAAtnJ8DBAJX95QDBAFZIVQDBAFZI5oDBABZJT8DBAJbvMwDBAFdc/4DBAC5
Z0gDBAC5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAME
AbzUhAMEALzUmwMEALzUngMEAbzVygMEALzW0QMEAbzw4AMEALzw4wMEALzw5gME
Abzw6AMEALzxbgMEALzx1gMEAcEXgAMEAtXoXDANBgkqhkiG9w0BAQsFAAOCAQEA
jegXZfeIHEFQkFFuVIfIJNC8A7gRVD9AgOmWg+f4rX4k3bCGrRO+DPJgjDm5/pge
xApSjarIq5cBwnb7ZHxEK7k7as36akq9NylbL3Xs9tmEfcZT1UyAH+4oJS/FsuR9
2RJOp4cExMYzm7D+F/E8UavIejkzeoedgX+htmzQeoxLkEd/K0Cce73HrbUIT8tQ
nnw9hcEwq4TFq93q4d55O/hzVHMK+PAEPVVCw3G8f/+frTl76ykMdXrjJ5CYgmwu
ZU9z6c/dRi+rCdDyGeu1yTgEZiOYobaw8llcMGMVf3ndjBjA56pRcdDMUs8Nz+2j
eREh9bWEwBaq8/Z6mip8KA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org