Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/x4gY8cKLlEw2M17IHt4TD-w5oZA.roa
File:                     x4gY8cKLlEw2M17IHt4TD-w5oZA.roa (raw, json)
Hash identifier:          fOk+Be8diyL0Xj7irkUQFDAgmsdATGvb1Eu2JnfEIx4=
Subject key identifier:   C7:88:18:F1:C2:8B:94:4C:36:33:5E:C8:1E:DE:13:0F:EC:39:A1:90
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186DB1F1C319DED26A7B3DD5BBDD4EE2CAA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/x4gY8cKLlEw2M17IHt4TD-w5oZA.roa
Signing time:             Mon 13 Mar 2023 13:18:14 +0000
ROA not before:           Mon 13 Mar 2023 13:18:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          94.176.110.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:db:1f:1c:31:9d:ed:26:a7:b3:dd:5b:bd:d4:ee:2c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 13 13:18:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c78818f1c28b944c36335ec81ede130fec39a190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:91:77:a0:ea:95:15:41:77:30:e2:02:d7:fa:
                    ed:0e:4a:83:7c:5f:a9:b8:46:ee:80:ee:0d:d5:6d:
                    a6:af:a0:19:bb:7c:3d:5f:3b:dd:de:83:48:e5:69:
                    16:44:c2:12:46:97:5f:de:f8:f0:96:10:17:1a:9e:
                    a0:cb:3a:9f:99:83:c7:f1:45:46:1e:7d:f7:cf:21:
                    f8:0f:01:e7:64:2e:34:03:51:a1:9a:e6:c5:ed:5d:
                    47:8c:dd:8c:7c:29:a6:63:10:ad:74:70:a3:af:e7:
                    3f:74:86:09:10:74:84:2c:07:05:5c:b4:df:41:62:
                    99:29:4b:22:65:83:89:db:59:36:df:de:4b:c2:a6:
                    4d:49:dc:8e:14:1f:05:5e:08:73:3d:3d:a0:30:e7:
                    60:76:af:87:4f:46:b7:69:b4:e7:db:15:0d:84:5b:
                    b4:5a:cd:70:0d:06:a9:cd:09:cd:32:d8:ff:91:b9:
                    62:e1:da:6f:d0:ef:08:82:9f:82:60:4a:d6:1b:11:
                    28:45:2d:ce:56:1f:83:92:f0:bc:85:37:d8:ea:10:
                    98:b0:e3:08:39:38:2a:36:f7:be:c3:c2:e5:3a:e7:
                    e1:ce:19:e4:93:5b:95:b5:af:d2:5a:14:a7:0c:08:
                    a3:35:c4:85:17:78:59:c4:95:92:30:1c:ce:d9:08:
                    74:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:88:18:F1:C2:8B:94:4C:36:33:5E:C8:1E:DE:13:0F:EC:39:A1:90
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/x4gY8cKLlEw2M17IHt4TD-w5oZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.148.0/24
                  89.37.63.0/24
                  91.188.204.0/24
                  93.115.254.0/23
                  94.176.110.0/24
                  185.103.72.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.169.0-185.255.171.255
                  188.212.132.0/23
                  188.240.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:17:c4:9d:f6:24:1f:bf:36:ad:a1:a6:63:43:dc:11:17:7c:
         4f:f4:9a:53:d7:1a:9c:b0:d6:b8:85:91:96:25:64:2f:68:ee:
         e7:8e:f1:7b:5f:da:a6:17:06:79:3d:17:39:24:0e:ec:6f:da:
         ef:b0:84:dc:fb:29:83:09:8f:19:33:d6:cd:82:01:ba:17:3c:
         a6:01:e7:a2:71:54:f4:ef:ce:4a:e7:f9:32:47:7d:ab:ae:67:
         cf:8a:97:a5:66:2c:5e:d1:cf:65:69:6a:11:3f:2e:d2:a7:27:
         97:5e:40:31:a6:34:6b:ab:88:72:c1:76:04:8f:e5:c5:54:40:
         a7:4a:0e:19:c7:b9:35:60:eb:92:87:de:5a:c5:84:fd:8a:eb:
         39:98:6d:a2:69:90:fa:54:2c:34:e1:43:53:c8:cd:3e:d8:2b:
         4c:ed:ce:df:5b:cb:d7:ec:0c:13:b0:5c:a0:f8:22:30:f8:d9:
         33:a7:e3:73:c9:08:31:38:39:1a:ef:ba:cc:af:a7:46:da:90:
         1c:88:4f:6b:f5:9c:22:d6:ef:d6:83:b5:9d:63:20:40:43:cb:
         fe:1d:44:8f:8f:9c:1e:45:8b:26:78:dc:e6:95:98:73:4b:68:
         f4:e3:a5:8c:80:b8:6a:a4:80:f9:83:a4:74:52:fb:16:14:10:
         ec:0f:1e:46
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYbbHxwxne0mp7PdW73U7iyqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzEzMTMxODE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzg4MThmMWMyOGI5NDRjMzYzMzVlYzgxZWRlMTMwZmVjMzlhMTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJF3oOqVFUF3MOIC1/rtDkqDfF+p
uEbugO4N1W2mr6AZu3w9Xzvd3oNI5WkWRMISRpdf3vjwlhAXGp6gyzqfmYPH8UVG
Hn33zyH4DwHnZC40A1GhmubF7V1HjN2MfCmmYxCtdHCjr+c/dIYJEHSELAcFXLTf
QWKZKUsiZYOJ21k2395LwqZNSdyOFB8FXghzPT2gMOdgdq+HT0a3abTn2xUNhFu0
Ws1wDQapzQnNMtj/kbli4dpv0O8Igp+CYErWGxEoRS3OVh+DkvC8hTfY6hCYsOMI
OTgqNve+w8LlOufhzhnkk1uVta/SWhSnDAijNcSFF3hZxJWSMBzO2Qh0xwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMeIGPHCi5RMNjNeyB7eEw/sOaGQMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEveDRnWThjS0xsRXcyTTE3SUh0NFRELXc1b1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAV/eUAwQA
WSU/AwQAW7zMAwQBXXP+AwQAXrBuAwQAuWdIAwQAue4KAwQBufHSMAwDBAC5/6kD
BAK5/6gDBAG81IQDBAC88OgwDQYJKoZIhvcNAQELBQADggEBAIUXxJ32JB+/Nq2h
pmND3BEXfE/0mlPXGpyw1riFkZYlZC9o7ueO8Xtf2qYXBnk9FzkkDuxv2u+whNz7
KYMJjxkz1s2CAboXPKYB56JxVPTvzkrn+TJHfauuZ8+Kl6VmLF7Rz2VpahE/LtKn
J5deQDGmNGuriHLBdgSP5cVUQKdKDhnHuTVg65KH3lrFhP2K6zmYbaJpkPpULDTh
Q1PIzT7YK0ztzt9by9fsDBOwXKD4IjD42TOn43PJCDE4ORrvusyvp0bakByIT2v1
nCLW79aDtZ1jIEBDy/4dRI+PnB5FiyZ43OaVmHNLaPTjpYyAuGqkgPmDpHRS+xYU
EOwPHkY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org