Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/6cCXKfpdTUSwhER4MSRmGHSFJYw.roa
File:                     6cCXKfpdTUSwhER4MSRmGHSFJYw.roa (raw, json)
Hash identifier:          mCngPANd2eN78/cCR77hGFPFJBtdrM+wxhXghRUICg8=
Subject key identifier:   E9:C0:97:29:FA:5D:4D:44:B0:84:44:78:31:24:66:18:74:85:25:8C
Certificate issuer:       /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial:       0187C11EEAEB930E405F256F4B01CB9E1D34
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/6cCXKfpdTUSwhER4MSRmGHSFJYw.roa
Signing time:             Thu 27 Apr 2023 05:10:41 +0000
ROA not before:           Thu 27 Apr 2023 05:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56630
IP address blocks:        45.141.8.0/22 maxlen: 24
                          185.224.248.0/22 maxlen: 24
                          185.6.12.0/23 maxlen: 24
                          185.6.14.0/23 maxlen: 24
                          45.150.232.0/22 maxlen: 24
                          195.238.124.0/22 maxlen: 24
                          185.140.209.0/24 maxlen: 24
                          185.140.208.0/24 maxlen: 24
                          185.131.64.0/24 maxlen: 24
                          185.131.66.0/24 maxlen: 24
                          185.131.65.0/24 maxlen: 24
                          185.131.67.0/24 maxlen: 24
                          88.218.240.0/22 maxlen: 24
                          217.30.8.0/22 maxlen: 24
                          194.59.46.0/24 maxlen: 24
                          185.140.12.0/22 maxlen: 24
                          194.59.59.0/24 maxlen: 24
                          194.59.155.0/24 maxlen: 24
                          91.201.64.0/22 maxlen: 24
                          194.59.142.0/24 maxlen: 24
                          213.183.36.0/24 maxlen: 24
                          89.34.238.0/24 maxlen: 24
                          213.183.38.0/24 maxlen: 24
                          213.183.37.0/24 maxlen: 24
                          213.183.33.0/24 maxlen: 24
                          213.183.32.0/24 maxlen: 24
                          5.182.228.0/22 maxlen: 24
                          213.183.39.0/24 maxlen: 24
                          213.183.41.0/24 maxlen: 24
                          213.183.40.0/24 maxlen: 24
                          213.183.43.0/24 maxlen: 24
                          213.183.42.0/24 maxlen: 24
                          213.183.44.0/24 maxlen: 24
                          213.183.50.0/24 maxlen: 24
                          213.183.49.0/24 maxlen: 24
                          88.210.38.0/24 maxlen: 24
                          213.183.51.0/24 maxlen: 24
                          213.183.45.0/24 maxlen: 24
                          213.183.46.0/24 maxlen: 24
                          213.183.48.0/24 maxlen: 24
                          213.183.47.0/24 maxlen: 24
                          213.183.52.0/24 maxlen: 24
                          88.210.39.0/24 maxlen: 24
                          213.183.53.0/24 maxlen: 24
                          213.183.55.0/24 maxlen: 24
                          213.183.54.0/24 maxlen: 24
                          213.183.57.0/24 maxlen: 24
                          213.183.56.0/24 maxlen: 24
                          213.183.58.0/24 maxlen: 24
                          77.72.16.0/23 maxlen: 24
                          213.183.59.0/24 maxlen: 24
                          213.183.60.0/24 maxlen: 24
                          213.183.62.0/24 maxlen: 24
                          213.183.61.0/24 maxlen: 24
                          77.72.18.0/23 maxlen: 24
                          77.72.20.0/23 maxlen: 24
                          77.72.22.0/23 maxlen: 24
                          213.183.63.0/24 maxlen: 24
                          92.119.88.0/22 maxlen: 24
                          91.192.83.0/24 maxlen: 24
                          91.192.80.0/24 maxlen: 24
                          5.188.172.0/24 maxlen: 24
                          5.188.173.0/24 maxlen: 24
                          5.188.180.0/22 maxlen: 24
                          185.246.152.0/24 maxlen: 24
                          185.246.153.0/24 maxlen: 24
                          185.246.155.0/24 maxlen: 24
                          185.246.154.0/24 maxlen: 24
                          45.135.120.0/22 maxlen: 24
                          31.40.216.0/22 maxlen: 24
                          213.226.68.0/22 maxlen: 24
                          93.189.58.0/24 maxlen: 24
                          93.189.57.0/24 maxlen: 24
                          185.135.84.0/22 maxlen: 24
                          93.189.56.0/24 maxlen: 24
                          93.189.61.0/24 maxlen: 24
                          93.189.60.0/24 maxlen: 24
                          93.189.63.0/24 maxlen: 24
                          93.189.62.0/24 maxlen: 24
                          2a06:f906::/36 maxlen: 36
                          2a06:f903::/36 maxlen: 36
                          2a06:f905::/36 maxlen: 36
                          2a06:f900:4000::/36 maxlen: 36
                          2a06:f900::/36 maxlen: 36
                          2a06:f902::/36 maxlen: 36
                          2a06:f904::/36 maxlen: 36
                          2a06:f907:4000::/36 maxlen: 36
                          2a06:f907::/36 maxlen: 36
                          2a06:f901::/36 maxlen: 36
                          2a0d:8400::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c1:1e:ea:eb:93:0e:40:5f:25:6f:4b:01:cb:9e:1d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
        Validity
            Not Before: Apr 27 05:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9c09729fa5d4d44b0844478312466187485258c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3b:59:86:ee:2b:1b:a5:74:b4:e3:9a:d2:c8:
                    20:75:16:06:4a:81:07:e5:63:84:1d:7f:1b:e7:41:
                    67:e5:28:0b:54:7b:c7:7f:51:15:a7:e7:68:ef:d4:
                    0f:fa:7e:66:07:24:02:0a:0d:aa:ce:13:ad:74:5b:
                    96:5b:ee:8c:fa:8f:67:11:82:fe:43:7e:a3:3c:f1:
                    ca:46:05:f1:ae:53:9f:01:82:19:90:da:41:29:dd:
                    a9:90:1a:92:d9:c8:93:05:ba:34:fa:4b:11:87:73:
                    d9:71:29:c4:d8:04:32:22:9c:2b:97:61:95:ea:52:
                    90:84:29:1d:76:c5:92:f6:7f:cd:45:81:35:e2:3b:
                    a3:33:9f:fe:a5:d0:ac:87:9f:02:b6:9a:2a:41:b2:
                    05:e1:10:ae:b2:d1:de:a4:80:18:27:0c:9e:58:b3:
                    17:a1:14:25:f0:d2:97:36:fb:a5:d5:88:28:b0:8e:
                    67:8d:74:04:0a:9f:10:16:d7:b7:ad:11:87:04:69:
                    eb:4e:20:89:b6:51:a1:24:c2:32:b5:0a:89:bf:19:
                    8f:31:66:bf:4d:54:38:3d:b1:b7:27:15:bc:64:7b:
                    b3:3c:e8:28:16:d3:96:13:a1:fa:60:41:1c:ab:09:
                    c0:15:bd:c8:8b:fc:e4:d4:15:3b:58:69:4d:c9:9c:
                    bc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:C0:97:29:FA:5D:4D:44:B0:84:44:78:31:24:66:18:74:85:25:8C
            X509v3 Authority Key Identifier:
                keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/6cCXKfpdTUSwhER4MSRmGHSFJYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.228.0/22
                  5.188.172.0/23
                  5.188.180.0/22
                  31.40.216.0/22
                  45.135.120.0/22
                  45.141.8.0/22
                  45.150.232.0/22
                  77.72.16.0/21
                  88.210.38.0/23
                  88.218.240.0/22
                  89.34.238.0/24
                  91.192.80.0/24
                  91.192.83.0/24
                  91.201.64.0/22
                  92.119.88.0/22
                  93.189.56.0-93.189.58.255
                  93.189.60.0/22
                  185.6.12.0/22
                  185.131.64.0/22
                  185.135.84.0/22
                  185.140.12.0/22
                  185.140.208.0/23
                  185.224.248.0/22
                  185.246.152.0/22
                  194.59.46.0/24
                  194.59.59.0/24
                  194.59.142.0/24
                  194.59.155.0/24
                  195.238.124.0/22
                  213.183.32.0/23
                  213.183.36.0-213.183.63.255
                  213.226.68.0/22
                  217.30.8.0/22
                IPv6:
                  2a06:f900::/36
                  2a06:f900:4000::/36
                  2a06:f901::/36
                  2a06:f902::/36
                  2a06:f903::/36
                  2a06:f904::/36
                  2a06:f905::/36
                  2a06:f906::/36
                  2a06:f907::/36
                  2a06:f907:4000::/36
                  2a0d:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         d0:e2:2b:de:83:05:b8:1e:7e:b1:3e:37:2f:a6:ef:20:97:49:
         bd:0a:fd:9d:c2:49:02:ae:6c:25:0d:fd:96:bc:b3:05:06:6b:
         76:9b:f0:3a:24:48:c5:06:e2:8f:af:cc:a2:0b:0c:0f:3e:64:
         22:ff:3c:f6:8b:53:f0:e0:21:9f:44:3f:f8:0f:9c:c8:01:31:
         fc:32:da:75:31:fc:54:e7:73:84:2a:62:d7:aa:e0:bb:da:ec:
         f0:e0:70:c9:91:24:9d:ad:80:08:9a:12:08:42:c7:ba:ac:d7:
         20:53:e2:32:f1:d6:04:86:70:68:f3:9a:03:ef:3a:2b:5e:71:
         f4:d0:e3:09:96:16:46:a2:29:f6:f6:c1:42:3d:d4:b9:e8:44:
         d9:6b:17:13:d0:e3:57:08:c9:e7:8a:6a:08:8e:49:f9:ec:5f:
         af:3a:0b:8b:99:1d:34:63:5e:0d:9b:b5:5a:d0:98:d1:8a:73:
         a8:ee:04:17:c1:02:50:3f:74:c2:25:a4:2e:f0:dc:b3:d0:77:
         ae:bd:75:48:dc:7a:36:55:49:91:37:3d:da:ae:fd:11:2e:cf:
         bd:0c:08:95:56:12:f2:5b:ba:59:61:4e:7d:47:0e:9d:6f:d9:
         c8:a7:f8:c8:ef:76:ed:d0:c4:0d:4a:4d:95:b0:16:7a:7e:86:
         7c:72:8b:92
-----BEGIN CERTIFICATE-----
MIIGNDCCBRygAwIBAgISAYfBHurrkw5AXyVvSwHLnh00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjMwNDI3MDUxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWMwOTcyOWZhNWQ0ZDQ0YjA4NDQ0NzgzMTI0NjYxODc0ODUyNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjtZhu4rG6V0tOOa0sggdRYGSoEH
5WOEHX8b50Fn5SgLVHvHf1EVp+do79QP+n5mByQCCg2qzhOtdFuWW+6M+o9nEYL+
Q36jPPHKRgXxrlOfAYIZkNpBKd2pkBqS2ciTBbo0+ksRh3PZcSnE2AQyIpwrl2GV
6lKQhCkddsWS9n/NRYE14jujM5/+pdCsh58CtpoqQbIF4RCustHepIAYJwyeWLMX
oRQl8NKXNvul1YgosI5njXQECp8QFte3rRGHBGnrTiCJtlGhJMIytQqJvxmPMWa/
TVQ4PbG3JxW8ZHuzPOgoFtOWE6H6YEEcqwnAFb3Ii/zk1BU7WGlNyZy8PQIDAQAB
o4IDQDCCAzwwHQYDVR0OBBYEFOnAlyn6XU1EsIREeDEkZhh0hSWMMB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvNmNDWEtmcGRUVVN3aEVSNE1TUm1HSFNGSll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBVAYIKwYBBQUHAQcBAf8EggFDMIIBPzCB3QQCAAEwgdYD
BAIFtuQDBAEFvKwDBAIFvLQDBAIfKNgDBAIth3gDBAItjQgDBAItlugDBANNSBAD
BAFY0iYDBAJY2vADBABZIu4DBABbwFADBABbwFMDBAJbyUADBAJcd1gwDAMEA129
OAMEAF29OgMEAl29PAMEArkGDAMEArmDQAMEArmHVAMEArmMDAMEAbmM0AMEArng
+AMEArn2mAMEAMI7LgMEAMI7OwMEAMI7jgMEAMI7mwMEAsPufAMEAdW3IDAMAwQC
1bckAwQG1bcAAwQC1eJEAwQC2R4IMF0EAgACMFcDBgQqBvkAAAMGBCoG+QBAAwYE
Kgb5AQADBgQqBvkCAAMGBCoG+QMAAwYEKgb5BAADBgQqBvkFAAMGBCoG+QYAAwYE
Kgb5BwADBgQqBvkHQAMFACoNhAAwDQYJKoZIhvcNAQELBQADggEBANDiK96DBbge
frE+Ny+m7yCXSb0K/Z3CSQKubCUN/Za8swUGa3ab8DokSMUG4o+vzKILDA8+ZCL/
PPaLU/DgIZ9EP/gPnMgBMfwy2nUx/FTnc4QqYteq4Lva7PDgcMmRJJ2tgAiaEghC
x7qs1yBT4jLx1gSGcGjzmgPvOitecfTQ4wmWFkaiKfb2wUI91LnoRNlrFxPQ41cI
yeeKagiOSfnsX686C4uZHTRjXg2btVrQmNGKc6juBBfBAlA/dMIlpC7w3LPQd669
dUjcejZVSZE3Pdqu/REuz70MCJVWEvJbullhTn1HDp1v2cin+Mjvdu3QxA1KTZWw
Fnp+hnxyi5I=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:37 2024 by rpki-client on console-ams.rpki-client.org