Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/e1E5ujSLzuS9qy1pVEY3_L1gbsE.roa
File:                     e1E5ujSLzuS9qy1pVEY3_L1gbsE.roa (raw, json)
Hash identifier:          KE0mJ85OMBJD0VK04JI3Tkzh9AP+mGj7kT1a1gREdZ8=
Subject key identifier:   7B:51:39:BA:34:8B:CE:E4:BD:AB:2D:69:54:46:37:FC:BD:60:6E:C1
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       0B777386
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/e1E5ujSLzuS9qy1pVEY3_L1gbsE.roa
Signing time:             Sat 16 Apr 2022 19:04:30 +0000
ROA not before:           Sat 16 Apr 2022 19:04:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397563
IP address blocks:        213.142.133.0/24 maxlen: 24
                          213.142.136.0/22 maxlen: 32
                          213.142.140.0/24 maxlen: 32
                          213.142.141.0/24 maxlen: 32
                          213.142.142.0/24 maxlen: 32
                          213.142.144.0/22 maxlen: 24
                          213.142.152.0/24 maxlen: 24
                          213.142.153.0/24 maxlen: 24
                          213.142.154.0/24 maxlen: 32
                          213.142.155.0/24 maxlen: 32
                          213.142.128.0/24 maxlen: 24
                          213.142.129.0/24 maxlen: 24
                          213.142.131.0/24 maxlen: 24
                          213.142.132.0/24 maxlen: 24
                          213.142.130.0/24 maxlen: 24
                          91.151.92.0/24 maxlen: 24
                          80.253.252.0/24 maxlen: 24
                          80.253.253.0/24 maxlen: 24
                          91.151.80.0/21 maxlen: 24
                          91.151.80.0/24 maxlen: 24
                          91.151.85.0/24 maxlen: 24
                          91.151.82.0/24 maxlen: 24
                          91.151.91.0/24 maxlen: 24
                          91.151.86.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 192377734 (0xb777386)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Apr 16 19:04:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7b5139ba348bcee4bdab2d69544637fcbd606ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f7:3d:b6:5e:69:9e:9e:d2:19:d3:65:cb:80:
                    65:e0:f2:c4:8d:cd:e5:fd:4b:c4:cb:14:db:37:bb:
                    13:0a:1c:f7:14:58:ae:8c:ef:57:54:de:5b:c0:9b:
                    31:f3:f6:95:53:28:14:02:bf:c6:0b:67:33:f0:24:
                    af:29:74:b5:19:9a:5a:49:24:cb:b8:9c:5c:3f:91:
                    a9:ea:d0:20:63:5c:f1:b0:d8:84:d5:a2:37:19:b7:
                    e2:e8:4a:88:16:c1:2b:2c:8e:73:9f:1e:a4:ca:15:
                    77:71:73:fa:45:83:d2:d5:db:3b:55:b6:ed:cb:6c:
                    7f:98:95:8f:4e:be:d4:57:f8:88:2b:a7:b2:90:51:
                    12:88:55:a8:1f:ef:ce:67:cd:17:00:3a:6c:7f:1f:
                    89:af:7a:4c:65:29:2b:83:35:31:87:23:97:6c:db:
                    03:ec:15:ea:8a:40:cd:60:30:d4:4e:c5:19:df:27:
                    2f:05:1d:5a:0a:fa:8b:d5:8f:9f:48:bd:b3:c4:d5:
                    90:a9:15:3a:5e:e4:92:dd:af:de:6b:2e:53:48:11:
                    19:af:b7:d2:5e:34:24:5f:35:99:c4:c2:02:68:9b:
                    f5:52:eb:3c:db:74:14:c2:47:0d:d8:1e:b3:cc:fe:
                    a2:9e:46:4a:9a:28:0d:b8:70:a6:6e:5f:5c:3b:43:
                    85:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:51:39:BA:34:8B:CE:E4:BD:AB:2D:69:54:46:37:FC:BD:60:6E:C1
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/e1E5ujSLzuS9qy1pVEY3_L1gbsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.252.0/23
                  91.151.80.0/21
                  91.151.91.0-91.151.92.255
                  213.142.128.0-213.142.133.255
                  213.142.136.0-213.142.142.255
                  213.142.144.0/22
                  213.142.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d8:b4:0d:d8:44:0a:51:be:8a:27:22:7f:e4:58:96:e8:8b:4f:
         77:7b:cc:fb:32:46:27:5c:ac:95:d1:29:d7:42:9f:0b:1d:77:
         80:f5:40:1f:71:14:9e:b1:b1:9b:bc:a9:37:bc:60:6b:5d:10:
         53:84:fc:48:85:73:2c:c2:30:04:d4:45:20:8b:1b:c0:6b:07:
         de:4b:ac:cb:0d:5a:89:47:ff:52:42:2d:77:ff:4e:9f:6c:f4:
         9b:77:31:4d:4b:68:a1:c3:f4:df:0a:69:88:68:10:fb:c4:76:
         03:3d:9e:87:bf:89:ca:5e:e3:61:a1:90:a9:dc:21:66:b3:ce:
         87:cb:19:3e:b1:b2:99:32:dc:76:8b:98:03:5b:67:57:ad:45:
         21:ad:cd:a5:f7:ce:dd:d8:14:fb:1b:6e:d8:15:2d:66:18:05:
         b7:de:72:99:78:f9:50:a1:7a:45:3a:8e:e1:66:8f:65:14:f4:
         61:c4:5c:f1:69:8e:07:12:e4:65:8c:a6:da:14:37:ad:e0:59:
         40:8e:18:bb:48:1a:8b:67:58:4f:c7:3f:8f:4c:26:13:41:a0:
         9b:a2:06:d9:30:d6:78:36:34:da:21:8b:82:16:59:81:f3:0e:
         ac:03:7f:80:4b:03:fe:f6:4a:f0:45:f5:a4:f6:9d:b6:4f:e5:
         4a:2e:e0:aa
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIEC3dzhjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YjcxZTliMTNmNWMzMzlhNTg2OTJlZWFiZTcyZWFhNDA2YmJiZDdkMB4XDTIyMDQx
NjE5MDQzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2I1MTM5YmEzNDhi
Y2VlNGJkYWIyZDY5NTQ0NjM3ZmNiZDYwNmVjMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMz3PbZeaZ6e0hnTZcuAZeDyxI3N5f1LxMsU2ze7Ewoc9xRY
rozvV1TeW8CbMfP2lVMoFAK/xgtnM/Akryl0tRmaWkkky7icXD+RqerQIGNc8bDY
hNWiNxm34uhKiBbBKyyOc58epMoVd3Fz+kWD0tXbO1W27ctsf5iVj06+1Ff4iCun
spBREohVqB/vzmfNFwA6bH8fia96TGUpK4M1MYcjl2zbA+wV6opAzWAw1E7FGd8n
LwUdWgr6i9WPn0i9s8TVkKkVOl7kkt2v3msuU0gRGa+30l40JF81mcTCAmib9VLr
PNt0FMJHDdges8z+op5GSpooDbhwpm5fXDtDhZsCAwEAAaOCAkUwggJBMB0GA1Ud
DgQWBBR7UTm6NIvO5L2rLWlURjf8vWBuwTAfBgNVHSMEGDAWgBSrcemxP1wzmlhp
Luq+cuqkBru9fTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3EzSHBzVDljTTVwWWFTN3F2bkxxcEFhN3ZYMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvNmJhMzljLWVmMWQtNGQ0OC05ODJiLWNmNGI5MDA5OTdhMC8x
L2UxRTV1alNMenVTOXF5MXBWRVkzX0wxZ2JzRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
NmJhMzljLWVmMWQtNGQ0OC05ODJiLWNmNGI5MDA5OTdhMC8xL3EzSHBzVDljTTVw
WWFTN3F2bkxxcEFhN3ZYMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBb
BggrBgEFBQcBBwEB/wRMMEowSAQCAAEwQgMEAVD9/AMEA1uXUDAMAwQAW5dbAwQA
W5dcMAwDBAfVjoADBAHVjoQwDAMEA9WOiAMEANWOjgMEAtWOkAMEAtWOmDANBgkq
hkiG9w0BAQsFAAOCAQEA2LQN2EQKUb6KJyJ/5FiW6ItPd3vM+zJGJ1ysldEp10Kf
Cx13gPVAH3EUnrGxm7ypN7xga10QU4T8SIVzLMIwBNRFIIsbwGsH3kusyw1aiUf/
UkItd/9On2z0m3cxTUtoocP03wppiGgQ+8R2Az2eh7+Jyl7jYaGQqdwhZrPOh8sZ
PrGymTLcdouYA1tnV61FIa3NpffO3dgU+xtu2BUtZhgFt95ymXj5UKF6RTqO4WaP
ZRT0YcRc8WmOBxLkZYym2hQ3reBZQI4Yu0gai2dYT8c/j0wmE0Ggm6IG2TDWeDY0
2iGLghZZgfMOrAN/gEsD/vZK8EX1pPadtk/lSi7gqg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:04 2024 by rpki-client on console-fra.rpki-client.org