Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/r4_bukLfmBE2tde2xBxddC5ygvY.roa
File:                     r4_bukLfmBE2tde2xBxddC5ygvY.roa (raw, json)
Hash identifier:          W9lP+yZGeNYRlJ1y1wXS7VWs7EXVYpm87KkfuO55w7s=
Subject key identifier:   AF:8F:DB:BA:42:DF:98:11:36:B5:D7:B6:C4:1C:5D:74:2E:72:82:F6
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       0BF429B8
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/r4_bukLfmBE2tde2xBxddC5ygvY.roa
Signing time:             Thu 09 Jun 2022 07:15:02 +0000
ROA not before:           Thu 09 Jun 2022 07:15:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397563
IP address blocks:        213.142.133.0/24 maxlen: 24
                          213.142.136.0/22 maxlen: 32
                          213.142.140.0/24 maxlen: 32
                          213.142.141.0/24 maxlen: 32
                          213.142.142.0/24 maxlen: 32
                          213.142.152.0/24 maxlen: 24
                          213.142.153.0/24 maxlen: 24
                          213.142.128.0/24 maxlen: 24
                          213.142.129.0/24 maxlen: 24
                          213.142.131.0/24 maxlen: 24
                          213.142.132.0/24 maxlen: 24
                          213.142.130.0/24 maxlen: 24
                          91.151.92.0/24 maxlen: 24
                          80.253.252.0/24 maxlen: 24
                          80.253.253.0/24 maxlen: 24
                          91.151.80.0/21 maxlen: 24
                          91.151.80.0/24 maxlen: 24
                          91.151.85.0/24 maxlen: 24
                          91.151.82.0/24 maxlen: 24
                          91.151.91.0/24 maxlen: 24
                          91.151.86.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 200550840 (0xbf429b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Jun  9 07:15:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af8fdbba42df981136b5d7b6c41c5d742e7282f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:07:7d:62:a0:43:b2:ba:1d:c9:8a:1a:39:4f:
                    43:47:da:8f:e5:30:f9:53:90:0e:42:2e:4e:0c:eb:
                    41:44:da:5d:89:c4:a2:3f:04:77:08:c7:ad:64:fe:
                    70:9a:42:df:3d:f5:71:18:98:2f:ea:8c:18:04:32:
                    c2:c0:75:2c:73:89:e5:92:3d:c0:fc:6d:a4:d7:a1:
                    97:fc:17:d7:e7:59:e4:a8:d3:b7:84:8a:9c:29:17:
                    07:9a:ba:2b:a7:87:86:d6:f7:8d:a6:d3:10:92:6e:
                    9c:6d:4a:eb:15:59:4a:03:30:c2:2e:76:90:d9:75:
                    21:d4:7f:51:2e:a0:fb:eb:f0:36:7c:3c:ec:77:80:
                    63:58:7b:52:c8:95:9d:ae:31:60:98:26:98:04:d4:
                    17:89:f2:f8:8c:8e:05:31:9a:43:06:12:b6:ed:cc:
                    0f:b3:d1:4d:01:fc:70:0b:35:12:2b:01:65:f6:bb:
                    7a:02:2f:ef:84:27:38:0f:20:00:b6:b3:b4:fd:08:
                    ff:fc:aa:fc:fc:17:00:16:fe:cc:1d:be:a9:e3:25:
                    65:e2:6e:32:d8:99:2b:11:35:ff:e5:5b:48:91:ba:
                    8c:95:02:a7:3c:79:1f:6a:73:72:e8:43:9b:cb:e1:
                    b2:63:45:46:4b:25:e7:bc:03:92:0f:f9:6e:f0:de:
                    d6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8F:DB:BA:42:DF:98:11:36:B5:D7:B6:C4:1C:5D:74:2E:72:82:F6
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/r4_bukLfmBE2tde2xBxddC5ygvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.252.0/23
                  91.151.80.0/21
                  91.151.91.0-91.151.92.255
                  213.142.128.0-213.142.133.255
                  213.142.136.0-213.142.142.255
                  213.142.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:3f:f9:af:25:ae:9d:b2:67:53:e3:9e:f0:ff:2b:c6:17:5f:
         c6:09:91:0c:b6:98:f0:00:ba:c9:c8:58:c4:cb:36:16:10:7d:
         dc:f2:e6:cf:26:30:e3:44:5e:55:4b:31:d6:bc:6e:62:86:f4:
         a8:08:e5:9c:a4:3b:d2:6e:89:bb:a7:a0:2f:ea:8f:b0:c2:32:
         cf:dc:9b:61:d2:ee:5b:47:d3:c6:35:9a:27:40:da:8d:65:58:
         9c:03:7d:32:22:61:28:af:ef:07:c1:01:f4:12:14:8e:ea:87:
         46:94:5d:8a:53:df:cf:c9:c7:cc:d6:60:6d:f9:a3:bb:3f:3b:
         d2:65:1b:8f:30:41:f5:37:8c:0e:22:be:64:c7:28:3e:ab:3f:
         1e:e4:21:33:97:cc:cd:7b:03:d2:e5:db:36:20:6f:37:ab:5b:
         f0:cb:cf:d4:73:a0:17:77:4f:58:4d:01:0e:b0:a5:af:fc:76:
         62:86:e8:53:9d:21:b6:89:5b:7d:d2:1c:f6:f6:ca:96:f7:b3:
         27:8d:e4:c7:d4:a7:f6:13:97:83:85:20:ae:fe:22:99:4a:d4:
         1b:93:5b:49:5f:b1:8e:e9:09:61:6e:7d:6e:7f:a2:24:f0:5a:
         ff:3c:c4:e8:48:b3:98:9e:60:3c:86:d3:a8:59:7f:91:cc:dc:
         de:e8:75:bb
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEC/QpuDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YjcxZTliMTNmNWMzMzlhNTg2OTJlZWFiZTcyZWFhNDA2YmJiZDdkMB4XDTIyMDYw
OTA3MTUwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWY4ZmRiYmE0MmRm
OTgxMTM2YjVkN2I2YzQxYzVkNzQyZTcyODJmNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANIHfWKgQ7K6HcmKGjlPQ0faj+Uw+VOQDkIuTgzrQUTaXYnE
oj8EdwjHrWT+cJpC3z31cRiYL+qMGAQywsB1LHOJ5ZI9wPxtpNehl/wX1+dZ5KjT
t4SKnCkXB5q6K6eHhtb3jabTEJJunG1K6xVZSgMwwi52kNl1IdR/US6g++vwNnw8
7HeAY1h7UsiVna4xYJgmmATUF4ny+IyOBTGaQwYStu3MD7PRTQH8cAs1EisBZfa7
egIv74QnOA8gALaztP0I//yq/PwXABb+zB2+qeMlZeJuMtiZKxE1/+VbSJG6jJUC
pzx5H2pzcuhDm8vhsmNFRksl57wDkg/5bvDe1oECAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBSvj9u6Qt+YETa117bEHF10LnKC9jAfBgNVHSMEGDAWgBSrcemxP1wzmlhp
Luq+cuqkBru9fTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3EzSHBzVDljTTVwWWFTN3F2bkxxcEFhN3ZYMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvNmJhMzljLWVmMWQtNGQ0OC05ODJiLWNmNGI5MDA5OTdhMC8x
L3I0X2J1a0xmbUJFMnRkZTJ4QnhkZEM1eWd2WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
NmJhMzljLWVmMWQtNGQ0OC05ODJiLWNmNGI5MDA5OTdhMC8xL3EzSHBzVDljTTVw
WWFTN3F2bkxxcEFhN3ZYMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAVD9/AMEA1uXUDAMAwQAW5dbAwQA
W5dcMAwDBAfVjoADBAHVjoQwDAMEA9WOiAMEANWOjgMEAdWOmDANBgkqhkiG9w0B
AQsFAAOCAQEAKj/5ryWunbJnU+Oe8P8rxhdfxgmRDLaY8AC6ychYxMs2FhB93PLm
zyYw40ReVUsx1rxuYob0qAjlnKQ70m6Ju6egL+qPsMIyz9ybYdLuW0fTxjWaJ0Da
jWVYnAN9MiJhKK/vB8EB9BIUjuqHRpRdilPfz8nHzNZgbfmjuz870mUbjzBB9TeM
DiK+ZMcoPqs/HuQhM5fMzXsD0uXbNiBvN6tb8MvP1HOgF3dPWE0BDrClr/x2Yobo
U50htolbfdIc9vbKlvezJ43kx9Sn9hOXg4Ugrv4imUrUG5NbSV+xjukJYW59bn+i
JPBa/zzE6EizmJ5gPIbTqFl/kczc3uh1uw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:38 2024 by rpki-client on console-ams.rpki-client.org