Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/8nZqwBJalgbndJkJvqVCLU4vZOA.roa
File:                     8nZqwBJalgbndJkJvqVCLU4vZOA.roa (raw, json)
Hash identifier:          1qCu532ErtzzcBCj6NToXbM1N5+IAlnKn2nCZzcXeqM=
Subject key identifier:   F2:76:6A:C0:12:5A:96:06:E7:74:99:09:BE:A5:42:2D:4E:2F:64:E0
Certificate issuer:       /CN=94948e5f2fa04b222a6e96883b840f7124531556
Certificate serial:       01884D3CC834C01F92008ED497AC7500922D
Authority key identifier: 94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/8nZqwBJalgbndJkJvqVCLU4vZOA.roa
Signing time:             Wed 24 May 2023 10:10:09 +0000
ROA not before:           Wed 24 May 2023 10:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60117
IP address blocks:        185.117.73.0/24 maxlen: 24
                          185.117.72.0/24 maxlen: 24
                          185.117.74.0/24 maxlen: 24
                          185.117.75.0/24 maxlen: 24
                          185.198.58.0/24 maxlen: 24
                          185.198.57.0/24 maxlen: 24
                          185.198.56.0/24 maxlen: 24
                          185.198.59.0/24 maxlen: 24
                          185.183.96.0/24 maxlen: 24
                          185.183.98.0/24 maxlen: 24
                          185.183.97.0/24 maxlen: 24
                          188.116.36.0/24 maxlen: 24
                          185.141.24.0/24 maxlen: 24
                          185.141.25.0/24 maxlen: 24
                          185.141.27.0/24 maxlen: 24
                          194.36.188.0/24 maxlen: 24
                          194.36.190.0/24 maxlen: 24
                          194.36.189.0/24 maxlen: 24
                          194.36.191.0/24 maxlen: 24
                          185.45.192.0/24 maxlen: 24
                          185.82.201.0/24 maxlen: 24
                          185.82.200.0/24 maxlen: 24
                          185.82.203.0/24 maxlen: 24
                          185.82.202.0/24 maxlen: 24
                          185.45.193.0/24 maxlen: 24
                          185.45.194.0/24 maxlen: 24
                          185.45.195.0/24 maxlen: 24
                          185.106.121.0/24 maxlen: 24
                          185.244.148.0/24 maxlen: 24
                          185.106.120.0/24 maxlen: 24
                          185.244.150.0/24 maxlen: 24
                          185.106.123.0/24 maxlen: 24
                          185.244.149.0/24 maxlen: 24
                          185.106.122.0/24 maxlen: 24
                          185.244.151.0/24 maxlen: 24
                          212.8.251.0/24 maxlen: 24
                          2a05:9341::/32 maxlen: 32
                          2a0e:df40::/32 maxlen: 32
                          2a05:9342::/32 maxlen: 32
                          2a04:dd00::/29 maxlen: 29
                          2a06:3d80::/29 maxlen: 29
                          2a04:dd01::/32 maxlen: 32
                          2a05:9340::/32 maxlen: 32
                          2a04:dd00::/32 maxlen: 32
                          2a03:660::/32 maxlen: 32
                          2a04:dd02::/32 maxlen: 32
                          2a05:9340::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:4d:3c:c8:34:c0:1f:92:00:8e:d4:97:ac:75:00:92:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94948e5f2fa04b222a6e96883b840f7124531556
        Validity
            Not Before: May 24 10:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f2766ac0125a9606e7749909bea5422d4e2f64e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:19:23:98:f2:1d:b9:39:a1:df:f2:a7:7b:11:
                    02:e3:24:28:b5:07:ab:43:97:93:ba:cd:8d:12:9d:
                    fb:d3:0f:a6:bf:a7:af:24:18:84:17:ab:b7:83:25:
                    3a:96:09:de:9e:8c:17:d0:16:ce:b3:13:28:d2:43:
                    60:40:bf:89:42:bd:b3:18:c7:91:61:57:fa:db:49:
                    33:a5:33:e5:bd:2c:a5:dd:cf:ad:0a:e0:4a:67:30:
                    b9:5a:24:9d:59:6e:5f:79:2a:69:93:ff:11:cf:d8:
                    48:d0:73:f9:f0:0f:9f:09:9f:eb:10:f5:07:84:7a:
                    81:a8:14:7b:d5:53:bc:36:a9:49:0e:40:63:4c:22:
                    ee:ad:91:93:a1:42:c6:5d:6a:aa:3c:15:b4:10:ad:
                    81:9e:4e:bd:9d:f4:0b:98:c4:68:f1:7c:63:8c:3b:
                    42:93:c8:61:8f:2a:90:42:4c:7c:46:f1:13:17:50:
                    c2:51:93:8e:b2:cb:f5:26:93:ac:59:8f:6a:16:46:
                    11:8d:0e:16:89:ee:c0:63:9d:cf:7c:66:9d:30:74:
                    ec:9e:2b:c7:c6:d4:17:bb:6e:5a:13:a3:ed:5c:ad:
                    8f:3d:d2:57:b5:8e:d9:15:b7:b6:26:f7:20:05:f9:
                    9d:fb:56:0c:bb:8d:1c:51:f9:65:1a:83:96:b9:be:
                    8d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:76:6A:C0:12:5A:96:06:E7:74:99:09:BE:A5:42:2D:4E:2F:64:E0
            X509v3 Authority Key Identifier:
                keyid:94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/8nZqwBJalgbndJkJvqVCLU4vZOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.192.0/22
                  185.82.200.0/22
                  185.106.120.0/22
                  185.117.72.0/22
                  185.141.24.0/23
                  185.141.27.0/24
                  185.183.96.0-185.183.98.255
                  185.198.56.0/22
                  185.244.148.0/22
                  188.116.36.0/24
                  194.36.188.0/22
                  212.8.251.0/24
                IPv6:
                  2a03:660::/32
                  2a04:dd00::/29
                  2a05:9340::/29
                  2a06:3d80::/29
                  2a0e:df40::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:05:c5:0b:a1:0c:09:35:53:97:3c:49:5a:59:44:f5:d1:f1:
         d5:88:e7:ec:cb:a6:14:08:d8:be:4f:4f:1e:f0:8d:42:58:48:
         09:9f:e3:8e:ce:0f:79:53:a5:45:37:e4:22:86:e6:80:90:5b:
         b4:c4:84:33:21:86:a8:c0:6a:28:8b:87:3c:c5:45:28:93:97:
         a8:05:b4:4a:34:b0:14:4e:18:2d:4b:93:e7:25:3e:95:15:f7:
         e6:d0:ab:3c:c6:2d:57:70:c7:f3:d1:35:8d:fb:48:21:2b:4b:
         94:35:5f:e0:ad:6b:97:3d:e1:4c:99:59:40:c5:e9:20:83:94:
         d5:57:79:5c:d4:ad:ed:d7:e5:ff:70:05:e1:e1:3d:85:a5:5e:
         df:95:7f:f0:95:5d:a4:81:66:ae:3d:ed:b6:3d:ef:ee:a0:6f:
         bf:e1:5c:cb:39:cf:e7:ef:0a:bb:52:6d:c8:ce:65:d1:db:16:
         f1:39:c5:73:e5:2e:e4:2c:ff:60:ba:91:20:fe:4e:23:dd:b3:
         7a:da:51:4c:5e:35:7b:16:05:1d:91:c9:63:7c:a4:62:a2:0c:
         a1:25:3e:b8:46:33:c0:e2:03:9c:d2:2b:76:7d:e0:25:50:99:
         0e:f1:2b:2b:52:74:f1:33:18:15:ad:2d:08:21:90:e1:65:20:
         3a:2c:f2:85
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYhNPMg0wB+SAI7Ul6x1AJItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTQ4ZTVmMmZhMDRiMjIyYTZlOTY4ODNiODQwZjcxMjQ1
MzE1NTYwHhcNMjMwNTI0MTAxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc2NmFjMDEyNWE5NjA2ZTc3NDk5MDliZWE1NDIyZDRlMmY2NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBkjmPIduTmh3/KnexEC4yQotQer
Q5eTus2NEp370w+mv6evJBiEF6u3gyU6lgnenowX0BbOsxMo0kNgQL+JQr2zGMeR
YVf620kzpTPlvSyl3c+tCuBKZzC5WiSdWW5feSppk/8Rz9hI0HP58A+fCZ/rEPUH
hHqBqBR71VO8NqlJDkBjTCLurZGToULGXWqqPBW0EK2Bnk69nfQLmMRo8XxjjDtC
k8hhjyqQQkx8RvETF1DCUZOOssv1JpOsWY9qFkYRjQ4Wie7AY53PfGadMHTsnivH
xtQXu25aE6PtXK2PPdJXtY7ZFbe2JvcgBfmd+1YMu40cUfllGoOWub6N3wIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFPJ2asASWpYG53SZCb6lQi1OL2TgMB8GA1UdIwQY
MBaAFJSUjl8voEsiKm6WiDuED3EkUxVWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODct
NjQxYjhlNjBkM2UyLzEvOG5acXdCSmFsZ2JuZEprSnZxVkNMVTR2Wk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODctNjQxYjhlNjBkM2Uy
LzEvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzBWBAIAATBQAwQCuS3A
AwQCuVLIAwQCuWp4AwQCuXVIAwQBuY0YAwQAuY0bMAwDBAW5t2ADBAC5t2IDBAK5
xjgDBAK59JQDBAC8dCQDBALCJLwDBADUCPswKQQCAAIwIwMFACoDBmADBQMqBN0A
AwUDKgWTQAMFAyoGPYADBQAqDt9AMA0GCSqGSIb3DQEBCwUAA4IBAQBlBcULoQwJ
NVOXPElaWUT10fHViOfsy6YUCNi+T08e8I1CWEgJn+OOzg95U6VFN+QihuaAkFu0
xIQzIYaowGooi4c8xUUok5eoBbRKNLAUThgtS5PnJT6VFffm0Ks8xi1XcMfz0TWN
+0ghK0uUNV/grWuXPeFMmVlAxekgg5TVV3lc1K3t1+X/cAXh4T2FpV7flX/wlV2k
gWauPe22Pe/uoG+/4VzLOc/n7wq7Um3IzmXR2xbxOcVz5S7kLP9gupEg/k4j3bN6
2lFMXjV7FgUdkcljfKRiogyhJT64RjPA4gOc0it2feAlUJkO8SsrUnTxMxgVrS0I
IZDhZSA6LPKF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:55 2024 by rpki-client on console-fra.rpki-client.org