Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/y_V8WDprA5hZIfXHAyrEyLfkfsg.roa
File:                     y_V8WDprA5hZIfXHAyrEyLfkfsg.roa (raw, json)
Hash identifier:          XouQTMcP1NqWMgSScnefTUQArWZnuqfqYkqo+12NHHI=
Subject key identifier:   CB:F5:7C:58:3A:6B:03:98:59:21:F5:C7:03:2A:C4:C8:B7:E4:7E:C8
Certificate issuer:       /CN=94948e5f2fa04b222a6e96883b840f7124531556
Certificate serial:       018571D7A3A6B503BA54D5129FF3390BB827
Authority key identifier: 94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/y_V8WDprA5hZIfXHAyrEyLfkfsg.roa
Signing time:             Mon 02 Jan 2023 09:37:15 +0000
ROA not before:           Mon 02 Jan 2023 09:37:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60117
IP address blocks:        185.117.73.0/24 maxlen: 24
                          185.117.72.0/24 maxlen: 24
                          185.117.74.0/24 maxlen: 24
                          185.117.75.0/24 maxlen: 24
                          185.198.58.0/24 maxlen: 24
                          185.198.57.0/24 maxlen: 24
                          185.198.56.0/24 maxlen: 24
                          185.198.59.0/24 maxlen: 24
                          185.141.24.0/24 maxlen: 24
                          185.141.26.0/24 maxlen: 24
                          185.141.25.0/24 maxlen: 24
                          185.141.27.0/24 maxlen: 24
                          194.36.188.0/24 maxlen: 24
                          194.36.190.0/24 maxlen: 24
                          194.36.189.0/24 maxlen: 24
                          194.36.191.0/24 maxlen: 24
                          185.45.192.0/24 maxlen: 24
                          185.82.201.0/24 maxlen: 24
                          185.82.200.0/24 maxlen: 24
                          185.82.203.0/24 maxlen: 24
                          185.82.202.0/24 maxlen: 24
                          185.45.193.0/24 maxlen: 24
                          185.45.194.0/24 maxlen: 24
                          185.45.195.0/24 maxlen: 24
                          185.106.121.0/24 maxlen: 24
                          185.244.148.0/24 maxlen: 24
                          185.106.120.0/24 maxlen: 24
                          185.244.150.0/24 maxlen: 24
                          185.106.123.0/24 maxlen: 24
                          185.244.149.0/24 maxlen: 24
                          185.106.122.0/24 maxlen: 24
                          185.244.151.0/24 maxlen: 24
                          212.8.251.0/24 maxlen: 24
                          185.183.96.0/24 maxlen: 24
                          185.183.98.0/24 maxlen: 24
                          185.183.97.0/24 maxlen: 24
                          185.183.99.0/24 maxlen: 24
                          188.116.36.0/24 maxlen: 24
                          2a05:9341::/32 maxlen: 32
                          2a05:9342::/32 maxlen: 32
                          2a05:9340::/32 maxlen: 32
                          2a03:660::/32 maxlen: 32
                          2a04:dd02::/32 maxlen: 32
                          2a05:9340::/29 maxlen: 29
                          2a0e:df40::/32 maxlen: 32
                          2a04:dd00::/29 maxlen: 29
                          2a06:3d80::/29 maxlen: 29
                          2a04:dd01::/32 maxlen: 32
                          2a04:dd00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:a3:a6:b5:03:ba:54:d5:12:9f:f3:39:0b:b8:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94948e5f2fa04b222a6e96883b840f7124531556
        Validity
            Not Before: Jan  2 09:37:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cbf57c583a6b03985921f5c7032ac4c8b7e47ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3d:ae:c2:3b:ad:97:2d:4a:40:96:ea:50:70:
                    bf:82:b1:76:81:4e:b2:ee:ca:2c:ff:af:fb:bb:4e:
                    60:90:0c:84:92:53:65:88:74:34:a9:61:cf:a5:08:
                    22:29:a1:26:04:fe:b7:4e:9c:b7:6d:8b:b4:6f:d5:
                    8e:df:b2:c3:0d:27:6c:b6:3e:04:0f:df:ef:2d:60:
                    5a:02:39:51:ac:50:1e:f2:6d:b2:80:93:cd:b6:a4:
                    77:c3:58:0f:08:6c:4f:84:44:c6:1b:13:96:67:7c:
                    cb:7f:35:46:09:8d:14:93:5b:8f:93:dd:bf:b4:8b:
                    f1:df:6b:8d:00:de:7c:be:91:50:1b:4c:d2:84:b6:
                    0a:f1:7b:ab:81:35:3e:6d:49:38:f1:74:b4:86:79:
                    82:7e:87:93:30:a4:86:d2:80:88:b3:c3:ee:82:87:
                    a3:71:5a:e5:27:50:1f:de:eb:23:48:e2:01:32:26:
                    74:b0:85:cd:41:cc:2c:38:0e:7c:d0:20:a5:b7:1b:
                    be:51:c6:f1:fc:53:7b:bf:7f:6f:39:78:99:ba:3e:
                    ba:5e:76:02:b8:66:61:f6:59:73:cf:3c:62:95:6c:
                    8d:7a:6f:3b:04:0c:a8:b6:c9:81:49:c3:c2:7d:44:
                    9d:fe:ed:4c:54:1c:81:eb:24:fe:a0:ba:f7:3d:4e:
                    4d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F5:7C:58:3A:6B:03:98:59:21:F5:C7:03:2A:C4:C8:B7:E4:7E:C8
            X509v3 Authority Key Identifier:
                keyid:94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/y_V8WDprA5hZIfXHAyrEyLfkfsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.192.0/22
                  185.82.200.0/22
                  185.106.120.0/22
                  185.117.72.0/22
                  185.141.24.0/22
                  185.183.96.0/22
                  185.198.56.0/22
                  185.244.148.0/22
                  188.116.36.0/24
                  194.36.188.0/22
                  212.8.251.0/24
                IPv6:
                  2a03:660::/32
                  2a04:dd00::/29
                  2a05:9340::/29
                  2a06:3d80::/29
                  2a0e:df40::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:4f:5d:30:d3:11:8e:64:10:a1:ca:5a:3a:81:04:c5:c4:b9:
         b4:23:41:7a:35:bc:e3:dc:d9:a6:88:b3:00:ed:24:df:1c:2f:
         91:f0:1b:06:03:b5:ca:a3:d2:ee:61:be:44:7e:20:d2:e0:60:
         98:41:24:bd:68:4f:a2:b1:41:4a:26:d0:d0:76:96:18:d6:6e:
         15:dc:c3:66:5c:bf:ee:cc:69:20:f9:65:f2:f4:ba:c8:9d:19:
         16:18:54:6e:90:a9:90:fb:f1:e9:45:47:ae:df:e2:5f:8d:39:
         9b:3b:51:96:af:b0:3f:38:ef:37:7d:60:b9:0d:5b:f7:b0:a8:
         9e:c3:be:57:d4:0c:ea:e6:51:c6:95:52:5f:d6:70:96:98:e6:
         75:4a:59:e3:e8:c2:89:b4:37:7c:e7:ec:94:a8:db:0e:18:91:
         89:0a:ae:c2:ac:da:68:da:b5:5d:97:b9:c1:7b:74:fe:a9:04:
         e6:3f:75:bc:71:3d:ca:d5:05:74:1a:e0:58:af:2c:28:34:0e:
         1a:68:2d:22:07:fd:bb:81:4e:d3:ea:60:da:5a:7b:25:41:c9:
         6b:51:bd:12:c8:75:66:cb:28:c6:5f:46:6b:1e:0e:e4:f9:20:
         23:48:a2:d2:3c:09:10:5d:eb:21:e6:18:98:29:90:c1:3b:a1:
         e4:95:23:1d
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAYVx16OmtQO6VNUSn/M5C7gnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTQ4ZTVmMmZhMDRiMjIyYTZlOTY4ODNiODQwZjcxMjQ1
MzE1NTYwHhcNMjMwMTAyMDkzNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmY1N2M1ODNhNmIwMzk4NTkyMWY1YzcwMzJhYzRjOGI3ZTQ3ZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD2uwjutly1KQJbqUHC/grF2gU6y
7sos/6/7u05gkAyEklNliHQ0qWHPpQgiKaEmBP63Tpy3bYu0b9WO37LDDSdstj4E
D9/vLWBaAjlRrFAe8m2ygJPNtqR3w1gPCGxPhETGGxOWZ3zLfzVGCY0Uk1uPk92/
tIvx32uNAN58vpFQG0zShLYK8XurgTU+bUk48XS0hnmCfoeTMKSG0oCIs8Pugoej
cVrlJ1Af3usjSOIBMiZ0sIXNQcwsOA580CCltxu+Ucbx/FN7v39vOXiZuj66XnYC
uGZh9llzzzxilWyNem87BAyotsmBScPCfUSd/u1MVByB6yT+oLr3PU5N9wIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFMv1fFg6awOYWSH1xwMqxMi35H7IMB8GA1UdIwQY
MBaAFJSUjl8voEsiKm6WiDuED3EkUxVWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODct
NjQxYjhlNjBkM2UyLzEveV9WOFdEcHJBNWhaSWZYSEF5ckV5TGZrZnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODctNjQxYjhlNjBkM2Uy
LzEvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwSAQCAAEwQgMEArktwAME
ArlSyAMEArlqeAMEArl1SAMEArmNGAMEArm3YAMEArnGOAMEArn0lAMEALx0JAME
AsIkvAMEANQI+zApBAIAAjAjAwUAKgMGYAMFAyoE3QADBQMqBZNAAwUDKgY9gAMF
ACoO30AwDQYJKoZIhvcNAQELBQADggEBALpPXTDTEY5kEKHKWjqBBMXEubQjQXo1
vOPc2aaIswDtJN8cL5HwGwYDtcqj0u5hvkR+INLgYJhBJL1oT6KxQUom0NB2lhjW
bhXcw2Zcv+7MaSD5ZfL0usidGRYYVG6QqZD78elFR67f4l+NOZs7UZavsD847zd9
YLkNW/ewqJ7DvlfUDOrmUcaVUl/WcJaY5nVKWePowom0N3zn7JSo2w4YkYkKrsKs
2mjatV2XucF7dP6pBOY/dbxxPcrVBXQa4FivLCg0DhpoLSIH/buBTtPqYNpaeyVB
yWtRvRLIdWbLKMZfRmseDuT5ICNIotI8CRBd6yHmGJgpkME7oeSVIx0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:50 2024 by rpki-client on console-ams.rpki-client.org