Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sKZ19hOBErkm4jWPZ-gJjwuFD-I.roa
File:                     sKZ19hOBErkm4jWPZ-gJjwuFD-I.roa (raw, json)
Hash identifier:          LS/cEDMj76m0r+EpeP/x0Zm+dmA4Kaz007T780fP4i8=
Subject key identifier:   B0:A6:75:F6:13:81:12:B9:26:E2:35:8F:67:E8:09:8F:0B:85:0F:E2
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       0B9ACB7E
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sKZ19hOBErkm4jWPZ-gJjwuFD-I.roa
Signing time:             Wed 04 May 2022 07:25:04 +0000
ROA not before:           Wed 04 May 2022 07:25:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6718
IP address blocks:        91.250.242.0/24 maxlen: 24
                          188.119.151.0/24 maxlen: 24
                          188.119.150.0/24 maxlen: 24
                          193.32.28.0/24 maxlen: 24
                          193.32.29.0/24 maxlen: 24
                          128.0.34.0/24 maxlen: 24
                          128.0.33.0/24 maxlen: 24
                          128.0.36.0/24 maxlen: 24
                          91.239.230.0/24 maxlen: 24
                          185.36.252.0/24 maxlen: 24
                          5.154.224.0/24 maxlen: 24
                          91.216.8.0/24 maxlen: 24
                          2a05:1c04::/32 maxlen: 32
                          2a05:1c00::/32 maxlen: 32
                          2a05:1c02::/32 maxlen: 32
                          2a00:ece0::/32 maxlen: 32
                          2a05:1c03::/32 maxlen: 32
                          2a04:6c80::/48 maxlen: 48
                          2a05:1c01::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 194694014 (0xb9acb7e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: May  4 07:25:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b0a675f6138112b926e2358f67e8098f0b850fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:92:9f:ac:ae:a1:9a:02:72:0b:f5:f3:c0:d1:
                    68:9f:57:bc:d9:9d:f6:39:88:6b:b7:cd:56:c7:f1:
                    f6:e3:0c:07:12:c4:77:cf:36:62:aa:a2:85:6f:ad:
                    27:46:ba:bc:0e:c3:e5:22:e5:f5:3b:4f:f7:15:d2:
                    49:28:93:2b:d9:26:f9:29:c9:83:4b:27:0d:66:55:
                    ea:fe:e1:6e:a5:d2:06:12:46:e8:15:42:a6:ab:f6:
                    ec:d8:22:fb:98:22:67:9e:e3:ea:cd:7e:96:8c:ec:
                    28:c7:25:8a:59:ce:ae:60:a6:7d:60:35:e4:be:cd:
                    bf:75:08:bd:27:8d:22:3d:62:81:37:b5:35:7c:3c:
                    c6:ab:ca:08:76:74:91:30:fa:f5:35:7a:68:14:23:
                    7e:11:5c:c0:5e:00:9e:af:49:06:5c:1e:18:b5:e1:
                    15:ec:b2:ae:44:f9:7e:94:db:de:8b:b3:ab:ef:dd:
                    66:1e:4a:5d:52:b5:5c:98:ef:a2:48:fe:e0:e8:43:
                    de:6e:0f:91:b7:4d:9b:0e:61:55:3c:c6:55:c2:6b:
                    28:22:96:79:f3:3a:ef:4c:6f:0b:42:3e:52:14:bf:
                    9d:88:df:b3:d2:3d:be:27:47:e0:33:ef:1c:49:e9:
                    f4:00:8d:5f:29:4f:60:d5:a9:f2:f7:9c:2d:59:e2:
                    e0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A6:75:F6:13:81:12:B9:26:E2:35:8F:67:E8:09:8F:0B:85:0F:E2
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sKZ19hOBErkm4jWPZ-gJjwuFD-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.224.0/24
                  91.216.8.0/24
                  91.239.230.0/24
                  91.250.242.0/24
                  128.0.33.0-128.0.34.255
                  128.0.36.0/24
                  185.36.252.0/24
                  188.119.150.0/23
                  193.32.28.0/23
                IPv6:
                  2a00:ece0::/32
                  2a04:6c80::/48
                  2a05:1c00::-2a05:1c04:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6a:2d:3d:1e:e7:7c:0c:ca:b2:43:96:97:7d:f5:55:a8:ff:82:
         b8:68:42:b8:51:c1:e1:0b:bb:b0:b0:8c:06:d6:03:63:b0:10:
         9d:1c:bc:84:fe:99:3e:7a:38:3f:2f:11:1c:fc:3d:7e:a2:24:
         9d:a7:07:49:c0:12:57:74:1e:ee:e9:a1:96:81:4d:d7:2e:55:
         86:41:bb:c7:d3:2b:f2:88:ae:8d:37:46:7a:6e:b3:6c:50:89:
         20:e1:e8:c2:86:58:f9:25:a2:7c:4c:c0:4c:2f:41:d4:85:00:
         07:90:cc:c1:a0:53:85:ab:74:6b:42:70:5d:6b:77:3a:21:86:
         5d:67:fb:e4:96:22:b3:dc:cb:bb:0b:cd:1e:75:90:2e:2e:e8:
         99:65:f8:ed:1f:73:d7:ae:4b:f8:64:4f:d4:5e:66:5d:80:26:
         9b:29:09:c4:d2:40:24:23:8a:fc:1e:0e:97:e1:30:eb:7d:a5:
         a2:6a:f0:c2:5e:c6:b5:07:af:23:0e:f2:3a:5c:5d:a3:b8:2b:
         aa:71:25:bb:f8:1a:0e:4f:8c:1c:8c:a9:82:66:5c:07:04:d4:
         89:ad:8d:2b:bc:86:67:78:d2:bf:97:c6:78:0e:86:55:af:8e:
         ff:88:a1:18:cb:65:a9:21:8c:5a:c9:49:47:44:bb:3f:36:64:
         52:8e:7c:cf
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgIEC5rLfjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MGMyMGFlMWRhY2NhMzE4MTViMjc0NzAyOTI3YzFhNWE5ZGJjN2IzMB4XDTIyMDUw
NDA3MjUwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjBhNjc1ZjYxMzgx
MTJiOTI2ZTIzNThmNjdlODA5OGYwYjg1MGZlMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMySn6yuoZoCcgv188DRaJ9XvNmd9jmIa7fNVsfx9uMMBxLE
d882YqqihW+tJ0a6vA7D5SLl9TtP9xXSSSiTK9km+SnJg0snDWZV6v7hbqXSBhJG
6BVCpqv27Ngi+5giZ57j6s1+lozsKMclilnOrmCmfWA15L7Nv3UIvSeNIj1igTe1
NXw8xqvKCHZ0kTD69TV6aBQjfhFcwF4Anq9JBlweGLXhFeyyrkT5fpTb3ouzq+/d
Zh5KXVK1XJjvokj+4OhD3m4PkbdNmw5hVTzGVcJrKCKWefM670xvC0I+UhS/nYjf
s9I9vidH4DPvHEnp9ACNXylPYNWp8vecLVni4OcCAwEAAaOCAmgwggJkMB0GA1Ud
DgQWBBSwpnX2E4ESuSbiNY9n6AmPC4UP4jAfBgNVHSMEGDAWgBSwwgrh2syjGBWy
dHApJ8GlqdvHszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NNSUs0ZHJNb3hnVnNuUndLU2ZCcGFuYng3TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvODg4ODY5LTdhNjUtNDE1Yi1iNjhmLTU0ODQ0MDJjZWI3YS8x
L3NLWjE5aE9CRXJrbTRqV1BaLWdKand1RkQtSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
ODg4ODY5LTdhNjUtNDE1Yi1iNjhmLTU0ODQ0MDJjZWI3YS8xL3NNSUs0ZHJNb3hn
VnNuUndLU2ZCcGFuYng3TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB+
BggrBgEFBQcBBwEB/wRvMG0wRAQCAAEwPgMEAAWa4AMEAFvYCAMEAFvv5gMEAFv6
8jAMAwQAgAAhAwQAgAAiAwQAgAAkAwQAuST8AwQBvHeWAwQBwSAcMCUEAgACMB8D
BQAqAOzgAwcAKgRsgAAAMA0DBAIqBRwDBQAqBRwEMA0GCSqGSIb3DQEBCwUAA4IB
AQBqLT0e53wMyrJDlpd99VWo/4K4aEK4UcHhC7uwsIwG1gNjsBCdHLyE/pk+ejg/
LxEc/D1+oiSdpwdJwBJXdB7u6aGWgU3XLlWGQbvH0yvyiK6NN0Z6brNsUIkg4ejC
hlj5JaJ8TMBML0HUhQAHkMzBoFOFq3RrQnBda3c6IYZdZ/vkliKz3Mu7C80edZAu
LuiZZfjtH3PXrkv4ZE/UXmZdgCabKQnE0kAkI4r8Hg6X4TDrfaWiavDCXsa1B68j
DvI6XF2juCuqcSW7+BoOT4wcjKmCZlwHBNSJrY0rvIZneNK/l8Z4DoZVr47/iKEY
y2WpIYxayUlHRLs/NmRSjnzP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org