Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/2dwxQLjYskRQp7K2uOnsKi_ioow.roa
File:                     2dwxQLjYskRQp7K2uOnsKi_ioow.roa (raw, json)
Hash identifier:          xjWKoCb2lF/O4u4AZuJ8FjvhCVVTu2vJubIJ4zz0ZB0=
Subject key identifier:   D9:DC:31:40:B8:D8:B2:44:50:A7:B2:B6:B8:E9:EC:2A:2F:E2:A2:8C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       049B6520
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/2dwxQLjYskRQp7K2uOnsKi_ioow.roa
Signing time:             Fri 15 Apr 2022 10:59:32 +0000
ROA not before:           Fri 15 Apr 2022 10:59:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          185.40.5.0/24 maxlen: 24
                          45.8.210.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          185.180.228.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          185.112.100.0/24 maxlen: 24
                          147.78.66.7/32 maxlen: 32
                          194.67.208.12/32 maxlen: 32
                          185.102.137.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:7c80::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0c:f641::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a07:4a00::/29 maxlen: 29
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0c:f640::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 77292832 (0x49b6520)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Apr 15 10:59:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d9dc3140b8d8b24450a7b2b6b8e9ec2a2fe2a28c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d6:89:85:f0:8b:ba:e2:95:fe:c4:46:7a:95:
                    83:51:aa:b5:d1:09:18:f5:9f:c1:47:f1:b3:4f:f4:
                    fa:3c:c0:c2:ac:a6:f0:aa:1c:b1:82:c4:42:35:17:
                    21:e7:ec:e6:53:99:59:b5:f7:27:d9:90:6d:19:d9:
                    b0:b1:71:bd:99:ea:97:17:ec:2c:31:b9:15:a4:06:
                    8e:50:8c:0b:23:b2:c5:e4:42:4e:18:33:7d:df:8e:
                    00:27:b6:c3:ce:7b:11:c1:d3:9c:bc:8c:08:4c:69:
                    9e:b1:8b:66:7b:59:00:d6:7c:8a:d5:90:fc:e1:db:
                    5b:d9:6a:2a:b4:da:a2:ae:30:7c:20:80:63:6f:21:
                    b5:3b:ff:8e:13:2f:ff:82:18:44:d2:cd:de:6c:76:
                    7e:80:02:fa:16:ed:19:86:cf:a9:e8:38:ef:f4:a9:
                    93:d2:1f:96:df:9c:d2:8e:3d:f7:cd:cf:8b:4d:fd:
                    35:c7:30:b0:dd:de:42:d1:d5:8b:24:9c:f8:63:5e:
                    95:f4:20:36:b9:7f:f4:f3:ae:a9:3c:9c:32:8f:26:
                    5e:8c:56:d2:3b:21:63:97:6b:c9:0a:dd:1f:ea:72:
                    2f:97:39:08:8d:21:b6:7c:07:67:a2:7f:19:07:cc:
                    ed:2b:e5:d4:1d:05:17:b5:d6:c5:54:8f:22:bd:42:
                    92:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DC:31:40:B8:D8:B2:44:50:A7:B2:B6:B8:E9:EC:2A:2F:E2:A2:8C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/2dwxQLjYskRQp7K2uOnsKi_ioow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.210.0/23
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/23
                  185.102.137.0/24
                  185.104.248.0/24
                  185.112.100.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.228.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a07:4a00::/29
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0c:6980::/29
                  2a0c:f640::/31
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32
                  2a0f:7c80::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:ba:f5:20:43:0b:f3:d6:72:e7:33:6f:dc:e3:6d:bd:95:35:
         75:88:a7:7d:29:ef:63:18:dd:a5:d0:b4:67:a4:00:6e:d8:4b:
         14:70:54:0d:71:c5:dd:e3:fd:2d:b9:4b:bb:df:09:b9:d2:c4:
         06:91:23:53:1a:4b:4f:17:34:a5:e4:1b:15:59:6c:4e:e2:09:
         23:91:cd:83:64:61:c6:77:f3:58:21:fc:d4:e0:9f:49:b6:e6:
         68:ae:c3:45:83:b4:eb:56:e3:a8:00:ec:a3:fd:0b:8d:2e:d8:
         d1:35:5a:e2:ac:68:29:e5:89:38:67:78:94:09:3b:07:6c:3b:
         dd:92:da:8d:34:8a:74:ee:06:d1:95:5f:3b:c0:cc:5e:dc:49:
         b0:80:af:50:52:56:10:45:32:c7:56:7a:88:03:09:8d:68:1c:
         43:41:44:34:b3:a8:6c:e2:7e:a0:1e:3c:b7:c6:0c:9d:c6:5e:
         47:32:5b:0c:42:f9:fc:94:bd:b8:5f:c1:19:68:8e:d2:7c:91:
         55:5d:1a:3e:c0:60:9a:77:68:c8:d9:5b:a7:61:ee:ed:7a:08:
         27:11:13:1b:a3:f2:bf:d7:48:60:af:83:5a:e3:83:cc:35:d1:
         6e:60:d0:00:3d:9d:55:54:8f:41:72:ba:75:8f:5a:2c:66:6e:
         f3:2a:81:69
-----BEGIN CERTIFICATE-----
MIIGJTCCBQ2gAwIBAgIEBJtlIDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDQx
NTEwNTkzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDlkYzMxNDBiOGQ4
YjI0NDUwYTdiMmI2YjhlOWVjMmEyZmUyYTI4YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMrWiYXwi7rilf7ERnqVg1GqtdEJGPWfwUfxs0/0+jzAwqym
8KocsYLEQjUXIefs5lOZWbX3J9mQbRnZsLFxvZnqlxfsLDG5FaQGjlCMCyOyxeRC
Thgzfd+OACe2w857EcHTnLyMCExpnrGLZntZANZ8itWQ/OHbW9lqKrTaoq4wfCCA
Y28htTv/jhMv/4IYRNLN3mx2foAC+hbtGYbPqeg47/Spk9Iflt+c0o49983Pi039
NccwsN3eQtHViySc+GNelfQgNrl/9POuqTycMo8mXoxW0jshY5dryQrdH+pyL5c5
CI0htnwHZ6J/GQfM7Svl1B0FF7XWxVSPIr1CkmcCAwEAAaOCAz8wggM7MB0GA1Ud
DgQWBBTZ3DFAuNiyRFCnsra46ewqL+KijDAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
LzJkd3hRTGpZc2tSUXA3SzJ1T25zS2lfaW9vdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AVMGCCsGAQUFBwEHAQH/BIIBQjCCAT4wgc8EAgABMIHIAwUABbSITAMFAAW0iN0D
BAEtCNIDBQCTTkIHAwUAuREDZgMEAbkoBAMEALlmiQMEALlo+AMEALlwZAMFALmL
RBwDBQC5i0Z0AwQBuayCAwQAua6IAwQAua6LAwQAubTkAwQAubTmAwUAubTnVwME
ALm8tAMEArm9DAMEAsCiZAMEAMEAyAMEAcEAygMEAMGo4gMEAsI/jAMFAMJDxH8D
BQDCQ8YHAwUAwkPGbAMFAMJDyzYDBQDCQ9AGAwUAwkPQDAMFAMJD0DAwagQCAAIw
ZAMFACoEUgAwDgMFASoEUgIDBQMqBFIAAwUDKgdKAAMFACoJUwMDBQAqCpMAAwUD
KgvaAAMFAyoMaYADBQEqDPZAAwUAKg7WAgMFACoPRoADBQAqD3MAAwUDKg98gAMF
AyoPx4AwDQYJKoZIhvcNAQELBQADggEBAFu69SBDC/PWcuczb9zjbb2VNXWIp30p
72MY3aXQtGekAG7YSxRwVA1xxd3j/S25S7vfCbnSxAaRI1MaS08XNKXkGxVZbE7i
CSORzYNkYcZ381gh/NTgn0m25miuw0WDtOtW46gA7KP9C40u2NE1WuKsaCnliThn
eJQJOwdsO92S2o00inTuBtGVXzvAzF7cSbCAr1BSVhBFMsdWeogDCY1oHENBRDSz
qGzifqAePLfGDJ3GXkcyWwxC+fyUvbhfwRlojtJ8kVVdGj7AYJp3aMjZW6dh7u16
CCcRExuj8r/XSGCvg1rjg8w10W5g0AA9nVVUj0FyunWPWixmbvMqgWk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org