Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/385oDnPARhRm_D0ps_jSetBLh9A.roa
File:                     385oDnPARhRm_D0ps_jSetBLh9A.roa (raw, json)
Hash identifier:          kuEZoRNMge8U0Ex/Dp453moOM3fj4uR2f151bkBZNLk=
Subject key identifier:   DF:CE:68:0E:73:C0:46:14:66:FC:3D:29:B3:F8:D2:7A:D0:4B:87:D0
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0189DAC03CA8FE0A43AE2065CE7CB5E16B13
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/385oDnPARhRm_D0ps_jSetBLh9A.roa
Signing time:             Wed 09 Aug 2023 14:42:58 +0000
ROA not before:           Wed 09 Aug 2023 14:42:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209641
IP address blocks:        185.5.248.0/23 maxlen: 23
                          185.5.250.0/23 maxlen: 23
                          185.5.248.0/22 maxlen: 22
                          185.5.250.0/24 maxlen: 24
                          185.87.48.0/22 maxlen: 22
                          185.87.50.0/24 maxlen: 24
                          185.87.48.0/24 maxlen: 24
                          185.87.51.0/24 maxlen: 24
                          185.87.49.0/24 maxlen: 24
                          185.117.152.0/22 maxlen: 22
                          45.89.67.0/24 maxlen: 24
                          45.89.66.0/24 maxlen: 24
                          91.217.80.0/24 maxlen: 24
                          94.142.136.0/21 maxlen: 21
                          94.142.139.0/24 maxlen: 24
                          94.142.143.0/24 maxlen: 24
                          94.142.141.0/24 maxlen: 24
                          94.142.140.0/24 maxlen: 24
                          94.142.142.0/24 maxlen: 24
                          185.125.218.0/23 maxlen: 23
                          185.125.216.0/22 maxlen: 22
                          185.105.116.0/24 maxlen: 24
                          185.105.117.0/24 maxlen: 24
                          193.109.85.0/24 maxlen: 24
                          185.58.206.0/24 maxlen: 24
                          185.58.204.0/24 maxlen: 24
                          185.58.204.0/22 maxlen: 22
                          185.58.207.0/24 maxlen: 24
                          185.125.231.0/24 maxlen: 24
                          185.125.229.0/24 maxlen: 24
                          185.125.228.0/22 maxlen: 22
                          185.125.230.0/24 maxlen: 24
                          185.125.228.0/24 maxlen: 24
                          194.67.192.0/19 maxlen: 19
                          194.67.196.0/22 maxlen: 22
                          194.67.194.0/23 maxlen: 23
                          194.67.193.0/24 maxlen: 24
                          193.124.176.0/20 maxlen: 20
                          193.124.176.0/21 maxlen: 21
                          193.124.184.0/21 maxlen: 21
                          45.128.176.0/24 maxlen: 24
                          45.128.178.0/24 maxlen: 24
                          45.128.176.0/22 maxlen: 22
                          45.128.177.0/24 maxlen: 24
                          45.128.179.0/24 maxlen: 24
                          195.47.250.0/24 maxlen: 24
                          194.67.203.0/24 maxlen: 24
                          194.67.200.0/21 maxlen: 21
                          194.67.202.0/24 maxlen: 24
                          194.67.204.0/22 maxlen: 22
                          194.67.208.0/20 maxlen: 20
                          2a0f:3380::/29 maxlen: 29
                          2a0a:9300:d1::/48 maxlen: 48
                          2a0a:9300::/48 maxlen: 48
                          2a0f:a500::/29 maxlen: 29
                          2a0a:9301:1::/48 maxlen: 48
                          2a0f:4580::/29 maxlen: 29
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9300:d2::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0a:9300:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
                          2a0c:77c0::/29 maxlen: 29
                          2a0a:9300:d0::/48 maxlen: 48
                          2a0d:3880::/29 maxlen: 29
                          2a0a:9302:1::/48 maxlen: 48
                          2a0f:1180::/29 maxlen: 29
                          2a0f:4680::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:da:c0:3c:a8:fe:0a:43:ae:20:65:ce:7c:b5:e1:6b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Aug  9 14:42:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dfce680e73c0461466fc3d29b3f8d27ad04b87d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:6c:45:79:02:08:8c:8d:47:8f:43:47:4d:d3:
                    89:db:6f:1b:1b:d4:5f:ef:7e:de:2f:ec:68:1e:ca:
                    2d:43:61:38:63:cd:0e:5a:89:51:e0:18:71:fc:4d:
                    fa:e8:39:ee:e1:f5:dc:9b:b9:26:be:3f:e5:fd:6e:
                    24:3f:51:d0:7e:17:7b:74:41:fc:92:c8:77:d4:d4:
                    d9:a7:56:93:fe:b1:d4:2c:ec:ce:bc:f8:5a:98:c7:
                    9f:0f:d2:88:6a:8e:6d:00:25:1b:57:da:c6:53:3c:
                    dd:82:7c:8a:fe:1c:d6:68:ed:0c:22:3f:74:a5:ec:
                    a1:17:70:69:2a:85:df:2a:77:fd:92:b5:01:ad:c5:
                    ba:3d:05:12:c8:58:25:a6:57:c4:c3:ea:51:06:40:
                    7d:2e:64:3b:73:c5:52:12:d4:95:ea:02:20:8d:0a:
                    69:4f:2e:d2:d5:2e:6a:8c:ba:7f:a9:91:e3:e6:79:
                    c7:a1:97:08:24:22:9b:28:a6:38:b7:6f:21:8e:86:
                    56:3b:8c:30:be:93:c2:6f:85:cd:c2:6e:17:e2:f4:
                    ea:01:4e:96:d2:d8:4c:06:c4:fe:62:4c:ba:98:72:
                    b1:1b:9e:50:66:24:46:b3:8d:e4:e9:e3:03:22:08:
                    1a:67:5b:f8:87:ca:77:5f:6e:c7:eb:51:a0:2f:eb:
                    a5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:CE:68:0E:73:C0:46:14:66:FC:3D:29:B3:F8:D2:7A:D0:4B:87:D0
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/385oDnPARhRm_D0ps_jSetBLh9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.66.0/23
                  45.128.176.0/22
                  91.217.80.0/24
                  94.142.136.0/21
                  185.5.248.0/22
                  185.58.204.0/22
                  185.87.48.0/22
                  185.105.116.0/23
                  185.117.152.0/22
                  185.125.216.0/22
                  185.125.228.0/22
                  193.109.85.0/24
                  193.124.176.0/20
                  194.67.192.0/19
                  195.47.250.0/24
                IPv6:
                  2a0a:9300::/48
                  2a0a:9300:2::/48
                  2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32
                  2a0c:77c0::/29
                  2a0d:3880::/29
                  2a0f:1180::/29
                  2a0f:3380::/29
                  2a0f:4580::/29
                  2a0f:4680::/29
                  2a0f:a500::/29

    Signature Algorithm: sha256WithRSAEncryption
         a8:50:55:fb:2d:f0:cf:03:a1:00:40:f3:a3:23:b2:cd:f2:6c:
         21:53:e1:75:a9:87:d8:0d:07:7a:42:e7:1f:5d:8d:83:36:2d:
         9d:c7:19:fe:46:a6:69:fb:8b:97:59:f9:d7:1e:2c:29:da:2c:
         a0:90:53:b0:d1:bd:c3:39:7e:a8:21:69:17:5e:fb:1c:67:8b:
         a1:ec:91:38:64:03:6b:04:9f:d3:1c:35:09:01:1f:f7:fb:ce:
         a9:c8:d7:69:51:51:62:41:fa:1b:0f:b4:71:a8:9f:50:08:a5:
         24:d1:3d:36:94:0c:b5:15:84:b7:ce:20:8b:4e:a9:5c:92:a5:
         a5:25:81:9d:ff:bc:27:3b:b3:8e:00:2c:58:57:8f:f9:55:a9:
         33:37:cc:77:ee:4b:c6:be:44:f3:96:d2:2e:14:ed:cc:07:70:
         dd:c8:4c:f5:40:e5:2f:cf:00:b2:85:8b:65:ca:75:1f:2c:66:
         ec:da:90:13:e9:bf:69:e7:d9:98:7e:53:53:90:82:67:3f:00:
         e6:b0:42:3e:d2:3d:77:3a:3b:21:c7:7d:ca:ae:ab:5c:c5:9a:
         6a:53:56:dc:64:03:c9:ca:2f:d1:aa:85:0a:fc:05:d0:a7:ba:
         58:bb:8d:8b:0f:9b:66:28:7d:5d:27:a5:de:50:45:b6:da:6c:
         10:77:12:e2
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgISAYnawDyo/gpDriBlzny14WsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwODA5MTQ0MjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNlNjgwZTczYzA0NjE0NjZmYzNkMjliM2Y4ZDI3YWQwNGI4N2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mxFeQIIjI1Hj0NHTdOJ228bG9Rf
737eL+xoHsotQ2E4Y80OWolR4Bhx/E366Dnu4fXcm7kmvj/l/W4kP1HQfhd7dEH8
ksh31NTZp1aT/rHULOzOvPhamMefD9KIao5tACUbV9rGUzzdgnyK/hzWaO0MIj90
peyhF3BpKoXfKnf9krUBrcW6PQUSyFglplfEw+pRBkB9LmQ7c8VSEtSV6gIgjQpp
Ty7S1S5qjLp/qZHj5nnHoZcIJCKbKKY4t28hjoZWO4wwvpPCb4XNwm4X4vTqAU6W
0thMBsT+Yky6mHKxG55QZiRGs43k6eMDIggaZ1v4h8p3X27H61GgL+ulTwIDAQAB
o4IC2DCCAtQwHQYDVR0OBBYEFN/OaA5zwEYUZvw9KbP40nrQS4fQMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvMzg1b0RuUEFSaFJtX0QwcHNfalNldEJMaDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHtBggrBgEFBQcBBwEB/wSB3TCB2jBgBAIAATBaAwQBLVlC
AwQCLYCwAwQAW9lQAwQDXo6IAwQCuQX4AwQCuTrMAwQCuVcwAwQBuWl0AwQCuXWY
AwQCuX3YAwQCuX3kAwQAwW1VAwQEwXywAwQFwkPAAwQAwy/6MHYEAgACMHADBwAq
CpMAAAADBwAqCpMAAAIwEgMHBCoKkwAA0AMHACoKkwAA0jAQAwUAKgqTAQMHACoK
kwEAAgMFACoKkwIDBQMqDHfAAwUDKg04gAMFAyoPEYADBQMqDzOAAwUDKg9FgAMF
AyoPRoADBQMqD6UAMA0GCSqGSIb3DQEBCwUAA4IBAQCoUFX7LfDPA6EAQPOjI7LN
8mwhU+F1qYfYDQd6QucfXY2DNi2dxxn+RqZp+4uXWfnXHiwp2iygkFOw0b3DOX6o
IWkXXvscZ4uh7JE4ZANrBJ/THDUJAR/3+86pyNdpUVFiQfobD7RxqJ9QCKUk0T02
lAy1FYS3ziCLTqlckqWlJYGd/7wnO7OOACxYV4/5VakzN8x37kvGvkTzltIuFO3M
B3DdyEz1QOUvzwCyhYtlynUfLGbs2pAT6b9p59mYflNTkIJnPwDmsEI+0j13Ojsh
x33KrqtcxZpqU1bcZAPJyi/RqoUK/AXQp7pYu42LD5tmKH1dJ6XeUEW22mwQdxLi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org