Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8FFGz_F-_YrZxW7V3rUGGPGePUw.roa
File:                     8FFGz_F-_YrZxW7V3rUGGPGePUw.roa (raw, json)
Hash identifier:          c5d7uyM19G6XiFSwm/FYm4iZhpr9SIEed/swGHsZtUs=
Subject key identifier:   F0:51:46:CF:F1:7E:FD:8A:D9:C5:6E:D5:DE:B5:06:18:F1:9E:3D:4C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018BB53EB920702ED507B9CC65B8B2B20CED
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8FFGz_F-_YrZxW7V3rUGGPGePUw.roa
Signing time:             Thu 09 Nov 2023 18:01:08 +0000
ROA not before:           Thu 09 Nov 2023 18:01:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209641
IP address blocks:        185.5.248.0/23 maxlen: 23
                          185.5.250.0/23 maxlen: 23
                          185.5.248.0/22 maxlen: 22
                          185.5.250.0/24 maxlen: 24
                          185.87.48.0/22 maxlen: 22
                          185.87.50.0/24 maxlen: 24
                          185.87.48.0/24 maxlen: 24
                          185.87.51.0/24 maxlen: 24
                          185.87.49.0/24 maxlen: 24
                          185.117.152.0/22 maxlen: 22
                          185.200.188.0/24 maxlen: 24
                          45.89.67.0/24 maxlen: 24
                          45.89.66.0/24 maxlen: 24
                          91.217.80.0/24 maxlen: 24
                          94.142.136.0/21 maxlen: 21
                          94.142.139.0/24 maxlen: 24
                          94.142.143.0/24 maxlen: 24
                          94.142.141.0/24 maxlen: 24
                          94.142.140.0/24 maxlen: 24
                          94.142.142.0/24 maxlen: 24
                          185.125.218.0/23 maxlen: 23
                          185.125.216.0/22 maxlen: 22
                          185.105.116.0/24 maxlen: 24
                          185.105.117.0/24 maxlen: 24
                          193.109.85.0/24 maxlen: 24
                          185.58.206.0/24 maxlen: 24
                          185.58.204.0/24 maxlen: 24
                          185.58.204.0/22 maxlen: 22
                          185.58.207.0/24 maxlen: 24
                          185.125.231.0/24 maxlen: 24
                          185.125.229.0/24 maxlen: 24
                          185.125.228.0/22 maxlen: 22
                          185.125.230.0/24 maxlen: 24
                          185.125.228.0/24 maxlen: 24
                          194.67.192.0/19 maxlen: 19
                          194.67.196.0/22 maxlen: 22
                          194.67.194.0/23 maxlen: 23
                          194.67.193.0/24 maxlen: 24
                          193.124.176.0/20 maxlen: 20
                          193.124.176.0/21 maxlen: 21
                          193.124.184.0/21 maxlen: 21
                          45.128.176.0/24 maxlen: 24
                          45.128.178.0/24 maxlen: 24
                          45.128.176.0/22 maxlen: 22
                          45.128.177.0/24 maxlen: 24
                          45.128.179.0/24 maxlen: 24
                          195.47.250.0/24 maxlen: 24
                          194.67.203.0/24 maxlen: 24
                          194.67.200.0/21 maxlen: 21
                          194.67.202.0/24 maxlen: 24
                          194.67.204.0/22 maxlen: 22
                          193.168.224.0/24 maxlen: 24
                          194.67.208.0/20 maxlen: 20
                          2a0a:9300:d1::/48 maxlen: 48
                          2a0a:9300::/48 maxlen: 48
                          2a0a:9301:1::/48 maxlen: 48
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9300:d2::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0c:77c0::/32 maxlen: 32
                          2a0c:74c0::/29 maxlen: 29
                          2a0a:9300:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
                          2a07:4a00::/29 maxlen: 29
                          2a0b:9800::/29 maxlen: 29
                          2a0c:77c0::/29 maxlen: 29
                          2a0a:9300:d0::/48 maxlen: 48
                          2a0a:9302:1::/48 maxlen: 48
                          2a0d:2cc0::/29 maxlen: 29
                          2a0b:7780::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b5:3e:b9:20:70:2e:d5:07:b9:cc:65:b8:b2:b2:0c:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Nov  9 18:01:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f05146cff17efd8ad9c56ed5deb50618f19e3d4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e4:a2:b7:3c:43:a8:33:e3:ff:8d:1c:2b:eb:
                    73:e1:d2:31:f4:a4:7e:a0:54:31:43:64:b7:04:9b:
                    11:e7:67:ae:32:68:35:ba:a9:29:9b:00:e1:70:48:
                    78:e0:3a:b3:b2:52:d3:fe:8f:5e:72:bc:d5:ec:dc:
                    21:d2:0c:4c:46:3a:fd:8f:9e:50:85:ff:3b:64:a3:
                    41:94:6c:da:86:97:2b:8f:5c:3f:3e:6f:99:72:d3:
                    04:20:93:8b:d8:66:e7:0d:91:ea:56:61:72:69:dd:
                    e6:f5:21:ea:ff:61:e1:59:b5:29:22:15:ad:a8:c4:
                    34:80:20:0e:91:d4:f3:35:55:31:c7:69:06:67:ca:
                    91:d9:0e:42:72:55:e0:31:f0:69:4e:80:ed:e0:2e:
                    5d:5c:0f:c6:c0:36:50:a0:45:db:87:ad:85:59:3b:
                    0a:7e:5c:4a:bb:82:af:b1:52:ba:d1:e7:75:16:45:
                    60:9f:3f:45:ec:a0:1b:80:2a:1b:a6:92:55:8d:d5:
                    ec:39:e5:05:ae:2b:7f:d3:8d:19:a0:a5:03:34:25:
                    e8:51:fa:08:a3:12:9d:7e:a3:ed:5a:51:b6:4c:7d:
                    98:b6:da:5d:5e:d8:cb:71:7f:4f:69:22:e0:81:ab:
                    27:1d:79:6e:da:11:e5:5a:d0:94:8a:88:32:55:31:
                    74:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:51:46:CF:F1:7E:FD:8A:D9:C5:6E:D5:DE:B5:06:18:F1:9E:3D:4C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8FFGz_F-_YrZxW7V3rUGGPGePUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.66.0/23
                  45.128.176.0/22
                  91.217.80.0/24
                  94.142.136.0/21
                  185.5.248.0/22
                  185.58.204.0/22
                  185.87.48.0/22
                  185.105.116.0/23
                  185.117.152.0/22
                  185.125.216.0/22
                  185.125.228.0/22
                  185.200.188.0/24
                  193.109.85.0/24
                  193.124.176.0/20
                  193.168.224.0/24
                  194.67.192.0/19
                  195.47.250.0/24
                IPv6:
                  2a07:4a00::/29
                  2a0a:9300::/48
                  2a0a:9300:2::/48
                  2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32
                  2a0b:7780::/29
                  2a0b:9800::/29
                  2a0c:74c0::/29
                  2a0c:77c0::/29
                  2a0d:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:13:7f:62:9a:4a:81:32:d4:e8:09:d4:11:3e:17:eb:6f:7a:
         c3:6a:80:4f:8a:d9:3b:40:59:a2:aa:44:05:f6:a7:08:94:a6:
         b1:59:37:ad:0d:68:fc:e8:a3:6f:2a:b5:13:8e:d5:2d:9b:9e:
         e3:be:4e:de:88:59:18:bc:77:e3:9c:2a:20:1a:7b:22:66:14:
         a8:bc:98:26:35:56:24:18:91:7d:13:aa:97:b7:9c:37:59:ca:
         7f:b3:2c:2a:17:cb:70:59:0f:00:dc:54:1b:91:f3:91:a8:48:
         b0:83:1f:5b:77:97:3d:11:35:1f:16:9a:94:cc:80:51:7a:d9:
         e3:a3:0c:59:55:da:09:4f:ad:6c:f0:15:ed:af:1b:5a:cd:e2:
         59:d9:4e:a0:e3:1a:a8:5a:65:c8:b7:17:07:0a:e5:10:17:a9:
         23:50:16:89:3b:47:e7:a7:f8:5e:59:18:52:49:e4:3f:c2:66:
         8c:d8:40:34:f6:72:15:8c:51:46:dc:ef:43:10:d3:ef:51:e7:
         36:d2:af:be:9f:6e:ad:17:1d:fb:2e:4d:30:e0:dc:9a:e5:1a:
         c6:ba:6e:a8:c6:4c:d2:4c:0e:e0:9d:5e:9b:da:1b:56:c4:9d:
         53:3e:d6:47:d5:a7:48:12:be:25:35:73:da:5e:a4:63:b0:f1:
         e3:c3:ec:91
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgISAYu1PrkgcC7VB7nMZbiysgztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMxMTA5MTgwMTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDUxNDZjZmYxN2VmZDhhZDljNTZlZDVkZWI1MDYxOGYxOWUzZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+SitzxDqDPj/40cK+tz4dIx9KR+
oFQxQ2S3BJsR52euMmg1uqkpmwDhcEh44DqzslLT/o9ecrzV7Nwh0gxMRjr9j55Q
hf87ZKNBlGzahpcrj1w/Pm+ZctMEIJOL2GbnDZHqVmFyad3m9SHq/2HhWbUpIhWt
qMQ0gCAOkdTzNVUxx2kGZ8qR2Q5CclXgMfBpToDt4C5dXA/GwDZQoEXbh62FWTsK
flxKu4KvsVK60ed1FkVgnz9F7KAbgCobppJVjdXsOeUFrit/040ZoKUDNCXoUfoI
oxKdfqPtWlG2TH2YttpdXtjLcX9PaSLggasnHXlu2hHlWtCUiogyVTF0VQIDAQAB
o4IC3TCCAtkwHQYDVR0OBBYEFPBRRs/xfv2K2cVu1d61Bhjxnj1MMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvOEZGR3pfRi1fWXJaeFc3VjNyVUdHUEdlUFV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHyBggrBgEFBQcBBwEB/wSB4jCB3zBsBAIAATBmAwQBLVlC
AwQCLYCwAwQAW9lQAwQDXo6IAwQCuQX4AwQCuTrMAwQCuVcwAwQBuWl0AwQCuXWY
AwQCuX3YAwQCuX3kAwQAuci8AwQAwW1VAwQEwXywAwQAwajgAwQFwkPAAwQAwy/6
MG8EAgACMGkDBQMqB0oAAwcAKgqTAAAAAwcAKgqTAAACMBIDBwQqCpMAANADBwAq
CpMAANIwEAMFACoKkwEDBwAqCpMBAAIDBQAqCpMCAwUDKgt3gAMFAyoLmAADBQMq
DHTAAwUDKgx3wAMFAyoNLMAwDQYJKoZIhvcNAQELBQADggEBAEcTf2KaSoEy1OgJ
1BE+F+tvesNqgE+K2TtAWaKqRAX2pwiUprFZN60NaPzoo28qtROO1S2bnuO+Tt6I
WRi8d+OcKiAaeyJmFKi8mCY1ViQYkX0Tqpe3nDdZyn+zLCoXy3BZDwDcVBuR85Go
SLCDH1t3lz0RNR8WmpTMgFF62eOjDFlV2glPrWzwFe2vG1rN4lnZTqDjGqhaZci3
FwcK5RAXqSNQFok7R+en+F5ZGFJJ5D/CZozYQDT2chWMUUbc70MQ0+9R5zbSr76f
bq0XHfsuTTDg3JrlGsa6bqjGTNJMDuCdXpvaG1bEnVM+1kfVp0gSviU1c9pepGOw
8ePD7JE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org