Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8mvqS9f1iSV8C-V4O756D0vWS84.roa
File:                     8mvqS9f1iSV8C-V4O756D0vWS84.roa (raw, json)
Hash identifier:          n13tZLnQtEEa59E0NffHe7cRd89LgO9UhG530AtlcYM=
Subject key identifier:   F2:6B:EA:4B:D7:F5:89:25:7C:0B:E5:78:3B:BE:7A:0F:4B:D6:4B:CE
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018A767D862EF2324BD7C904711172438A1E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8mvqS9f1iSV8C-V4O756D0vWS84.roa
Signing time:             Fri 08 Sep 2023 20:30:52 +0000
ROA not before:           Fri 08 Sep 2023 20:30:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200740
IP address blocks:        94.142.136.0/23 maxlen: 23
                          94.142.137.0/24 maxlen: 24
                          94.142.136.0/24 maxlen: 24
                          185.112.81.0/24 maxlen: 24
                          185.103.252.0/24 maxlen: 24
                          185.117.116.0/24 maxlen: 24
                          185.103.253.0/24 maxlen: 24
                          185.103.252.0/23 maxlen: 23
                          45.9.72.0/24 maxlen: 24
                          185.233.80.0/23 maxlen: 23
                          185.233.82.0/24 maxlen: 24
                          185.102.136.0/24 maxlen: 24
                          185.252.144.0/24 maxlen: 24
                          185.103.254.0/24 maxlen: 24
                          185.117.119.0/24 maxlen: 24
                          185.103.255.0/24 maxlen: 24
                          185.103.254.0/23 maxlen: 23
                          185.40.7.0/24 maxlen: 24
                          194.36.178.0/23 maxlen: 23
                          185.233.202.0/23 maxlen: 23
                          185.232.170.0/23 maxlen: 23
                          185.94.164.0/24 maxlen: 24
                          185.200.190.0/24 maxlen: 24
                          185.94.164.0/23 maxlen: 23
                          185.94.165.0/24 maxlen: 24
                          80.76.32.0/23 maxlen: 23
                          80.76.34.0/23 maxlen: 23
                          91.217.76.0/24 maxlen: 24
                          95.214.9.0/24 maxlen: 24
                          95.214.11.0/24 maxlen: 24
                          95.214.10.0/23 maxlen: 23
                          95.214.10.0/24 maxlen: 24
                          46.17.105.0/24 maxlen: 24
                          2a04:5200:68::/48 maxlen: 48
                          2a0d:2cc4::/31 maxlen: 31
                          2a04:5201:2::/48 maxlen: 48
                          2a04:5201:7::/48 maxlen: 48
                          2a04:5201:8018::/48 maxlen: 48
                          2a04:5201:4::/48 maxlen: 48
                          2a0d:2cc2::/31 maxlen: 31
                          2a04:5201:6::/48 maxlen: 48
                          2a0d:2cc0::/31 maxlen: 31
                          2a0d:2cc6::/31 maxlen: 31

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:76:7d:86:2e:f2:32:4b:d7:c9:04:71:11:72:43:8a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Sep  8 20:30:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f26bea4bd7f589257c0be5783bbe7a0f4bd64bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:92:db:f7:ad:96:81:12:da:70:03:a1:ab:3f:
                    96:2a:e6:2f:22:c4:73:36:9d:ac:47:5c:06:48:b9:
                    c3:d2:13:c1:96:4f:b7:10:b4:ad:b1:23:82:ff:d4:
                    ff:4c:a1:d2:23:4b:4d:db:42:a6:e0:b3:2d:dd:23:
                    f3:4d:3e:5f:f6:7a:a3:ac:6b:47:6a:82:4a:07:10:
                    47:b4:e8:4a:26:3e:df:84:70:d9:7a:90:d8:66:01:
                    97:68:42:ac:4c:25:57:76:13:c6:f5:39:3b:48:fc:
                    ec:81:19:2f:79:22:c6:7e:6c:39:8c:b8:74:df:16:
                    80:c5:ba:ca:3e:25:9f:d4:7d:04:dc:d3:d2:b3:0b:
                    e2:ce:61:9f:9b:46:a9:89:73:91:42:db:3a:8d:1b:
                    c0:23:64:1c:a7:0a:83:ef:48:a0:ee:78:71:a2:ec:
                    01:89:b5:63:b3:28:dc:e5:bd:e7:4b:0e:c5:63:3f:
                    25:4a:de:10:91:3e:6f:b7:94:0f:f9:23:67:ff:49:
                    1f:ca:78:81:73:3f:8c:70:c6:3b:4f:eb:49:40:ae:
                    32:da:7d:b7:da:fe:58:20:18:71:4b:d3:a1:21:a9:
                    dc:a8:af:d9:b5:63:48:d9:b7:02:ab:a1:90:e4:7d:
                    03:a0:8b:50:e7:75:b3:89:63:14:04:a8:45:cd:7f:
                    25:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:6B:EA:4B:D7:F5:89:25:7C:0B:E5:78:3B:BE:7A:0F:4B:D6:4B:CE
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8mvqS9f1iSV8C-V4O756D0vWS84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.72.0/24
                  46.17.105.0/24
                  80.76.32.0/22
                  91.217.76.0/24
                  94.142.136.0/23
                  95.214.9.0-95.214.11.255
                  185.40.7.0/24
                  185.94.164.0/23
                  185.102.136.0/24
                  185.103.252.0/22
                  185.112.81.0/24
                  185.117.116.0/24
                  185.117.119.0/24
                  185.200.190.0/24
                  185.232.170.0/23
                  185.233.80.0-185.233.82.255
                  185.233.202.0/23
                  185.252.144.0/24
                  194.36.178.0/23
                IPv6:
                  2a04:5200:68::/48
                  2a04:5201:2::/48
                  2a04:5201:4::/48
                  2a04:5201:6::/47
                  2a04:5201:8018::/48
                  2a0d:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:48:64:a5:d7:e2:01:5b:e4:0d:a5:3b:f2:bc:93:7a:5b:23:
         4f:d7:a3:ad:01:a6:c3:9f:bf:76:a7:de:bd:b5:26:bc:65:04:
         bd:b5:6c:e4:79:14:97:c1:ac:16:03:9a:f6:40:bb:51:ad:e0:
         e2:d1:fa:12:8c:0b:d3:9c:5a:03:15:03:b4:82:cf:29:7e:32:
         88:00:b6:f3:86:ab:c0:7b:37:04:41:5a:62:f7:99:3d:6e:ea:
         63:d8:5b:8c:9d:40:ed:07:79:3e:1a:13:f0:c6:72:11:8a:96:
         af:86:b9:a2:1f:56:3c:fa:bd:5b:6b:60:5d:57:b0:ef:b2:70:
         e3:97:ad:7a:44:4c:cd:eb:91:99:c2:d0:9b:41:35:d0:57:a1:
         e0:1e:fa:08:42:2b:d4:1e:31:f6:dd:00:dd:e8:68:5c:9e:9f:
         b5:54:10:24:f8:89:bc:51:e1:91:cc:b7:4c:5f:45:0c:a6:ea:
         6e:12:08:d4:c5:73:18:2f:56:f5:b8:de:64:17:9c:ba:01:e0:
         3f:37:c7:ae:e2:11:5e:86:64:72:e1:37:b3:17:5d:7a:51:cc:
         0e:fc:7a:5f:c8:6a:b7:ef:66:69:1a:f7:f9:c3:5e:50:be:ef:
         9a:21:46:b2:ac:d2:0b:3d:5b:e7:f4:cc:01:ed:ae:ae:b1:2d:
         ed:b8:95:a8
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAYp2fYYu8jJL18kEcRFyQ4oeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwOTA4MjAzMDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZiZWE0YmQ3ZjU4OTI1N2MwYmU1NzgzYmJlN2EwZjRiZDY0YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZLb962WgRLacAOhqz+WKuYvIsRz
Np2sR1wGSLnD0hPBlk+3ELStsSOC/9T/TKHSI0tN20Km4LMt3SPzTT5f9nqjrGtH
aoJKBxBHtOhKJj7fhHDZepDYZgGXaEKsTCVXdhPG9Tk7SPzsgRkveSLGfmw5jLh0
3xaAxbrKPiWf1H0E3NPSswvizmGfm0apiXORQts6jRvAI2QcpwqD70ig7nhxouwB
ibVjsyjc5b3nSw7FYz8lSt4QkT5vt5QP+SNn/0kfyniBcz+McMY7T+tJQK4y2n23
2v5YIBhxS9OhIancqK/ZtWNI2bcCq6GQ5H0DoItQ53WziWMUBKhFzX8l+wIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFPJr6kvX9YklfAvleDu+eg9L1kvOMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvOG12cVM5ZjFpU1Y4Qy1WNE83NTZEMHZXUzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBiQQCAAEwgYIDBAAt
CUgDBAAuEWkDBAJQTCADBABb2UwDBAFejogwDAMEAF/WCQMEAl/WCAMEALkoBwME
AblepAMEALlmiAMEArln/AMEALlwUQMEALl1dAMEALl1dwMEALnIvgMEAbnoqjAM
AwQEuelQAwQAuelSAwQBuenKAwQAufyQAwQBwiSyMDoEAgACMDQDBwAqBFIAAGgD
BwAqBFIBAAIDBwAqBFIBAAQDBwEqBFIBAAYDBwAqBFIBgBgDBQMqDSzAMA0GCSqG
SIb3DQEBCwUAA4IBAQBMSGSl1+IBW+QNpTvyvJN6WyNP16OtAabDn792p969tSa8
ZQS9tWzkeRSXwawWA5r2QLtRreDi0foSjAvTnFoDFQO0gs8pfjKIALbzhqvAezcE
QVpi95k9bupj2FuMnUDtB3k+GhPwxnIRipavhrmiH1Y8+r1ba2BdV7DvsnDjl616
REzN65GZwtCbQTXQV6HgHvoIQivUHjH23QDd6Ghcnp+1VBAk+Im8UeGRzLdMX0UM
pupuEgjUxXMYL1b1uN5kF5y6AeA/N8eu4hFehmRy4TezF116UcwO/HpfyGq372Zp
Gvf5w15Qvu+aIUayrNILPVvn9MwB7a6usS3tuJWo
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org