Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/AE9KQlhLfnr0UMpLP2-YwSLe6_E.roa
File:                     AE9KQlhLfnr0UMpLP2-YwSLe6_E.roa (raw, json)
Hash identifier:          vZfQopK/CoPNIbunYMS8tZOSgA35kpkmc2uAXSjlJac=
Subject key identifier:   00:4F:4A:42:58:4B:7E:7A:F4:50:CA:4B:3F:6F:98:C1:22:DE:EB:F1
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       044DD3A8
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/AE9KQlhLfnr0UMpLP2-YwSLe6_E.roa
Signing time:             Wed 23 Mar 2022 10:00:23 +0000
ROA not before:           Wed 23 Mar 2022 10:00:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          185.174.137.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          185.117.117.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          185.40.5.0/24 maxlen: 24
                          185.40.7.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          185.180.228.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          185.112.81.0/24 maxlen: 24
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          185.112.100.0/24 maxlen: 24
                          147.78.66.7/32 maxlen: 32
                          194.67.208.12/32 maxlen: 32
                          185.102.137.0/24 maxlen: 24
                          185.102.139.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.104.251.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:7c80::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0c:f641::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a07:4a00::/29 maxlen: 29
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0c:f640::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72209320 (0x44dd3a8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar 23 10:00:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=004f4a42584b7e7af450ca4b3f6f98c122deebf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d7:d4:9f:d1:12:62:48:62:fa:65:75:d9:e4:
                    13:50:d0:0f:47:26:b7:c9:7b:3f:4e:dc:2d:50:d1:
                    b2:d6:63:ea:fb:ed:54:23:77:4b:d0:c9:0a:df:b5:
                    6d:1d:e7:e0:99:a3:27:4e:ae:49:ba:e3:1c:14:de:
                    7f:6f:4f:8b:dd:52:77:18:6a:7a:23:b2:9a:ba:2a:
                    50:30:c6:b8:1b:aa:95:45:6c:ac:4a:8e:ef:ae:cc:
                    f7:f4:ad:79:75:3e:19:56:b9:10:f2:e1:17:77:94:
                    33:12:3f:bc:93:23:90:1f:32:e2:ff:9f:11:87:26:
                    b9:24:12:6f:c1:53:80:bd:f6:a1:c2:3d:bd:48:e3:
                    9b:94:3d:f9:c3:c3:41:84:fb:cf:db:72:f9:1a:de:
                    61:86:2d:bf:4b:d2:40:18:d8:21:8f:20:6f:7d:f8:
                    46:7d:f0:89:b6:0b:7a:c6:e5:d5:1c:1d:2d:8d:76:
                    e6:ad:33:de:6a:59:ad:99:e9:a4:6a:6a:f7:b9:6a:
                    6b:05:e0:4c:ae:14:2c:af:d2:79:24:2a:de:81:b7:
                    af:7e:b8:02:8a:f0:cf:53:0c:ac:21:2c:af:1f:52:
                    6c:c5:a7:a4:79:e1:1e:ed:31:ef:d4:b1:26:0c:c8:
                    81:ad:14:a0:74:63:bc:f4:f1:dd:77:e4:8a:80:4d:
                    11:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:4F:4A:42:58:4B:7E:7A:F4:50:CA:4B:3F:6F:98:C1:22:DE:EB:F1
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/AE9KQlhLfnr0UMpLP2-YwSLe6_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.211.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/23
                  185.40.7.0/24
                  185.102.137.0/24
                  185.102.139.0/24
                  185.104.248.0/24
                  185.104.251.0/24
                  185.112.81.0/24
                  185.112.100.0/24
                  185.117.117.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/23
                  185.174.139.0/24
                  185.180.228.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a07:4a00::/29
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0c:6980::/29
                  2a0c:f640::/31
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32
                  2a0f:7c80::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:b8:b1:46:ec:2c:45:c1:ef:bb:d1:7f:71:19:00:0e:41:ba:
         e9:1a:37:06:00:14:6b:e5:4e:51:69:ca:04:e9:e9:9c:fe:85:
         5c:01:52:f4:de:ed:45:84:9f:3a:b1:69:53:36:07:b3:f2:54:
         68:2d:9d:d6:f6:69:b2:1f:17:4a:fa:d0:6b:49:ce:96:5d:cb:
         fb:52:9c:78:23:b1:8a:1a:62:22:d5:4a:12:d4:7c:84:bd:0f:
         2e:e0:b4:93:90:60:a1:40:86:4a:1f:9a:9e:58:d7:98:80:3c:
         88:9e:69:d6:30:30:1d:87:85:88:32:47:64:f6:23:f9:8c:71:
         03:67:4f:e9:07:03:f3:e2:50:12:0f:a3:91:74:70:47:03:cb:
         c1:8f:bc:4a:c3:c8:bf:c0:1e:87:d1:ee:b9:db:b8:61:5f:ee:
         ee:2c:f3:e3:52:38:2b:43:79:30:9e:58:08:a7:18:f9:5c:7e:
         67:91:f6:08:86:b8:90:54:3b:25:42:1f:40:f6:ff:01:85:e9:
         74:2c:50:4f:66:65:c5:00:0d:31:04:8e:d1:92:cd:be:ee:72:
         88:fc:55:59:fa:50:68:6f:5d:25:d3:5a:65:df:9e:a8:ed:5d:
         ad:53:71:8b:cc:95:ab:19:1b:a8:79:ce:89:1d:9c:5b:8c:f0:
         55:09:95:ed
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIEBE3TqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDMy
MzEwMDAyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDA0ZjRhNDI1ODRi
N2U3YWY0NTBjYTRiM2Y2Zjk4YzEyMmRlZWJmMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMPX1J/REmJIYvplddnkE1DQD0cmt8l7P07cLVDRstZj6vvt
VCN3S9DJCt+1bR3n4JmjJ06uSbrjHBTef29Pi91SdxhqeiOymroqUDDGuBuqlUVs
rEqO767M9/SteXU+GVa5EPLhF3eUMxI/vJMjkB8y4v+fEYcmuSQSb8FTgL32ocI9
vUjjm5Q9+cPDQYT7z9ty+RreYYYtv0vSQBjYIY8gb334Rn3wibYLesbl1RwdLY12
5q0z3mpZrZnppGpq97lqawXgTK4ULK/SeSQq3oG3r364Aorwz1MMrCEsrx9SbMWn
pHnhHu0x79SxJgzIga0UoHRjvPTx3XfkioBNEc0CAwEAAaOCA10wggNZMB0GA1Ud
DgQWBBQAT0pCWEt+evRQyks/b5jBIt7r8TAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L0FFOUtRbGhMZm5yMFVNcExQMi1Zd1NMZTZfRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AXEGCCsGAQUFBwEHAQH/BIIBYDCCAVwwge0EAgABMIHmAwUABbSITAMFAAW0iN0D
BAAtCNMDBQCTTkIHAwUAuREDZgMEAbkoBAMEALkoBwMEALlmiQMEALlmiwMEALlo
+AMEALlo+wMEALlwUQMEALlwZAMEALl1dQMFALmLRBwDBQC5i0Z0AwQBuayCAwQB
ua6IAwQAua6LAwQAubTkAwQAubTmAwUAubTnVwMEALm8tAMEArm9DAMEAsCiZAME
AMEAyAMEAcEAygMEAMGo4gMEAsI/jAMFAMJDxH8DBQDCQ8YHAwUAwkPGbAMFAMJD
yzYDBQDCQ9AGAwUAwkPQDAMFAMJD0DAwagQCAAIwZAMFACoEUgAwDgMFASoEUgID
BQMqBFIAAwUDKgdKAAMFACoJUwMDBQAqCpMAAwUDKgvaAAMFAyoMaYADBQEqDPZA
AwUAKg7WAgMFACoPRoADBQAqD3MAAwUDKg98gAMFAyoPx4AwDQYJKoZIhvcNAQEL
BQADggEBAD+4sUbsLEXB77vRf3EZAA5BuukaNwYAFGvlTlFpygTp6Zz+hVwBUvTe
7UWEnzqxaVM2B7PyVGgtndb2abIfF0r60GtJzpZdy/tSnHgjsYoaYiLVShLUfIS9
Dy7gtJOQYKFAhkofmp5Y15iAPIieadYwMB2HhYgyR2T2I/mMcQNnT+kHA/PiUBIP
o5F0cEcDy8GPvErDyL/AHofR7rnbuGFf7u4s8+NSOCtDeTCeWAinGPlcfmeR9giG
uJBUOyVCH0D2/wGF6XQsUE9mZcUADTEEjtGSzb7ucoj8VVn6UGhvXSXTWmXfnqjt
Xa1TcYvMlasZG6h5zokdnFuM8FUJle0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org