Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/CB9uliIUKQk102zt3ZABHE4kWug.roa
File:                     CB9uliIUKQk102zt3ZABHE4kWug.roa (raw, json)
Hash identifier:          ltCIJLGdYkTDJw4mVO+VjX18dmKym5xN6mMvogq3YoA=
Subject key identifier:   08:1F:6E:96:22:14:29:09:35:D3:6C:ED:DD:90:01:1C:4E:24:5A:E8
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0186EA79AC58EF9EA50D229F11974529C1BD
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/CB9uliIUKQk102zt3ZABHE4kWug.roa
Signing time:             Thu 16 Mar 2023 12:51:27 +0000
ROA not before:           Thu 16 Mar 2023 12:51:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          194.53.52.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          185.139.68.28/32 maxlen: 32
                          5.180.137.0/24 maxlen: 24
                          5.180.136.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          91.217.77.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          147.78.66.7/32 maxlen: 32
                          213.108.198.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
                          213.108.197.0/24 maxlen: 24
                          194.67.208.12/32 maxlen: 32
                          45.89.64.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.125.50.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a04:5200:fff2::/48 maxlen: 48
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0a:9300::/48 maxlen: 48
                          2a04:5200:ff00::/48 maxlen: 48
                          2a04:5200::/48 maxlen: 48
                          2a04:5200:fff9::/48 maxlen: 48
                          2a04:5200:fff3::/48 maxlen: 48
                          2a04:5200:fff6::/48 maxlen: 48
                          2a04:5205::/32 maxlen: 32
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a04:5200:1::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32
                          2a04:5200:fff7::/48 maxlen: 48
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a04:5200:fff4::/48 maxlen: 48
                          2a04:5206::/32 maxlen: 32
                          2a04:5200:fff8::/48 maxlen: 48
                          2a04:5200:fff1::/48 maxlen: 48
                          2a04:5207::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29
                          2a04:5200:fff5::/48 maxlen: 48
                          2a04:5200:ff10::/48 maxlen: 48
                          2a04:5200:ffff::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ea:79:ac:58:ef:9e:a5:0d:22:9f:11:97:45:29:c1:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar 16 12:51:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=081f6e962214290935d36ceddd90011c4e245ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9a:99:40:b6:05:6e:e3:87:77:ce:12:e4:6f:
                    fe:cf:2e:33:e6:b2:49:00:ed:5c:3f:f5:27:bc:a0:
                    99:ad:29:2c:7f:da:47:af:61:b7:32:ac:04:ad:48:
                    fc:ba:de:24:d1:21:bb:85:d6:9c:42:e8:25:7b:61:
                    e6:47:b8:2c:8d:26:9a:57:fe:a6:d1:9a:f0:d4:21:
                    22:f4:26:09:83:ff:9a:45:05:36:36:6d:15:c2:69:
                    98:a5:df:b1:20:a2:b0:f9:ea:02:57:6a:4f:26:bc:
                    af:1c:4f:ef:95:04:3f:bb:c6:a1:b0:5f:d6:00:3c:
                    25:70:4b:d5:fb:62:5d:72:ad:31:bd:c1:40:93:67:
                    28:cc:6e:58:9d:f5:6e:61:28:01:61:64:5d:7e:d0:
                    00:32:f0:3c:65:09:90:71:c7:20:2d:f7:37:77:af:
                    6e:f2:e1:9a:d3:ac:35:ef:b7:9c:d6:96:f6:9e:53:
                    b0:0b:be:e9:8b:ac:4b:b2:cd:80:74:df:d5:e3:9a:
                    f7:bc:33:96:99:ef:22:e6:2a:08:5f:93:93:8e:84:
                    a8:02:80:53:c5:2f:70:f4:35:e2:46:fd:4f:5a:ba:
                    01:9c:dc:91:4d:38:10:e9:30:ae:a0:3d:9f:fe:f1:
                    25:c5:6b:9b:4a:8f:d2:8e:52:72:60:ce:32:b4:67:
                    a4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:1F:6E:96:22:14:29:09:35:D3:6C:ED:DD:90:01:1C:4E:24:5A:E8
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/CB9uliIUKQk102zt3ZABHE4kWug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/23
                  5.252.116.0/24
                  45.8.211.0/24
                  45.89.64.0/24
                  91.217.77.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.104.248.0/24
                  185.125.50.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.53.52.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                  213.108.197.0-213.108.199.255
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0f:4680::/32
                  2a0f:7300::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:b5:a9:87:ac:84:08:1d:7e:cb:d2:71:e9:db:52:65:25:2e:
         30:de:ec:0b:21:d7:20:d3:d6:aa:89:01:da:31:c8:69:e7:f4:
         d8:10:5f:bc:b3:b3:93:9b:dc:3b:27:76:13:ff:06:87:69:e9:
         c7:fb:09:e9:e8:6d:5b:58:03:e5:6d:b2:a0:a1:a0:53:d5:3c:
         01:19:61:ee:d9:19:79:02:78:73:28:59:f4:a3:87:1c:40:fc:
         cd:82:fe:30:eb:da:bc:71:9d:73:00:ef:70:8d:72:89:13:cf:
         b4:fd:af:7d:40:c3:96:6a:90:d0:e7:e2:47:43:52:ea:e7:e4:
         54:65:31:26:e7:85:c3:54:b6:3e:b3:c6:56:a0:41:85:ae:40:
         59:05:5f:e1:de:21:3d:52:3d:25:a6:ff:d9:e9:ac:84:a7:38:
         44:dc:68:97:d8:55:16:45:23:91:53:35:0b:44:f6:1d:d1:68:
         4b:ef:ef:6b:65:3a:de:0b:02:dc:af:e6:26:58:6d:3e:00:21:
         dc:33:1e:0f:f5:0f:68:41:a6:34:2f:c7:62:4b:c1:7a:91:cd:
         e7:86:54:3c:20:10:19:61:6b:e8:5c:d0:95:f8:d0:c4:52:10:
         13:f7:a9:2f:cf:c0:12:ad:c2:af:85:d8:8f:7a:59:28:a8:29:
         22:79:e9:af
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgISAYbqeaxY756lDSKfEZdFKcG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwMzE2MTI1MTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFmNmU5NjIyMTQyOTA5MzVkMzZjZWRkZDkwMDExYzRlMjQ1YWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5qZQLYFbuOHd84S5G/+zy4z5rJJ
AO1cP/UnvKCZrSksf9pHr2G3MqwErUj8ut4k0SG7hdacQugle2HmR7gsjSaaV/6m
0Zrw1CEi9CYJg/+aRQU2Nm0VwmmYpd+xIKKw+eoCV2pPJryvHE/vlQQ/u8ahsF/W
ADwlcEvV+2Jdcq0xvcFAk2cozG5YnfVuYSgBYWRdftAAMvA8ZQmQcccgLfc3d69u
8uGa06w177ec1pb2nlOwC77pi6xLss2AdN/V45r3vDOWme8i5ioIX5OTjoSoAoBT
xS9w9DXiRv1PWroBnNyRTTgQ6TCuoD2f/vElxWubSo/SjlJyYM4ytGekjQIDAQAB
o4IDITCCAx0wHQYDVR0OBBYEFAgfbpYiFCkJNdNs7d2QARxOJFroMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvQ0I5dWxpSVVLUWsxMDJ6dDNaQUJIRTRrV3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNQYIKwYBBQUHAQcBAf8EggEkMIIBIDCB2wQCAAEwgdQD
BAEFtIgDBAAF/HQDBAAtCNMDBAAtWUADBABb2U0DBQCTTkIHAwUAuREDZgMEALlo
+AMEALl9MgMFALmLRBwDBQC5i0Z0AwQBuayCAwQAua6IAwQAua6LAwQAubTmAwUA
ubTnVwMEALm8tAMEArm9DAMEAsCiZAMEAMEAyAMEAcEAygMEAMGo4gMEAMI1NAME
AsI/jAMFAMJDxH8DBQDCQ8YHAwUAwkPGbAMFAMJDyzYDBQDCQ9AGAwUAwkPQDAMF
AMJD0DAwDAMEANVsxQMEA9VswDBABAIAAjA6AwUAKgRSADAOAwUBKgRSAgMFAyoE
UgADBQAqCVMDAwUAKgqTAAMFAyoL2gADBQAqD0aAAwUAKg9zADANBgkqhkiG9w0B
AQsFAAOCAQEAtrWph6yECB1+y9Jx6dtSZSUuMN7sCyHXINPWqokB2jHIaef02BBf
vLOzk5vcOyd2E/8Gh2npx/sJ6ehtW1gD5W2yoKGgU9U8ARlh7tkZeQJ4cyhZ9KOH
HED8zYL+MOvavHGdcwDvcI1yiRPPtP2vfUDDlmqQ0OfiR0NS6ufkVGUxJueFw1S2
PrPGVqBBha5AWQVf4d4hPVI9Jab/2emshKc4RNxol9hVFkUjkVM1C0T2HdFoS+/v
a2U63gsC3K/mJlhtPgAh3DMeD/UPaEGmNC/HYkvBepHN54ZUPCAQGWFr6FzQlfjQ
xFIQE/epL8/AEq3Cr4XYj3pZKKgpInnprw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org