Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/GWWrhmuHBUDqN8I8eAtwdryGEBA.roa
File:                     GWWrhmuHBUDqN8I8eAtwdryGEBA.roa (raw, json)
Hash identifier:          5KRtXQVcvlEkUjoKkPw8dcP0YEmnodavBMCggyggdVQ=
Subject key identifier:   19:65:AB:86:6B:87:05:40:EA:37:C2:3C:78:0B:70:76:BC:86:10:10
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018340E7E14E9E83F55122822BCED39B2FD7
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/GWWrhmuHBUDqN8I8eAtwdryGEBA.roa
Signing time:             Thu 15 Sep 2022 11:28:01 +0000
ROA not before:           Thu 15 Sep 2022 11:28:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          194.53.55.0/24 maxlen: 24
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          5.180.139.0/24 maxlen: 24
                          5.180.137.0/24 maxlen: 24
                          5.180.136.0/24 maxlen: 24
                          5.180.138.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          91.217.77.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          147.78.66.7/32 maxlen: 32
                          213.108.198.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
                          194.67.208.12/32 maxlen: 32
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.125.50.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0a:9300::/48 maxlen: 48
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:40:e7:e1:4e:9e:83:f5:51:22:82:2b:ce:d3:9b:2f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Sep 15 11:28:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1965ab866b870540ea37c23c780b7076bc861010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:57:96:2a:bb:aa:b6:06:d8:13:b7:87:98:6f:
                    f1:f0:4b:65:ff:d6:b8:91:00:0a:fa:18:13:2f:2f:
                    f0:05:47:40:16:ae:e4:fe:8d:84:0c:83:45:52:c1:
                    2d:06:f6:53:30:ea:f6:bd:0c:da:b4:68:90:5a:4b:
                    0e:11:6c:2b:97:3a:c1:a8:ef:fc:bd:3e:83:1a:a7:
                    00:62:1a:cb:89:aa:bf:61:8e:20:c4:d4:51:31:42:
                    5a:32:e5:6a:d7:65:2a:31:f9:c4:5b:14:66:c9:59:
                    1d:e7:34:c3:52:bc:86:7a:b6:72:df:3c:36:de:4d:
                    5b:a6:66:de:d2:6d:41:ff:6b:bd:f5:8d:f2:d4:03:
                    40:2c:35:1c:f2:c4:a8:c8:07:e1:ee:e2:dc:5c:39:
                    1e:f3:99:ea:0b:43:62:dc:e2:54:40:83:64:ac:31:
                    2d:e8:4b:c3:c5:3c:b8:ea:6a:bb:3d:ee:ce:c6:73:
                    66:b6:ec:7b:1c:3a:b1:10:f1:6d:c1:28:c8:ef:6f:
                    c1:5c:f5:e9:64:94:23:7a:76:9d:41:8b:6d:31:c0:
                    ea:4c:c5:2c:fd:46:0f:c3:a2:c3:19:0c:44:00:f5:
                    31:94:9a:9c:b7:bd:8b:b7:62:39:e8:12:c9:c3:cd:
                    fe:a4:2d:f2:2b:53:d9:56:9a:7c:2e:47:91:a6:25:
                    ec:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:65:AB:86:6B:87:05:40:EA:37:C2:3C:78:0B:70:76:BC:86:10:10
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/GWWrhmuHBUDqN8I8eAtwdryGEBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/22
                  45.8.211.0/24
                  91.217.77.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/24
                  185.104.248.0/24
                  185.125.50.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.53.55.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                  213.108.198.0/23
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:c4:f6:7e:d4:43:84:7b:29:0a:14:b8:23:cf:bc:b3:81:00:
         ca:86:1a:35:2e:aa:46:41:b1:61:b0:a6:5a:d0:98:af:58:c1:
         ad:e6:26:3c:dc:5d:fb:1d:f1:81:4a:26:9e:09:d0:62:1a:77:
         a7:9f:ce:ff:bb:bc:7c:08:da:1d:9a:99:b4:eb:11:06:d9:e9:
         87:e2:c1:88:0f:75:d6:83:22:38:f1:7a:16:58:c4:d5:db:5b:
         30:7e:f0:0b:c2:4d:e0:3a:cf:c1:04:0e:4e:23:d8:b7:8e:21:
         41:67:a8:63:8c:5b:df:92:ea:c3:e2:3f:26:8d:f4:3a:27:a0:
         f5:e7:1e:10:e6:fe:dc:e1:80:66:19:75:93:d9:bb:80:0f:ae:
         84:7d:c3:cc:e1:af:f7:6e:28:d5:56:e6:c6:1e:39:b0:f9:18:
         10:9f:b3:29:15:3e:4a:54:a8:d2:81:06:c4:0e:ed:b2:be:f7:
         17:50:2c:59:fe:c1:72:b2:77:85:3e:89:3c:35:e8:02:53:8b:
         ca:cc:54:19:31:db:d9:d4:3c:c1:bb:02:de:8d:f3:2d:7d:e5:
         ae:75:a7:48:8b:c5:a8:1b:a7:be:17:57:a4:2a:45:20:ee:d6:
         7f:7d:b2:83:44:e5:c9:df:71:0a:8d:8f:90:3e:77:60:67:00:
         5d:fd:2e:83
-----BEGIN CERTIFICATE-----
MIIGDjCCBPagAwIBAgISAYNA5+FOnoP1USKCK87Tmy/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIwOTE1MTEyODAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTY1YWI4NjZiODcwNTQwZWEzN2MyM2M3ODBiNzA3NmJjODYxMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwleWKruqtgbYE7eHmG/x8Etl/9a4
kQAK+hgTLy/wBUdAFq7k/o2EDINFUsEtBvZTMOr2vQzatGiQWksOEWwrlzrBqO/8
vT6DGqcAYhrLiaq/YY4gxNRRMUJaMuVq12UqMfnEWxRmyVkd5zTDUryGerZy3zw2
3k1bpmbe0m1B/2u99Y3y1ANALDUc8sSoyAfh7uLcXDke85nqC0Ni3OJUQINkrDEt
6EvDxTy46mq7Pe7OxnNmtux7HDqxEPFtwSjI72/BXPXpZJQjenadQYttMcDqTMUs
/UYPw6LDGQxEAPUxlJqct72Lt2I56BLJw83+pC3yK1PZVpp8LkeRpiXsDQIDAQAB
o4IDGjCCAxYwHQYDVR0OBBYEFBllq4ZrhwVA6jfCPHgLcHa8hhAQMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvR1dXcmhtdUhCVURxTjhJOGVBdHdkcnlHRUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLgYIKwYBBQUHAQcBAf8EggEdMIIBGTCBzQQCAAEwgcYD
BAIFtIgDBAAtCNMDBABb2U0DBQCTTkIHAwUAuREDZgMEALkoBAMEALlo+AMEALl9
MgMFALmLRBwDBQC5i0Z0AwQBuayCAwQAua6IAwQAua6LAwQAubTmAwUAubTnVwME
ALm8tAMEArm9DAMEAsCiZAMEAMEAyAMEAcEAygMEAMGo4gMEAMI1NwMEAsI/jAMF
AMJDxH8DBQDCQ8YHAwUAwkPGbAMFAMJDyzYDBQDCQ9AGAwUAwkPQDAMFAMJD0DAD
BAHVbMYwRwQCAAIwQQMFACoEUgAwDgMFASoEUgIDBQMqBFIAAwUAKglTAwMFACoK
kwADBQMqC9oAAwUAKg7WAgMFACoPRoADBQAqD3MAMA0GCSqGSIb3DQEBCwUAA4IB
AQCbxPZ+1EOEeykKFLgjz7yzgQDKhho1LqpGQbFhsKZa0JivWMGt5iY83F37HfGB
SiaeCdBiGnenn87/u7x8CNodmpm06xEG2emH4sGID3XWgyI48XoWWMTV21swfvAL
wk3gOs/BBA5OI9i3jiFBZ6hjjFvfkurD4j8mjfQ6J6D15x4Q5v7c4YBmGXWT2buA
D66EfcPM4a/3bijVVubGHjmw+RgQn7MpFT5KVKjSgQbEDu2yvvcXUCxZ/sFysneF
Pok8NegCU4vKzFQZMdvZ1DzBuwLejfMtfeWudadIi8WoG6e+F1ekKkUg7tZ/fbKD
ROXJ33EKjY+QPndgZwBd/S6D
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org