Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MYxDShhFCHRUVQh3yWUn1cO9ebI.roa
File:                     MYxDShhFCHRUVQh3yWUn1cO9ebI.roa (raw, json)
Hash identifier:          Vg0ItdJZTrMTIncbwGn4qqZKH8OubrtditVY4Nx85oU=
Subject key identifier:   31:8C:43:4A:18:45:08:74:54:55:08:77:C9:65:27:D5:C3:BD:79:B2
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0186D6151F0EC3718078010528CCD0345B30
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MYxDShhFCHRUVQh3yWUn1cO9ebI.roa
Signing time:             Sun 12 Mar 2023 13:49:13 +0000
ROA not before:           Sun 12 Mar 2023 13:49:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          194.53.52.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          185.139.68.28/32 maxlen: 32
                          5.180.137.0/24 maxlen: 24
                          5.180.136.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          91.217.77.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          147.78.66.7/32 maxlen: 32
                          213.108.198.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
                          213.108.197.0/24 maxlen: 24
                          194.67.208.12/32 maxlen: 32
                          45.89.64.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          85.209.3.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.125.50.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a04:5200:fff2::/48 maxlen: 48
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0a:9300::/48 maxlen: 48
                          2a04:5200:ff00::/48 maxlen: 48
                          2a04:5200::/48 maxlen: 48
                          2a04:5200:fff9::/48 maxlen: 48
                          2a04:5200:fff3::/48 maxlen: 48
                          2a04:5200:fff6::/48 maxlen: 48
                          2a04:5205::/32 maxlen: 32
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a04:5200:1::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32
                          2a04:5200:fff7::/48 maxlen: 48
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a04:5200:fff4::/48 maxlen: 48
                          2a04:5206::/32 maxlen: 32
                          2a04:5200:fff8::/48 maxlen: 48
                          2a04:5200:fff1::/48 maxlen: 48
                          2a04:5207::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29
                          2a04:5200:fff5::/48 maxlen: 48
                          2a04:5200:ff10::/48 maxlen: 48
                          2a04:5200:ffff::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d6:15:1f:0e:c3:71:80:78:01:05:28:cc:d0:34:5b:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar 12 13:49:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=318c434a1845087454550877c96527d5c3bd79b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:51:8d:f7:56:f4:9b:61:55:ed:45:be:9e:25:
                    c2:0e:c4:98:13:4d:e9:fb:ae:f6:91:99:b8:56:cc:
                    d6:86:71:5a:9e:fe:73:12:1d:60:07:bc:47:e1:c2:
                    21:08:da:2d:36:e5:db:52:1a:36:f1:08:a7:bd:d4:
                    26:6b:7d:43:37:14:35:6b:6d:97:74:e7:3c:91:63:
                    b2:76:43:3e:03:e2:48:c7:57:4b:60:62:6c:42:44:
                    e0:50:1e:09:3a:01:ca:4d:d0:ce:4e:05:4c:ee:44:
                    52:96:dd:7d:81:cc:bf:c0:16:08:71:10:df:77:84:
                    d5:25:54:90:30:5b:65:e7:01:1f:d4:8c:df:06:b0:
                    48:ba:2f:2a:31:c9:d3:08:c8:29:71:21:3f:05:7b:
                    a3:db:a0:79:a2:b4:5a:86:3c:b2:b4:7f:e7:84:97:
                    db:64:44:63:70:37:3b:8d:c3:0c:25:04:d2:98:72:
                    ae:ff:60:3e:a3:42:28:63:ad:2e:9e:c3:b2:77:cd:
                    ec:b7:ff:4a:bb:a5:b6:86:a9:06:c2:d9:92:d9:22:
                    12:46:e0:b3:07:3f:95:1f:b5:a4:f0:2e:6e:81:b1:
                    f6:26:04:a6:21:7f:22:72:ac:63:4b:c4:44:ac:66:
                    bf:b9:f1:d6:21:73:51:da:5b:6d:21:40:21:c2:fb:
                    f1:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:8C:43:4A:18:45:08:74:54:55:08:77:C9:65:27:D5:C3:BD:79:B2
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MYxDShhFCHRUVQh3yWUn1cO9ebI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/23
                  5.252.116.0/24
                  45.8.211.0/24
                  45.89.64.0/24
                  85.209.3.0/24
                  91.217.77.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.104.248.0/24
                  185.125.50.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.53.52.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                  213.108.197.0-213.108.199.255
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0f:4680::/32
                  2a0f:7300::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:34:7a:9e:73:51:5f:3b:5d:cf:b3:5a:f8:8a:88:5e:b0:75:
         29:bb:17:a4:f7:ed:88:b8:82:dc:7a:ed:87:9f:ad:33:72:7f:
         69:e0:db:ca:0b:35:d0:46:76:9f:64:2c:41:35:44:d0:05:56:
         2a:83:67:2e:98:58:98:b8:56:b7:29:8e:55:4a:32:53:c7:e1:
         59:7b:54:a5:8e:37:7c:34:b9:fe:f5:76:08:7d:38:17:bc:49:
         26:06:a2:fb:45:d6:86:16:f9:8d:c8:51:8a:1b:47:05:ea:1d:
         f7:3a:70:cd:c6:ef:e1:cb:6d:9b:5a:8e:84:d7:88:12:a1:ee:
         ba:db:2f:02:a9:1d:28:b1:78:25:3d:52:c5:d1:27:79:99:f6:
         35:11:21:89:30:21:63:59:db:36:b5:0c:c5:0d:fd:64:6d:94:
         84:26:b9:94:d7:41:4c:b3:8b:e8:c2:0f:24:12:69:46:67:03:
         a8:e8:44:6c:74:8e:72:91:67:ff:3b:4e:fd:e4:37:17:9f:5f:
         06:2e:38:ac:41:c7:3a:a0:18:68:3f:e7:79:12:d3:b5:4f:34:
         32:b5:39:a2:7e:49:96:4e:8f:6d:f8:b3:eb:1f:10:d7:3d:48:
         05:3c:eb:fc:cb:7c:62:12:8e:95:82:bb:7d:68:88:52:3e:99:
         82:c3:6c:07
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAYbWFR8Ow3GAeAEFKMzQNFswMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwMzEyMTM0OTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMThjNDM0YTE4NDUwODc0NTQ1NTA4NzdjOTY1MjdkNWMzYmQ3OWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1GN91b0m2FV7UW+niXCDsSYE03p
+672kZm4VszWhnFanv5zEh1gB7xH4cIhCNotNuXbUho28QinvdQma31DNxQ1a22X
dOc8kWOydkM+A+JIx1dLYGJsQkTgUB4JOgHKTdDOTgVM7kRSlt19gcy/wBYIcRDf
d4TVJVSQMFtl5wEf1IzfBrBIui8qMcnTCMgpcSE/BXuj26B5orRahjyytH/nhJfb
ZERjcDc7jcMMJQTSmHKu/2A+o0IoY60unsOyd83st/9Ku6W2hqkGwtmS2SISRuCz
Bz+VH7Wk8C5ugbH2JgSmIX8icqxjS8RErGa/ufHWIXNR2lttIUAhwvvxcwIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFDGMQ0oYRQh0VFUId8llJ9XDvXmyMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTVl4RFNoaEZDSFJVVlFoM3lXVW4xY085ZWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCB4QQCAAEwgdoD
BAEFtIgDBAAF/HQDBAAtCNMDBAAtWUADBABV0QMDBABb2U0DBQCTTkIHAwUAuRED
ZgMEALlo+AMEALl9MgMFALmLRBwDBQC5i0Z0AwQBuayCAwQAua6IAwQAua6LAwQA
ubTmAwUAubTnVwMEALm8tAMEArm9DAMEAsCiZAMEAMEAyAMEAcEAygMEAMGo4gME
AMI1NAMEAsI/jAMFAMJDxH8DBQDCQ8YHAwUAwkPGbAMFAMJDyzYDBQDCQ9AGAwUA
wkPQDAMFAMJD0DAwDAMEANVsxQMEA9VswDBABAIAAjA6AwUAKgRSADAOAwUBKgRS
AgMFAyoEUgADBQAqCVMDAwUAKgqTAAMFAyoL2gADBQAqD0aAAwUAKg9zADANBgkq
hkiG9w0BAQsFAAOCAQEAMjR6nnNRXztdz7Na+IqIXrB1KbsXpPftiLiC3Hrth5+t
M3J/aeDbygs10EZ2n2QsQTVE0AVWKoNnLphYmLhWtymOVUoyU8fhWXtUpY43fDS5
/vV2CH04F7xJJgai+0XWhhb5jchRihtHBeod9zpwzcbv4cttm1qOhNeIEqHuutsv
AqkdKLF4JT1SxdEneZn2NREhiTAhY1nbNrUMxQ39ZG2UhCa5lNdBTLOL6MIPJBJp
RmcDqOhEbHSOcpFn/ztO/eQ3F59fBi44rEHHOqAYaD/neRLTtU80MrU5on5Jlk6P
bfiz6x8Q1z1IBTzr/Mt8YhKOlYK7fWiIUj6ZgsNsBw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org