Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MyEOsSfqo22E-dmZPO5Gwj6oYSE.roa
File:                     MyEOsSfqo22E-dmZPO5Gwj6oYSE.roa (raw, json)
Hash identifier:          4nmlBwmZx0o1OwhH5CAW5herqxRpUEXGMTYvSMdtI/E=
Subject key identifier:   33:21:0E:B1:27:EA:A3:6D:84:F9:D9:99:3C:EE:46:C2:3E:A8:61:21
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       04A7DC05
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MyEOsSfqo22E-dmZPO5Gwj6oYSE.roa
Signing time:             Mon 18 Apr 2022 14:50:26 +0000
ROA not before:           Mon 18 Apr 2022 14:50:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          45.8.210.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          185.180.228.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          185.112.100.0/24 maxlen: 24
                          147.78.66.7/32 maxlen: 32
                          194.67.208.12/32 maxlen: 32
                          185.102.137.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:7c80::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0c:f641::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a07:4a00::/29 maxlen: 29
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0c:f640::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 78109701 (0x4a7dc05)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Apr 18 14:50:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=33210eb127eaa36d84f9d9993cee46c23ea86121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:53:06:da:ab:1a:ff:3d:f3:3c:f0:98:72:33:
                    a9:54:c1:9c:7f:41:9d:1d:ed:4b:f6:52:bc:2f:5e:
                    2f:c8:e2:11:b8:7b:17:f9:0e:f6:d7:30:00:c5:9b:
                    c6:f9:ff:11:af:f5:24:58:73:fa:7b:53:d1:e8:aa:
                    8d:41:cb:b2:bd:c5:03:2f:42:4c:b0:c2:05:c0:05:
                    58:2d:52:f3:4a:e9:6d:05:79:1f:1d:fe:c6:32:d5:
                    82:c7:50:47:f1:b3:aa:04:4e:29:3c:9a:65:ab:f9:
                    6d:5b:7a:4b:1f:b6:51:66:7a:35:4e:35:24:7b:78:
                    97:7e:c7:16:79:78:d7:8b:cd:68:89:e4:ef:48:dd:
                    11:c2:4d:49:c8:ce:7e:f1:75:08:09:2a:f8:51:6a:
                    64:41:c2:16:f1:51:0c:73:dd:1c:6a:2f:17:69:9a:
                    4c:a2:8c:0f:8e:f7:e4:48:db:c3:6b:13:d0:8a:4e:
                    34:9b:cb:90:d2:7b:ea:a9:89:43:e9:be:04:e8:c7:
                    fa:70:84:ba:82:5f:21:7c:f5:5b:dc:cf:cf:40:c4:
                    3b:b5:94:77:5d:74:ca:ce:ca:b1:91:88:41:ca:d3:
                    1e:b3:9c:2f:69:4b:0e:b1:0c:57:af:6c:6a:eb:4c:
                    fa:a2:17:09:42:96:9e:dd:26:fc:d3:ba:73:1e:74:
                    d4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:21:0E:B1:27:EA:A3:6D:84:F9:D9:99:3C:EE:46:C2:3E:A8:61:21
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MyEOsSfqo22E-dmZPO5Gwj6oYSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.210.0/23
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/24
                  185.102.137.0/24
                  185.104.248.0/24
                  185.112.100.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.228.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a07:4a00::/29
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0c:6980::/29
                  2a0c:f640::/31
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32
                  2a0f:7c80::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         b9:b8:a8:a4:90:d6:74:21:63:2b:20:c5:08:85:aa:65:63:2a:
         31:da:91:8c:cc:d6:27:ca:d1:20:f2:56:bd:54:14:c2:53:1d:
         b4:95:28:bc:d7:23:f8:ba:c6:b8:8e:5f:b0:e1:e3:80:11:a1:
         96:d8:8e:94:e6:10:97:b2:d0:b4:d6:85:c1:70:9f:7e:17:31:
         11:b2:bb:6a:20:3a:3d:f8:08:0b:66:c6:ab:3b:05:c8:f2:07:
         0a:25:24:a1:5f:e6:1b:42:aa:c3:1d:6c:5f:44:d7:37:63:83:
         6a:1e:63:a4:db:84:d9:5a:bb:71:c1:0b:64:2d:d5:f1:2d:33:
         ce:bd:8e:09:80:fd:ed:7a:7c:df:96:17:2a:e9:53:5e:11:9d:
         6e:59:5c:1a:34:e9:43:e6:8c:3a:48:bf:bf:0b:5e:4e:19:8d:
         52:fe:5a:3d:7f:89:7b:b5:52:26:a3:1c:7d:87:17:a8:c7:ba:
         dd:4a:38:d8:ed:28:52:24:01:e6:bd:0f:b2:e2:80:a2:0f:20:
         6e:2b:a9:40:37:a9:04:47:a2:1f:27:e8:61:c1:d8:e8:74:a7:
         26:6c:28:80:e5:2f:6f:7b:43:91:b6:03:9a:3e:03:5e:cb:87:
         c7:d0:2b:81:b2:d9:b2:6b:e0:f3:f7:8f:8f:ca:d5:37:2e:b1:
         e6:84:0f:97
-----BEGIN CERTIFICATE-----
MIIGJTCCBQ2gAwIBAgIEBKfcBTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDQx
ODE0NTAyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzMyMTBlYjEyN2Vh
YTM2ZDg0ZjlkOTk5M2NlZTQ2YzIzZWE4NjEyMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKJTBtqrGv898zzwmHIzqVTBnH9BnR3tS/ZSvC9eL8jiEbh7
F/kO9tcwAMWbxvn/Ea/1JFhz+ntT0eiqjUHLsr3FAy9CTLDCBcAFWC1S80rpbQV5
Hx3+xjLVgsdQR/GzqgROKTyaZav5bVt6Sx+2UWZ6NU41JHt4l37HFnl414vNaInk
70jdEcJNScjOfvF1CAkq+FFqZEHCFvFRDHPdHGovF2maTKKMD4735Ejbw2sT0IpO
NJvLkNJ76qmJQ+m+BOjH+nCEuoJfIXz1W9zPz0DEO7WUd110ys7KsZGIQcrTHrOc
L2lLDrEMV69sautM+qIXCUKWnt0m/NO6cx501HMCAwEAAaOCAz8wggM7MB0GA1Ud
DgQWBBQzIQ6xJ+qjbYT52Zk87kbCPqhhITAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L015RU9zU2ZxbzIyRS1kbVpQTzVHd2o2b1lTRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AVMGCCsGAQUFBwEHAQH/BIIBQjCCAT4wgc8EAgABMIHIAwUABbSITAMFAAW0iN0D
BAEtCNIDBQCTTkIHAwUAuREDZgMEALkoBAMEALlmiQMEALlo+AMEALlwZAMFALmL
RBwDBQC5i0Z0AwQBuayCAwQAua6IAwQAua6LAwQAubTkAwQAubTmAwUAubTnVwME
ALm8tAMEArm9DAMEAsCiZAMEAMEAyAMEAcEAygMEAMGo4gMEAsI/jAMFAMJDxH8D
BQDCQ8YHAwUAwkPGbAMFAMJDyzYDBQDCQ9AGAwUAwkPQDAMFAMJD0DAwagQCAAIw
ZAMFACoEUgAwDgMFASoEUgIDBQMqBFIAAwUDKgdKAAMFACoJUwMDBQAqCpMAAwUD
KgvaAAMFAyoMaYADBQEqDPZAAwUAKg7WAgMFACoPRoADBQAqD3MAAwUDKg98gAMF
AyoPx4AwDQYJKoZIhvcNAQELBQADggEBALm4qKSQ1nQhYysgxQiFqmVjKjHakYzM
1ifK0SDyVr1UFMJTHbSVKLzXI/i6xriOX7Dh44ARoZbYjpTmEJey0LTWhcFwn34X
MRGyu2ogOj34CAtmxqs7BcjyBwolJKFf5htCqsMdbF9E1zdjg2oeY6TbhNlau3HB
C2Qt1fEtM869jgmA/e16fN+WFyrpU14RnW5ZXBo06UPmjDpIv78LXk4ZjVL+Wj1/
iXu1UiajHH2HF6jHut1KONjtKFIkAea9D7LigKIPIG4rqUA3qQRHoh8n6GHB2Oh0
pyZsKIDlL297Q5G2A5o+A17Lh8fQK4Gy2bJr4PP3j4/K1TcuseaED5c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org