Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/OQR3e10IRM5upQFB-vE_fc_YLrM.roa
File:                     OQR3e10IRM5upQFB-vE_fc_YLrM.roa (raw, json)
Hash identifier:          MGTwD+7R8zWHkL9K+OCDCIQuvU5aEpDnVPvl9t353Fs=
Subject key identifier:   39:04:77:7B:5D:08:44:CE:6E:A5:01:41:FA:F1:3F:7D:CF:D8:2E:B3
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0181F939E6A007629AEE9BABCF4CE69564DE
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/OQR3e10IRM5upQFB-vE_fc_YLrM.roa
Signing time:             Wed 13 Jul 2022 20:22:10 +0000
ROA not before:           Wed 13 Jul 2022 20:22:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          91.217.77.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          147.78.66.7/32 maxlen: 32
                          213.108.198.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
                          194.67.208.12/32 maxlen: 32
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.125.50.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:7c80::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0c:f641::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0c:f640::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f9:39:e6:a0:07:62:9a:ee:9b:ab:cf:4c:e6:95:64:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 13 20:22:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3904777b5d0844ce6ea50141faf13f7dcfd82eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:25:fc:2b:cb:f3:ce:2b:fc:1f:4e:76:72:8b:
                    18:8a:49:25:8e:b1:e2:a3:69:66:9b:d5:ab:23:f4:
                    07:b6:87:9e:14:0b:54:04:b0:52:e5:21:1c:52:bc:
                    40:89:18:15:5e:ba:f9:b4:20:ca:0f:d5:be:1a:22:
                    34:01:82:80:62:37:07:7e:78:f4:8b:ad:55:25:50:
                    d6:14:74:cb:ae:42:c7:a5:c5:1c:3b:1a:55:0d:c2:
                    c2:3a:e8:6d:17:5d:f0:5b:4e:fe:be:63:f1:24:ac:
                    95:35:ed:34:8f:06:43:46:7e:f3:05:d6:da:76:8b:
                    07:f0:c9:ac:34:f4:f7:8f:49:e2:6a:fa:25:c6:12:
                    be:12:b8:f0:cb:89:11:62:74:90:d8:9b:81:c0:7d:
                    4e:e7:f2:d4:48:66:eb:c1:3b:77:16:fc:c3:9b:00:
                    84:c3:c5:af:50:a3:e7:ae:56:4d:b5:16:62:c6:11:
                    1a:b3:c2:39:63:d8:ff:5d:50:79:bd:3a:4e:9f:62:
                    94:5b:d9:16:a6:e4:31:14:88:6f:ba:dc:47:69:0d:
                    48:02:96:dc:d7:43:f8:82:c0:31:08:4a:06:32:93:
                    f5:a0:3e:56:01:b5:b3:ba:45:f2:7c:90:aa:3b:39:
                    50:2c:75:bb:8d:15:5b:d1:51:20:63:28:f3:f5:c5:
                    fa:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:04:77:7B:5D:08:44:CE:6E:A5:01:41:FA:F1:3F:7D:CF:D8:2E:B3
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/OQR3e10IRM5upQFB-vE_fc_YLrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.211.0/24
                  91.217.77.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/24
                  185.104.248.0/24
                  185.125.50.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                  213.108.198.0/23
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0c:6980::/29
                  2a0c:f640::/31
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32
                  2a0f:7c80::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:e3:77:ce:c1:46:79:08:3e:e5:ee:af:aa:f7:d6:0e:28:89:
         cb:f2:03:c4:e3:7b:e1:e5:fb:65:7f:f0:7a:d4:27:1d:dd:0d:
         87:23:87:28:11:6a:ba:be:de:3a:fd:e8:2f:d3:04:66:ca:0f:
         df:04:8c:1a:cf:fc:58:27:8b:8e:7d:60:d8:4f:6b:2e:3c:78:
         1b:21:c8:db:d9:16:4d:24:f1:79:9e:02:c0:9d:c9:57:51:f2:
         bd:bb:25:f1:74:14:a3:4a:f8:99:3a:52:b5:13:5d:cb:be:7a:
         8c:5f:34:ef:36:9b:e5:53:43:71:0c:81:e6:44:66:c5:fe:ed:
         6e:9a:aa:1a:8f:d6:62:48:1e:44:27:e5:ae:e6:de:27:55:a1:
         bd:17:12:9b:b0:d9:85:cd:65:ab:06:e2:f6:9b:67:e7:dc:2f:
         0b:a9:cf:87:30:b4:65:86:51:a4:0e:96:f0:5e:fd:6b:f2:d9:
         cc:34:d4:d1:b7:1b:16:eb:4e:eb:66:d2:48:37:f3:0a:37:e6:
         a8:51:ce:d8:9b:b2:b9:d4:a7:0d:3a:93:e2:25:91:25:e0:9d:
         38:47:8a:b6:1d:b1:56:91:da:06:a9:f7:0a:91:bc:94:20:6c:
         1e:30:cb:04:60:72:e5:37:35:c3:72:92:36:ca:25:a6:c2:13:
         a7:b1:f6:85
-----BEGIN CERTIFICATE-----
MIIGLDCCBRSgAwIBAgISAYH5OeagB2Ka7purz0zmlWTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIwNzEzMjAyMjEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA0Nzc3YjVkMDg0NGNlNmVhNTAxNDFmYWYxM2Y3ZGNmZDgyZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyX8K8vzziv8H052cosYikkljrHi
o2lmm9WrI/QHtoeeFAtUBLBS5SEcUrxAiRgVXrr5tCDKD9W+GiI0AYKAYjcHfnj0
i61VJVDWFHTLrkLHpcUcOxpVDcLCOuhtF13wW07+vmPxJKyVNe00jwZDRn7zBdba
dosH8MmsNPT3j0niavolxhK+Erjwy4kRYnSQ2JuBwH1O5/LUSGbrwTt3FvzDmwCE
w8WvUKPnrlZNtRZixhEas8I5Y9j/XVB5vTpOn2KUW9kWpuQxFIhvutxHaQ1IApbc
10P4gsAxCEoGMpP1oD5WAbWzukXyfJCqOzlQLHW7jRVb0VEgYyjz9cX6SwIDAQAB
o4IDODCCAzQwHQYDVR0OBBYEFDkEd3tdCETObqUBQfrxP33P2C6zMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvT1FSM2UxMElSTTV1cFFGQi12RV9mY19ZTHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTAYIKwYBBQUHAQcBAf8EggE7MIIBNzCBzwQCAAEwgcgD
BQAFtIhMAwUABbSI3QMEAC0I0wMEAFvZTQMFAJNOQgcDBQC5EQNmAwQAuSgEAwQA
uWj4AwQAuX0yAwUAuYtEHAMFALmLRnQDBAG5rIIDBAC5rogDBAC5rosDBAC5tOYD
BQC5tOdXAwQAuby0AwQCub0MAwQCwKJkAwQAwQDIAwQBwQDKAwQAwajiAwQCwj+M
AwUAwkPEfwMFAMJDxgcDBQDCQ8ZsAwUAwkPLNgMFAMJD0AYDBQDCQ9AMAwUAwkPQ
MAMEAdVsxjBjBAIAAjBdAwUAKgRSADAOAwUBKgRSAgMFAyoEUgADBQAqCVMDAwUA
KgqTAAMFAyoL2gADBQMqDGmAAwUBKgz2QAMFACoO1gIDBQAqD0aAAwUAKg9zAAMF
AyoPfIADBQMqD8eAMA0GCSqGSIb3DQEBCwUAA4IBAQCC43fOwUZ5CD7l7q+q99YO
KInL8gPE43vh5ftlf/B61Ccd3Q2HI4coEWq6vt46/egv0wRmyg/fBIwaz/xYJ4uO
fWDYT2suPHgbIcjb2RZNJPF5ngLAnclXUfK9uyXxdBSjSviZOlK1E13LvnqMXzTv
NpvlU0NxDIHmRGbF/u1umqoaj9ZiSB5EJ+Wu5t4nVaG9FxKbsNmFzWWrBuL2m2fn
3C8Lqc+HMLRlhlGkDpbwXv1r8tnMNNTRtxsW607rZtJIN/MKN+aoUc7Ym7K51KcN
OpPiJZEl4J04R4q2HbFWkdoGqfcKkbyUIGweMMsEYHLlNzXDcpI2yiWmwhOnsfaF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org