Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/POvnpzYnLqC_IyVWH_iSPongBxo.roa
File:                     POvnpzYnLqC_IyVWH_iSPongBxo.roa (raw, json)
Hash identifier:          pHQ9SJbTYWsXuKxksxzVTIDig3BgZ2AUIX8lRaUsRIE=
Subject key identifier:   3C:EB:E7:A7:36:27:2E:A0:BF:23:25:56:1F:F8:92:3E:89:E0:07:1A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01833735B60660580CA63E98D7440BFA12B1
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/POvnpzYnLqC_IyVWH_iSPongBxo.roa
Signing time:             Tue 13 Sep 2022 14:16:50 +0000
ROA not before:           Tue 13 Sep 2022 14:16:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          194.53.55.0/24 maxlen: 24
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          91.217.77.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          147.78.66.7/32 maxlen: 32
                          213.108.198.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
                          194.67.208.12/32 maxlen: 32
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.125.50.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:37:35:b6:06:60:58:0c:a6:3e:98:d7:44:0b:fa:12:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Sep 13 14:16:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3cebe7a736272ea0bf2325561ff8923e89e0071a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2d:97:d0:f5:37:fd:ed:52:13:5a:d4:3c:47:
                    ff:68:be:72:e8:6a:63:cb:ad:af:1a:57:ee:d3:bc:
                    c9:5f:46:51:8d:72:4a:9d:fc:8d:28:f2:d3:0f:f8:
                    b1:c4:70:92:ac:4d:9a:9b:02:d8:3b:5f:1b:81:4a:
                    06:d0:91:31:b4:2c:c0:e5:21:95:6d:55:16:a3:dd:
                    21:63:cf:36:24:82:da:66:c5:98:65:77:f8:56:6f:
                    0b:44:6f:6a:26:6f:32:c4:60:5d:7f:b5:f5:5a:90:
                    9a:ce:b0:a0:50:d5:c2:e1:2b:e0:e8:26:fa:2b:2d:
                    a2:ab:d0:cd:de:6d:4a:df:66:ea:fd:2e:92:50:26:
                    0a:9a:b0:68:8a:8a:1d:0d:1d:32:8f:b5:b2:8b:70:
                    49:ee:2d:c3:4a:d6:e1:d6:1c:cb:fe:62:1a:13:22:
                    f4:7b:ab:87:e5:a3:e5:fd:2e:89:dd:d3:81:76:56:
                    f2:7d:db:e9:d2:0a:a1:29:8e:1e:dc:75:8a:6f:07:
                    b1:68:32:2d:99:2b:7f:69:81:88:ea:46:db:9c:27:
                    94:96:c4:36:f6:c8:64:48:87:b5:23:3c:a5:c7:4e:
                    62:f4:62:dd:3f:c4:44:63:9b:b0:16:e0:eb:31:66:
                    79:00:0a:7e:03:be:f8:87:42:57:a2:c4:4a:13:ae:
                    02:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:EB:E7:A7:36:27:2E:A0:BF:23:25:56:1F:F8:92:3E:89:E0:07:1A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/POvnpzYnLqC_IyVWH_iSPongBxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.211.0/24
                  91.217.77.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/24
                  185.104.248.0/24
                  185.125.50.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.53.55.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                  213.108.198.0/23
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:f9:31:c2:95:83:24:d9:68:88:b2:a8:81:3a:de:01:01:c4:
         d4:9e:da:4c:3d:42:4d:be:a5:66:7d:b2:c3:42:93:e6:37:34:
         86:a3:2d:68:af:ba:45:af:70:45:8a:a6:ab:27:ea:b0:e1:65:
         d9:9e:1d:97:b4:6f:0e:ec:d0:5c:9e:77:d9:23:65:ad:fc:56:
         8a:d3:8f:d1:06:db:40:5a:d6:a2:53:fd:cb:d6:1e:be:45:30:
         60:d0:a9:9e:f4:65:37:db:cc:e1:61:2a:84:51:1b:65:d8:23:
         21:1b:3b:1b:2e:29:01:b5:cd:33:36:c1:bd:f3:3e:0a:de:fd:
         1a:0d:d3:cd:62:52:02:43:5b:ac:22:41:78:a1:50:49:e8:2e:
         46:99:3d:a5:b1:e8:a5:70:eb:9b:65:af:bc:76:91:71:7d:ae:
         4d:91:5e:a8:70:18:50:c6:c0:c7:2d:ff:f2:2b:ee:a2:63:6c:
         b3:8a:61:9c:33:91:fa:7d:b8:8c:24:f8:38:64:d9:96:8b:da:
         9b:80:f4:ea:16:f2:60:70:67:11:78:d6:ff:a8:46:cd:32:1c:
         36:27:ca:bc:cc:59:16:ca:06:73:17:6b:db:25:41:16:ed:b4:
         1a:a4:07:c7:9f:2f:16:d6:22:95:f3:c4:de:28:91:e3:d4:45:
         a0:ae:a8:d7
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgISAYM3NbYGYFgMpj6Y10QL+hKxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIwOTEzMTQxNjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ViZTdhNzM2MjcyZWEwYmYyMzI1NTYxZmY4OTIzZTg5ZTAwNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiy2X0PU3/e1SE1rUPEf/aL5y6Gpj
y62vGlfu07zJX0ZRjXJKnfyNKPLTD/ixxHCSrE2amwLYO18bgUoG0JExtCzA5SGV
bVUWo90hY882JILaZsWYZXf4Vm8LRG9qJm8yxGBdf7X1WpCazrCgUNXC4Svg6Cb6
Ky2iq9DN3m1K32bq/S6SUCYKmrBoioodDR0yj7Wyi3BJ7i3DStbh1hzL/mIaEyL0
e6uH5aPl/S6J3dOBdlbyfdvp0gqhKY4e3HWKbwexaDItmSt/aYGI6kbbnCeUlsQ2
9shkSIe1Izylx05i9GLdP8REY5uwFuDrMWZ5AAp+A774h0JXosRKE64ChwIDAQAB
o4IDIjCCAx4wHQYDVR0OBBYEFDzr56c2Jy6gvyMlVh/4kj6J4AcaMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvUE92bnB6WW5McUNfSXlWV0hfaVNQb25nQnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNgYIKwYBBQUHAQcBAf8EggElMIIBITCB1QQCAAEwgc4D
BQAFtIhMAwUABbSI3QMEAC0I0wMEAFvZTQMFAJNOQgcDBQC5EQNmAwQAuSgEAwQA
uWj4AwQAuX0yAwUAuYtEHAMFALmLRnQDBAG5rIIDBAC5rogDBAC5rosDBAC5tOYD
BQC5tOdXAwQAuby0AwQCub0MAwQCwKJkAwQAwQDIAwQBwQDKAwQAwajiAwQAwjU3
AwQCwj+MAwUAwkPEfwMFAMJDxgcDBQDCQ8ZsAwUAwkPLNgMFAMJD0AYDBQDCQ9AM
AwUAwkPQMAMEAdVsxjBHBAIAAjBBAwUAKgRSADAOAwUBKgRSAgMFAyoEUgADBQAq
CVMDAwUAKgqTAAMFAyoL2gADBQAqDtYCAwUAKg9GgAMFACoPcwAwDQYJKoZIhvcN
AQELBQADggEBALX5McKVgyTZaIiyqIE63gEBxNSe2kw9Qk2+pWZ9ssNCk+Y3NIaj
LWivukWvcEWKpqsn6rDhZdmeHZe0bw7s0Fyed9kjZa38VorTj9EG20Ba1qJT/cvW
Hr5FMGDQqZ70ZTfbzOFhKoRRG2XYIyEbOxsuKQG1zTM2wb3zPgre/RoN081iUgJD
W6wiQXihUEnoLkaZPaWx6KVw65tlr7x2kXF9rk2RXqhwGFDGwMct//Ir7qJjbLOK
YZwzkfp9uIwk+Dhk2ZaL2puA9OoW8mBwZxF41v+oRs0yHDYnyrzMWRbKBnMXa9sl
QRbttBqkB8efLxbWIpXzxN4okePURaCuqNc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org