Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/UpsIO4UuAW9NXmly2jX1TurZ7kc.roa
File:                     UpsIO4UuAW9NXmly2jX1TurZ7kc.roa (raw, json)
Hash identifier:          p9xnNdoiEgdL0XC8M3197P2Xct2N+/7z1QvjoU6X71E=
Subject key identifier:   52:9B:08:3B:85:2E:01:6F:4D:5E:69:72:DA:35:F5:4E:EA:D9:EE:47
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       04CAB4EB
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/UpsIO4UuAW9NXmly2jX1TurZ7kc.roa
Signing time:             Mon 02 May 2022 10:59:26 +0000
ROA not before:           Mon 02 May 2022 10:59:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.136.0/24 maxlen: 24
                          185.174.139.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/24 maxlen: 24
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          194.63.140.0/23 maxlen: 23
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          185.180.228.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          147.78.66.7/32 maxlen: 32
                          194.67.208.12/32 maxlen: 32
                          185.102.137.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          5.180.136.221/32 maxlen: 32
                          185.188.180.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.103.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          192.162.102.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          193.0.203.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.13.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:7c80::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0c:f641::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a07:4a00::/29 maxlen: 29
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0c:f640::/32 maxlen: 32
                          2a0b:da00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 80393451 (0x4cab4eb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: May  2 10:59:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=529b083b852e016f4d5e6972da35f54eead9ee47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c3:6e:6e:c7:c0:31:43:69:ef:69:c4:c4:d9:
                    ff:48:c4:b7:87:37:fa:43:08:2f:d6:c2:97:ed:18:
                    6b:a5:c3:5b:4e:53:f5:b2:f0:35:88:a7:00:53:54:
                    6e:3b:29:03:23:9f:37:0d:21:c1:49:54:c7:9a:d2:
                    c6:0b:99:f4:a2:85:0a:af:ef:59:09:39:16:a0:3c:
                    1c:03:26:54:c4:21:d0:bc:aa:d1:e3:9a:d6:9d:ca:
                    de:90:06:c2:5e:33:9e:76:5b:4c:16:e5:8c:b6:f9:
                    c4:95:ef:cc:25:31:10:58:1c:b8:95:3e:30:3b:64:
                    35:45:14:08:fa:c9:a7:19:75:93:68:73:fd:86:5f:
                    b3:7e:a9:6b:34:95:0c:14:4c:cc:c1:cf:01:c3:2c:
                    18:e8:a3:b4:68:b1:3a:4a:bb:48:b8:a2:5d:b6:1a:
                    45:d7:57:e9:05:42:d6:75:10:48:d8:e9:24:b8:e3:
                    1b:9e:7b:be:4c:97:40:dd:9c:d6:7a:73:ca:8d:3a:
                    69:c1:ee:2a:c6:06:86:df:0c:e6:e2:37:da:d5:b9:
                    48:f0:00:d3:57:a2:d5:de:48:c1:15:9a:ae:24:0d:
                    80:9e:95:82:6d:3e:79:65:88:41:b7:f8:4e:97:2b:
                    a1:51:13:ec:86:c0:fb:53:11:04:f7:f0:07:ce:7e:
                    1c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:9B:08:3B:85:2E:01:6F:4D:5E:69:72:DA:35:F5:4E:EA:D9:EE:47
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/UpsIO4UuAW9NXmly2jX1TurZ7kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.211.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/24
                  185.102.137.0/24
                  185.104.248.0/24
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/24
                  185.174.139.0/24
                  185.180.228.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.188.180.0/24
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a07:4a00::/29
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0b:da00::/29
                  2a0c:6980::/29
                  2a0c:f640::/31
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32
                  2a0f:7c80::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:71:fc:78:bb:f2:5d:a5:0e:5e:2a:6b:f1:64:c8:50:96:1e:
         6f:f0:a4:ea:56:54:ec:4b:6a:cc:7c:10:2a:5a:d3:c6:ff:00:
         4a:de:c2:de:c8:15:34:35:f6:64:6b:a9:77:52:a1:01:da:a2:
         6e:27:cc:cb:78:67:fb:c2:01:f8:02:7a:1f:f9:5a:69:b7:6f:
         28:04:f9:e0:1e:ce:71:5f:34:d5:2d:54:c2:82:d3:af:23:8f:
         24:3a:a4:e7:78:5d:4d:88:57:fe:c3:5a:6d:28:d0:ae:39:7f:
         ca:b6:0c:2a:48:03:1e:1a:80:7c:0a:b0:f2:f5:39:4d:6b:3f:
         57:ab:2d:3b:fe:18:1f:4e:fd:18:3e:c8:bd:e9:d7:16:6b:97:
         c9:75:da:39:0c:97:bf:1c:ae:2d:91:a8:fe:38:20:30:3d:56:
         6f:6b:a2:09:d7:3a:b0:90:c6:99:c9:49:a2:68:73:26:e9:67:
         da:59:d3:2e:f4:d7:91:89:d4:9a:cc:f7:12:d3:f1:79:ee:74:
         d0:76:b3:e3:f5:56:a1:df:cd:c8:0f:86:4c:b2:30:13:c6:8e:
         ef:64:ce:73:19:df:8c:40:b5:b5:de:30:d5:13:6b:03:99:c8:
         59:e8:20:1e:b1:ae:db:00:30:e2:ae:09:47:1b:dc:4c:47:32:
         86:37:43:5d
-----BEGIN CERTIFICATE-----
MIIGHzCCBQegAwIBAgIEBMq06zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDUw
MjEwNTkyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTI5YjA4M2I4NTJl
MDE2ZjRkNWU2OTcyZGEzNWY1NGVlYWQ5ZWU0NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALjDbm7HwDFDae9pxMTZ/0jEt4c3+kMIL9bCl+0Ya6XDW05T
9bLwNYinAFNUbjspAyOfNw0hwUlUx5rSxguZ9KKFCq/vWQk5FqA8HAMmVMQh0Lyq
0eOa1p3K3pAGwl4znnZbTBbljLb5xJXvzCUxEFgcuJU+MDtkNUUUCPrJpxl1k2hz
/YZfs36pazSVDBRMzMHPAcMsGOijtGixOkq7SLiiXbYaRddX6QVC1nUQSNjpJLjj
G557vkyXQN2c1npzyo06acHuKsYGht8M5uI32tW5SPAA01ei1d5IwRWariQNgJ6V
gm0+eWWIQbf4TpcroVET7IbA+1MRBPfwB85+HCUCAwEAAaOCAzkwggM1MB0GA1Ud
DgQWBBRSmwg7hS4Bb01eaXLaNfVO6tnuRzAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L1Vwc0lPNFV1QVc5TlhtbHkyalgxVHVyWjdrYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AU0GCCsGAQUFBwEHAQH/BIIBPDCCATgwgckEAgABMIHCAwUABbSITAMFAAW0iN0D
BAAtCNMDBQCTTkIHAwUAuREDZgMEALkoBAMEALlmiQMEALlo+AMFALmLRBwDBQC5
i0Z0AwQBuayCAwQAua6IAwQAua6LAwQAubTkAwQAubTmAwUAubTnVwMEALm8tAME
Arm9DAMEAsCiZAMEAMEAyAMEAcEAygMEAMGo4gMEAsI/jAMFAMJDxH8DBQDCQ8YH
AwUAwkPGbAMFAMJDyzYDBQDCQ9AGAwUAwkPQDAMFAMJD0DAwagQCAAIwZAMFACoE
UgAwDgMFASoEUgIDBQMqBFIAAwUDKgdKAAMFACoJUwMDBQAqCpMAAwUDKgvaAAMF
AyoMaYADBQEqDPZAAwUAKg7WAgMFACoPRoADBQAqD3MAAwUDKg98gAMFAyoPx4Aw
DQYJKoZIhvcNAQELBQADggEBAAlx/Hi78l2lDl4qa/FkyFCWHm/wpOpWVOxLasx8
ECpa08b/AErewt7IFTQ19mRrqXdSoQHaom4nzMt4Z/vCAfgCeh/5Wmm3bygE+eAe
znFfNNUtVMKC068jjyQ6pOd4XU2IV/7DWm0o0K45f8q2DCpIAx4agHwKsPL1OU1r
P1erLTv+GB9O/Rg+yL3p1xZrl8l12jkMl78cri2RqP44IDA9Vm9rognXOrCQxpnJ
SaJocybpZ9pZ0y7015GJ1JrM9xLT8XnudNB2s+P1VqHfzcgPhkyyMBPGju9kznMZ
34xAtbXeMNUTawOZyFnoIB6xrtsAMOKuCUcb3ExHMoY3Q10=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org