Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Z5OENo0NC5ToVxfArIy0G4h3FzM.roa
File:                     Z5OENo0NC5ToVxfArIy0G4h3FzM.roa (raw, json)
Hash identifier:          CjY1cMMszc7HvA92ToGCD+aa1lYEUZcS7vBmhDLNXmw=
Subject key identifier:   67:93:84:36:8D:0D:0B:94:E8:57:17:C0:AC:8C:B4:1B:88:77:17:33
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       03DC6753
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Z5OENo0NC5ToVxfArIy0G4h3FzM.roa
Signing time:             Fri 18 Feb 2022 11:16:09 +0000
ROA not before:           Fri 18 Feb 2022 11:16:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.139.0/24 maxlen: 24
                          185.174.136.0/24 maxlen: 24
                          185.174.137.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/23 maxlen: 23
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          185.117.116.0/24 maxlen: 24
                          185.117.117.0/24 maxlen: 24
                          185.103.252.0/24 maxlen: 24
                          185.103.253.0/24 maxlen: 24
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          185.40.5.0/24 maxlen: 24
                          185.40.7.0/24 maxlen: 24
                          185.106.92.0/24 maxlen: 24
                          185.106.93.0/24 maxlen: 24
                          185.106.94.0/24 maxlen: 24
                          185.106.95.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          185.180.228.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          185.112.81.0/24 maxlen: 24
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          185.112.100.0/24 maxlen: 24
                          147.78.66.7/32 maxlen: 32
                          194.67.208.12/32 maxlen: 32
                          185.102.137.0/24 maxlen: 24
                          185.102.139.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          185.94.164.0/24 maxlen: 24
                          185.94.165.0/24 maxlen: 24
                          185.94.167.0/24 maxlen: 24
                          5.180.136.221/32 maxlen: 32
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.102.0/24 maxlen: 24
                          192.162.103.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.203.0/24 maxlen: 24
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.12.0/24 maxlen: 24
                          185.189.13.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.104.251.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:c780::/29 maxlen: 29
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0c:f641::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0c:f640::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64776019 (0x3dc6753)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Feb 18 11:16:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=679384368d0d0b94e85717c0ac8cb41b88771733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:21:32:a5:10:d3:6f:f8:d1:5f:38:08:37:55:
                    69:a3:95:1d:e0:a8:39:89:91:2e:0d:8d:05:17:27:
                    f3:fa:e8:e6:e9:b4:31:10:75:79:ad:06:0e:f2:c1:
                    83:52:56:1c:05:81:d1:37:d2:95:c9:dc:15:b9:ce:
                    00:84:f7:c6:ad:39:da:2e:a1:e4:0b:8d:1e:5b:f5:
                    fa:62:8e:bb:00:08:9d:e4:02:d5:4c:d6:3a:cb:76:
                    77:21:d7:4e:12:6f:3f:b3:5a:37:2c:05:20:4f:59:
                    8b:37:2d:55:d3:b6:6e:c4:f5:ab:73:52:9c:60:cc:
                    af:0d:10:51:ea:43:14:19:01:bf:9c:8f:ed:e6:f9:
                    6c:7d:b5:11:bd:ab:9e:60:04:11:a5:75:b3:c0:72:
                    0b:49:a8:ab:fe:61:21:68:13:b9:8f:05:c3:62:0b:
                    b1:6e:f9:ee:fb:95:3f:40:3b:44:00:f2:1f:95:d8:
                    bf:8e:ce:4c:8d:09:65:8a:d8:1b:2d:52:8c:2e:e5:
                    a4:ac:d4:fa:5a:5b:6e:da:87:a3:21:77:b9:24:6c:
                    82:a7:60:5b:23:23:c5:1b:9c:8a:45:23:3b:20:22:
                    da:ba:22:42:84:00:3a:3b:c7:88:cd:1e:b3:be:a6:
                    9e:1e:62:f7:ef:02:8d:0f:62:ae:e4:b4:f6:97:b8:
                    b0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:93:84:36:8D:0D:0B:94:E8:57:17:C0:AC:8C:B4:1B:88:77:17:33
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Z5OENo0NC5ToVxfArIy0G4h3FzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.211.0/24
                  147.78.66.7/32
                  185.17.3.102/32
                  185.40.4.0/23
                  185.40.7.0/24
                  185.94.164.0/23
                  185.94.167.0/24
                  185.102.137.0/24
                  185.102.139.0/24
                  185.103.252.0/23
                  185.104.248.0/24
                  185.104.251.0/24
                  185.106.92.0/22
                  185.112.81.0/24
                  185.112.100.0/24
                  185.117.116.0/23
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/23
                  185.174.139.0/24
                  185.180.228.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0c:6980::/29
                  2a0c:f640::/31
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:39:13:a5:b3:7f:97:ac:11:a3:0d:b8:e3:72:fe:51:bf:ae:
         ce:97:4b:13:7e:f2:7b:38:e2:5f:e9:62:e8:3e:0b:df:16:34:
         87:07:93:71:4f:45:ad:59:9c:3a:b5:57:38:0e:64:99:44:0e:
         5b:68:83:bb:fe:f6:89:10:83:50:28:11:84:35:2b:0b:cb:af:
         7b:28:62:20:6e:16:b6:97:75:c9:5b:ca:3b:a9:b1:c3:c0:f5:
         8b:e6:6a:38:1f:f7:7b:34:7c:38:34:3e:f9:47:fc:3c:22:f1:
         54:7e:c1:5f:9f:06:2d:8a:cf:9e:52:17:af:bc:4d:d8:af:31:
         af:11:ca:7d:bb:4f:77:8a:4f:77:df:b3:f8:55:93:45:ec:00:
         2e:8f:8c:bd:6c:90:9f:6c:27:15:72:aa:66:65:84:bf:6f:ac:
         f9:0f:40:22:04:99:c6:44:98:cc:74:6b:17:2e:1a:20:34:69:
         9a:16:76:75:61:9c:8d:5e:d8:38:5f:4d:77:62:d7:25:9c:cf:
         d6:87:8f:58:f3:fd:ac:9d:ff:29:3b:20:4c:08:72:47:e1:37:
         ac:c8:ea:ed:80:dc:12:34:ea:54:9d:89:1d:a8:87:53:7a:0b:
         71:86:e0:12:b7:cf:cd:c1:69:40:5b:fb:e8:41:75:a0:a1:98:
         f2:3f:a2:a3
-----BEGIN CERTIFICATE-----
MIIGQDCCBSigAwIBAgIEA9xnUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDIx
ODExMTYwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjc5Mzg0MzY4ZDBk
MGI5NGU4NTcxN2MwYWM4Y2I0MWI4ODc3MTczMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPkhMqUQ02/40V84CDdVaaOVHeCoOYmRLg2NBRcn8/ro5um0
MRB1ea0GDvLBg1JWHAWB0TfSlcncFbnOAIT3xq052i6h5AuNHlv1+mKOuwAIneQC
1UzWOst2dyHXThJvP7NaNywFIE9ZizctVdO2bsT1q3NSnGDMrw0QUepDFBkBv5yP
7eb5bH21Eb2rnmAEEaV1s8ByC0moq/5hIWgTuY8Fw2ILsW757vuVP0A7RADyH5XY
v47OTI0JZYrYGy1SjC7lpKzU+lpbbtqHoyF3uSRsgqdgWyMjxRucikUjOyAi2roi
QoQAOjvHiM0es76mnh5i9+8CjQ9iruS09pe4sMkCAwEAAaOCA1owggNWMB0GA1Ud
DgQWBBRnk4Q2jQ0LlOhXF8CsjLQbiHcXMzAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L1o1T0VObzBOQzVUb1Z4ZkFySXkwRzRoM0Z6TS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AW4GCCsGAQUFBwEHAQH/BIIBXTCCAVkwgf8EAgABMIH4AwUABbSITAMFAAW0iN0D
BAAtCNMDBQCTTkIHAwUAuREDZgMEAbkoBAMEALkoBwMEAblepAMEALlepwMEALlm
iQMEALlmiwMEAbln/AMEALlo+AMEALlo+wMEArlqXAMEALlwUQMEALlwZAMEAbl1
dAMFALmLRBwDBQC5i0Z0AwQBuayCAwQBua6IAwQAua6LAwQAubTkAwQAubTmAwUA
ubTnVwMEArm9DAMEAsCiZAMEAMEAyAMEAcEAygMEAMGo4gMEAsI/jAMFAMJDxH8D
BQDCQ8YHAwUAwkPGbAMFAMJDyzYDBQDCQ9AGAwUAwkPQDAMFAMJD0DAwVQQCAAIw
TwMFACoEUgAwDgMFASoEUgIDBQMqBFIAAwUAKglTAwMFACoKkwADBQMqDGmAAwUB
Kgz2QAMFACoO1gIDBQAqD0aAAwUAKg9zAAMFAyoPx4AwDQYJKoZIhvcNAQELBQAD
ggEBAA05E6Wzf5esEaMNuONy/lG/rs6XSxN+8ns44l/pYug+C98WNIcHk3FPRa1Z
nDq1VzgOZJlEDltog7v+9okQg1AoEYQ1KwvLr3soYiBuFraXdclbyjupscPA9Yvm
ajgf93s0fDg0PvlH/Dwi8VR+wV+fBi2Kz55SF6+8TdivMa8Ryn27T3eKT3ffs/hV
k0XsAC6PjL1skJ9sJxVyqmZlhL9vrPkPQCIEmcZEmMx0axcuGiA0aZoWdnVhnI1e
2DhfTXdi1yWcz9aHj1jz/ayd/yk7IEwIckfhN6zI6u2A3BI06lSdiR2oh1N6C3GG
4BK3z83BaUBb++hBdaChmPI/oqM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org