Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/f8ENQdKJftJFqxfgc1wVUcSZECI.roa
File:                     f8ENQdKJftJFqxfgc1wVUcSZECI.roa (raw, json)
Hash identifier:          ZCSzUA46zuqIRHbYwy/K5fTX0ChhXKoQS7cN5CPKBBo=
Subject key identifier:   7F:C1:0D:41:D2:89:7E:D2:45:AB:17:E0:73:5C:15:51:C4:99:10:22
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       03CA8D26
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/f8ENQdKJftJFqxfgc1wVUcSZECI.roa
Signing time:             Fri 11 Feb 2022 13:02:22 +0000
ROA not before:           Fri 11 Feb 2022 13:02:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50113
IP address blocks:        185.174.139.0/24 maxlen: 24
                          185.174.136.0/24 maxlen: 24
                          185.174.137.0/24 maxlen: 24
                          194.63.141.0/24 maxlen: 24
                          194.63.143.0/24 maxlen: 24
                          194.63.140.0/24 maxlen: 24
                          194.63.140.0/22 maxlen: 22
                          194.63.140.0/23 maxlen: 23
                          194.63.142.0/24 maxlen: 24
                          194.63.142.0/23 maxlen: 23
                          185.117.116.0/24 maxlen: 24
                          185.117.117.0/24 maxlen: 24
                          185.103.252.0/24 maxlen: 24
                          185.103.253.0/24 maxlen: 24
                          185.139.68.28/32 maxlen: 32
                          185.40.4.0/24 maxlen: 24
                          185.40.5.0/24 maxlen: 24
                          185.40.7.0/24 maxlen: 24
                          185.106.92.0/24 maxlen: 24
                          185.106.93.0/24 maxlen: 24
                          185.106.94.0/24 maxlen: 24
                          185.106.95.0/24 maxlen: 24
                          45.8.211.0/24 maxlen: 24
                          194.67.198.108/32 maxlen: 32
                          185.180.230.0/24 maxlen: 24
                          185.180.228.0/24 maxlen: 24
                          194.67.196.127/32 maxlen: 32
                          185.112.81.0/24 maxlen: 24
                          194.67.198.7/32 maxlen: 32
                          194.67.208.6/32 maxlen: 32
                          185.112.100.0/24 maxlen: 24
                          147.78.66.7/32 maxlen: 32
                          194.67.208.12/32 maxlen: 32
                          185.102.137.0/24 maxlen: 24
                          185.102.139.0/24 maxlen: 24
                          185.180.231.87/32 maxlen: 32
                          185.94.164.0/24 maxlen: 24
                          185.94.165.0/24 maxlen: 24
                          185.94.167.0/24 maxlen: 24
                          5.180.136.221/32 maxlen: 32
                          185.17.1.0/24 maxlen: 24
                          192.162.100.0/22 maxlen: 22
                          194.67.208.48/32 maxlen: 32
                          192.162.102.0/24 maxlen: 24
                          192.162.103.0/24 maxlen: 24
                          192.162.100.0/24 maxlen: 24
                          192.162.101.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
                          194.67.203.54/32 maxlen: 32
                          193.0.203.0/24 maxlen: 24
                          193.0.200.0/24 maxlen: 24
                          193.0.202.0/24 maxlen: 24
                          185.17.3.102/32 maxlen: 32
                          5.180.136.76/32 maxlen: 32
                          185.189.12.0/22 maxlen: 22
                          185.189.12.0/24 maxlen: 24
                          185.189.13.0/24 maxlen: 24
                          185.189.14.0/24 maxlen: 24
                          185.189.15.0/24 maxlen: 24
                          193.168.226.0/24 maxlen: 24
                          185.104.251.0/24 maxlen: 24
                          185.104.248.0/24 maxlen: 24
                          185.139.70.116/32 maxlen: 32
                          2a0f:c780::/29 maxlen: 29
                          2a0f:7300::/32 maxlen: 32
                          2a09:5303::/32 maxlen: 32
                          2a0e:d602::/32 maxlen: 32
                          2a04:5205::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a04:5202::/32 maxlen: 32
                          2a04:5203::/32 maxlen: 32
                          2a0a:9300::/32 maxlen: 32
                          2a04:5204::/32 maxlen: 32
                          2a04:5200::/32 maxlen: 32
                          2a0c:f641::/32 maxlen: 32
                          2a0f:4680::/32 maxlen: 32
                          2a04:5206::/32 maxlen: 32
                          2a04:5207::/32 maxlen: 32
                          2a0c:f640::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63606054 (0x3ca8d26)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Feb 11 13:02:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7fc10d41d2897ed245ab17e0735c1551c4991022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:55:7e:ca:1c:dd:ab:3a:04:9f:dd:37:72:0b:
                    b2:da:9d:cd:bd:9f:80:4c:f2:f4:ac:0c:59:6c:8b:
                    42:7b:07:8b:23:52:8e:e1:2e:d3:f2:54:7a:2e:04:
                    de:b0:06:b5:08:94:b9:ee:08:2d:de:40:e9:3d:0b:
                    13:a4:59:5b:70:b1:3d:a8:c0:8c:70:ee:78:ba:c2:
                    55:a0:a3:6c:cf:05:ff:40:66:a0:51:0e:81:44:b0:
                    96:a0:44:ee:a8:e4:c4:84:30:f7:66:22:d5:b6:f0:
                    3e:f3:ff:4f:f1:68:3e:08:33:5c:7a:af:9a:cc:1b:
                    b8:ec:2d:c1:de:f3:1b:d4:4e:57:1a:b6:ff:77:3a:
                    29:f6:13:9e:5f:45:48:87:ad:01:c4:e3:97:7e:2e:
                    b1:03:5d:46:3d:42:e1:d4:79:4d:d2:1d:ec:ae:4a:
                    b9:50:ec:cc:24:89:59:61:90:6c:75:0b:f6:53:b9:
                    2f:76:31:55:d4:cc:1a:fa:99:0d:53:f0:e7:e7:e2:
                    bb:21:71:29:47:48:d1:70:03:fc:35:6c:96:ca:c3:
                    17:46:2f:02:54:71:8f:1c:a8:a9:d7:9b:de:71:8b:
                    59:88:8d:5d:23:53:0c:0f:cf:0d:a9:ed:1e:5b:16:
                    68:52:13:4c:5e:7e:b3:65:d4:01:15:cb:39:c3:c9:
                    92:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C1:0D:41:D2:89:7E:D2:45:AB:17:E0:73:5C:15:51:C4:99:10:22
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/f8ENQdKJftJFqxfgc1wVUcSZECI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.76/32
                  5.180.136.221/32
                  45.8.211.0/24
                  147.78.66.7/32
                  185.17.1.0/24
                  185.17.3.102/32
                  185.40.4.0/23
                  185.40.7.0/24
                  185.94.164.0/23
                  185.94.167.0/24
                  185.102.137.0/24
                  185.102.139.0/24
                  185.103.252.0/23
                  185.104.248.0/24
                  185.104.251.0/24
                  185.106.92.0/22
                  185.112.81.0/24
                  185.112.100.0/24
                  185.117.116.0/23
                  185.139.68.28/32
                  185.139.70.116/32
                  185.172.130.0/23
                  185.174.136.0/23
                  185.174.139.0/24
                  185.180.228.0/24
                  185.180.230.0/24
                  185.180.231.87/32
                  185.189.12.0/22
                  192.162.100.0/22
                  193.0.200.0/24
                  193.0.202.0/23
                  193.168.226.0/24
                  194.63.140.0/22
                  194.67.196.127/32
                  194.67.198.7/32
                  194.67.198.108/32
                  194.67.203.54/32
                  194.67.208.6/32
                  194.67.208.12/32
                  194.67.208.48/32
                IPv6:
                  2a04:5200::/32
                  2a04:5202::-2a04:5207:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:5303::/32
                  2a0a:9300::/32
                  2a0c:6980::/29
                  2a0c:f640::/31
                  2a0e:d602::/32
                  2a0f:4680::/32
                  2a0f:7300::/32
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:21:f6:37:f3:7d:d5:c7:6d:c8:31:d8:fd:f1:cf:93:05:4f:
         18:d2:5d:52:a0:c4:2f:e9:8a:8b:63:65:4c:8b:93:20:c3:ef:
         63:48:8f:3f:26:06:af:15:42:02:3e:33:69:0d:52:ca:08:fe:
         5c:fe:13:81:2f:2a:2f:8a:22:e5:16:8a:dc:ad:32:ae:55:df:
         ff:96:33:29:a4:54:4b:85:7e:d0:25:79:56:28:6c:4f:a4:c7:
         b3:a3:18:35:4e:a9:11:e9:a2:56:bd:f4:56:03:93:44:6f:63:
         7a:b3:bf:4f:40:0d:17:b5:8e:e4:56:a2:10:fc:45:07:61:a0:
         b4:b4:d0:9a:5f:45:6f:65:2e:7f:4c:92:d4:8f:13:35:8b:bc:
         a0:99:48:ae:0c:91:76:3f:e0:4e:93:82:6f:2b:3b:12:4b:8e:
         e9:5b:30:c4:52:b5:f3:fd:43:d9:63:da:80:da:de:79:74:94:
         a1:0a:6b:01:75:52:4b:3a:cb:b4:82:28:0a:9d:ed:df:fe:be:
         ba:53:3c:57:c4:c6:09:7e:cd:6d:6f:51:ae:9c:75:44:3e:b4:
         3d:cc:52:93:45:9b:ec:f5:7c:6d:d8:29:75:78:a2:cb:49:56:
         7f:d7:75:f2:18:88:f4:e1:d3:49:94:5c:16:c0:45:d7:99:f4:
         22:0d:73:a4
-----BEGIN CERTIFICATE-----
MIIGRzCCBS+gAwIBAgIEA8qNJjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDIx
MTEzMDIyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2ZjMTBkNDFkMjg5
N2VkMjQ1YWIxN2UwNzM1YzE1NTFjNDk5MTAyMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAONVfsoc3as6BJ/dN3ILstqdzb2fgEzy9KwMWWyLQnsHiyNS
juEu0/JUei4E3rAGtQiUue4ILd5A6T0LE6RZW3CxPajAjHDueLrCVaCjbM8F/0Bm
oFEOgUSwlqBE7qjkxIQw92Yi1bbwPvP/T/FoPggzXHqvmswbuOwtwd7zG9ROVxq2
/3c6KfYTnl9FSIetAcTjl34usQNdRj1C4dR5TdId7K5KuVDszCSJWWGQbHUL9lO5
L3YxVdTMGvqZDVPw5+fiuyFxKUdI0XAD/DVslsrDF0YvAlRxjxyoqdeb3nGLWYiN
XSNTDA/PDantHlsWaFITTF5+s2XUARXLOcPJkjMCAwEAAaOCA2EwggNdMB0GA1Ud
DgQWBBR/wQ1B0ol+0kWrF+BzXBVRxJkQIjAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L2Y4RU5RZEtKZnRKRnF4ZmdjMXdWVWNTWkVDSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AXUGCCsGAQUFBwEHAQH/BIIBZDCCAWAwggEFBAIAATCB/gMFAAW0iEwDBQAFtIjd
AwQALQjTAwUAk05CBwMEALkRAQMFALkRA2YDBAG5KAQDBAC5KAcDBAG5XqQDBAC5
XqcDBAC5ZokDBAC5ZosDBAG5Z/wDBAC5aPgDBAC5aPsDBAK5alwDBAC5cFEDBAC5
cGQDBAG5dXQDBQC5i0QcAwUAuYtGdAMEAbmsggMEAbmuiAMEALmuiwMEALm05AME
ALm05gMFALm051cDBAK5vQwDBALAomQDBADBAMgDBAHBAMoDBADBqOIDBALCP4wD
BQDCQ8R/AwUAwkPGBwMFAMJDxmwDBQDCQ8s2AwUAwkPQBgMFAMJD0AwDBQDCQ9Aw
MFUEAgACME8DBQAqBFIAMA4DBQEqBFICAwUDKgRSAAMFACoJUwMDBQAqCpMAAwUD
KgxpgAMFASoM9kADBQAqDtYCAwUAKg9GgAMFACoPcwADBQMqD8eAMA0GCSqGSIb3
DQEBCwUAA4IBAQA7IfY3833Vx23IMdj98c+TBU8Y0l1SoMQv6YqLY2VMi5Mgw+9j
SI8/JgavFUICPjNpDVLKCP5c/hOBLyoviiLlForcrTKuVd//ljMppFRLhX7QJXlW
KGxPpMezoxg1TqkR6aJWvfRWA5NEb2N6s79PQA0XtY7kVqIQ/EUHYaC0tNCaX0Vv
ZS5/TJLUjxM1i7ygmUiuDJF2P+BOk4JvKzsSS47pWzDEUrXz/UPZY9qA2t55dJSh
CmsBdVJLOsu0gigKne3f/r66UzxXxMYJfs1tb1GunHVEPrQ9zFKTRZvs9Xxt2Cl1
eKLLSVZ/13XyGIj04dNJlFwWwEXXmfQiDXOk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org