Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/jAmgPsG6LpblQewcz7uubGPfRw0.roa
File:                     jAmgPsG6LpblQewcz7uubGPfRw0.roa (raw, json)
Hash identifier:          HwS8Wh/josRNWXGWjCiD107LphEmvgPWV2gaCdR9RvY=
Subject key identifier:   8C:09:A0:3E:C1:BA:2E:96:E5:41:EC:1C:CF:BB:AE:6C:63:DF:47:0D
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018D3AF68A2223115BFA7B88B209F5284905
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/jAmgPsG6LpblQewcz7uubGPfRw0.roa
Signing time:             Wed 24 Jan 2024 10:14:12 +0000
ROA not before:           Wed 24 Jan 2024 10:14:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        45.89.66.0/24 maxlen: 24
                          45.89.67.0/24 maxlen: 24
                          45.128.176.0/22 maxlen: 22
                          45.128.176.0/24 maxlen: 24
                          45.128.177.0/24 maxlen: 24
                          45.128.178.0/24 maxlen: 24
                          45.128.179.0/24 maxlen: 24
                          45.132.252.0/24 maxlen: 24
                          91.217.80.0/24 maxlen: 24
                          94.142.136.0/21 maxlen: 21
                          94.142.139.0/24 maxlen: 24
                          94.142.140.0/24 maxlen: 24
                          94.142.141.0/24 maxlen: 24
                          94.142.142.0/24 maxlen: 24
                          94.142.143.0/24 maxlen: 24
                          185.5.248.0/22 maxlen: 22
                          185.5.248.0/23 maxlen: 23
                          185.5.250.0/23 maxlen: 23
                          185.5.250.0/24 maxlen: 24
                          185.58.204.0/22 maxlen: 22
                          185.58.204.0/24 maxlen: 24
                          185.58.206.0/24 maxlen: 24
                          185.58.207.0/24 maxlen: 24
                          185.87.48.0/22 maxlen: 22
                          185.87.48.0/24 maxlen: 24
                          185.87.49.0/24 maxlen: 24
                          185.87.50.0/24 maxlen: 24
                          185.87.51.0/24 maxlen: 24
                          185.105.116.0/24 maxlen: 24
                          185.105.117.0/24 maxlen: 24
                          185.117.152.0/22 maxlen: 22
                          185.125.216.0/22 maxlen: 22
                          185.125.218.0/23 maxlen: 23
                          185.125.228.0/22 maxlen: 22
                          185.125.228.0/24 maxlen: 24
                          185.125.229.0/24 maxlen: 24
                          185.125.230.0/24 maxlen: 24
                          185.125.231.0/24 maxlen: 24
                          185.200.188.0/24 maxlen: 24
                          193.109.85.0/24 maxlen: 24
                          193.124.176.0/20 maxlen: 20
                          193.124.176.0/21 maxlen: 21
                          193.124.184.0/21 maxlen: 21
                          193.168.224.0/24 maxlen: 24
                          194.67.192.0/19 maxlen: 19
                          194.67.193.0/24 maxlen: 24
                          194.67.194.0/23 maxlen: 23
                          194.67.196.0/22 maxlen: 22
                          194.67.200.0/21 maxlen: 21
                          194.67.202.0/24 maxlen: 24
                          194.67.203.0/24 maxlen: 24
                          194.67.204.0/22 maxlen: 22
                          194.67.208.0/20 maxlen: 20
                          195.47.250.0/24 maxlen: 24
                          2a07:4a00::/29 maxlen: 29
                          2a0a:9300::/48 maxlen: 48
                          2a0a:9300:2::/48 maxlen: 48
                          2a0a:9300:d0::/48 maxlen: 48
                          2a0a:9300:d1::/48 maxlen: 48
                          2a0a:9300:d2::/48 maxlen: 48
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9301:1::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
                          2a0a:9302:1::/48 maxlen: 48
                          2a0b:7780::/29 maxlen: 29
                          2a0b:9800::/29 maxlen: 29
                          2a0c:74c0::/29 maxlen: 29
                          2a0c:77c0::/29 maxlen: 29
                          2a0c:77c0::/32 maxlen: 32
                          2a0d:2cc0::/29 maxlen: 29
                          2a0d:3880::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:f6:8a:22:23:11:5b:fa:7b:88:b2:09:f5:28:49:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan 24 10:14:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c09a03ec1ba2e96e541ec1ccfbbae6c63df470d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:13:b2:ea:f1:b5:e4:57:fb:50:02:78:96:27:
                    e0:cb:ff:f3:d9:08:a5:ab:93:a7:dd:6f:4d:65:c4:
                    b8:da:9a:ca:a6:25:4f:7d:49:d0:3a:96:e1:fc:17:
                    e6:10:7e:e5:af:c5:d0:b4:54:e7:18:ac:3c:43:96:
                    07:5a:71:17:d5:84:07:45:7c:c9:09:a4:d7:9a:f7:
                    15:65:69:33:c2:57:96:ce:ec:e8:23:88:15:df:3f:
                    d3:f6:fc:f0:de:67:18:73:e4:10:97:6e:cd:67:96:
                    44:bd:98:52:0a:93:8f:d7:19:25:c3:2c:9a:f5:78:
                    c3:df:89:4e:fa:04:e8:bc:59:5e:ba:f3:b6:fd:81:
                    29:fe:f5:19:f9:fd:15:e5:a2:d0:06:d7:8b:35:21:
                    fe:23:4b:bd:41:60:ca:26:04:fa:c4:a8:6f:2e:2b:
                    c8:fd:41:71:0b:e0:23:7d:5a:f2:43:f1:65:a6:e4:
                    ae:c2:aa:d3:4e:ba:eb:21:0e:5f:88:42:ee:2c:6e:
                    08:34:f8:70:d1:5d:58:b5:7b:5e:02:82:be:d8:e0:
                    62:99:7d:59:a1:8c:8f:b7:27:3b:98:c3:4c:1c:29:
                    3c:a4:29:b4:cf:17:3a:3b:3c:89:c0:b7:87:2c:a0:
                    a8:3f:64:4d:99:56:4a:9e:6e:38:55:f4:8c:68:7b:
                    b5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:09:A0:3E:C1:BA:2E:96:E5:41:EC:1C:CF:BB:AE:6C:63:DF:47:0D
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/jAmgPsG6LpblQewcz7uubGPfRw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.66.0/23
                  45.128.176.0/22
                  45.132.252.0/24
                  91.217.80.0/24
                  94.142.136.0/21
                  185.5.248.0/22
                  185.58.204.0/22
                  185.87.48.0/22
                  185.105.116.0/23
                  185.117.152.0/22
                  185.125.216.0/22
                  185.125.228.0/22
                  185.200.188.0/24
                  193.109.85.0/24
                  193.124.176.0/20
                  193.168.224.0/24
                  194.67.192.0/19
                  195.47.250.0/24
                IPv6:
                  2a07:4a00::/29
                  2a0a:9300::/48
                  2a0a:9300:2::/48
                  2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32
                  2a0b:7780::/29
                  2a0b:9800::/29
                  2a0c:74c0::/29
                  2a0c:77c0::/29
                  2a0d:2cc0::/29
                  2a0d:3880::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:63:90:c2:49:cf:b5:1b:67:eb:18:cd:42:4e:21:d3:ca:74:
         6e:1e:0e:ee:f2:13:55:1f:35:1e:a9:c1:11:74:7d:80:d9:5c:
         5e:67:a2:b7:c6:d0:be:89:6a:16:0d:75:f8:1f:14:f7:9f:f7:
         50:5a:e9:8d:8c:e4:55:d8:c0:1d:24:e5:ba:9d:89:ae:26:ac:
         0f:1e:f8:a7:1e:20:a7:e8:f0:3c:59:88:e2:15:c3:98:15:d7:
         9e:6d:6b:90:b1:48:dc:5c:ea:04:f4:d5:4c:ab:35:1b:6c:46:
         e4:16:4e:84:2e:d4:df:16:5e:a4:13:ab:1e:39:a3:25:96:15:
         99:bd:fc:9f:95:a3:8c:96:18:08:a6:d3:c1:83:68:dc:80:b2:
         ec:8c:71:22:a3:13:57:26:d5:7c:64:70:11:51:98:c4:ea:ff:
         d1:f2:87:4a:f8:3c:40:35:26:a1:a1:45:c4:d7:57:63:c6:c9:
         e0:2f:26:23:12:4d:2a:e9:b8:f6:6e:9d:f4:a8:c5:5e:08:a1:
         8a:40:ba:31:44:2b:42:6b:ba:d5:3b:65:85:6d:64:43:3e:34:
         7f:e8:72:9e:63:32:05:8d:fa:c2:4b:dd:a2:57:be:fb:c7:b2:
         46:b4:45:1c:5f:80:b8:08:6b:0e:62:bb:18:4d:39:ac:16:22:
         22:cd:54:ab
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAY069ooiIxFb+nuIsgn1KEkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTI0MTAxNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzA5YTAzZWMxYmEyZTk2ZTU0MWVjMWNjZmJiYWU2YzYzZGY0NzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmROy6vG15Ff7UAJ4lifgy//z2Qil
q5On3W9NZcS42prKpiVPfUnQOpbh/BfmEH7lr8XQtFTnGKw8Q5YHWnEX1YQHRXzJ
CaTXmvcVZWkzwleWzuzoI4gV3z/T9vzw3mcYc+QQl27NZ5ZEvZhSCpOP1xklwyya
9XjD34lO+gTovFleuvO2/YEp/vUZ+f0V5aLQBteLNSH+I0u9QWDKJgT6xKhvLivI
/UFxC+AjfVryQ/FlpuSuwqrTTrrrIQ5fiELuLG4INPhw0V1YtXteAoK+2OBimX1Z
oYyPtyc7mMNMHCk8pCm0zxc6OzyJwLeHLKCoP2RNmVZKnm44VfSMaHu1hQIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFIwJoD7Bui6W5UHsHM+7rmxj30cNMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvakFtZ1BzRzZMcGJsUWV3Y3o3dXViR1BmUncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DByBAIAATBsAwQBLVlC
AwQCLYCwAwQALYT8AwQAW9lQAwQDXo6IAwQCuQX4AwQCuTrMAwQCuVcwAwQBuWl0
AwQCuXWYAwQCuX3YAwQCuX3kAwQAuci8AwQAwW1VAwQEwXywAwQAwajgAwQFwkPA
AwQAwy/6MHYEAgACMHADBQMqB0oAAwcAKgqTAAAAAwcAKgqTAAACMBIDBwQqCpMA
ANADBwAqCpMAANIwEAMFACoKkwEDBwAqCpMBAAIDBQAqCpMCAwUDKgt3gAMFAyoL
mAADBQMqDHTAAwUDKgx3wAMFAyoNLMADBQMqDTiAMA0GCSqGSIb3DQEBCwUAA4IB
AQCzY5DCSc+1G2frGM1CTiHTynRuHg7u8hNVHzUeqcERdH2A2VxeZ6K3xtC+iWoW
DXX4HxT3n/dQWumNjORV2MAdJOW6nYmuJqwPHvinHiCn6PA8WYjiFcOYFdeebWuQ
sUjcXOoE9NVMqzUbbEbkFk6ELtTfFl6kE6seOaMllhWZvfyflaOMlhgIptPBg2jc
gLLsjHEioxNXJtV8ZHARUZjE6v/R8odK+DxANSahoUXE11djxsngLyYjEk0q6bj2
bp30qMVeCKGKQLoxRCtCa7rVO2WFbWRDPjR/6HKeYzIFjfrCS92iV777x7JGtEUc
X4C4CGsOYrsYTTmsFiIizVSr
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org