Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pHG3VuXBBe9DptywXOymvBWYqZE.roa
File:                     pHG3VuXBBe9DptywXOymvBWYqZE.roa (raw, json)
Hash identifier:          hRTkNR/uQvNaFcg0EgDvC3jGc2e07Ak4XomAgwFyA4o=
Subject key identifier:   A4:71:B7:56:E5:C1:05:EF:43:A6:DC:B0:5C:EC:A6:BC:15:98:A9:91
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0183338262C63D6911E71A22D750C4B8E83E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pHG3VuXBBe9DptywXOymvBWYqZE.roa
Signing time:             Mon 12 Sep 2022 21:02:06 +0000
ROA not before:           Mon 12 Sep 2022 21:02:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204084
IP address blocks:        185.117.117.0/24 maxlen: 24
                          185.102.137.0/24 maxlen: 24
                          2a0f:7c80::/29 maxlen: 29
                          2a0b:9800::/29 maxlen: 29
                          2a0f:3380::/29 maxlen: 29
                          2a0f:2380::/29 maxlen: 29
                          2a0b:a300::/29 maxlen: 29
                          2a0f:a700::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:7300::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29
                          2a0f:4580::/29 maxlen: 29
                          2a0c:7440::/29 maxlen: 29
                          2a0f:5580::/29 maxlen: 29
                          2a0c:74c0::/29 maxlen: 29
                          2a0f:1180::/29 maxlen: 29
                          2a0f:4680::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a0d:2cc0::/29 maxlen: 29
                          2a0f:a500::/29 maxlen: 29
                          2a0f:7100::/29 maxlen: 29
                          2a07:4a00::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:33:82:62:c6:3d:69:11:e7:1a:22:d7:50:c4:b8:e8:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Sep 12 21:02:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a471b756e5c105ef43a6dcb05ceca6bc1598a991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e0:be:f6:fc:de:68:46:b0:dc:80:6c:c4:7b:
                    52:1a:7f:9a:bd:23:e7:61:0d:50:bc:05:1f:c5:e7:
                    26:2d:48:68:67:57:85:2f:7e:94:50:80:f9:0e:aa:
                    be:69:a5:14:67:d9:03:66:15:fc:85:f5:b4:ab:09:
                    27:c2:76:f5:6e:4e:12:75:5d:77:0f:cf:66:32:43:
                    d3:72:dc:c4:4b:2d:5e:40:2a:4f:01:39:3d:03:b7:
                    2e:c5:98:20:76:14:83:48:9c:57:01:c0:75:18:f5:
                    98:63:c3:51:e3:5d:72:39:73:ca:04:34:4c:9e:78:
                    38:4b:28:a2:1b:67:55:2c:7b:93:c0:6d:96:bc:fd:
                    1a:66:c8:fb:1e:1a:90:07:59:8f:22:fa:26:dc:99:
                    1a:c1:33:91:79:25:f1:18:67:78:53:e2:9d:83:94:
                    38:87:52:d9:0c:01:85:47:6a:e6:65:6f:04:2e:a2:
                    c3:db:a1:4e:cc:cb:db:35:96:64:f9:68:21:ae:19:
                    e1:65:2f:73:ed:bf:a8:26:52:3b:ec:db:5b:60:97:
                    37:12:64:b9:e8:0a:98:f4:b9:e2:6f:11:24:59:cf:
                    d6:f1:d8:3e:2b:81:82:6e:4a:db:f5:e4:13:42:75:
                    25:63:c7:23:e8:13:c4:69:8d:c4:f8:3b:f6:a2:b8:
                    13:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:71:B7:56:E5:C1:05:EF:43:A6:DC:B0:5C:EC:A6:BC:15:98:A9:91
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pHG3VuXBBe9DptywXOymvBWYqZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.137.0/24
                  185.117.117.0/24
                IPv6:
                  2a07:4a00::/29
                  2a0b:9800::/29
                  2a0b:a300::/29
                  2a0c:7440::/29
                  2a0c:74c0::/29
                  2a0c:7540::/29
                  2a0d:2cc0::/29
                  2a0d:88c0::/29
                  2a0f:1180::/29
                  2a0f:2380::/29
                  2a0f:3380::/29
                  2a0f:4580::/29
                  2a0f:4680::/29
                  2a0f:5580::/29
                  2a0f:7100::/29
                  2a0f:7300::/29
                  2a0f:7c80::/29
                  2a0f:a500::/29
                  2a0f:a700::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:92:58:9a:2e:79:de:56:d6:ee:aa:d1:43:89:25:43:7f:01:
         f8:9a:4d:19:72:3c:6e:4f:6c:0b:56:c3:75:79:5e:68:2d:fd:
         d8:c9:c4:ef:f3:99:ed:3f:2b:55:7d:e2:20:e5:60:3a:92:7b:
         6a:2d:b8:09:3f:26:17:a8:d9:40:ae:e9:ed:91:37:ff:e7:0a:
         f7:5a:ab:4d:38:ce:5e:10:c5:98:27:41:9a:1b:1a:1d:e3:54:
         3a:ff:01:7c:96:cb:3c:d3:c7:29:35:a0:43:3d:ac:f0:58:a5:
         16:7d:a5:de:6a:56:61:a2:da:7b:8d:06:91:e0:06:a4:71:a4:
         6d:d9:2a:4e:7c:0f:14:75:11:53:b5:b4:86:03:73:8c:0f:97:
         1c:ce:3e:ed:38:f7:d1:03:51:d0:53:56:aa:3c:22:45:b0:8b:
         dd:ce:65:ed:48:ef:67:39:40:59:6e:d4:f2:c5:6e:ae:cf:29:
         20:a6:bb:08:29:90:f1:b8:1a:dd:a2:89:b4:18:6d:71:37:05:
         51:ba:07:58:bf:e9:cf:2f:fe:69:f6:be:61:b8:78:69:96:ff:
         b1:24:96:f8:60:3d:16:54:92:ad:bb:a2:9a:66:d3:89:a9:be:
         a9:b4:cd:b2:5b:be:66:5a:41:e9:79:08:13:fc:3f:30:93:7e:
         0f:c2:c3:f0
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYMzgmLGPWkR5xoi11DEuOg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIwOTEyMjEwMjA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDcxYjc1NmU1YzEwNWVmNDNhNmRjYjA1Y2VjYTZiYzE1OThhOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuC+9vzeaEaw3IBsxHtSGn+avSPn
YQ1QvAUfxecmLUhoZ1eFL36UUID5Dqq+aaUUZ9kDZhX8hfW0qwknwnb1bk4SdV13
D89mMkPTctzESy1eQCpPATk9A7cuxZggdhSDSJxXAcB1GPWYY8NR411yOXPKBDRM
nng4SyiiG2dVLHuTwG2WvP0aZsj7HhqQB1mPIvom3JkawTOReSXxGGd4U+Kdg5Q4
h1LZDAGFR2rmZW8ELqLD26FOzMvbNZZk+WghrhnhZS9z7b+oJlI77NtbYJc3EmS5
6AqY9LnibxEkWc/W8dg+K4GCbkrb9eQTQnUlY8cj6BPEaY3E+Dv2orgTGwIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFKRxt1blwQXvQ6bcsFzsprwVmKmRMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvcEhHM1Z1WEJCZTlEcHR5d1hPeW12QldZcVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjASBAIAATAMAwQAuWaJ
AwQAuXV1MIGTBAIAAjCBjAMFAyoHSgADBQMqC5gAAwUDKgujAAMFAyoMdEADBQMq
DHTAAwUDKgx1QAMFAyoNLMADBQMqDYjAAwUDKg8RgAMFAyoPI4ADBQMqDzOAAwUD
Kg9FgAMFAyoPRoADBQMqD1WAAwUDKg9xAAMFAyoPcwADBQMqD3yAAwUDKg+lAAMF
AyoPpwADBQMqD8eAMA0GCSqGSIb3DQEBCwUAA4IBAQA9kliaLnneVtbuqtFDiSVD
fwH4mk0ZcjxuT2wLVsN1eV5oLf3YycTv85ntPytVfeIg5WA6kntqLbgJPyYXqNlA
runtkTf/5wr3WqtNOM5eEMWYJ0GaGxod41Q6/wF8lss808cpNaBDPazwWKUWfaXe
alZhotp7jQaR4AakcaRt2SpOfA8UdRFTtbSGA3OMD5cczj7tOPfRA1HQU1aqPCJF
sIvdzmXtSO9nOUBZbtTyxW6uzykgprsIKZDxuBrdoom0GG1xNwVRugdYv+nPL/5p
9r5huHhplv+xJJb4YD0WVJKtu6KaZtOJqb6ptM2yW75mWkHpeQgT/D8wk34PwsPw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:11 2024 by rpki-client on console-ams.rpki-client.org