Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/vAlHJUok_oKQojZtDB1rwhPKzCU.roa
File:                     vAlHJUok_oKQojZtDB1rwhPKzCU.roa (raw, json)
Hash identifier:          WPv4XtV/YFG1xS7pbo3bM9dLrvnSZBBVwksYiSruoDI=
Subject key identifier:   BC:09:47:25:4A:24:FE:82:90:A2:36:6D:0C:1D:6B:C2:13:CA:CC:25
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018988CA9AC82FD51E47DB04E58551C706C5
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/vAlHJUok_oKQojZtDB1rwhPKzCU.roa
Signing time:             Mon 24 Jul 2023 16:45:26 +0000
ROA not before:           Mon 24 Jul 2023 16:45:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200740
IP address blocks:        94.142.136.0/23 maxlen: 23
                          94.142.137.0/24 maxlen: 24
                          94.142.136.0/24 maxlen: 24
                          185.103.252.0/24 maxlen: 24
                          185.117.116.0/24 maxlen: 24
                          185.103.253.0/24 maxlen: 24
                          185.103.252.0/23 maxlen: 23
                          45.9.72.0/24 maxlen: 24
                          185.233.80.0/23 maxlen: 23
                          185.233.82.0/24 maxlen: 24
                          185.102.136.0/24 maxlen: 24
                          185.252.144.0/24 maxlen: 24
                          185.103.254.0/24 maxlen: 24
                          185.117.119.0/24 maxlen: 24
                          185.103.255.0/24 maxlen: 24
                          185.103.254.0/23 maxlen: 23
                          185.40.7.0/24 maxlen: 24
                          194.36.178.0/23 maxlen: 23
                          185.233.202.0/23 maxlen: 23
                          185.232.170.0/23 maxlen: 23
                          185.94.164.0/24 maxlen: 24
                          185.200.190.0/24 maxlen: 24
                          185.94.164.0/23 maxlen: 23
                          185.94.165.0/24 maxlen: 24
                          91.217.76.0/24 maxlen: 24
                          95.214.9.0/24 maxlen: 24
                          95.214.11.0/24 maxlen: 24
                          95.214.10.0/23 maxlen: 23
                          95.214.10.0/24 maxlen: 24
                          194.67.201.0/24 maxlen: 24
                          46.17.105.0/24 maxlen: 24
                          2a04:5200:68::/48 maxlen: 48
                          2a0d:2cc4::/31 maxlen: 31
                          2a04:5201:2::/48 maxlen: 48
                          2a04:5201:7::/48 maxlen: 48
                          2a04:5201:8018::/48 maxlen: 48
                          2a04:5201:4::/48 maxlen: 48
                          2a0d:2cc2::/31 maxlen: 31
                          2a04:5201:6::/48 maxlen: 48
                          2a0d:2cc0::/31 maxlen: 31
                          2a0d:2cc6::/31 maxlen: 31

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:88:ca:9a:c8:2f:d5:1e:47:db:04:e5:85:51:c7:06:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 24 16:45:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bc0947254a24fe8290a2366d0c1d6bc213cacc25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:58:48:41:4e:80:cb:a8:8d:85:da:49:2b:f5:
                    29:08:d0:aa:b2:68:56:08:e9:fd:23:53:a4:68:b1:
                    8c:87:d9:f6:06:b7:06:e4:a6:d7:af:97:94:a5:ca:
                    5e:61:96:82:78:93:07:d1:1d:33:5d:66:ee:63:ed:
                    6e:ae:92:7a:27:8a:95:1a:3f:4d:e7:7e:b2:81:11:
                    5d:30:de:df:73:1c:27:b0:b9:98:f3:fb:36:e4:bc:
                    2e:e7:5c:e1:ba:67:be:9c:92:c4:af:a7:9e:39:29:
                    5f:e7:ef:99:08:b1:17:eb:22:5d:19:6c:21:ab:09:
                    d4:57:43:79:fe:94:c0:29:5b:7a:bd:51:f4:43:c4:
                    fb:f4:0e:f3:4f:6d:0b:44:5f:58:ae:22:d3:e9:5e:
                    18:fe:98:e7:33:7f:bf:b0:43:1a:e8:01:23:3d:80:
                    56:20:00:9e:27:5c:ba:39:8b:77:ab:87:d7:99:2e:
                    d2:77:44:52:4c:01:a0:cd:d3:6f:f8:2d:95:8b:b3:
                    a6:13:27:48:46:51:e0:7d:2c:1e:b9:35:4c:76:43:
                    08:33:2b:fc:6a:53:74:03:b8:88:4b:e2:f1:8d:88:
                    83:ea:b0:f5:d2:2e:36:06:d9:71:78:64:6b:9a:a1:
                    f5:fc:c9:e0:f9:ca:44:9b:39:91:4e:8e:d7:0e:14:
                    5f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:09:47:25:4A:24:FE:82:90:A2:36:6D:0C:1D:6B:C2:13:CA:CC:25
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/vAlHJUok_oKQojZtDB1rwhPKzCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.72.0/24
                  46.17.105.0/24
                  91.217.76.0/24
                  94.142.136.0/23
                  95.214.9.0-95.214.11.255
                  185.40.7.0/24
                  185.94.164.0/23
                  185.102.136.0/24
                  185.103.252.0/22
                  185.117.116.0/24
                  185.117.119.0/24
                  185.200.190.0/24
                  185.232.170.0/23
                  185.233.80.0-185.233.82.255
                  185.233.202.0/23
                  185.252.144.0/24
                  194.36.178.0/23
                  194.67.201.0/24
                IPv6:
                  2a04:5200:68::/48
                  2a04:5201:2::/48
                  2a04:5201:4::/48
                  2a04:5201:6::/47
                  2a04:5201:8018::/48
                  2a0d:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:73:99:9f:ac:9e:aa:3d:01:5d:fd:2b:61:f8:1d:62:19:11:
         50:32:b4:e0:b8:0f:c8:03:43:d3:35:0e:96:ec:8a:26:16:da:
         64:2f:08:72:a2:ee:09:80:08:81:e7:57:e3:88:44:3f:f1:25:
         f4:6f:94:7a:64:e0:70:e3:4e:0f:bb:53:c1:f9:29:13:e4:c8:
         d8:50:7b:b3:b5:d7:68:b8:5a:b8:f5:a2:00:be:fc:76:5c:6b:
         ff:92:75:14:e0:61:7a:4a:fe:d3:6d:cc:69:99:1e:84:45:0e:
         78:b9:d8:c1:aa:53:84:15:f4:ef:64:04:58:c7:a1:c5:2b:3d:
         e5:2d:82:ce:17:3f:f4:fb:a4:e2:5e:de:35:89:36:88:c6:d2:
         70:d8:c3:1a:5f:fb:17:1e:2b:fe:79:30:04:12:f7:da:8e:dd:
         f0:f3:89:95:25:24:8a:b9:92:26:0a:dc:4f:d9:36:a2:c0:73:
         03:4e:f4:e9:ce:0b:b9:03:c0:75:14:ab:20:74:6b:b4:35:5c:
         cb:b5:0b:27:a3:2f:4b:68:39:66:75:1e:82:a2:38:28:bd:f4:
         c2:ee:fd:43:12:96:66:89:bd:a3:8f:62:b6:07:e5:48:bb:5c:
         b6:0a:57:38:ed:86:2e:b1:32:47:33:de:55:cf:c8:61:38:a1:
         f8:ae:d0:22
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgISAYmIyprIL9UeR9sE5YVRxwbFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwNzI0MTY0NTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzA5NDcyNTRhMjRmZTgyOTBhMjM2NmQwYzFkNmJjMjEzY2FjYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFhIQU6Ay6iNhdpJK/UpCNCqsmhW
COn9I1OkaLGMh9n2BrcG5KbXr5eUpcpeYZaCeJMH0R0zXWbuY+1urpJ6J4qVGj9N
536ygRFdMN7fcxwnsLmY8/s25Lwu51zhume+nJLEr6eeOSlf5++ZCLEX6yJdGWwh
qwnUV0N5/pTAKVt6vVH0Q8T79A7zT20LRF9YriLT6V4Y/pjnM3+/sEMa6AEjPYBW
IACeJ1y6OYt3q4fXmS7Sd0RSTAGgzdNv+C2Vi7OmEydIRlHgfSweuTVMdkMIMyv8
alN0A7iIS+LxjYiD6rD10i42BtlxeGRrmqH1/Mng+cpEmzmRTo7XDhRfLwIDAQAB
o4ICvzCCArswHQYDVR0OBBYEFLwJRyVKJP6CkKI2bQwda8ITyswlMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvdkFsSEpVb2tfb0tRb2padERCMXJ3aFBLekNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHUBggrBgEFBQcBBwEB/wSBxDCBwTCBggQCAAEwfAMEAC0J
SAMEAC4RaQMEAFvZTAMEAV6OiDAMAwQAX9YJAwQCX9YIAwQAuSgHAwQBuV6kAwQA
uWaIAwQCuWf8AwQAuXV0AwQAuXV3AwQAuci+AwQBueiqMAwDBAS56VADBAC56VID
BAG56coDBAC5/JADBAHCJLIDBADCQ8kwOgQCAAIwNAMHACoEUgAAaAMHACoEUgEA
AgMHACoEUgEABAMHASoEUgEABgMHACoEUgGAGAMFAyoNLMAwDQYJKoZIhvcNAQEL
BQADggEBAC5zmZ+snqo9AV39K2H4HWIZEVAytOC4D8gDQ9M1DpbsiiYW2mQvCHKi
7gmACIHnV+OIRD/xJfRvlHpk4HDjTg+7U8H5KRPkyNhQe7O112i4Wrj1ogC+/HZc
a/+SdRTgYXpK/tNtzGmZHoRFDni52MGqU4QV9O9kBFjHocUrPeUtgs4XP/T7pOJe
3jWJNojG0nDYwxpf+xceK/55MAQS99qO3fDziZUlJIq5kiYK3E/ZNqLAcwNO9OnO
C7kDwHUUqyB0a7Q1XMu1CyejL0toOWZ1HoKiOCi99MLu/UMSlmaJvaOPYrYH5Ui7
XLYKVzjthi6xMkcz3lXPyGE4ofiu0CI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:11 2024 by rpki-client on console-ams.rpki-client.org