Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/w7tlhaov24r-dwszBqHqF6iJlmw.roa
File:                     w7tlhaov24r-dwszBqHqF6iJlmw.roa (raw, json)
Hash identifier:          dCUP/j/8nq6EadsZd/WuSxXVvUGMRXFDE0s8kG1Wf9U=
Subject key identifier:   C3:BB:65:85:AA:2F:DB:8A:FE:77:0B:33:06:A1:EA:17:A8:89:96:6C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018B5B6C737B480A1AF657DC0E9FA6A947AF
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/w7tlhaov24r-dwszBqHqF6iJlmw.roa
Signing time:             Mon 23 Oct 2023 07:25:15 +0000
ROA not before:           Mon 23 Oct 2023 07:25:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200740
IP address blocks:        94.142.136.0/23 maxlen: 23
                          94.142.137.0/24 maxlen: 24
                          94.142.136.0/24 maxlen: 24
                          185.112.81.0/24 maxlen: 24
                          185.103.252.0/24 maxlen: 24
                          185.117.116.0/24 maxlen: 24
                          185.103.253.0/24 maxlen: 24
                          185.103.252.0/23 maxlen: 23
                          45.9.72.0/24 maxlen: 24
                          185.233.80.0/23 maxlen: 23
                          185.233.82.0/24 maxlen: 24
                          185.102.136.0/24 maxlen: 24
                          185.252.144.0/24 maxlen: 24
                          185.103.254.0/24 maxlen: 24
                          185.117.119.0/24 maxlen: 24
                          185.103.255.0/24 maxlen: 24
                          185.103.254.0/23 maxlen: 23
                          185.40.7.0/24 maxlen: 24
                          194.36.178.0/23 maxlen: 23
                          185.233.202.0/23 maxlen: 23
                          185.114.72.0/23 maxlen: 23
                          185.114.73.0/24 maxlen: 24
                          185.114.72.0/24 maxlen: 24
                          185.232.170.0/23 maxlen: 23
                          185.94.164.0/24 maxlen: 24
                          185.200.190.0/24 maxlen: 24
                          185.94.164.0/23 maxlen: 23
                          185.94.165.0/24 maxlen: 24
                          80.76.32.0/23 maxlen: 23
                          80.76.34.0/23 maxlen: 23
                          91.217.76.0/24 maxlen: 24
                          95.214.9.0/24 maxlen: 24
                          95.214.11.0/24 maxlen: 24
                          95.214.10.0/23 maxlen: 23
                          95.214.10.0/24 maxlen: 24
                          46.17.105.0/24 maxlen: 24
                          2a04:5200:68::/48 maxlen: 48
                          2a0d:2cc4::/31 maxlen: 31
                          2a04:5201:2::/48 maxlen: 48
                          2a04:5201:7::/48 maxlen: 48
                          2a04:5201:8018::/48 maxlen: 48
                          2a04:5201:4::/48 maxlen: 48
                          2a04:5201:9::/48 maxlen: 48
                          2a0d:2cc2::/31 maxlen: 31
                          2a04:5201:6::/48 maxlen: 48
                          2a0d:2cc0::/31 maxlen: 31
                          2a0d:2cc6::/31 maxlen: 31

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:5b:6c:73:7b:48:0a:1a:f6:57:dc:0e:9f:a6:a9:47:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Oct 23 07:25:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c3bb6585aa2fdb8afe770b3306a1ea17a889966c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3a:3a:cd:73:93:cf:87:d4:2d:d0:7d:be:d3:
                    ec:a9:a1:3f:9e:ba:4d:70:37:e9:c5:c7:5a:4c:4c:
                    84:76:78:fc:f5:ed:88:e1:cd:39:48:97:79:98:61:
                    41:f9:49:9d:bd:83:30:16:d0:5b:c5:12:68:7b:5e:
                    27:34:5f:be:57:c7:a0:0b:1c:7c:6a:74:30:0d:97:
                    08:07:7e:25:c6:e3:fa:b0:64:61:a0:28:2d:25:37:
                    c7:f4:66:a7:b6:87:44:5a:55:19:e8:5b:66:d6:e2:
                    cf:bb:30:1f:a1:29:d7:b8:d2:a4:70:4d:1d:4f:54:
                    33:ca:33:ef:54:8e:32:97:0e:10:a7:22:35:f4:72:
                    36:08:db:c8:ce:27:ac:8e:61:5e:e3:7d:66:88:8b:
                    7e:4f:0f:ae:5a:3c:ce:e5:cb:d0:c1:f6:b3:d9:e4:
                    6f:2a:46:1d:e0:23:39:d5:ce:c9:30:f4:2c:f1:ca:
                    9a:05:09:5c:29:ba:b7:86:0d:4c:10:73:b7:9c:ab:
                    02:0b:09:97:38:a8:84:01:15:20:d9:c0:06:f6:2e:
                    73:99:ec:7f:83:3d:55:e8:ba:64:a4:8a:54:b4:f2:
                    19:ef:c2:b2:2c:11:78:e9:d1:55:16:04:cc:1d:b5:
                    d8:cb:38:f6:33:90:17:41:e8:8d:b4:7c:c4:ec:aa:
                    8c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:BB:65:85:AA:2F:DB:8A:FE:77:0B:33:06:A1:EA:17:A8:89:96:6C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/w7tlhaov24r-dwszBqHqF6iJlmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.72.0/24
                  46.17.105.0/24
                  80.76.32.0/22
                  91.217.76.0/24
                  94.142.136.0/23
                  95.214.9.0-95.214.11.255
                  185.40.7.0/24
                  185.94.164.0/23
                  185.102.136.0/24
                  185.103.252.0/22
                  185.112.81.0/24
                  185.114.72.0/23
                  185.117.116.0/24
                  185.117.119.0/24
                  185.200.190.0/24
                  185.232.170.0/23
                  185.233.80.0-185.233.82.255
                  185.233.202.0/23
                  185.252.144.0/24
                  194.36.178.0/23
                IPv6:
                  2a04:5200:68::/48
                  2a04:5201:2::/48
                  2a04:5201:4::/48
                  2a04:5201:6::/47
                  2a04:5201:9::/48
                  2a04:5201:8018::/48
                  2a0d:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:6e:2e:86:7a:d3:da:2d:94:e8:b2:08:8d:99:a1:10:7a:5a:
         4a:46:68:41:c8:8d:33:ae:1f:c3:bb:3d:a5:d6:01:ec:de:65:
         c4:7f:66:9a:20:d9:40:3a:14:b6:01:90:c3:40:5a:66:fa:d5:
         40:0e:40:37:42:f3:31:2d:e3:5f:75:bb:ee:61:e6:b3:05:b0:
         3e:90:ac:a3:fd:28:71:a2:4d:4d:af:f9:89:89:f1:a7:b0:0f:
         0c:f3:ae:48:6e:d6:c4:74:36:86:7b:f0:4f:a5:3d:d9:92:9e:
         12:42:7b:67:a9:8f:af:9c:3e:a1:8f:33:69:8c:81:a7:73:7c:
         34:9d:41:69:62:2e:49:8c:66:45:20:6d:83:99:ec:66:49:13:
         a9:71:bc:8e:20:1f:5b:2f:26:1e:d9:76:ac:b8:f0:a5:d3:0e:
         cd:0e:b6:1c:8d:5d:5f:37:2e:52:f3:41:cc:ec:63:ea:4c:fa:
         c8:98:ca:25:b5:b6:b4:19:05:ca:1d:0a:54:6d:49:57:f1:7a:
         e4:b0:ff:a4:f8:d6:55:f9:95:95:85:f9:e4:fc:f6:41:08:40:
         eb:82:08:09:3d:13:d7:b8:12:80:61:aa:f6:16:76:8b:12:7d:
         b6:8a:75:0f:83:eb:c8:5c:e2:30:81:fb:88:3e:9d:34:4b:c2:
         f8:f4:62:bc
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAYtbbHN7SAoa9lfcDp+mqUevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMxMDIzMDcyNTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2JiNjU4NWFhMmZkYjhhZmU3NzBiMzMwNmExZWExN2E4ODk5NjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDo6zXOTz4fULdB9vtPsqaE/nrpN
cDfpxcdaTEyEdnj89e2I4c05SJd5mGFB+UmdvYMwFtBbxRJoe14nNF++V8egCxx8
anQwDZcIB34lxuP6sGRhoCgtJTfH9GantodEWlUZ6Ftm1uLPuzAfoSnXuNKkcE0d
T1QzyjPvVI4ylw4QpyI19HI2CNvIziesjmFe431miIt+Tw+uWjzO5cvQwfaz2eRv
KkYd4CM51c7JMPQs8cqaBQlcKbq3hg1MEHO3nKsCCwmXOKiEARUg2cAG9i5zmex/
gz1V6LpkpIpUtPIZ78KyLBF46dFVFgTMHbXYyzj2M5AXQeiNtHzE7KqMVwIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFMO7ZYWqL9uK/ncLMwah6heoiZZsMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvdzd0bGhhb3YyNHItZHdzekJxSHFGNmlKbG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHqBggrBgEFBQcBBwEB/wSB2jCB1zCBjwQCAAEwgYgDBAAt
CUgDBAAuEWkDBAJQTCADBABb2UwDBAFejogwDAMEAF/WCQMEAl/WCAMEALkoBwME
AblepAMEALlmiAMEArln/AMEALlwUQMEAblySAMEALl1dAMEALl1dwMEALnIvgME
AbnoqjAMAwQEuelQAwQAuelSAwQBuenKAwQAufyQAwQBwiSyMEMEAgACMD0DBwAq
BFIAAGgDBwAqBFIBAAIDBwAqBFIBAAQDBwEqBFIBAAYDBwAqBFIBAAkDBwAqBFIB
gBgDBQMqDSzAMA0GCSqGSIb3DQEBCwUAA4IBAQAhbi6GetPaLZTosgiNmaEQelpK
RmhByI0zrh/Duz2l1gHs3mXEf2aaINlAOhS2AZDDQFpm+tVADkA3QvMxLeNfdbvu
YeazBbA+kKyj/Shxok1Nr/mJifGnsA8M865IbtbEdDaGe/BPpT3Zkp4SQntnqY+v
nD6hjzNpjIGnc3w0nUFpYi5JjGZFIG2DmexmSROpcbyOIB9bLyYe2XasuPCl0w7N
DrYcjV1fNy5S80HM7GPqTPrImMoltba0GQXKHQpUbUlX8XrksP+k+NZV+ZWVhfnk
/PZBCEDrgggJPRPXuBKAYar2FnaLEn22inUPg+vIXOIwgfuIPp00S8L49GK8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:11 2024 by rpki-client on console-ams.rpki-client.org