Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/CrSI4pATH_vdi5DvVifbAww6Qv8.roa
File:                     CrSI4pATH_vdi5DvVifbAww6Qv8.roa (raw, json)
Hash identifier:          E3G+KsKoO3sBpzM1oKCNn7ZSI5PohyqXuVhBESMa5tY=
Subject key identifier:   0A:B4:88:E2:90:13:1F:FB:DD:8B:90:EF:56:27:DB:03:0C:3A:42:FF
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       018DC088B7F5EC50BBFA18E444E927FAB42C
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/CrSI4pATH_vdi5DvVifbAww6Qv8.roa
Signing time:             Mon 19 Feb 2024 08:43:21 +0000
ROA not before:           Mon 19 Feb 2024 08:43:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1136
IP address blocks:        37.251.0.0/17 maxlen: 17
                          62.131.0.0/16 maxlen: 16
                          62.251.0.0/17 maxlen: 17
                          77.160.0.0/13 maxlen: 13
                          77.168.0.0/14 maxlen: 14
                          77.172.0.0/16 maxlen: 16
                          77.173.0.0/16 maxlen: 16
                          77.174.0.0/16 maxlen: 16
                          77.175.0.0/16 maxlen: 16
                          77.175.0.0/17 maxlen: 17
                          77.175.128.0/17 maxlen: 17
                          80.60.0.0/15 maxlen: 15
                          81.204.0.0/14 maxlen: 14
                          82.136.192.0/18 maxlen: 18
                          82.168.0.0/14 maxlen: 14
                          82.168.0.0/17 maxlen: 17
                          82.168.128.0/18 maxlen: 18
                          82.168.192.0/19 maxlen: 19
                          82.168.224.0/19 maxlen: 19
                          82.169.0.0/18 maxlen: 18
                          82.169.64.0/19 maxlen: 19
                          82.169.96.0/19 maxlen: 19
                          82.169.128.0/19 maxlen: 19
                          82.169.160.0/19 maxlen: 19
                          82.169.192.0/18 maxlen: 18
                          82.170.0.0/16 maxlen: 16
                          82.171.0.0/18 maxlen: 18
                          82.171.64.0/18 maxlen: 18
                          82.171.128.0/17 maxlen: 17
                          84.80.0.0/13 maxlen: 13
                          85.113.224.0/19 maxlen: 19
                          86.80.0.0/12 maxlen: 12
                          88.159.0.0/16 maxlen: 16
                          188.142.0.0/17 maxlen: 17
                          195.240.0.0/16 maxlen: 16
                          195.240.0.0/17 maxlen: 17
                          195.240.128.0/18 maxlen: 18
                          195.240.192.0/18 maxlen: 18
                          195.241.0.0/16 maxlen: 16
                          212.123.128.0/18 maxlen: 18
                          212.182.128.0/18 maxlen: 18
                          212.238.0.0/16 maxlen: 16
                          213.10.0.0/16 maxlen: 16
                          213.84.0.0/16 maxlen: 16
                          213.197.0.0/18 maxlen: 18
                          2a02:a400::/25 maxlen: 25

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:88:b7:f5:ec:50:bb:fa:18:e4:44:e9:27:fa:b4:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Feb 19 08:43:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ab488e290131ffbdd8b90ef5627db030c3a42ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:62:55:e3:d5:22:8b:72:3f:93:b3:2c:1e:35:
                    17:78:30:c2:ae:6a:b8:97:75:5f:8b:bf:2d:59:11:
                    67:d4:ef:e0:de:34:3b:01:8f:fc:a5:7e:ff:9a:c8:
                    b1:ec:c7:c9:36:1b:fa:24:92:fe:61:d1:23:86:b7:
                    15:73:a0:a5:56:96:43:e0:a8:1f:64:59:83:fa:d7:
                    fd:dc:ce:ba:7c:47:2b:48:c1:c9:8f:4e:c3:0f:f3:
                    dc:fb:42:e3:eb:86:6c:bc:9a:93:0b:13:9f:c8:9f:
                    37:7f:f3:3c:fd:25:1a:c6:5e:09:f2:13:b5:a6:ec:
                    58:3d:23:72:80:fd:a6:c3:b0:4f:7d:fa:c4:d5:69:
                    b6:1c:11:4d:7c:99:1c:46:4a:bf:c4:b1:8c:d9:8b:
                    f8:3e:41:ff:15:83:ec:2a:3c:73:e0:01:c2:d4:d6:
                    a5:77:51:19:e0:0b:ef:ae:0f:36:5d:ea:4f:2e:9b:
                    8e:a3:48:1f:0d:5f:30:96:9a:e4:35:45:4e:d4:01:
                    ef:46:e5:63:b1:c5:d8:7e:d1:78:9a:63:f0:9a:9f:
                    a5:cb:ee:8f:af:2c:99:94:7c:d1:c0:31:e6:2e:2f:
                    58:34:f8:33:eb:1c:af:2b:8d:31:2d:3d:6d:eb:2e:
                    41:cf:4e:fd:a8:3b:e4:f2:4b:20:ca:4c:18:67:37:
                    93:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B4:88:E2:90:13:1F:FB:DD:8B:90:EF:56:27:DB:03:0C:3A:42:FF
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/CrSI4pATH_vdi5DvVifbAww6Qv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.251.0.0/17
                  62.131.0.0/16
                  62.251.0.0/17
                  77.160.0.0/12
                  80.60.0.0/15
                  81.204.0.0/14
                  82.136.192.0/18
                  82.168.0.0/14
                  84.80.0.0/13
                  85.113.224.0/19
                  86.80.0.0/12
                  88.159.0.0/16
                  188.142.0.0/17
                  195.240.0.0/15
                  212.123.128.0/18
                  212.182.128.0/18
                  212.238.0.0/16
                  213.10.0.0/16
                  213.84.0.0/16
                  213.197.0.0/18
                IPv6:
                  2a02:a400::/25

    Signature Algorithm: sha256WithRSAEncryption
         47:ea:27:72:73:c8:84:74:36:7b:87:cc:ea:22:3f:39:29:dd:
         8e:bd:16:93:96:cf:cf:c9:a7:5a:5c:de:1c:8b:85:5c:b8:22:
         b9:6c:7b:06:03:fc:ea:28:15:75:98:71:30:ed:b8:9d:c0:6f:
         ca:7d:03:cd:6f:77:9c:39:31:08:f9:00:e6:27:bc:3d:5a:05:
         4f:f9:05:36:9e:8c:a0:ad:56:00:20:8c:f1:a0:ef:4e:64:9b:
         21:13:df:e1:dc:b6:7e:a9:e4:0a:aa:28:96:98:ec:b1:fa:04:
         60:73:cd:48:56:f5:92:59:fd:75:3e:7e:e2:33:6a:f5:fb:a3:
         46:c4:33:9d:ce:de:2a:4e:80:be:bb:b7:90:59:28:c2:92:69:
         28:3c:7c:20:45:34:4e:9d:70:82:25:b9:b7:b2:09:4c:ae:04:
         80:5a:e3:5a:15:21:d1:5d:01:c8:03:5b:b0:dc:8c:12:74:cb:
         29:4c:6f:bf:70:92:03:52:6b:78:43:c4:05:d3:73:cb:df:62:
         96:e9:04:71:07:2c:0d:c6:1d:77:af:ff:f2:a3:59:c6:9d:07:
         71:c7:e2:cb:9b:9c:a1:51:27:54:ad:3e:cb:49:3a:0f:49:d3:
         71:d9:5a:b4:2a:3d:c5:29:d4:dc:c7:c4:5f:4c:62:e2:d2:b7:
         52:0c:e7:43
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAY3AiLf17FC7+hjkROkn+rQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwMjE5MDg0MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWI0ODhlMjkwMTMxZmZiZGQ4YjkwZWY1NjI3ZGIwMzBjM2E0MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGJV49Uii3I/k7MsHjUXeDDCrmq4
l3Vfi78tWRFn1O/g3jQ7AY/8pX7/msix7MfJNhv6JJL+YdEjhrcVc6ClVpZD4Kgf
ZFmD+tf93M66fEcrSMHJj07DD/Pc+0Lj64ZsvJqTCxOfyJ83f/M8/SUaxl4J8hO1
puxYPSNygP2mw7BPffrE1Wm2HBFNfJkcRkq/xLGM2Yv4PkH/FYPsKjxz4AHC1Nal
d1EZ4Avvrg82XepPLpuOo0gfDV8wlprkNUVO1AHvRuVjscXYftF4mmPwmp+ly+6P
ryyZlHzRwDHmLi9YNPgz6xyvK40xLT1t6y5Bz079qDvk8ksgykwYZzeT9QIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFAq0iOKQEx/73YuQ71Yn2wMMOkL/MB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvQ3JTSTRwQVRIX3ZkaTVEdlZpZmJBd3c2UXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzByBAIAATBsAwQHJfsA
AwMAPoMDBAc++wADAwRNoAMDAVA8AwMCUcwDBAZSiMADAwJSqAMDA1RQAwQFVXHg
AwMEVlADAwBYnwMEB7yOAAMDAcPwAwQG1HuAAwQG1LaAAwMA1O4DAwDVCgMDANVU
AwQG1cUAMA0EAgACMAcDBQcqAqQAMA0GCSqGSIb3DQEBCwUAA4IBAQBH6idyc8iE
dDZ7h8zqIj85Kd2OvRaTls/PyadaXN4ci4VcuCK5bHsGA/zqKBV1mHEw7bidwG/K
fQPNb3ecOTEI+QDmJ7w9WgVP+QU2noygrVYAIIzxoO9OZJshE9/h3LZ+qeQKqiiW
mOyx+gRgc81IVvWSWf11Pn7iM2r1+6NGxDOdzt4qToC+u7eQWSjCkmkoPHwgRTRO
nXCCJbm3sglMrgSAWuNaFSHRXQHIA1uw3IwSdMspTG+/cJIDUmt4Q8QF03PL32KW
6QRxBywNxh13r//yo1nGnQdxx+LLm5yhUSdUrT7LSToPSdNx2Vq0Kj3FKdTcx8Rf
TGLi0rdSDOdD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:55 2024 by rpki-client on console-fra.rpki-client.org