Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Q8I2F87wknNTkFCuWsfGwXItAgA.roa
File:                     Q8I2F87wknNTkFCuWsfGwXItAgA.roa (raw, json)
Hash identifier:          fea2LbkNlS499tcpMHojbQuILSkJZNWRFzO1jM1/6Ic=
Subject key identifier:   43:C2:36:17:CE:F0:92:73:53:90:50:AE:5A:C7:C6:C1:72:2D:02:00
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       09546153
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Q8I2F87wknNTkFCuWsfGwXItAgA.roa
Signing time:             Sat 01 Jan 2022 07:57:36 +0000
ROA not before:           Sat 01 Jan 2022 07:57:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12871
IP address blocks:        195.64.64.0/20 maxlen: 20
                          84.39.0.0/19 maxlen: 19
                          213.197.24.0/24 maxlen: 24
                          213.197.30.0/24 maxlen: 24
                          213.197.31.0/24 maxlen: 24
                          94.229.48.0/20 maxlen: 20
                          213.148.224.0/19 maxlen: 19
                          213.148.249.128/26 maxlen: 26
                          213.148.249.0/27 maxlen: 27
                          213.197.0.0/18 maxlen: 18
                          128.127.32.0/20 maxlen: 20
                          37.188.64.0/20 maxlen: 20
                          46.227.232.0/21 maxlen: 21
                          109.72.32.0/20 maxlen: 20
                          141.105.0.0/20 maxlen: 20
                          2001:838::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 156524883 (0x9546153)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Jan  1 07:57:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=43c23617cef09273539050ae5ac7c6c1722d0200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8f:fd:b1:42:d7:8a:6e:11:11:7e:81:73:b4:
                    a2:26:0b:e4:b6:09:2e:ac:3a:3d:0a:2b:ce:15:fb:
                    39:2f:8e:86:31:00:58:fe:e5:3b:d4:2b:39:3a:aa:
                    78:69:b6:af:c4:8e:20:23:08:40:35:d9:85:28:15:
                    e8:3f:47:c0:50:e3:62:6b:e3:1f:c4:d9:36:01:e5:
                    9e:58:82:37:1f:c0:1b:2d:a0:de:58:da:08:f1:34:
                    2b:04:23:3c:c1:24:ea:39:05:be:1d:62:6c:3a:6b:
                    94:d2:24:69:f0:e7:db:fe:75:ea:18:42:e6:58:4b:
                    27:84:b6:64:6e:c2:08:50:be:13:c6:d9:b9:36:89:
                    19:89:54:90:37:4f:c1:98:14:58:99:2e:bc:37:6d:
                    6b:c8:79:05:0e:23:fd:03:9b:78:dd:f9:2f:ce:8c:
                    1c:af:e8:c1:1d:24:64:63:d9:df:a2:ad:3c:dd:23:
                    ff:23:98:57:e5:b8:90:ff:88:40:97:0c:c3:97:28:
                    9d:ad:13:bb:d5:38:58:69:0c:39:aa:89:98:18:45:
                    a0:3a:48:38:f3:63:a0:fa:16:bc:a4:9a:c4:f2:9d:
                    23:13:f4:2e:c3:f1:de:8a:78:59:9e:00:df:ba:d3:
                    6a:16:3f:cd:ea:40:93:77:da:58:7b:54:13:08:c5:
                    a4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C2:36:17:CE:F0:92:73:53:90:50:AE:5A:C7:C6:C1:72:2D:02:00
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/Q8I2F87wknNTkFCuWsfGwXItAgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.188.64.0/20
                  46.227.232.0/21
                  84.39.0.0/19
                  94.229.48.0/20
                  109.72.32.0/20
                  128.127.32.0/20
                  141.105.0.0/20
                  195.64.64.0/20
                  213.148.224.0/19
                  213.197.0.0/18
                IPv6:
                  2001:838::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:d3:be:cc:01:43:33:6d:53:29:e4:8b:6e:2b:04:9b:c4:93:
         39:ed:e2:3d:b9:32:76:c0:23:1f:5b:db:95:08:67:84:40:5c:
         a7:06:74:4c:44:20:6f:f9:6c:d8:03:42:42:8a:7f:1d:07:07:
         28:58:66:68:1c:a8:f8:ad:bd:98:21:3f:58:92:6b:c0:11:28:
         a3:88:5c:b0:dd:2e:54:97:43:f0:95:3f:f2:8f:c2:69:7e:17:
         58:5e:ca:47:2d:aa:88:1b:07:82:9b:68:93:40:c7:2b:e2:71:
         69:f1:9a:b0:70:1b:1c:e7:79:04:0c:a8:ed:d9:86:98:f8:3c:
         5b:bc:d7:1f:d4:12:46:11:e8:97:c1:c0:c6:e8:ca:7b:37:2a:
         54:04:ae:68:4f:0b:f7:54:f5:ec:a6:1f:1d:4f:33:8b:03:9d:
         07:fb:70:a3:66:82:1f:74:9c:94:03:19:03:7f:bb:bb:dc:b3:
         36:fe:e7:5c:1c:4c:3b:24:40:4f:e4:71:01:f3:a7:4b:b6:68:
         d2:12:d1:57:85:ce:42:60:3d:78:1b:e6:65:bf:b8:6e:e0:47:
         a1:18:3f:07:ab:7f:2c:75:b5:c0:2b:29:a7:dd:34:c2:aa:7b:
         4a:8c:72:10:02:d0:a0:d6:88:9b:2b:d4:ef:62:ea:f9:aa:59:
         f6:45:e7:4b
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIECVRhUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MWVlZDQwOTEzODNkOWVkNDA1NmQ5ZjRlZmY3ZDI2MjJkZGNlMjA1MB4XDTIyMDEw
MTA3NTczNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDNjMjM2MTdjZWYw
OTI3MzUzOTA1MGFlNWFjN2M2YzE3MjJkMDIwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJOP/bFC14puERF+gXO0oiYL5LYJLqw6PQorzhX7OS+OhjEA
WP7lO9QrOTqqeGm2r8SOICMIQDXZhSgV6D9HwFDjYmvjH8TZNgHlnliCNx/AGy2g
3ljaCPE0KwQjPMEk6jkFvh1ibDprlNIkafDn2/516hhC5lhLJ4S2ZG7CCFC+E8bZ
uTaJGYlUkDdPwZgUWJkuvDdta8h5BQ4j/QObeN35L86MHK/owR0kZGPZ36KtPN0j
/yOYV+W4kP+IQJcMw5cona0Tu9U4WGkMOaqJmBhFoDpIOPNjoPoWvKSaxPKdIxP0
LsPx3op4WZ4A37rTahY/zepAk3faWHtUEwjFpG8CAwEAAaOCAk4wggJKMB0GA1Ud
DgQWBBRDwjYXzvCSc1OQUK5ax8bBci0CADAfBgNVHSMEGDAWgBSB7tQJE4PZ7UBW
2fTv99JiLdziBTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dlN1VDUk9EMmUxQVZ0bjA3X2ZTWWkzYzRnVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvNGE5Y2M0LTJiOWEtNGVmMi1hMzNhLTg3MmIzNzEwYzJhMS8x
L1E4STJGODd3a25OVGtGQ3VXc2ZHd1hJdEFnQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
NGE5Y2M0LTJiOWEtNGVmMi1hMzNhLTg3MmIzNzEwYzJhMS8xL2dlN1VDUk9EMmUx
QVZ0bjA3X2ZTWWkzYzRnVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBk
BggrBgEFBQcBBwEB/wRVMFMwQgQCAAEwPAMEBCW8QAMEAy7j6AMEBVQnAAMEBF7l
MAMEBG1IIAMEBIB/IAMEBI1pAAMEBMNAQAMEBdWU4AMEBtXFADANBAIAAjAHAwUD
IAEIODANBgkqhkiG9w0BAQsFAAOCAQEAe9O+zAFDM21TKeSLbisEm8STOe3iPbky
dsAjH1vblQhnhEBcpwZ0TEQgb/ls2ANCQop/HQcHKFhmaByo+K29mCE/WJJrwBEo
o4hcsN0uVJdD8JU/8o/CaX4XWF7KRy2qiBsHgptok0DHK+JxafGasHAbHOd5BAyo
7dmGmPg8W7zXH9QSRhHol8HAxujKezcqVASuaE8L91T17KYfHU8ziwOdB/two2aC
H3SclAMZA3+7u9yzNv7nXBxMOyRAT+RxAfOnS7Zo0hLRV4XOQmA9eBvmZb+4buBH
oRg/B6t/LHW1wCspp900wqp7SoxyEALQoNaImyvU72Lq+apZ9kXnSw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:17 2024 by rpki-client on console-ams.rpki-client.org