Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/68D4KDoLX9TYCUECwx4lh4yFcZc.roa
File:                     68D4KDoLX9TYCUECwx4lh4yFcZc.roa (raw, json)
Hash identifier:          16uYbA6MfqBj7Nnfl0IGfGgd0RLGWHUDvCvMwqYV6eI=
Subject key identifier:   EB:C0:F8:28:3A:0B:5F:D4:D8:09:41:02:C3:1E:25:87:8C:85:71:97
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018A2C7C032288310CEFA4B6595704B7720B
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/68D4KDoLX9TYCUECwx4lh4yFcZc.roa
Signing time:             Fri 25 Aug 2023 11:37:19 +0000
ROA not before:           Fri 25 Aug 2023 11:37:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9121
IP address blocks:        185.33.61.0/24 maxlen: 24
                          185.33.63.0/24 maxlen: 24
                          31.169.69.0/24 maxlen: 24
                          31.169.70.0/24 maxlen: 24
                          31.169.65.0/24 maxlen: 24
                          31.169.66.0/24 maxlen: 24
                          31.169.67.0/24 maxlen: 24
                          31.169.71.0/24 maxlen: 24
                          31.169.78.0/24 maxlen: 24
                          31.169.77.0/24 maxlen: 24
                          31.169.72.0/24 maxlen: 24
                          31.169.81.0/24 maxlen: 24
                          31.169.88.0/24 maxlen: 24
                          31.169.90.0/24 maxlen: 24
                          31.169.91.0/24 maxlen: 24
                          31.169.92.0/24 maxlen: 24
                          31.169.93.0/24 maxlen: 24
                          31.169.94.0/24 maxlen: 24
                          31.169.64.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:2c:7c:03:22:88:31:0c:ef:a4:b6:59:57:04:b7:72:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Aug 25 11:37:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ebc0f8283a0b5fd4d8094102c31e25878c857197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:59:32:6c:9b:e8:d2:42:d2:84:a1:4f:cc:17:
                    4d:36:56:dc:6e:02:71:e9:10:98:ed:2f:41:25:c1:
                    6c:23:a0:0d:8d:bc:14:b2:eb:3e:88:b0:1a:5f:0a:
                    e5:65:5c:38:e9:24:fc:c3:63:0f:6b:6d:d4:58:b7:
                    73:8e:75:a2:4c:7c:18:51:a9:99:d0:e5:d7:e4:13:
                    9c:cd:f5:ce:7d:d9:f9:1f:03:a1:90:6a:59:23:1b:
                    c2:97:9a:99:64:cc:9b:0d:61:b4:49:eb:b9:e9:c2:
                    79:4a:23:51:5e:65:e2:f4:39:42:91:f7:ea:41:21:
                    b2:1e:7c:c2:07:79:95:b8:90:7b:b2:5b:51:f9:75:
                    d4:9e:27:aa:9e:30:14:bb:c7:50:6c:e2:bd:80:04:
                    1c:47:27:16:cf:d8:6e:54:8f:f8:1e:5e:3e:93:3b:
                    01:3a:25:12:67:dd:df:e0:64:78:35:48:67:39:13:
                    9f:ff:77:47:de:78:60:d4:d3:d3:ae:34:b1:b2:f2:
                    96:a5:ef:cc:f1:e5:6c:be:50:47:8b:45:6f:99:e5:
                    6f:8e:52:a5:25:a8:b0:ea:64:8f:7f:4e:51:44:f5:
                    e4:a9:6f:85:dd:2c:09:5b:e8:a5:e0:f9:10:43:de:
                    65:5c:7a:da:9c:f7:33:89:6f:36:9a:39:3b:f8:11:
                    0f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C0:F8:28:3A:0B:5F:D4:D8:09:41:02:C3:1E:25:87:8C:85:71:97
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/68D4KDoLX9TYCUECwx4lh4yFcZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.64.0/22
                  31.169.69.0-31.169.72.255
                  31.169.77.0-31.169.78.255
                  31.169.81.0/24
                  31.169.88.0/24
                  31.169.90.0-31.169.94.255
                  185.33.61.0/24
                  185.33.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:75:21:88:14:8b:92:c2:fb:01:e4:19:b9:9e:e3:32:98:6b:
         ac:7b:ab:52:71:1f:29:b2:a6:13:82:7c:6e:55:6b:07:aa:1d:
         d3:50:26:d4:06:d6:4e:e4:3d:8d:bf:f1:bb:0f:a7:44:20:ad:
         51:c6:61:a0:8d:3c:ff:99:75:7a:78:e3:75:e7:75:7f:32:ab:
         98:6f:ce:c3:c1:51:9d:19:7c:39:37:8b:a9:16:ea:5b:24:bd:
         72:81:70:cc:5a:17:b2:82:63:06:38:4b:f2:4e:13:6f:41:dd:
         9e:d6:dc:3b:70:5e:22:af:ef:23:13:14:15:83:d8:42:24:1c:
         11:ca:7a:ae:ea:93:b9:5a:47:95:29:af:f1:72:0f:db:79:f9:
         cc:4e:e7:0d:62:c7:03:4b:e5:41:b9:07:8f:ca:10:8f:7f:76:
         14:c3:f4:54:99:6d:98:d3:c4:b4:78:14:79:82:4b:29:11:2b:
         96:1e:d5:db:1a:77:3e:81:ae:34:73:23:a8:90:b9:4b:c2:a0:
         b7:7c:31:85:cb:e6:16:1e:d9:90:81:29:03:50:43:4b:fc:01:
         9b:0f:3d:35:dc:89:da:5a:7b:e1:76:29:7c:a0:a2:47:7b:cf:
         ee:89:92:2c:c8:a7:e8:6b:c4:a5:30:63:b4:eb:31:fb:22:95:
         9d:74:82:b0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYosfAMiiDEM76S2WVcEt3ILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjMwODI1MTEzNzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMwZjgyODNhMGI1ZmQ0ZDgwOTQxMDJjMzFlMjU4NzhjODU3MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVkybJvo0kLShKFPzBdNNlbcbgJx
6RCY7S9BJcFsI6ANjbwUsus+iLAaXwrlZVw46ST8w2MPa23UWLdzjnWiTHwYUamZ
0OXX5BOczfXOfdn5HwOhkGpZIxvCl5qZZMybDWG0Seu56cJ5SiNRXmXi9DlCkffq
QSGyHnzCB3mVuJB7sltR+XXUnieqnjAUu8dQbOK9gAQcRycWz9huVI/4Hl4+kzsB
OiUSZ93f4GR4NUhnOROf/3dH3nhg1NPTrjSxsvKWpe/M8eVsvlBHi0VvmeVvjlKl
Jaiw6mSPf05RRPXkqW+F3SwJW+il4PkQQ95lXHranPcziW82mjk7+BEPPwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFOvA+Cg6C1/U2AlBAsMeJYeMhXGXMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvNjhENEtEb0xYOVRZQ1VFQ3d4NGxoNHlGY1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCH6lAMAwD
BAAfqUUDBAAfqUgwDAMEAB+pTQMEAB+pTgMEAB+pUQMEAB+pWDAMAwQBH6laAwQA
H6leAwQAuSE9AwQAuSE/MA0GCSqGSIb3DQEBCwUAA4IBAQASdSGIFIuSwvsB5Bm5
nuMymGuse6tScR8psqYTgnxuVWsHqh3TUCbUBtZO5D2Nv/G7D6dEIK1RxmGgjTz/
mXV6eON153V/MquYb87DwVGdGXw5N4upFupbJL1ygXDMWheygmMGOEvyThNvQd2e
1tw7cF4ir+8jExQVg9hCJBwRynqu6pO5WkeVKa/xcg/befnMTucNYscDS+VBuQeP
yhCPf3YUw/RUmW2Y08S0eBR5gkspESuWHtXbGnc+ga40cyOokLlLwqC3fDGFy+YW
HtmQgSkDUENL/AGbDz013InaWnvhdil8oKJHe8/uiZIsyKfoa8SlMGO06zH7IpWd
dIKw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:47 2024 by rpki-client on console-ams.rpki-client.org