Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/DbUCWUedqKwBhgK-vxVjvwBK4KU.roa
File:                     DbUCWUedqKwBhgK-vxVjvwBK4KU.roa (raw, json)
Hash identifier:          O2xw1O3Ma+28rmxIxZe2g8yoY5q9bpESb0F+xmPcWbI=
Subject key identifier:   0D:B5:02:59:47:9D:A8:AC:01:86:02:BE:BF:15:63:BF:00:4A:E0:A5
Certificate issuer:       /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial:       0184325AA01A5B0C4E88621BD169C62CDA4D
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/DbUCWUedqKwBhgK-vxVjvwBK4KU.roa
Signing time:             Tue 01 Nov 2022 08:41:50 +0000
ROA not before:           Tue 01 Nov 2022 08:41:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12975
IP address blocks:        199.204.215.0/24 maxlen: 24
                          94.26.112.0/20 maxlen: 20
                          217.66.224.0/19 maxlen: 24
                          82.205.0.0/17 maxlen: 21
                          82.205.0.0/20 maxlen: 20
                          217.66.233.0/24 maxlen: 24
                          217.66.237.0/24 maxlen: 24
                          217.66.234.0/23 maxlen: 23
                          86.107.16.0/22 maxlen: 22
                          87.252.108.0/22 maxlen: 22
                          188.215.100.0/22 maxlen: 22
                          82.205.96.0/20 maxlen: 20
                          82.205.104.0/21 maxlen: 21
                          89.239.32.0/20 maxlen: 20
                          82.205.16.0/20 maxlen: 20
                          217.66.240.0/20 maxlen: 20
                          82.205.27.0/24 maxlen: 24
                          85.184.240.0/22 maxlen: 22
                          212.33.96.0/19 maxlen: 20
                          185.171.132.0/22 maxlen: 22
                          82.102.240.0/20 maxlen: 20
                          82.102.192.0/20 maxlen: 20
                          82.102.192.0/18 maxlen: 24
                          82.102.208.0/21 maxlen: 21
                          82.102.218.0/23 maxlen: 23
                          82.102.224.0/20 maxlen: 20
                          82.102.220.0/22 maxlen: 22
                          212.106.64.0/19 maxlen: 20
                          85.113.96.0/19 maxlen: 20
                          176.65.12.0/22 maxlen: 22
                          194.169.123.0/24 maxlen: 24
                          194.169.122.0/23 maxlen: 23
                          194.169.122.0/24 maxlen: 24
                          147.189.176.0/20 maxlen: 20
                          194.169.121.0/24 maxlen: 24
                          199.250.128.0/19 maxlen: 21
                          217.21.14.0/23 maxlen: 23
                          217.21.12.0/23 maxlen: 23
                          188.209.208.0/22 maxlen: 22
                          37.8.0.0/17 maxlen: 20
                          37.8.0.0/20 maxlen: 20
                          37.8.16.0/20 maxlen: 20
                          37.8.32.0/20 maxlen: 20
                          37.8.48.0/20 maxlen: 20
                          109.232.163.0/24 maxlen: 24
                          109.232.162.0/24 maxlen: 24
                          185.40.192.0/22 maxlen: 22
                          185.138.132.0/22 maxlen: 22
                          185.90.242.0/24 maxlen: 24
                          82.205.120.0/21 maxlen: 21
                          217.78.48.0/21 maxlen: 21
                          217.78.60.0/22 maxlen: 22
                          217.21.4.0/24 maxlen: 24
                          217.21.3.0/24 maxlen: 24
                          217.21.2.0/24 maxlen: 24
                          217.21.0.0/20 maxlen: 20
                          217.21.10.0/23 maxlen: 23
                          217.21.8.0/23 maxlen: 23
                          217.21.6.0/23 maxlen: 23
                          217.21.5.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:32:5a:a0:1a:5b:0c:4e:88:62:1b:d1:69:c6:2c:da:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
        Validity
            Not Before: Nov  1 08:41:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0db50259479da8ac018602bebf1563bf004ae0a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2c:ee:8c:6c:f3:91:d7:83:b5:c9:a4:7a:38:
                    d9:e4:4c:2d:16:95:21:06:b4:90:3c:da:14:3c:b9:
                    ea:52:be:d7:4b:bb:59:b6:3f:6a:75:35:c1:00:e4:
                    b1:95:9c:c2:32:d5:e5:88:9c:48:d8:2b:e2:03:2c:
                    88:41:5e:a9:f6:ae:37:ed:69:07:0a:88:46:83:e0:
                    f4:c2:64:78:a7:16:bf:a0:a6:77:36:b4:ad:98:fd:
                    99:34:b8:72:36:91:d3:34:f5:a8:79:cb:e4:5d:91:
                    5c:53:e9:d4:91:2e:16:ac:b8:13:45:c0:2b:5e:f7:
                    25:aa:a7:c6:fb:c3:8b:64:69:24:b6:5d:ef:f6:b6:
                    4e:f3:4c:02:fa:ee:d2:3e:24:57:cb:a1:ad:89:6a:
                    0c:18:e0:ed:63:99:64:ef:0a:3e:55:f1:f5:3f:39:
                    79:d1:7f:c2:8a:42:33:f4:b7:19:f2:90:2c:b7:36:
                    87:13:70:13:8d:45:08:95:41:d0:17:70:48:2b:bb:
                    f2:6a:53:40:0a:83:c9:6a:43:a2:c0:6d:de:f7:27:
                    33:28:fd:77:17:8f:7d:db:a0:6e:ca:5f:c5:e1:35:
                    ef:cf:84:30:eb:75:d4:40:bd:e3:1c:82:11:dc:c0:
                    4d:0d:0f:2f:1e:c9:50:7b:6c:10:9d:74:79:06:90:
                    e3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B5:02:59:47:9D:A8:AC:01:86:02:BE:BF:15:63:BF:00:4A:E0:A5
            X509v3 Authority Key Identifier:
                keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/DbUCWUedqKwBhgK-vxVjvwBK4KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.8.0.0/17
                  82.102.192.0/18
                  82.205.0.0/17
                  85.113.96.0/19
                  85.184.240.0/22
                  86.107.16.0/22
                  87.252.108.0/22
                  89.239.32.0/20
                  94.26.112.0/20
                  109.232.162.0/23
                  147.189.176.0/20
                  176.65.12.0/22
                  185.40.192.0/22
                  185.90.242.0/24
                  185.138.132.0/22
                  185.171.132.0/22
                  188.209.208.0/22
                  188.215.100.0/22
                  194.169.121.0-194.169.123.255
                  199.204.215.0/24
                  199.250.128.0/19
                  212.33.96.0/19
                  212.106.64.0/19
                  217.21.0.0/20
                  217.66.224.0/19
                  217.78.48.0/21
                  217.78.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:99:6e:e4:70:45:9a:0f:0a:36:95:b9:e0:87:3b:44:d8:16:
         f3:cb:03:9d:eb:20:e0:ca:7c:54:fd:68:c4:36:2e:a6:45:91:
         b3:bd:6c:92:b9:ea:54:d4:88:6b:15:c3:c6:0e:8b:cf:2d:81:
         d2:bd:3e:95:72:96:89:ea:fa:8d:ab:b1:77:3e:db:17:6c:2a:
         62:38:72:98:6b:a3:51:42:5c:3e:25:45:92:48:89:95:fb:fd:
         f1:31:c5:6e:10:03:d8:9e:c9:c2:96:b3:f0:84:8a:75:4e:c1:
         db:25:97:4e:38:c0:76:78:c0:77:8e:08:5a:8d:18:31:76:85:
         8a:c1:6f:27:b7:4c:fb:07:8a:0e:08:fe:29:b7:b3:2d:72:56:
         fe:21:74:fe:d5:64:c8:43:53:13:2f:51:3a:68:12:54:17:a4:
         fc:b9:cf:df:6d:a9:67:3b:f8:27:92:38:03:92:7f:cb:13:4d:
         66:33:97:a0:09:8a:90:99:6a:5a:8c:f0:76:6a:a8:1f:39:59:
         30:10:ec:05:a5:f4:09:09:a5:52:3e:bb:bc:0b:79:33:6a:c9:
         d9:f4:09:4e:5b:03:27:65:51:c2:0c:cd:15:0e:dd:06:fc:8e:
         bc:5b:56:56:08:bf:73:6d:7b:03:b4:a7:c7:35:8e:f0:fd:99:
         cc:84:64:f1
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYQyWqAaWwxOiGIb0WnGLNpNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjIxMTAxMDg0MTUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI1MDI1OTQ3OWRhOGFjMDE4NjAyYmViZjE1NjNiZjAwNGFlMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSzujGzzkdeDtcmkejjZ5EwtFpUh
BrSQPNoUPLnqUr7XS7tZtj9qdTXBAOSxlZzCMtXliJxI2CviAyyIQV6p9q437WkH
CohGg+D0wmR4pxa/oKZ3NrStmP2ZNLhyNpHTNPWoecvkXZFcU+nUkS4WrLgTRcAr
XvclqqfG+8OLZGkktl3v9rZO80wC+u7SPiRXy6GtiWoMGODtY5lk7wo+VfH1Pzl5
0X/CikIz9LcZ8pAstzaHE3ATjUUIlUHQF3BIK7vyalNACoPJakOiwG3e9yczKP13
F49926Buyl/F4TXvz4Qw63XUQL3jHIIR3MBNDQ8vHslQe2wQnXR5BpDjbwIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFA21AllHnaisAYYCvr8VY78ASuClMB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvRGJVQ1dVZWRxS3dCaGdLLXZ4Vmp2d0JLNEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJVuPADBAJWaxADBAJX/GwDBARZ7yADBARe
GnADBAFt6KIDBASTvbADBAKwQQwDBAK5KMADBAC5WvIDBAK5ioQDBAK5q4QDBAK8
0dADBAK812QwDAMEAMKpeQMEAsKpeAMEAMfM1wMEBcf6gAMEBdQhYAMEBdRqQAME
BNkVAAMEBdlC4AMEA9lOMAMEAtlOPDANBgkqhkiG9w0BAQsFAAOCAQEAfplu5HBF
mg8KNpW54Ic7RNgW88sDnesg4Mp8VP1oxDYupkWRs71skrnqVNSIaxXDxg6Lzy2B
0r0+lXKWier6jauxdz7bF2wqYjhymGujUUJcPiVFkkiJlfv98THFbhAD2J7Jwpaz
8ISKdU7B2yWXTjjAdnjAd44IWo0YMXaFisFvJ7dM+weKDgj+KbezLXJW/iF0/tVk
yENTEy9ROmgSVBek/LnP322pZzv4J5I4A5J/yxNNZjOXoAmKkJlqWozwdmqoHzlZ
MBDsBaX0CQmlUj67vAt5M2rJ2fQJTlsDJ2VRwgzNFQ7dBvyOvFtWVgi/c217A7Sn
xzWO8P2ZzIRk8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:22 2024 by rpki-client on console-fra.rpki-client.org