Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/ZJD1FKAjfjRJxEVpiZc0IljLFGc.roa
File:                     ZJD1FKAjfjRJxEVpiZc0IljLFGc.roa (raw, json)
Hash identifier:          vZNXlcwzZ0smBWncRHg19YUsceBGepeijBvrdFyrps0=
Subject key identifier:   64:90:F5:14:A0:23:7E:34:49:C4:45:69:89:97:34:22:58:CB:14:67
Certificate issuer:       /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial:       01843281FCC4D7CA8E5D9B9D408F24184EDE
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/ZJD1FKAjfjRJxEVpiZc0IljLFGc.roa
Signing time:             Tue 01 Nov 2022 09:24:50 +0000
ROA not before:           Tue 01 Nov 2022 09:24:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12975
IP address blocks:        199.204.215.0/24 maxlen: 24
                          94.26.112.0/20 maxlen: 20
                          217.66.224.0/19 maxlen: 24
                          82.205.0.0/17 maxlen: 21
                          82.205.0.0/20 maxlen: 20
                          217.66.233.0/24 maxlen: 24
                          217.66.237.0/24 maxlen: 24
                          217.66.234.0/23 maxlen: 23
                          86.107.16.0/22 maxlen: 22
                          87.252.108.0/22 maxlen: 22
                          188.215.100.0/22 maxlen: 22
                          82.205.96.0/20 maxlen: 20
                          82.205.104.0/21 maxlen: 21
                          89.239.32.0/20 maxlen: 20
                          82.205.16.0/20 maxlen: 20
                          217.66.240.0/20 maxlen: 20
                          82.205.27.0/24 maxlen: 24
                          85.184.240.0/22 maxlen: 22
                          212.33.96.0/19 maxlen: 20
                          185.171.132.0/22 maxlen: 22
                          82.102.240.0/20 maxlen: 20
                          82.102.192.0/20 maxlen: 20
                          82.102.192.0/18 maxlen: 24
                          82.102.208.0/21 maxlen: 21
                          82.102.218.0/23 maxlen: 23
                          82.102.224.0/20 maxlen: 20
                          82.102.220.0/22 maxlen: 22
                          212.106.64.0/19 maxlen: 20
                          85.113.96.0/19 maxlen: 20
                          176.65.12.0/22 maxlen: 22
                          194.169.123.0/24 maxlen: 24
                          194.169.122.0/23 maxlen: 23
                          194.169.122.0/24 maxlen: 24
                          147.189.176.0/20 maxlen: 20
                          194.169.121.0/24 maxlen: 24
                          199.250.128.0/19 maxlen: 21
                          217.21.14.0/23 maxlen: 23
                          217.21.12.0/23 maxlen: 23
                          188.209.208.0/22 maxlen: 22
                          37.8.0.0/17 maxlen: 20
                          37.8.0.0/20 maxlen: 20
                          37.8.16.0/20 maxlen: 20
                          37.8.32.0/20 maxlen: 20
                          37.8.48.0/20 maxlen: 20
                          109.232.163.0/24 maxlen: 24
                          109.232.162.0/24 maxlen: 24
                          185.40.192.0/22 maxlen: 22
                          185.138.132.0/22 maxlen: 22
                          185.90.242.0/24 maxlen: 24
                          82.205.120.0/21 maxlen: 21
                          217.78.48.0/21 maxlen: 21
                          217.78.48.0/20 maxlen: 20
                          217.78.60.0/22 maxlen: 22
                          217.21.4.0/24 maxlen: 24
                          217.21.3.0/24 maxlen: 24
                          217.21.2.0/24 maxlen: 24
                          217.21.0.0/20 maxlen: 20
                          217.21.10.0/23 maxlen: 23
                          217.21.8.0/23 maxlen: 23
                          217.21.6.0/23 maxlen: 23
                          217.21.5.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:32:81:fc:c4:d7:ca:8e:5d:9b:9d:40:8f:24:18:4e:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
        Validity
            Not Before: Nov  1 09:24:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6490f514a0237e3449c445698997342258cb1467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5d:23:e2:a6:d0:01:27:3d:57:fa:4c:f4:9d:
                    c4:60:6e:15:f6:d0:a0:81:3d:5d:72:20:ae:bc:4a:
                    ea:d0:3e:8f:8f:47:f6:f7:4a:1a:6b:12:b1:42:e3:
                    68:ad:90:b2:63:11:4c:5a:78:01:70:3f:dd:cf:70:
                    79:aa:5a:a0:53:ac:69:51:c3:83:58:a7:23:2e:77:
                    1a:09:62:99:b3:51:b8:bc:18:2e:1f:ba:ab:b6:57:
                    d8:35:b7:84:f6:5b:f7:e9:d6:58:26:f1:e3:31:78:
                    66:a0:f0:5f:76:9d:ef:b6:03:6f:22:68:86:a7:10:
                    e7:17:5b:dc:81:bc:67:83:c1:54:5d:07:87:6b:be:
                    08:e1:86:89:69:54:29:8a:ae:b8:3d:4d:40:49:db:
                    22:a9:e2:ac:b1:bb:1e:33:19:20:49:d9:a2:84:1d:
                    0c:73:13:4a:56:b3:cd:42:8b:3f:4c:26:fc:40:53:
                    91:96:b6:38:db:53:df:e4:02:80:09:47:2a:59:05:
                    84:a7:df:26:7f:8d:b3:39:e1:80:db:3b:ad:27:1e:
                    87:81:8d:4e:9c:7e:7a:92:4d:1d:65:f1:a1:68:f9:
                    af:3b:09:ff:02:07:18:f1:7a:92:15:11:57:9f:3c:
                    1c:34:4c:86:39:16:eb:53:ba:6e:5d:24:b2:fb:f8:
                    86:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:90:F5:14:A0:23:7E:34:49:C4:45:69:89:97:34:22:58:CB:14:67
            X509v3 Authority Key Identifier:
                keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/ZJD1FKAjfjRJxEVpiZc0IljLFGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.8.0.0/17
                  82.102.192.0/18
                  82.205.0.0/17
                  85.113.96.0/19
                  85.184.240.0/22
                  86.107.16.0/22
                  87.252.108.0/22
                  89.239.32.0/20
                  94.26.112.0/20
                  109.232.162.0/23
                  147.189.176.0/20
                  176.65.12.0/22
                  185.40.192.0/22
                  185.90.242.0/24
                  185.138.132.0/22
                  185.171.132.0/22
                  188.209.208.0/22
                  188.215.100.0/22
                  194.169.121.0-194.169.123.255
                  199.204.215.0/24
                  199.250.128.0/19
                  212.33.96.0/19
                  212.106.64.0/19
                  217.21.0.0/20
                  217.66.224.0/19
                  217.78.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2a:ec:ed:b5:59:02:5f:f2:6c:39:fb:06:af:ae:f4:d7:9c:3d:
         75:c8:63:54:0c:06:9a:e2:00:ac:ed:3d:bf:cc:aa:0b:0f:b0:
         f0:8c:11:ed:e3:56:2c:3c:15:c3:18:f2:ec:cf:d0:8d:46:df:
         50:90:3f:81:51:eb:a1:bb:49:95:81:5a:3f:a5:d7:16:05:92:
         38:c5:72:72:b3:b6:b6:3f:69:55:a0:e2:9c:53:ff:ce:f8:d4:
         3f:76:89:8d:ce:6f:ab:ca:eb:5d:e9:f0:68:29:4c:a4:9e:0d:
         6e:1b:22:05:e9:8b:cb:ed:0f:df:b4:e7:c9:8b:9b:19:ae:6a:
         13:5c:e1:53:fa:65:de:c2:98:67:bf:c7:e0:1d:1d:76:f5:35:
         84:28:e7:3c:54:29:b7:cd:3b:6e:02:4f:5a:cb:45:4a:19:2b:
         dc:2c:2d:5f:37:12:31:8e:a7:bd:2f:64:02:05:97:84:29:05:
         4c:29:17:e3:37:2c:c0:ce:e2:f0:f4:9e:e1:b9:02:e8:62:be:
         71:c5:e8:fa:98:70:48:f1:13:24:fb:b2:dd:09:2e:54:9d:ab:
         bf:ac:54:80:b3:97:51:b2:85:11:b2:59:a8:4d:d4:b6:a3:9a:
         8b:86:8d:5a:11:95:6d:61:06:40:11:f6:8e:1f:0e:b1:61:00:
         8b:9a:54:ce
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYQygfzE18qOXZudQI8kGE7eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjIxMTAxMDkyNDUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDkwZjUxNGEwMjM3ZTM0NDljNDQ1Njk4OTk3MzQyMjU4Y2IxNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3V0j4qbQASc9V/pM9J3EYG4V9tCg
gT1dciCuvErq0D6Pj0f290oaaxKxQuNorZCyYxFMWngBcD/dz3B5qlqgU6xpUcOD
WKcjLncaCWKZs1G4vBguH7qrtlfYNbeE9lv36dZYJvHjMXhmoPBfdp3vtgNvImiG
pxDnF1vcgbxng8FUXQeHa74I4YaJaVQpiq64PU1ASdsiqeKssbseMxkgSdmihB0M
cxNKVrPNQos/TCb8QFORlrY421Pf5AKACUcqWQWEp98mf42zOeGA2zutJx6HgY1O
nH56kk0dZfGhaPmvOwn/AgcY8XqSFRFXnzwcNEyGORbrU7puXSSy+/iGZQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFGSQ9RSgI340ScRFaYmXNCJYyxRnMB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvWkpEMUZLQWpmalJKeEVWcGlaYzBJbGpMRkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJVuPADBAJWaxADBAJX/GwDBARZ7yADBARe
GnADBAFt6KIDBASTvbADBAKwQQwDBAK5KMADBAC5WvIDBAK5ioQDBAK5q4QDBAK8
0dADBAK812QwDAMEAMKpeQMEAsKpeAMEAMfM1wMEBcf6gAMEBdQhYAMEBdRqQAME
BNkVAAMEBdlC4AMEBNlOMDANBgkqhkiG9w0BAQsFAAOCAQEAKuzttVkCX/JsOfsG
r67015w9dchjVAwGmuIArO09v8yqCw+w8IwR7eNWLDwVwxjy7M/QjUbfUJA/gVHr
obtJlYFaP6XXFgWSOMVycrO2tj9pVaDinFP/zvjUP3aJjc5vq8rrXenwaClMpJ4N
bhsiBemLy+0P37TnyYubGa5qE1zhU/pl3sKYZ7/H4B0ddvU1hCjnPFQpt807bgJP
WstFShkr3CwtXzcSMY6nvS9kAgWXhCkFTCkX4zcswM7i8PSe4bkC6GK+ccXo+phw
SPETJPuy3QkuVJ2rv6xUgLOXUbKFEbJZqE3UtqOai4aNWhGVbWEGQBH2jh8OsWEA
i5pUzg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:22 2024 by rpki-client on console-ams.rpki-client.org