Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/vwdXzhLM-ziLvwXX4jAbNDd60X4.roa
File:                     vwdXzhLM-ziLvwXX4jAbNDd60X4.roa (raw, json)
Hash identifier:          fmBNXfr4lfzk887qduuAE46ydtyGRI4nCwZszfbsCDg=
Subject key identifier:   BF:07:57:CE:12:CC:FB:38:8B:BF:05:D7:E2:30:1B:34:37:7A:D1:7E
Certificate issuer:       /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial:       0325BBE9
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/vwdXzhLM-ziLvwXX4jAbNDd60X4.roa
Signing time:             Sun 12 Jun 2022 08:28:05 +0000
ROA not before:           Sun 12 Jun 2022 08:28:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12975
IP address blocks:        199.204.215.0/24 maxlen: 24
                          94.26.112.0/20 maxlen: 20
                          217.66.224.0/19 maxlen: 24
                          82.205.0.0/17 maxlen: 21
                          82.205.0.0/20 maxlen: 20
                          217.66.233.0/24 maxlen: 24
                          217.66.237.0/24 maxlen: 24
                          217.66.234.0/23 maxlen: 23
                          86.107.16.0/22 maxlen: 22
                          87.252.108.0/22 maxlen: 22
                          188.215.100.0/22 maxlen: 22
                          82.205.96.0/20 maxlen: 20
                          82.205.104.0/21 maxlen: 21
                          89.239.32.0/20 maxlen: 20
                          82.205.16.0/20 maxlen: 20
                          217.66.240.0/20 maxlen: 20
                          82.205.27.0/24 maxlen: 24
                          85.184.240.0/22 maxlen: 22
                          212.33.96.0/19 maxlen: 20
                          185.171.132.0/22 maxlen: 22
                          82.102.240.0/20 maxlen: 20
                          82.102.192.0/20 maxlen: 20
                          82.102.192.0/18 maxlen: 24
                          82.102.208.0/21 maxlen: 21
                          82.102.218.0/23 maxlen: 23
                          82.102.224.0/20 maxlen: 20
                          82.102.220.0/22 maxlen: 22
                          212.106.64.0/19 maxlen: 20
                          85.113.96.0/19 maxlen: 20
                          176.65.12.0/22 maxlen: 22
                          194.169.123.0/24 maxlen: 24
                          194.169.122.0/24 maxlen: 24
                          147.189.176.0/20 maxlen: 20
                          194.169.121.0/24 maxlen: 24
                          199.250.128.0/19 maxlen: 21
                          188.209.208.0/22 maxlen: 22
                          37.8.0.0/17 maxlen: 20
                          37.8.0.0/20 maxlen: 20
                          37.8.16.0/20 maxlen: 20
                          37.8.32.0/20 maxlen: 20
                          37.8.48.0/20 maxlen: 20
                          109.232.163.0/24 maxlen: 24
                          109.232.162.0/24 maxlen: 24
                          185.40.192.0/22 maxlen: 22
                          185.138.132.0/22 maxlen: 22
                          185.90.242.0/24 maxlen: 24
                          82.205.120.0/21 maxlen: 21
                          217.78.48.0/21 maxlen: 21
                          217.78.60.0/22 maxlen: 22
                          217.21.2.0/24 maxlen: 24
                          217.21.0.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 52804585 (0x325bbe9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
        Validity
            Not Before: Jun 12 08:28:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bf0757ce12ccfb388bbf05d7e2301b34377ad17e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2e:63:57:10:20:37:5e:21:83:a7:23:46:72:
                    3d:6a:ab:c3:7d:d6:3e:52:6c:8b:f1:b0:66:14:8a:
                    73:4d:59:73:09:5d:1e:24:f7:90:27:4e:7e:09:59:
                    f5:20:67:ba:51:5c:9d:d3:53:57:d1:fb:d0:2c:7d:
                    36:d7:37:d5:63:2b:9a:73:50:d9:f4:f4:4b:35:18:
                    63:9e:fe:37:9c:45:3b:a7:65:ba:04:22:ca:b4:b2:
                    d4:0e:de:3a:26:ff:9a:92:72:6c:44:98:59:2f:c9:
                    f8:7e:79:e2:63:0a:d9:19:4f:fb:fc:25:0b:1e:b7:
                    fe:53:f3:8e:71:64:49:e1:cd:1a:e1:18:ed:fd:34:
                    7b:93:61:1c:4e:54:4d:a3:b8:9e:e5:3f:77:81:87:
                    f6:12:1e:48:7f:a5:65:c0:10:0d:b1:cc:f6:93:77:
                    78:52:86:da:3d:0b:41:1b:de:4c:bf:ad:99:28:57:
                    ce:88:7b:cf:0b:c1:eb:a3:70:63:3f:ba:ac:b6:86:
                    dc:d3:11:83:e2:05:dc:65:e9:21:17:06:5c:bc:28:
                    4b:ac:68:ca:09:b0:f7:0a:c5:09:9b:a4:64:c8:32:
                    03:96:b3:07:9d:a7:93:17:50:69:94:be:9d:6c:0e:
                    5a:e1:62:f5:d1:ed:41:f0:02:1d:85:ca:0f:26:6d:
                    46:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:07:57:CE:12:CC:FB:38:8B:BF:05:D7:E2:30:1B:34:37:7A:D1:7E
            X509v3 Authority Key Identifier:
                keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/vwdXzhLM-ziLvwXX4jAbNDd60X4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.8.0.0/17
                  82.102.192.0/18
                  82.205.0.0/17
                  85.113.96.0/19
                  85.184.240.0/22
                  86.107.16.0/22
                  87.252.108.0/22
                  89.239.32.0/20
                  94.26.112.0/20
                  109.232.162.0/23
                  147.189.176.0/20
                  176.65.12.0/22
                  185.40.192.0/22
                  185.90.242.0/24
                  185.138.132.0/22
                  185.171.132.0/22
                  188.209.208.0/22
                  188.215.100.0/22
                  194.169.121.0-194.169.123.255
                  199.204.215.0/24
                  199.250.128.0/19
                  212.33.96.0/19
                  212.106.64.0/19
                  217.21.0.0/20
                  217.66.224.0/19
                  217.78.48.0/21
                  217.78.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:70:f4:76:d4:fe:bf:a5:4e:f7:be:b8:33:34:2d:6d:61:a4:
         ad:4d:9b:61:69:79:ae:a6:fb:be:98:e7:c2:a0:25:ef:0e:55:
         52:8b:e9:e0:3a:33:f5:8b:89:c2:25:40:2d:b5:15:cf:04:42:
         4b:0e:75:a4:94:0d:73:aa:16:8b:56:af:c6:6c:2a:0a:86:fa:
         a8:9a:55:a4:a3:b5:c5:cc:b9:c7:10:8b:13:39:87:f6:97:bf:
         23:61:ee:95:b6:ee:28:ad:ef:2f:c4:f5:92:0b:d4:e3:87:7e:
         67:c5:4f:11:f8:95:25:bd:e3:44:c9:c9:02:34:af:44:03:10:
         f2:c0:9e:92:35:a2:82:17:ba:00:24:aa:6a:af:ca:6f:e9:d3:
         82:cc:da:c6:c5:fe:80:53:cb:da:17:f9:6b:b2:75:57:47:00:
         a1:99:9b:0a:34:9d:c4:8d:70:e6:2f:f3:7e:58:f9:71:1b:8a:
         9b:e8:94:75:ef:39:19:46:a9:a0:03:c6:b8:c2:47:5a:66:ee:
         cf:c8:83:a1:4a:7c:09:5c:6b:83:1f:c1:9b:19:a8:4d:14:69:
         39:f1:22:fb:9e:4a:b5:e4:31:b5:64:a9:04:38:b0:a0:a0:ce:
         83:66:e0:cf:50:97:8c:56:f2:0b:65:43:0b:e6:7f:1f:ec:a3:
         80:d6:53:d1
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIEAyW76TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
YzNhNjMzZWYyYzA4MjUxYTU4NjAzNTYyZTU2YWE2ZWZhOTNlYzI1MB4XDTIyMDYx
MjA4MjgwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmYwNzU3Y2UxMmNj
ZmIzODhiYmYwNWQ3ZTIzMDFiMzQzNzdhZDE3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMYuY1cQIDdeIYOnI0ZyPWqrw33WPlJsi/GwZhSKc01Zcwld
HiT3kCdOfglZ9SBnulFcndNTV9H70Cx9Ntc31WMrmnNQ2fT0SzUYY57+N5xFO6dl
ugQiyrSy1A7eOib/mpJybESYWS/J+H554mMK2RlP+/wlCx63/lPzjnFkSeHNGuEY
7f00e5NhHE5UTaO4nuU/d4GH9hIeSH+lZcAQDbHM9pN3eFKG2j0LQRveTL+tmShX
zoh7zwvB66NwYz+6rLaG3NMRg+IF3GXpIRcGXLwoS6xoygmw9wrFCZukZMgyA5az
B52nkxdQaZS+nWwOWuFi9dHtQfACHYXKDyZtRrcCAwEAAaOCArIwggKuMB0GA1Ud
DgQWBBS/B1fOEsz7OIu/BdfiMBs0N3rRfjAfBgNVHSMEGDAWgBTsOmM+8sCCUaWG
A1YuVqpu+pPsJTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdEcGpQdkxBZ2xHbGhnTldMbGFxYnZxVDdDVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDQvYzFiMWYwLTIzNGYtNDVkNS04NTk1LWY3YzJjMmE5MWJjMi8x
L3Z3ZFh6aExNLXppTHZ3WFg0akFiTkRkNjBYNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQv
YzFiMWYwLTIzNGYtNDVkNS04NTk1LWY3YzJjMmE5MWJjMi8xLzdEcGpQdkxBZ2xH
bGhnTldMbGFxYnZxVDdDVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
xwYIKwYBBQUHAQcBAf8EgbcwgbQwgbEEAgABMIGqAwQHJQgAAwQGUmbAAwQHUs0A
AwQFVXFgAwQCVbjwAwQCVmsQAwQCV/xsAwQEWe8gAwQEXhpwAwQBbeiiAwQEk72w
AwQCsEEMAwQCuSjAAwQAuVryAwQCuYqEAwQCuauEAwQCvNHQAwQCvNdkMAwDBADC
qXkDBALCqXgDBADHzNcDBAXH+oADBAXUIWADBAXUakADBATZFQADBAXZQuADBAPZ
TjADBALZTjwwDQYJKoZIhvcNAQELBQADggEBABtw9HbU/r+lTve+uDM0LW1hpK1N
m2Fpea6m+76Y58KgJe8OVVKL6eA6M/WLicIlQC21Fc8EQksOdaSUDXOqFotWr8Zs
KgqG+qiaVaSjtcXMuccQixM5h/aXvyNh7pW27iit7y/E9ZIL1OOHfmfFTxH4lSW9
40TJyQI0r0QDEPLAnpI1ooIXugAkqmqvym/p04LM2sbF/oBTy9oX+WuydVdHAKGZ
mwo0ncSNcOYv835Y+XEbipvolHXvORlGqaADxrjCR1pm7s/Ig6FKfAlca4MfwZsZ
qE0UaTnxIvueSrXkMbVkqQQ4sKCgzoNm4M9Ql4xW8gtlQwvmfx/so4DWU9E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:22 2024 by rpki-client on console-ams.rpki-client.org