Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/XD9eDFb82ffxGN-bJ6PLHJCNcMQ.roa
File:                     XD9eDFb82ffxGN-bJ6PLHJCNcMQ.roa (raw, json)
Hash identifier:          cQaV8SFV0K0R7udDt7jkT6riDOhwo0qz/8lL0r3ZCAs=
Subject key identifier:   5C:3F:5E:0C:56:FC:D9:F7:F1:18:DF:9B:27:A3:CB:1C:90:8D:70:C4
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       018AB66304B9CA49210BA365F357471AD700
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/XD9eDFb82ffxGN-bJ6PLHJCNcMQ.roa
Signing time:             Thu 21 Sep 2023 06:17:37 +0000
ROA not before:           Thu 21 Sep 2023 06:17:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208913
IP address blocks:        195.2.196.0/23 maxlen: 24
                          86.107.53.0/24 maxlen: 24
                          91.238.148.0/23 maxlen: 24
                          194.140.235.0/24 maxlen: 24
                          85.204.243.0/24 maxlen: 24
                          85.204.253.0/24 maxlen: 24
                          85.204.247.0/24 maxlen: 24
                          85.204.250.0/24 maxlen: 24
                          91.214.188.0/22 maxlen: 24
                          188.241.192.0/24 maxlen: 24
                          195.93.140.0/23 maxlen: 24
                          91.198.23.0/24 maxlen: 24
                          93.114.84.0/24 maxlen: 24
                          86.104.72.0/22 maxlen: 24
                          92.114.109.0/24 maxlen: 24
                          92.114.110.0/24 maxlen: 24
                          188.208.108.0/24 maxlen: 24
                          188.208.116.0/24 maxlen: 24
                          193.33.94.0/23 maxlen: 24
                          188.211.234.0/24 maxlen: 24
                          89.36.199.0/24 maxlen: 24
                          195.13.48.0/23 maxlen: 24
                          188.215.76.0/23 maxlen: 24
                          89.40.41.0/24 maxlen: 24
                          195.254.140.0/23 maxlen: 24
                          94.177.23.0/24 maxlen: 24
                          194.42.100.0/23 maxlen: 24
                          85.204.26.0/24 maxlen: 24
                          86.106.108.0/24 maxlen: 24
                          188.241.59.0/24 maxlen: 24
                          89.42.52.0/23 maxlen: 24
                          93.119.193.0/24 maxlen: 24
                          94.177.6.0/23 maxlen: 24
                          194.106.204.0/23 maxlen: 24
                          194.106.212.0/23 maxlen: 24
                          193.39.119.0/24 maxlen: 24
                          195.42.232.0/22 maxlen: 24
                          193.36.44.0/24 maxlen: 24
                          188.214.81.0/24 maxlen: 24
                          188.214.89.0/24 maxlen: 24
                          176.126.198.0/23 maxlen: 24
                          176.126.204.0/24 maxlen: 24
                          188.210.254.0/24 maxlen: 24
                          89.32.125.0/24 maxlen: 24
                          89.200.240.0/23 maxlen: 24
                          89.32.130.0/23 maxlen: 24
                          193.93.40.0/22 maxlen: 24
                          93.180.208.0/22 maxlen: 24
                          89.39.91.0/24 maxlen: 24
                          195.189.176.0/24 maxlen: 24
                          195.189.186.0/23 maxlen: 24
                          79.139.80.0/23 maxlen: 24
                          188.240.4.0/22 maxlen: 24
                          91.229.228.0/24 maxlen: 24
                          91.216.138.0/24 maxlen: 24
                          194.88.134.0/23 maxlen: 24
                          195.135.192.0/23 maxlen: 24
                          89.38.134.0/24 maxlen: 24
                          77.223.214.0/23 maxlen: 24
                          86.105.241.0/24 maxlen: 24
                          194.8.81.0/24 maxlen: 24
                          46.247.144.0/20 maxlen: 24
                          193.105.176.0/24 maxlen: 24
                          188.213.128.0/22 maxlen: 24
                          195.210.44.0/23 maxlen: 24
                          46.102.105.0/24 maxlen: 24
                          195.189.250.0/23 maxlen: 24
                          194.24.234.0/23 maxlen: 24
                          91.223.183.0/24 maxlen: 24
                          46.102.118.0/23 maxlen: 24
                          94.176.150.0/24 maxlen: 24
                          91.227.33.0/24 maxlen: 24
                          193.192.52.0/23 maxlen: 24
                          89.40.164.0/23 maxlen: 24
                          89.47.94.0/24 maxlen: 24
                          193.138.97.0/24 maxlen: 24
                          89.47.43.0/24 maxlen: 24
                          89.47.38.0/23 maxlen: 24
                          89.47.48.0/22 maxlen: 24
                          193.192.44.0/23 maxlen: 24
                          89.37.58.0/24 maxlen: 24
                          93.114.182.0/24 maxlen: 24
                          195.34.80.0/23 maxlen: 24
                          195.128.188.0/23 maxlen: 24
                          193.239.246.0/23 maxlen: 24
                          45.14.76.0/22 maxlen: 24
                          193.108.52.0/22 maxlen: 24
                          193.37.136.0/24 maxlen: 24
                          193.239.172.0/23 maxlen: 24
                          194.246.106.0/23 maxlen: 24
                          193.169.8.0/23 maxlen: 24
                          93.115.36.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b6:63:04:b9:ca:49:21:0b:a3:65:f3:57:47:1a:d7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Sep 21 06:17:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c3f5e0c56fcd9f7f118df9b27a3cb1c908d70c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8d:b5:e7:4a:79:cb:42:97:0d:05:2a:51:1b:
                    28:e1:bd:82:4b:af:11:e5:e8:f1:2e:68:b6:0a:31:
                    1b:69:7b:9a:fd:d3:99:2d:1c:07:76:ab:cd:f2:ad:
                    e5:6c:2c:e0:7b:ea:7a:93:96:ff:2b:3a:56:0c:2c:
                    fc:fd:4c:ff:ff:f5:db:ca:4b:0a:ce:06:05:09:3a:
                    81:df:1e:6a:11:f7:c1:8c:b7:12:ce:05:1e:b8:e4:
                    bb:4b:5b:3a:c3:7c:8f:4e:26:30:28:fc:8e:27:c3:
                    53:e9:06:0f:ec:ae:e7:58:44:45:6e:e6:28:6d:5f:
                    d1:c5:ea:fd:ce:32:57:e2:94:d9:b5:45:ee:1f:2e:
                    67:6e:c4:d3:b0:f9:49:4d:e6:ef:44:f0:f6:33:2e:
                    12:cb:1d:ef:72:59:7b:0f:43:73:a6:53:bd:33:89:
                    20:20:71:18:5e:97:0f:48:ad:92:aa:0a:58:c8:59:
                    78:49:6f:0e:09:e5:6e:77:d1:5e:0b:5d:4c:0c:98:
                    4a:7e:cc:63:29:59:2f:21:8c:8e:e4:d7:58:f1:d0:
                    71:09:d7:88:a9:16:2b:63:f1:1d:f6:2d:74:5a:db:
                    25:0d:ce:41:8a:4d:22:6e:32:11:69:c5:dc:c0:c6:
                    89:30:48:68:1a:27:6a:4f:92:7e:a6:ab:48:70:06:
                    27:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3F:5E:0C:56:FC:D9:F7:F1:18:DF:9B:27:A3:CB:1C:90:8D:70:C4
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/XD9eDFb82ffxGN-bJ6PLHJCNcMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.76.0/22
                  46.102.105.0/24
                  46.102.118.0/23
                  46.247.144.0/20
                  77.223.214.0/23
                  79.139.80.0/23
                  85.204.26.0/24
                  85.204.243.0/24
                  85.204.247.0/24
                  85.204.250.0/24
                  85.204.253.0/24
                  86.104.72.0/22
                  86.105.241.0/24
                  86.106.108.0/24
                  86.107.53.0/24
                  89.32.125.0/24
                  89.32.130.0/23
                  89.36.199.0/24
                  89.37.58.0/24
                  89.38.134.0/24
                  89.39.91.0/24
                  89.40.41.0/24
                  89.40.164.0/23
                  89.42.52.0/23
                  89.47.38.0/23
                  89.47.43.0/24
                  89.47.48.0/22
                  89.47.94.0/24
                  89.200.240.0/23
                  91.198.23.0/24
                  91.214.188.0/22
                  91.216.138.0/24
                  91.223.183.0/24
                  91.227.33.0/24
                  91.229.228.0/24
                  91.238.148.0/23
                  92.114.109.0-92.114.110.255
                  93.114.84.0/24
                  93.114.182.0/24
                  93.115.36.0/24
                  93.119.193.0/24
                  93.180.208.0/22
                  94.176.150.0/24
                  94.177.6.0/23
                  94.177.23.0/24
                  176.126.198.0/23
                  176.126.204.0/24
                  188.208.108.0/24
                  188.208.116.0/24
                  188.210.254.0/24
                  188.211.234.0/24
                  188.213.128.0/22
                  188.214.81.0/24
                  188.214.89.0/24
                  188.215.76.0/23
                  188.240.4.0/22
                  188.241.59.0/24
                  188.241.192.0/24
                  193.33.94.0/23
                  193.36.44.0/24
                  193.37.136.0/24
                  193.39.119.0/24
                  193.93.40.0/22
                  193.105.176.0/24
                  193.108.52.0/22
                  193.138.97.0/24
                  193.169.8.0/23
                  193.192.44.0/23
                  193.192.52.0/23
                  193.239.172.0/23
                  193.239.246.0/23
                  194.8.81.0/24
                  194.24.234.0/23
                  194.42.100.0/23
                  194.88.134.0/23
                  194.106.204.0/23
                  194.106.212.0/23
                  194.140.235.0/24
                  194.246.106.0/23
                  195.2.196.0/23
                  195.13.48.0/23
                  195.34.80.0/23
                  195.42.232.0/22
                  195.93.140.0/23
                  195.128.188.0/23
                  195.135.192.0/23
                  195.189.176.0/24
                  195.189.186.0/23
                  195.189.250.0/23
                  195.210.44.0/23
                  195.254.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:9e:02:88:ad:43:d0:ef:54:c6:64:29:2e:73:bc:73:99:23:
         90:ce:d3:47:b8:14:2f:21:66:b1:00:89:46:db:8b:0b:8e:97:
         ae:2a:07:b8:30:78:1a:a5:d4:39:d1:da:65:d7:4e:e7:3b:2f:
         91:90:be:a1:ff:4f:0b:11:9d:bf:b9:0e:db:72:e2:f4:06:34:
         7c:74:02:e1:62:04:57:80:2d:8d:9f:c3:7f:4a:92:88:74:d2:
         cd:0b:65:14:56:76:06:4f:bc:37:e7:c7:a3:62:76:dd:d5:7a:
         6e:26:8e:e4:af:a6:18:b1:8b:8a:9a:4d:3b:cf:81:c1:1f:97:
         68:f4:88:7f:05:49:1c:be:83:46:e1:e6:be:5f:34:df:10:9a:
         63:cf:f2:52:f2:c9:3d:ae:61:08:0e:84:d0:65:41:f1:1d:6a:
         65:1e:f6:38:a8:97:ff:ae:16:b6:41:62:71:2a:40:78:95:0f:
         3e:7f:74:e7:2b:2f:40:c4:73:b9:67:97:8d:7b:7a:f2:04:fd:
         5d:3f:a7:47:79:af:ba:0c:ff:1c:4a:b0:06:ea:3f:44:97:a7:
         4b:e2:1f:8c:b9:87:05:39:7e:1f:16:51:8a:90:2f:83:aa:eb:
         cd:f3:7b:59:22:27:6b:19:0c:ff:6c:c8:43:01:92:a6:6a:09:
         4f:4d:20:3b
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgISAYq2YwS5ykkhC6Nl81dHGtcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwOTIxMDYxNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNmNWUwYzU2ZmNkOWY3ZjExOGRmOWIyN2EzY2IxYzkwOGQ3MGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp42150p5y0KXDQUqURso4b2CS68R
5ejxLmi2CjEbaXua/dOZLRwHdqvN8q3lbCzge+p6k5b/KzpWDCz8/Uz///XbyksK
zgYFCTqB3x5qEffBjLcSzgUeuOS7S1s6w3yPTiYwKPyOJ8NT6QYP7K7nWERFbuYo
bV/Rxer9zjJX4pTZtUXuHy5nbsTTsPlJTebvRPD2My4Syx3vcll7D0NzplO9M4kg
IHEYXpcPSK2SqgpYyFl4SW8OCeVud9FeC11MDJhKfsxjKVkvIYyO5NdY8dBxCdeI
qRYrY/Ed9i10WtslDc5Bik0ibjIRacXcwMaJMEhoGidqT5J+pqtIcAYniQIDAQAB
o4IENzCCBDMwHQYDVR0OBBYEFFw/XgxW/Nn38RjfmyejyxyQjXDEMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvWEQ5ZURGYjgyZmZ4R04tYko2UExISkNOY01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICSwYIKwYBBQUHAQcBAf8EggI6MIICNjCCAjIEAgABMIIC
KgMEAi0OTAMEAC5maQMEAS5mdgMEBC73kAMEAU3f1gMEAU+LUAMEAFXMGgMEAFXM
8wMEAFXM9wMEAFXM+gMEAFXM/QMEAlZoSAMEAFZp8QMEAFZqbAMEAFZrNQMEAFkg
fQMEAVkgggMEAFkkxwMEAFklOgMEAFkmhgMEAFknWwMEAFkoKQMEAVkopAMEAVkq
NAMEAVkvJgMEAFkvKwMEAlkvMAMEAFkvXgMEAVnI8AMEAFvGFwMEAlvWvAMEAFvY
igMEAFvftwMEAFvjIQMEAFvl5AMEAVvulDAMAwQAXHJtAwQAXHJuAwQAXXJUAwQA
XXK2AwQAXXMkAwQAXXfBAwQCXbTQAwQAXrCWAwQBXrEGAwQAXrEXAwQBsH7GAwQA
sH7MAwQAvNBsAwQAvNB0AwQAvNL+AwQAvNPqAwQCvNWAAwQAvNZRAwQAvNZZAwQB
vNdMAwQCvPAEAwQAvPE7AwQAvPHAAwQBwSFeAwQAwSQsAwQAwSWIAwQAwSd3AwQC
wV0oAwQAwWmwAwQCwWw0AwQAwYphAwQBwakIAwQBwcAsAwQBwcA0AwQBwe+sAwQB
we/2AwQAwghRAwQBwhjqAwQBwipkAwQBwliGAwQBwmrMAwQBwmrUAwQAwozrAwQB
wvZqAwQBwwLEAwQBww0wAwQBwyJQAwQCwyroAwQBw12MAwQBw4C8AwQBw4fAAwQA
w72wAwQBw726AwQBw736AwQBw9IsAwQBw/6MMA0GCSqGSIb3DQEBCwUAA4IBAQBB
ngKIrUPQ71TGZCkuc7xzmSOQztNHuBQvIWaxAIlG24sLjpeuKge4MHgapdQ50dpl
107nOy+RkL6h/08LEZ2/uQ7bcuL0BjR8dALhYgRXgC2Nn8N/SpKIdNLNC2UUVnYG
T7w358ejYnbd1XpuJo7kr6YYsYuKmk07z4HBH5do9Ih/BUkcvoNG4ea+XzTfEJpj
z/JS8sk9rmEIDoTQZUHxHWplHvY4qJf/rha2QWJxKkB4lQ8+f3TnKy9AxHO5Z5eN
e3ryBP1dP6dHea+6DP8cSrAG6j9El6dL4h+MuYcFOX4fFlGKkC+DquvN83tZIidr
GQz/bMhDAZKmaglPTSA7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org