Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/9zLQmC-CQimj3pwTZE0Ax1pFw3c.roa
File:                     9zLQmC-CQimj3pwTZE0Ax1pFw3c.roa (raw, json)
Hash identifier:          7Ozg0CI4aKAgeWDEe4JeHvpcaBxaRqQvo2byUB3IbCY=
Subject key identifier:   F7:32:D0:98:2F:82:42:29:A3:DE:9C:13:64:4D:00:C7:5A:45:C3:77
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       01882A75F7654DC6246CA22C7C725AFF31ED
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/9zLQmC-CQimj3pwTZE0Ax1pFw3c.roa
Signing time:             Wed 17 May 2023 16:05:54 +0000
ROA not before:           Wed 17 May 2023 16:05:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48146
IP address blocks:        185.198.48.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          45.138.244.0/24 maxlen: 24
                          45.138.245.0/24 maxlen: 24
                          45.138.246.0/24 maxlen: 24
                          45.138.247.0/24 maxlen: 24
                          62.122.32.0/24 maxlen: 24
                          62.122.33.0/24 maxlen: 24
                          62.122.34.0/24 maxlen: 24
                          62.122.35.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          185.193.104.0/24 maxlen: 24
                          185.193.105.0/24 maxlen: 24
                          185.193.106.0/24 maxlen: 24
                          185.195.36.0/24 maxlen: 24
                          185.195.37.0/24 maxlen: 24
                          185.192.73.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          45.10.115.0/24 maxlen: 24
                          45.10.113.0/24 maxlen: 24
                          45.10.114.0/24 maxlen: 24
                          185.195.108.0/24 maxlen: 24
                          185.195.109.0/24 maxlen: 24
                          185.195.110.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          194.5.28.0/24 maxlen: 24
                          194.5.29.0/24 maxlen: 24
                          194.5.32.0/24 maxlen: 24
                          194.5.33.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24
                          193.8.247.0/24 maxlen: 24
                          193.8.249.0/24 maxlen: 24
                          193.8.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2a:75:f7:65:4d:c6:24:6c:a2:2c:7c:72:5a:ff:31:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: May 17 16:05:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f732d0982f824229a3de9c13644d00c75a45c377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2d:91:42:35:52:be:31:fd:f3:81:ec:56:53:
                    b3:95:55:8a:de:e3:0c:c7:c0:af:5e:77:b6:be:a7:
                    47:58:d6:f1:68:c0:3a:0b:14:d8:6a:de:5d:6d:90:
                    5d:87:d0:96:d2:01:d1:ec:27:b8:94:9e:41:fd:fd:
                    99:48:21:93:23:dc:ee:c9:3f:77:87:c0:66:34:5e:
                    1c:a8:d8:2c:c2:41:4e:b8:e8:bc:9a:1b:86:e2:1e:
                    28:ed:cd:09:ad:c0:ba:ce:14:8d:29:a8:be:61:d2:
                    a6:28:1c:22:e1:83:99:5e:94:b5:37:14:4b:e3:03:
                    fc:33:da:df:4c:5c:8f:50:8e:35:75:e2:3f:2d:bb:
                    25:54:52:f9:93:87:db:93:73:d6:ae:d4:94:ea:a5:
                    79:fc:94:e1:e8:b9:d4:b8:6c:be:35:d2:d5:c7:e4:
                    a8:a5:8e:c9:03:8a:54:0c:5d:3c:55:00:bf:c9:08:
                    83:6d:62:1b:6b:c4:0f:5c:e4:71:dc:88:06:54:bf:
                    f5:72:5a:ef:98:be:f7:24:4d:b4:d7:9a:7f:35:2e:
                    cf:06:bc:a1:a0:f2:c2:62:24:88:f0:08:a4:85:3c:
                    d8:eb:ba:c7:8f:78:9f:fd:61:46:e5:02:11:7a:50:
                    51:d4:78:75:08:78:07:a6:67:2f:a5:b4:a2:5b:69:
                    ae:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:32:D0:98:2F:82:42:29:A3:DE:9C:13:64:4D:00:C7:5A:45:C3:77
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/9zLQmC-CQimj3pwTZE0Ax1pFw3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/22
                  45.138.244.0/22
                  62.122.32.0/22
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.73.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.193.104.0-185.193.106.255
                  185.194.63.0/24
                  185.195.36.0/23
                  185.195.108.0/22
                  185.198.48.0/24
                  193.8.244.0/24
                  193.8.247.0/24
                  193.8.249.0/24
                  193.8.255.0/24
                  194.5.28.0/23
                  194.5.32.0/23
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:17:ca:7b:5f:d7:1c:f2:90:5e:e7:e7:e8:f1:cb:58:a3:35:
         87:b2:80:11:47:8c:90:8b:25:38:d5:9b:d2:ea:8a:7c:c1:b2:
         a1:0b:9f:27:71:c4:ed:60:2a:77:12:a7:f7:d6:5a:91:95:85:
         33:53:00:fe:9e:ae:94:41:ab:02:0a:56:1f:9a:ec:4a:50:c6:
         04:be:a5:a3:7a:98:24:bd:a9:6f:1c:cb:88:c4:4a:2f:5d:f5:
         d2:14:0b:cc:4c:95:77:f7:13:5e:22:1e:48:1d:82:21:ce:bc:
         cc:ee:bc:87:5c:b2:6f:ac:d3:bf:66:55:d2:91:e9:65:7a:06:
         f2:f4:3a:f0:d5:78:0d:45:6a:61:4f:6c:05:85:30:a6:8d:88:
         af:2b:e1:86:0b:06:7a:2f:c2:7c:79:55:14:cc:86:5a:2d:eb:
         ab:4e:f3:06:72:f1:7b:7d:03:70:1a:c0:1f:f7:d1:80:f9:e4:
         14:28:56:72:48:e9:99:ce:df:43:2b:e9:f4:34:64:e8:d4:a1:
         33:ea:e9:d7:99:62:05:93:5d:10:2c:fc:1d:3c:21:42:c5:a1:
         b8:5b:2a:fe:ad:d4:96:b3:13:9a:f2:f8:7a:5b:4d:33:1e:f0:
         80:43:2e:d2:6e:e6:0f:a0:23:75:be:5a:3e:6d:65:67:b1:c3:
         26:7b:cb:5e
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAYgqdfdlTcYkbKIsfHJa/zHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNTE3MTYwNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzMyZDA5ODJmODI0MjI5YTNkZTljMTM2NDRkMDBjNzVhNDVjMzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqi2RQjVSvjH984HsVlOzlVWK3uMM
x8CvXne2vqdHWNbxaMA6CxTYat5dbZBdh9CW0gHR7Ce4lJ5B/f2ZSCGTI9zuyT93
h8BmNF4cqNgswkFOuOi8mhuG4h4o7c0JrcC6zhSNKai+YdKmKBwi4YOZXpS1NxRL
4wP8M9rfTFyPUI41deI/LbslVFL5k4fbk3PWrtSU6qV5/JTh6LnUuGy+NdLVx+So
pY7JA4pUDF08VQC/yQiDbWIba8QPXORx3IgGVL/1clrvmL73JE2015p/NS7PBryh
oPLCYiSI8AikhTzY67rHj3if/WFG5QIRelBR1Hh1CHgHpmcvpbSiW2mubQIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFPcy0JgvgkIpo96cE2RNAMdaRcN3MB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvOXpMUW1DLUNRaW1qM3B3VFpFMEF4MXBGdzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBAIt
CnADBAItivQDBAI+eiADBABeZ/UDBAC5GTQDBAC5wEkDBAC5wHUDBAC5wHcwDAME
A7nBaAMEALnBagMEALnCPwMEAbnDJAMEArnDbAMEALnGMAMEAMEI9AMEAMEI9wME
AMEI+QMEAMEI/wMEAcIFHAMEAcIFIAMEAMI7xDANBgkqhkiG9w0BAQsFAAOCAQEA
WBfKe1/XHPKQXufn6PHLWKM1h7KAEUeMkIslONWb0uqKfMGyoQufJ3HE7WAqdxKn
99ZakZWFM1MA/p6ulEGrAgpWH5rsSlDGBL6lo3qYJL2pbxzLiMRKL1310hQLzEyV
d/cTXiIeSB2CIc68zO68h1yyb6zTv2ZV0pHpZXoG8vQ68NV4DUVqYU9sBYUwpo2I
ryvhhgsGei/CfHlVFMyGWi3rq07zBnLxe30DcBrAH/fRgPnkFChWckjpmc7fQyvp
9DRk6NShM+rp15liBZNdECz8HTwhQsWhuFsq/q3UlrMTmvL4eltNMx7wgEMu0m7m
D6Ajdb5aPm1lZ7HDJnvLXg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:34 2024 by rpki-client on console-fra.rpki-client.org