Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/EpUmxh_MG4n9hmK10mRig4nR6Q4.roa
File:                     EpUmxh_MG4n9hmK10mRig4nR6Q4.roa (raw, json)
Hash identifier:          zZJ8H68eKsql7YArl1x9yEaJVa7J/U3L6UQ1cJH11Jc=
Subject key identifier:   12:95:26:C6:1F:CC:1B:89:FD:86:62:B5:D2:64:62:83:89:D1:E9:0E
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       0187FC48E8EAFED7E0947497E4DF1777786C
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/EpUmxh_MG4n9hmK10mRig4nR6Q4.roa
Signing time:             Mon 08 May 2023 16:54:09 +0000
ROA not before:           Mon 08 May 2023 16:54:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        185.198.48.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          45.138.246.0/24 maxlen: 24
                          45.138.245.0/24 maxlen: 24
                          45.138.244.0/24 maxlen: 24
                          62.122.35.0/24 maxlen: 24
                          62.122.34.0/24 maxlen: 24
                          62.122.33.0/24 maxlen: 24
                          45.138.247.0/24 maxlen: 24
                          62.122.32.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          185.193.105.0/24 maxlen: 24
                          185.193.104.0/24 maxlen: 24
                          185.193.106.0/24 maxlen: 24
                          185.195.37.0/24 maxlen: 24
                          185.195.36.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          45.10.114.0/24 maxlen: 24
                          45.10.115.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          185.195.108.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          193.8.249.0/24 maxlen: 24
                          193.8.247.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24
                          193.8.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fc:48:e8:ea:fe:d7:e0:94:74:97:e4:df:17:77:78:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: May  8 16:54:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=129526c61fcc1b89fd8662b5d264628389d1e90e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e1:2b:1c:33:82:29:2d:02:da:f3:af:17:32:
                    7f:be:dd:c1:37:21:04:5f:5d:ba:64:02:40:6f:42:
                    23:89:e1:9e:ce:e2:7a:a9:1e:1c:86:0f:13:b3:d4:
                    c0:4d:23:0d:82:30:5e:5e:39:7b:e9:e7:e7:40:b8:
                    be:29:63:65:12:b2:4a:63:a3:bf:85:9a:73:b7:e6:
                    57:3c:b8:41:dc:e2:df:74:f4:7f:7b:48:60:a1:ee:
                    c9:4a:b8:e0:f1:a7:4a:c1:f2:8e:6c:fc:e0:5f:16:
                    3d:54:4e:8c:8f:78:1c:15:1d:23:ef:97:6b:55:cc:
                    96:8a:ab:27:04:6d:14:52:1a:0c:cd:70:a9:bb:98:
                    1c:4d:30:cf:ed:0d:ea:30:3e:1a:d0:de:a9:99:82:
                    09:fd:f5:fe:12:2f:94:ea:be:02:d6:bd:fe:cf:69:
                    26:10:aa:e9:c8:b6:90:6b:70:d0:66:5a:df:75:14:
                    75:8d:9f:ee:58:0d:b5:1d:a9:f0:e6:94:60:7d:f2:
                    b3:7c:68:de:3e:cc:6f:44:67:e0:c2:b5:01:ee:1a:
                    b1:50:a3:0d:5e:8a:73:5d:f5:fe:30:c9:13:43:0e:
                    1d:63:62:a1:b6:75:ef:2c:3d:f0:a9:cd:c5:e0:cc:
                    35:40:29:d6:dd:d2:b2:7d:74:73:2d:aa:ce:c9:9d:
                    74:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:95:26:C6:1F:CC:1B:89:FD:86:62:B5:D2:64:62:83:89:D1:E9:0E
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/EpUmxh_MG4n9hmK10mRig4nR6Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/24
                  45.10.114.0/23
                  45.138.244.0/22
                  62.122.32.0/22
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.193.104.0-185.193.106.255
                  185.194.63.0/24
                  185.195.36.0/23
                  185.195.108.0/24
                  185.195.111.0/24
                  185.198.48.0/24
                  193.8.244.0/24
                  193.8.247.0/24
                  193.8.249.0/24
                  193.8.255.0/24
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c4:0b:60:8e:e6:27:64:12:c6:43:17:c0:a9:1a:12:e9:41:
         b4:6d:b4:64:f6:66:f0:3f:21:2a:7b:86:59:61:68:e7:85:c5:
         a9:c4:89:e6:3c:78:ab:46:99:92:cc:1a:95:39:51:37:e8:d1:
         ea:b5:19:2b:2c:dd:9e:58:9c:00:e9:65:10:77:07:4e:46:9e:
         d5:1c:05:de:06:30:b0:aa:6b:99:12:33:1a:df:ef:9a:10:e9:
         3c:e9:77:44:1c:1c:28:27:a0:cc:77:95:28:45:6a:12:40:32:
         fb:37:ff:e2:1d:c2:52:6e:f9:06:00:cb:70:77:80:c6:a0:9f:
         4d:6c:2d:a8:9f:f4:0c:16:39:89:6f:89:11:25:54:4e:c7:79:
         1c:a5:1d:40:44:91:d0:62:7e:c2:f0:a9:6a:75:69:5b:f9:0a:
         6e:f7:52:26:9b:c2:55:09:7f:d8:b2:7d:f7:63:58:d0:83:71:
         be:e8:64:b1:86:25:f9:19:3c:c9:a2:24:63:bd:7d:c9:bc:b0:
         bf:00:54:52:87:e4:23:4b:d2:75:0c:68:00:2f:37:bc:3f:78:
         e9:14:36:ae:6b:6c:c1:9e:fa:92:15:cc:1e:29:78:75:52:34:
         4e:df:11:cb:19:49:a2:30:ac:6b:d5:6d:09:4c:e8:43:6a:20:
         b3:06:4b:e2
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYf8SOjq/tfglHSX5N8Xd3hsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNTA4MTY1NDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjk1MjZjNjFmY2MxYjg5ZmQ4NjYyYjVkMjY0NjI4Mzg5ZDFlOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuErHDOCKS0C2vOvFzJ/vt3BNyEE
X126ZAJAb0IjieGezuJ6qR4chg8Ts9TATSMNgjBeXjl76efnQLi+KWNlErJKY6O/
hZpzt+ZXPLhB3OLfdPR/e0hgoe7JSrjg8adKwfKObPzgXxY9VE6Mj3gcFR0j75dr
VcyWiqsnBG0UUhoMzXCpu5gcTTDP7Q3qMD4a0N6pmYIJ/fX+Ei+U6r4C1r3+z2km
EKrpyLaQa3DQZlrfdRR1jZ/uWA21Hanw5pRgffKzfGjePsxvRGfgwrUB7hqxUKMN
XopzXfX+MMkTQw4dY2KhtnXvLD3wqc3F4Mw1QCnW3dKyfXRzLarOyZ107QIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFBKVJsYfzBuJ/YZitdJkYoOJ0ekOMB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvRXBVbXhoX01HNG45aG1LMTBtUmlnNG5SNlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzCBgAQCAAEwegMEAC0K
cAMEAS0KcgMEAi2K9AMEAj56IAMEAF5n9QMEALkZNAMEALnAdQMEALnAdzAMAwQD
ucFoAwQAucFqAwQAucI/AwQBucMkAwQAucNsAwQAucNvAwQAucYwAwQAwQj0AwQA
wQj3AwQAwQj5AwQAwQj/AwQAwjvEMA0GCSqGSIb3DQEBCwUAA4IBAQBFxAtgjuYn
ZBLGQxfAqRoS6UG0bbRk9mbwPyEqe4ZZYWjnhcWpxInmPHirRpmSzBqVOVE36NHq
tRkrLN2eWJwA6WUQdwdORp7VHAXeBjCwqmuZEjMa3++aEOk86XdEHBwoJ6DMd5Uo
RWoSQDL7N//iHcJSbvkGAMtwd4DGoJ9NbC2on/QMFjmJb4kRJVROx3kcpR1ARJHQ
Yn7C8KlqdWlb+Qpu91Imm8JVCX/Ysn33Y1jQg3G+6GSxhiX5GTzJoiRjvX3JvLC/
AFRSh+QjS9J1DGgALze8P3jpFDaua2zBnvqSFcweKXh1UjRO3xHLGUmiMKxr1W0J
TOhDaiCzBkvi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:34 2024 by rpki-client on console-fra.rpki-client.org