Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/ID5kNME6sh52IzE-dxBuygyMC_8.roa
File:                     ID5kNME6sh52IzE-dxBuygyMC_8.roa (raw, json)
Hash identifier:          Bp5jtk+IMvysBmV1N7qTZEcym7UYCqNpvC5qGXkDEAU=
Subject key identifier:   20:3E:64:34:C1:3A:B2:1E:76:23:31:3E:77:10:6E:CA:0C:8C:0B:FF
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       0187B936AFFD497C9649EDC90C69A79CA3E4
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/ID5kNME6sh52IzE-dxBuygyMC_8.roa
Signing time:             Tue 25 Apr 2023 16:19:41 +0000
ROA not before:           Tue 25 Apr 2023 16:19:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        185.198.48.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          45.138.246.0/24 maxlen: 24
                          45.138.245.0/24 maxlen: 24
                          45.138.244.0/24 maxlen: 24
                          45.138.247.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b9:36:af:fd:49:7c:96:49:ed:c9:0c:69:a7:9c:a3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: Apr 25 16:19:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=203e6434c13ab21e7623313e77106eca0c8c0bff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ff:7a:13:1d:9a:40:f8:bc:0b:bb:ef:a5:a3:
                    41:c8:c0:e2:fe:a2:d2:dd:b9:4e:1d:e7:69:84:11:
                    1f:f0:f5:0f:3f:aa:12:4b:dd:02:09:a8:0c:42:d3:
                    e8:85:38:68:90:da:6d:2b:11:da:d4:7c:78:6b:cc:
                    45:4d:ee:d8:5c:1f:50:4c:ba:16:35:c7:4d:da:da:
                    59:57:de:36:17:a9:2e:c8:e3:fa:15:77:1a:f1:2a:
                    df:47:b1:c7:30:ba:88:35:4c:96:4c:f7:a1:15:ab:
                    c5:1d:31:b2:dd:7e:27:73:e4:8a:82:3e:b3:d5:ec:
                    3b:4e:11:78:90:b5:21:e0:c4:54:78:4d:d5:c3:21:
                    38:44:91:74:8b:4c:89:a6:59:6b:e0:00:27:0a:e7:
                    68:43:18:ae:64:81:9f:a4:72:4e:ee:60:ff:31:98:
                    32:1e:e4:dd:05:34:62:5e:b0:84:74:16:01:09:2c:
                    d7:aa:c1:17:ed:6f:ea:33:e3:10:bd:7b:c0:51:cf:
                    2f:4d:da:fd:81:c6:9b:3b:f6:ca:f4:85:3c:3e:b5:
                    90:ee:95:77:f0:e1:22:fc:0e:d7:e5:a5:32:2c:b7:
                    85:da:7e:69:77:55:a2:36:7f:b2:34:59:df:df:03:
                    96:ad:13:35:42:12:82:3b:37:6e:ba:d8:5a:80:be:
                    60:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:3E:64:34:C1:3A:B2:1E:76:23:31:3E:77:10:6E:CA:0C:8C:0B:FF
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/ID5kNME6sh52IzE-dxBuygyMC_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/24
                  45.138.244.0/22
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.194.63.0/24
                  185.195.111.0/24
                  185.198.48.0/24
                  193.8.244.0/24
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:5a:c6:cc:0f:07:35:66:2a:86:df:a1:68:12:5f:c8:82:2e:
         e9:68:f6:2a:11:c0:ca:24:2d:8f:0c:62:6c:08:5d:71:68:ef:
         1e:f4:99:d1:6a:03:6e:f8:77:db:51:ff:51:fb:dc:f0:92:b6:
         48:b1:6d:32:8d:7d:c5:7a:9b:b2:a0:28:c7:ee:39:1a:1c:f9:
         6b:fe:bf:d2:30:c4:3f:dc:60:ea:ee:1b:9e:b2:0f:23:5e:b2:
         87:35:79:ca:e7:44:f8:3b:13:4a:fb:86:fd:49:63:a3:88:0b:
         a1:1a:22:ab:b2:88:f8:f0:dd:47:32:44:f8:52:a6:85:35:ff:
         f2:65:c5:fe:d3:19:ab:8f:48:a9:b7:13:a5:94:09:1f:3e:5c:
         0b:f7:f5:15:c0:5a:21:17:7e:b4:a0:86:03:4e:67:a5:e3:47:
         6f:39:35:48:51:eb:dc:0a:51:d4:c6:ff:51:8a:1d:2e:c2:42:
         b5:b0:38:c0:d3:13:49:48:5d:c5:ca:bf:61:f8:a1:91:9c:47:
         aa:c9:ac:a1:c3:02:d5:3b:b0:96:8a:40:4e:a0:5d:6b:06:be:
         13:8b:07:ba:ae:14:d6:a5:94:da:54:0c:12:bc:52:be:32:a1:
         1b:b9:fc:00:d6:09:27:12:fd:bc:21:fb:b9:ee:8d:55:b3:f9:
         17:e8:f8:d3
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYe5Nq/9SXyWSe3JDGmnnKPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNDI1MTYxOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDNlNjQzNGMxM2FiMjFlNzYyMzMxM2U3NzEwNmVjYTBjOGMwYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv96Ex2aQPi8C7vvpaNByMDi/qLS
3blOHedphBEf8PUPP6oSS90CCagMQtPohThokNptKxHa1Hx4a8xFTe7YXB9QTLoW
NcdN2tpZV942F6kuyOP6FXca8SrfR7HHMLqINUyWTPehFavFHTGy3X4nc+SKgj6z
1ew7ThF4kLUh4MRUeE3VwyE4RJF0i0yJpllr4AAnCudoQxiuZIGfpHJO7mD/MZgy
HuTdBTRiXrCEdBYBCSzXqsEX7W/qM+MQvXvAUc8vTdr9gcabO/bK9IU8PrWQ7pV3
8OEi/A7X5aUyLLeF2n5pd1WiNn+yNFnf3wOWrRM1QhKCOzduuthagL5g2QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCA+ZDTBOrIediMxPncQbsoMjAv/MB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvSUQ1a05NRTZzaDUySXpFLWR4QnV5Z3lNQ184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALQpwAwQC
LYr0AwQAXmf1AwQAuRk0AwQAucB1AwQAucB3AwQAucI/AwQAucNvAwQAucYwAwQA
wQj0AwQAwjvEMA0GCSqGSIb3DQEBCwUAA4IBAQAeWsbMDwc1ZiqG36FoEl/Igi7p
aPYqEcDKJC2PDGJsCF1xaO8e9JnRagNu+HfbUf9R+9zwkrZIsW0yjX3FepuyoCjH
7jkaHPlr/r/SMMQ/3GDq7huesg8jXrKHNXnK50T4OxNK+4b9SWOjiAuhGiKrsoj4
8N1HMkT4UqaFNf/yZcX+0xmrj0iptxOllAkfPlwL9/UVwFohF360oIYDTmel40dv
OTVIUevcClHUxv9Rih0uwkK1sDjA0xNJSF3Fyr9h+KGRnEeqyayhwwLVO7CWikBO
oF1rBr4Tiwe6rhTWpZTaVAwSvFK+MqEbufwA1gknEv28Ifu57o1Vs/kX6PjT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:34 2024 by rpki-client on console-fra.rpki-client.org