Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/juZ38ZJb5FUMvZ8y5mdX71Mb93s.roa
File:                     juZ38ZJb5FUMvZ8y5mdX71Mb93s.roa (raw, json)
Hash identifier:          B+R9tb/T4Tz+i+1SgxRYPY3gGH+ITAsc2VptJTQGRcs=
Subject key identifier:   8E:E6:77:F1:92:5B:E4:55:0C:BD:9F:32:E6:67:57:EF:53:1B:F7:7B
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       018CC3496282CA8D0E2616D9986108ACDC2B
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/juZ38ZJb5FUMvZ8y5mdX71Mb93s.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48146
IP address blocks:        185.198.48.0/24 maxlen: 24
                          94.103.244.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          45.138.244.0/24 maxlen: 24
                          45.138.245.0/24 maxlen: 24
                          45.138.246.0/24 maxlen: 24
                          45.138.247.0/24 maxlen: 24
                          62.122.32.0/24 maxlen: 24
                          62.122.33.0/24 maxlen: 24
                          62.122.34.0/24 maxlen: 24
                          62.122.35.0/24 maxlen: 24
                          45.138.252.0/24 maxlen: 24
                          45.138.253.0/24 maxlen: 24
                          45.138.254.0/24 maxlen: 24
                          45.138.255.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          185.193.104.0/24 maxlen: 24
                          185.193.105.0/24 maxlen: 24
                          185.193.106.0/24 maxlen: 24
                          185.193.107.0/24 maxlen: 24
                          185.195.36.0/24 maxlen: 24
                          185.195.37.0/24 maxlen: 24
                          185.192.73.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          45.10.115.0/24 maxlen: 24
                          45.10.113.0/24 maxlen: 24
                          45.10.114.0/24 maxlen: 24
                          185.195.108.0/24 maxlen: 24
                          185.195.109.0/24 maxlen: 24
                          185.195.110.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          194.5.28.0/24 maxlen: 24
                          194.5.29.0/24 maxlen: 24
                          194.5.32.0/24 maxlen: 24
                          194.5.33.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24
                          193.8.247.0/24 maxlen: 24
                          185.194.60.0/24 maxlen: 24
                          193.8.249.0/24 maxlen: 24
                          185.194.61.0/24 maxlen: 24
                          185.194.62.0/24 maxlen: 24
                          193.8.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:62:82:ca:8d:0e:26:16:d9:98:61:08:ac:dc:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ee677f1925be4550cbd9f32e66757ef531bf77b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:27:40:87:4a:61:03:74:a4:fb:c5:6f:e9:bf:
                    9a:6b:aa:67:e8:23:97:ca:4d:ca:5a:77:39:52:88:
                    45:30:5f:c3:46:29:ec:c3:e0:ba:da:cd:8e:d6:90:
                    04:f4:3b:a1:ad:eb:f7:8d:f6:b8:3f:d6:55:ac:3d:
                    97:60:50:df:38:3c:e3:33:de:04:7c:e8:d9:6a:a8:
                    c0:37:f1:9e:78:00:a2:74:4d:61:cf:86:f9:53:ed:
                    df:73:80:b2:9b:e7:4a:9f:ce:5a:b2:22:c8:90:f7:
                    d9:ab:6b:d6:66:de:26:9a:af:df:35:80:31:b5:97:
                    d4:fb:50:e3:13:cd:61:43:0f:aa:fd:b2:58:3d:21:
                    7c:e6:5e:99:0b:b0:c3:44:23:df:f0:f1:56:c5:45:
                    15:6a:35:34:c6:fa:64:86:98:d8:6c:e1:ea:03:44:
                    16:b2:d3:b8:ca:b7:0d:7e:da:89:b1:c6:5b:20:6c:
                    ac:92:cc:48:dc:94:ee:63:01:4a:ff:c1:17:36:42:
                    6c:ea:8b:50:bc:be:38:13:57:d8:13:5a:c8:cf:7e:
                    fa:bc:2f:ec:c8:c7:a6:ff:a6:d1:56:35:14:61:f9:
                    cc:2e:53:e1:a6:2b:91:bb:2d:97:d5:19:03:9e:1d:
                    6f:b8:47:b2:aa:23:61:3d:56:fd:c9:04:c8:11:f3:
                    21:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E6:77:F1:92:5B:E4:55:0C:BD:9F:32:E6:67:57:EF:53:1B:F7:7B
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/juZ38ZJb5FUMvZ8y5mdX71Mb93s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/22
                  45.138.244.0/22
                  45.138.252.0/22
                  62.122.32.0/22
                  94.103.244.0/23
                  185.25.52.0/24
                  185.192.73.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.193.104.0/22
                  185.194.60.0/22
                  185.195.36.0/23
                  185.195.108.0/22
                  185.198.48.0/24
                  193.8.244.0/24
                  193.8.247.0/24
                  193.8.249.0/24
                  193.8.255.0/24
                  194.5.28.0/23
                  194.5.32.0/23
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:1b:76:5e:6a:eb:c9:f8:8a:58:80:84:8f:4b:5f:d2:17:19:
         b0:ec:36:a5:cf:51:94:86:24:b7:76:6d:42:e1:28:bb:a5:77:
         a0:f7:3e:22:ff:32:ef:c4:02:8a:16:85:2d:30:31:bf:df:94:
         fc:a1:b1:87:ae:33:b0:e7:00:f2:9e:8f:b9:08:91:29:9c:49:
         94:0e:8e:c9:0b:ad:be:3d:df:05:12:2c:ca:36:ba:7c:d3:77:
         1d:16:f6:b8:f1:f1:05:51:0f:31:2f:45:69:9a:2e:ab:e7:f7:
         b5:78:fc:c5:69:16:d3:da:de:20:93:f1:f2:dc:b8:8d:22:d7:
         ac:d5:8a:a4:71:f2:64:a4:01:37:07:b0:ad:60:b4:72:64:5f:
         cd:ef:72:97:90:90:e0:86:0a:ec:69:08:3d:3f:07:4d:4d:dc:
         96:fe:b1:33:6d:8e:b1:d8:64:ae:69:01:e7:91:a8:d2:b7:03:
         8d:49:97:5f:b0:b5:8c:07:a5:93:11:2b:d4:f5:d7:5c:d6:62:
         75:ce:dd:7e:40:e8:2c:66:56:ca:92:6a:db:b8:a3:71:e9:34:
         bf:89:c7:47:b3:9b:01:58:dc:34:06:f7:b8:cd:68:38:16:b6:
         f0:92:25:b3:69:c0:6e:5d:fa:de:71:33:84:73:f0:48:d1:01:
         30:f0:1d:27
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYzDSWKCyo0OJhbZmGEIrNwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWU2NzdmMTkyNWJlNDU1MGNiZDlmMzJlNjY3NTdlZjUzMWJmNzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhydAh0phA3Sk+8Vv6b+aa6pn6COX
yk3KWnc5UohFMF/DRinsw+C62s2O1pAE9Duhrev3jfa4P9ZVrD2XYFDfODzjM94E
fOjZaqjAN/GeeACidE1hz4b5U+3fc4Cym+dKn85asiLIkPfZq2vWZt4mmq/fNYAx
tZfU+1DjE81hQw+q/bJYPSF85l6ZC7DDRCPf8PFWxUUVajU0xvpkhpjYbOHqA0QW
stO4yrcNftqJscZbIGysksxI3JTuYwFK/8EXNkJs6otQvL44E1fYE1rIz376vC/s
yMem/6bRVjUUYfnMLlPhpiuRuy2X1RkDnh1vuEeyqiNhPVb9yQTIEfMhtQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFI7md/GSW+RVDL2fMuZnV+9TG/d7MB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvanVaMzhaSmI1RlVNdlo4eTVtZFg3MU1iOTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAi0K
cAMEAi2K9AMEAi2K/AMEAj56IAMEAV5n9AMEALkZNAMEALnASQMEALnAdQMEALnA
dwMEArnBaAMEArnCPAMEAbnDJAMEArnDbAMEALnGMAMEAMEI9AMEAMEI9wMEAMEI
+QMEAMEI/wMEAcIFHAMEAcIFIAMEAMI7xDANBgkqhkiG9w0BAQsFAAOCAQEAIBt2
XmrryfiKWICEj0tf0hcZsOw2pc9RlIYkt3ZtQuEou6V3oPc+Iv8y78QCihaFLTAx
v9+U/KGxh64zsOcA8p6PuQiRKZxJlA6OyQutvj3fBRIsyja6fNN3HRb2uPHxBVEP
MS9FaZouq+f3tXj8xWkW09reIJPx8ty4jSLXrNWKpHHyZKQBNwewrWC0cmRfze9y
l5CQ4IYK7GkIPT8HTU3clv6xM22OsdhkrmkB55Go0rcDjUmXX7C1jAelkxEr1PXX
XNZidc7dfkDoLGZWypJq27ijcek0v4nHR7ObAVjcNAb3uM1oOBa28JIls2nAbl36
3nEzhHPwSNEBMPAdJw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:34 2024 by rpki-client on console-fra.rpki-client.org