Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa
File:                     JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa (raw, json)
Hash identifier:          6aqizjZYI6bZcsVhRmn6SoinukD1R777kCTD38+GICA=
Subject key identifier:   25:C6:D7:26:F5:14:6C:F4:91:65:8B:AA:F5:7F:E1:87:D2:91:28:50
Certificate issuer:       /CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Certificate serial:       018CC9BBBD83A00897C8CB09CAFBF78360DD
Authority key identifier: 27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa
Signing time:             Tue 02 Jan 2024 10:32:53 +0000
ROA not before:           Tue 02 Jan 2024 10:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        185.245.97.0/24 maxlen: 24
                          185.245.98.0/24 maxlen: 24
                          185.245.99.0/24 maxlen: 24
                          185.194.238.0/24 maxlen: 24
                          185.194.239.0/24 maxlen: 24
                          185.194.236.0/24 maxlen: 24
                          185.194.237.0/24 maxlen: 24
                          193.32.221.0/24 maxlen: 24
                          193.32.222.0/24 maxlen: 24
                          193.32.220.0/24 maxlen: 24
                          193.32.223.0/24 maxlen: 24
                          185.248.141.0/24 maxlen: 24
                          185.248.142.0/24 maxlen: 24
                          185.248.143.0/24 maxlen: 24
                          27.123.244.0/22 maxlen: 24
                          46.251.251.0/24 maxlen: 24
                          185.242.112.0/24 maxlen: 24
                          185.242.113.0/24 maxlen: 24
                          88.218.224.0/24 maxlen: 24
                          88.218.225.0/24 maxlen: 24
                          185.242.114.0/24 maxlen: 24
                          185.242.115.0/24 maxlen: 24
                          88.218.226.0/24 maxlen: 24
                          134.255.244.0/24 maxlen: 24
                          45.10.24.0/24 maxlen: 24
                          134.255.247.0/24 maxlen: 24
                          194.26.182.0/24 maxlen: 24
                          194.26.183.0/24 maxlen: 24
                          194.26.180.0/24 maxlen: 24
                          194.26.181.0/24 maxlen: 24
                          194.45.196.0/23 maxlen: 24
                          91.210.225.0/24 maxlen: 24
                          103.241.48.0/22 maxlen: 24
                          91.210.226.0/24 maxlen: 24
                          91.210.227.0/24 maxlen: 24
                          185.250.248.0/24 maxlen: 24
                          185.250.249.0/24 maxlen: 24
                          5.180.64.0/24 maxlen: 24
                          185.250.250.0/24 maxlen: 24
                          185.250.251.0/24 maxlen: 24
                          5.180.67.0/24 maxlen: 24
                          5.180.65.0/24 maxlen: 24
                          5.180.66.0/24 maxlen: 24
                          109.230.219.0/24 maxlen: 24
                          152.89.236.0/24 maxlen: 24
                          152.89.237.0/24 maxlen: 24
                          152.89.238.0/24 maxlen: 24
                          31.214.144.0/24 maxlen: 24
                          152.89.239.0/24 maxlen: 24
                          94.199.213.0/24 maxlen: 24
                          94.199.212.0/24 maxlen: 24
                          94.199.214.0/24 maxlen: 24
                          94.199.215.0/24 maxlen: 24
                          213.190.28.0/24 maxlen: 24
                          213.190.31.0/24 maxlen: 24
                          213.190.29.0/24 maxlen: 24
                          213.190.30.0/24 maxlen: 24
                          194.48.171.0/24 maxlen: 24
                          194.48.169.0/24 maxlen: 24
                          194.48.170.0/24 maxlen: 24
                          194.48.168.0/24 maxlen: 24
                          45.133.9.0/24 maxlen: 24
                          45.133.8.0/24 maxlen: 24
                          45.133.10.0/23 maxlen: 24
                          194.45.37.0/24 maxlen: 24
                          194.45.36.0/24 maxlen: 24
                          91.216.245.0/24 maxlen: 24
                          193.135.8.0/24 maxlen: 24
                          193.135.9.0/24 maxlen: 24
                          193.135.11.0/24 maxlen: 24
                          45.10.26.0/24 maxlen: 24
                          45.10.25.0/24 maxlen: 24
                          45.10.27.0/24 maxlen: 24
                          193.142.41.0/24 maxlen: 24
                          193.142.42.0/24 maxlen: 24
                          193.142.40.0/24 maxlen: 24
                          193.142.43.0/24 maxlen: 24
                          45.91.100.0/24 maxlen: 24
                          45.91.101.0/24 maxlen: 24
                          45.91.103.0/24 maxlen: 24
                          45.91.102.0/24 maxlen: 24
                          2a0a:51c3::/32 maxlen: 32
                          2a0a:51c1::/32 maxlen: 48
                          2a0a:51c4::/32 maxlen: 48
                          2a0a:51c0::/32 maxlen: 32
                          2a0a:51c2::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:bd:83:a0:08:97:c8:cb:09:ca:fb:f7:83:60:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c007e5082b8e8d8289018718cfd527a7893e5e
        Validity
            Not Before: Jan  2 10:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25c6d726f5146cf491658baaf57fe187d2912850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b7:8b:aa:29:dd:7b:89:cb:30:89:2f:19:46:
                    06:3e:36:6c:f5:b4:14:0c:88:24:62:3a:4d:3a:48:
                    ff:ff:e9:87:40:66:18:a5:c1:ed:d3:bd:1f:88:e0:
                    45:4b:fb:4b:8a:ad:80:39:89:ad:29:fb:fc:48:ab:
                    c6:0a:f8:2d:70:e8:87:06:36:58:9a:ee:39:b9:a9:
                    53:20:5e:88:80:d1:a0:20:38:4a:b1:ea:79:3a:94:
                    aa:4e:63:2e:bc:5f:bf:3c:c4:ff:22:de:8c:7d:ca:
                    cb:7c:a8:42:a2:6f:12:8f:3d:b6:20:6d:ca:74:c4:
                    b5:1c:fe:e3:73:c7:61:91:37:a2:16:13:c8:02:6d:
                    ff:92:e1:e0:8d:ce:68:5b:4f:87:d7:a6:d2:15:76:
                    33:3c:0f:be:fa:35:67:84:0a:51:5a:7d:40:7a:7a:
                    34:62:d0:1b:66:06:8f:b0:66:21:00:e2:61:50:41:
                    c0:27:27:e8:f0:f0:25:f9:82:a9:cf:4f:39:5b:0d:
                    36:6d:72:f5:cf:cb:da:b2:c7:eb:9b:b3:c6:14:70:
                    25:c9:45:3b:0a:4b:52:7c:02:09:78:bf:0c:00:ee:
                    59:d6:e0:a5:9b:42:18:e1:fc:a6:04:5c:48:ad:dd:
                    7f:86:7a:a4:a8:f0:00:7d:89:37:01:be:c4:a9:61:
                    8d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:C6:D7:26:F5:14:6C:F4:91:65:8B:AA:F5:7F:E1:87:D2:91:28:50
            X509v3 Authority Key Identifier:
                keyid:27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.64.0/22
                  27.123.244.0/22
                  31.214.144.0/24
                  45.10.24.0/22
                  45.91.100.0/22
                  45.133.8.0/22
                  46.251.251.0/24
                  88.218.224.0-88.218.226.255
                  91.210.225.0-91.210.227.255
                  91.216.245.0/24
                  94.199.212.0/22
                  103.241.48.0/22
                  109.230.219.0/24
                  134.255.244.0/24
                  134.255.247.0/24
                  152.89.236.0/22
                  185.194.236.0/22
                  185.242.112.0/22
                  185.245.97.0-185.245.99.255
                  185.248.141.0-185.248.143.255
                  185.250.248.0/22
                  193.32.220.0/22
                  193.135.8.0/23
                  193.135.11.0/24
                  193.142.40.0/22
                  194.26.180.0/22
                  194.45.36.0/23
                  194.45.196.0/23
                  194.48.168.0/22
                  213.190.28.0/22
                IPv6:
                  2a0a:51c0::-2a0a:51c4:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8a:bb:1c:16:49:d6:e2:18:0a:30:a5:4e:55:a3:f0:ff:06:e4:
         05:1a:d1:f1:c4:8d:71:cc:d8:38:a6:0c:84:93:99:41:2b:a9:
         39:f7:3a:00:e6:89:1c:f5:1c:96:ea:85:9e:3e:46:5e:0e:c9:
         61:49:fc:58:36:e0:e7:b9:a5:65:db:18:94:ca:93:57:18:be:
         7a:bd:11:c0:13:4a:bd:81:2d:97:f0:7e:d7:98:83:0f:7c:92:
         c5:81:f6:29:a6:33:24:5e:76:0a:29:37:ff:fb:a8:c1:16:13:
         ee:df:71:09:5a:8e:f4:fb:b5:bf:87:e1:39:f4:2b:6d:c9:c6:
         0e:cd:f9:b7:03:be:a3:c3:c1:2a:a1:87:20:c8:94:c0:cb:64:
         f8:85:ec:9b:df:46:16:72:ba:40:e5:07:78:b5:1a:26:0b:26:
         3d:d7:b7:4e:e2:12:a6:41:86:0f:5b:05:3f:51:83:0d:7f:74:
         84:18:70:da:ff:d4:cd:2b:1f:eb:98:38:a8:4a:06:00:aa:74:
         78:a0:90:55:c3:06:c6:09:59:9d:7b:6c:33:4e:e1:63:1d:70:
         32:fb:39:01:81:aa:c5:fd:61:6e:30:ab:c4:01:0f:27:9c:86:
         2b:b9:4f:02:cd:68:b4:88:e1:18:f1:f5:7d:b6:ef:6a:c4:97:
         13:75:70:2a
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgISAYzJu72DoAiXyMsJyvv3g2DdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzAwN2U1MDgyYjhlOGQ4Mjg5MDE4NzE4Y2ZkNTI3YTc4
OTNlNWUwHhcNMjQwMTAyMTAzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWM2ZDcyNmY1MTQ2Y2Y0OTE2NThiYWFmNTdmZTE4N2QyOTEyODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoreLqinde4nLMIkvGUYGPjZs9bQU
DIgkYjpNOkj//+mHQGYYpcHt070fiOBFS/tLiq2AOYmtKfv8SKvGCvgtcOiHBjZY
mu45ualTIF6IgNGgIDhKsep5OpSqTmMuvF+/PMT/It6MfcrLfKhCom8Sjz22IG3K
dMS1HP7jc8dhkTeiFhPIAm3/kuHgjc5oW0+H16bSFXYzPA+++jVnhApRWn1Aeno0
YtAbZgaPsGYhAOJhUEHAJyfo8PAl+YKpz085Ww02bXL1z8vassfrm7PGFHAlyUU7
CktSfAIJeL8MAO5Z1uClm0IY4fymBFxIrd1/hnqkqPAAfYk3Ab7EqWGN/wIDAQAB
o4IC9TCCAvEwHQYDVR0OBBYEFCXG1yb1FGz0kWWLqvV/4YfSkShQMB8GA1UdIwQY
MBaAFCfAB+UIK46NgokBhxjP1SeniT5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEt
MmM2NGMyOTEzNTNlLzEvSmNiWEp2VVViUFNSWll1cTlYX2hoOUtSS0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEtMmM2NGMyOTEzNTNl
LzEvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCQYIKwYBBQUHAQcBAf8EgfkwgfYwgdsEAgABMIHUAwQC
BbRAAwQCG3v0AwQAH9aQAwQCLQoYAwQCLVtkAwQCLYUIAwQALvv7MAwDBAVY2uAD
BABY2uIwDAMEAFvS4QMEAlvS4AMEAFvY9QMEAl7H1AMEAmfxMAMEAG3m2wMEAIb/
9AMEAIb/9wMEAphZ7AMEArnC7AMEArnycDAMAwQAufVhAwQCufVgMAwDBAC5+I0D
BAS5+IADBAK5+vgDBALBINwDBAHBhwgDBADBhwsDBALBjigDBALCGrQDBAHCLSQD
BAHCLcQDBALCMKgDBALVvhwwFgQCAAIwEDAOAwUGKgpRwAMFACoKUcQwDQYJKoZI
hvcNAQELBQADggEBAIq7HBZJ1uIYCjClTlWj8P8G5AUa0fHEjXHM2DimDISTmUEr
qTn3OgDmiRz1HJbqhZ4+Rl4OyWFJ/Fg24Oe5pWXbGJTKk1cYvnq9EcATSr2BLZfw
fteYgw98ksWB9immMyRedgopN//7qMEWE+7fcQlajvT7tb+H4Tn0K23Jxg7N+bcD
vqPDwSqhhyDIlMDLZPiF7JvfRhZyukDlB3i1GiYLJj3Xt07iEqZBhg9bBT9Rgw1/
dIQYcNr/1M0rH+uYOKhKBgCqdHigkFXDBsYJWZ17bDNO4WMdcDL7OQGBqsX9YW4w
q8QBDyechiu5TwLNaLSI4Rjx9X2272rElxN1cCo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:54 2024 by rpki-client on console-ams.rpki-client.org