Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/NBtN58rm0WhXWnO83tB8jg_OR8g.roa
File:                     NBtN58rm0WhXWnO83tB8jg_OR8g.roa (raw, json)
Hash identifier:          W4rzyi/Lwgq2kJ2vvpySdosl4tC52hDdAbOuv/cwUzk=
Subject key identifier:   34:1B:4D:E7:CA:E6:D1:68:57:5A:73:BC:DE:D0:7C:8E:0F:CE:47:C8
Certificate issuer:       /CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Certificate serial:       018B6AE6DA82FFF55E66507581B60C3D2C47
Authority key identifier: 27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/NBtN58rm0WhXWnO83tB8jg_OR8g.roa
Signing time:             Thu 26 Oct 2023 07:33:15 +0000
ROA not before:           Thu 26 Oct 2023 07:33:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48314
IP address blocks:        185.245.97.0/24 maxlen: 24
                          185.245.98.0/24 maxlen: 24
                          185.245.99.0/24 maxlen: 24
                          185.194.238.0/24 maxlen: 24
                          185.194.239.0/24 maxlen: 24
                          185.194.236.0/24 maxlen: 24
                          185.194.237.0/24 maxlen: 24
                          193.32.221.0/24 maxlen: 24
                          193.32.222.0/24 maxlen: 24
                          193.32.220.0/24 maxlen: 24
                          193.32.223.0/24 maxlen: 24
                          185.248.141.0/24 maxlen: 24
                          185.248.142.0/24 maxlen: 24
                          185.248.143.0/24 maxlen: 24
                          27.123.244.0/22 maxlen: 24
                          46.251.251.0/24 maxlen: 24
                          185.242.112.0/24 maxlen: 24
                          185.242.113.0/24 maxlen: 24
                          88.218.224.0/24 maxlen: 24
                          88.218.225.0/24 maxlen: 24
                          185.242.114.0/24 maxlen: 24
                          185.242.115.0/24 maxlen: 24
                          88.218.226.0/24 maxlen: 24
                          134.255.244.0/24 maxlen: 24
                          45.10.24.0/24 maxlen: 24
                          134.255.247.0/24 maxlen: 24
                          194.26.182.0/24 maxlen: 24
                          194.26.183.0/24 maxlen: 24
                          194.26.180.0/24 maxlen: 24
                          194.26.181.0/24 maxlen: 24
                          194.45.196.0/23 maxlen: 24
                          91.210.225.0/24 maxlen: 24
                          103.241.48.0/22 maxlen: 24
                          91.210.226.0/24 maxlen: 24
                          91.210.227.0/24 maxlen: 24
                          185.250.248.0/24 maxlen: 24
                          185.250.249.0/24 maxlen: 24
                          5.180.64.0/24 maxlen: 24
                          185.250.250.0/24 maxlen: 24
                          185.250.251.0/24 maxlen: 24
                          5.180.67.0/24 maxlen: 24
                          5.180.65.0/24 maxlen: 24
                          5.180.66.0/24 maxlen: 24
                          109.230.219.0/24 maxlen: 24
                          152.89.236.0/24 maxlen: 24
                          152.89.237.0/24 maxlen: 24
                          152.89.238.0/24 maxlen: 24
                          31.214.144.0/24 maxlen: 24
                          152.89.239.0/24 maxlen: 24
                          94.199.213.0/24 maxlen: 24
                          94.199.212.0/24 maxlen: 24
                          94.199.214.0/24 maxlen: 24
                          94.199.215.0/24 maxlen: 24
                          213.190.28.0/24 maxlen: 24
                          213.190.31.0/24 maxlen: 24
                          213.190.29.0/24 maxlen: 24
                          213.190.30.0/24 maxlen: 24
                          194.48.171.0/24 maxlen: 24
                          194.48.169.0/24 maxlen: 24
                          194.48.170.0/24 maxlen: 24
                          194.48.168.0/24 maxlen: 24
                          45.133.9.0/24 maxlen: 24
                          45.133.8.0/24 maxlen: 24
                          45.133.10.0/23 maxlen: 24
                          194.45.37.0/24 maxlen: 24
                          194.45.36.0/24 maxlen: 24
                          91.216.245.0/24 maxlen: 24
                          193.135.8.0/24 maxlen: 24
                          193.135.9.0/24 maxlen: 24
                          193.135.11.0/24 maxlen: 24
                          45.10.26.0/24 maxlen: 24
                          45.10.25.0/24 maxlen: 24
                          45.10.27.0/24 maxlen: 24
                          193.142.41.0/24 maxlen: 24
                          193.142.42.0/24 maxlen: 24
                          193.142.40.0/24 maxlen: 24
                          193.142.43.0/24 maxlen: 24
                          45.91.100.0/24 maxlen: 24
                          45.91.101.0/24 maxlen: 24
                          45.91.103.0/24 maxlen: 24
                          45.91.102.0/24 maxlen: 24
                          2a0a:51c3::/32 maxlen: 32
                          2a0a:51c1::/32 maxlen: 48
                          2a0a:51c4::/32 maxlen: 48
                          2a0a:51c0::/32 maxlen: 32
                          2a0a:51c2::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:6a:e6:da:82:ff:f5:5e:66:50:75:81:b6:0c:3d:2c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c007e5082b8e8d8289018718cfd527a7893e5e
        Validity
            Not Before: Oct 26 07:33:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=341b4de7cae6d168575a73bcded07c8e0fce47c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:39:5b:d5:c4:1b:9e:2f:15:2f:fa:5f:ea:e0:
                    f6:e2:37:1f:fe:75:24:37:ea:d4:a2:40:d7:e9:5d:
                    88:67:1f:18:37:59:3a:2e:b9:c2:b1:15:9c:69:06:
                    c6:a9:0d:61:e7:bf:12:07:ac:b8:3f:4f:1a:ec:33:
                    de:74:54:3c:c6:b8:63:96:fb:2a:0b:55:7d:5e:62:
                    4c:64:b6:c8:62:3f:50:e5:91:70:ef:07:48:72:b5:
                    02:6c:b5:b8:bb:6a:a2:b0:58:44:b6:98:4c:58:a6:
                    ca:e7:82:6b:79:10:9c:17:da:c4:78:a6:9d:92:03:
                    85:5d:84:01:8e:34:32:65:51:6d:43:88:b1:b9:3f:
                    58:8e:06:7b:65:6a:b4:27:a5:ab:45:f1:0c:50:16:
                    f9:4f:a4:ef:9c:08:db:5e:e4:af:e0:2b:aa:18:51:
                    c9:74:11:5b:02:62:b5:7e:21:c9:9b:e0:9e:b5:61:
                    06:f6:fa:9d:54:1c:67:27:30:4f:0a:bd:e4:e6:90:
                    bd:b9:3d:e9:cf:a0:0c:3c:ff:d2:6c:03:df:80:e3:
                    66:e9:72:f4:d4:2a:a1:87:c6:58:33:18:d4:0a:6f:
                    64:3e:98:1d:09:fe:51:2e:86:fe:75:05:76:de:8e:
                    0c:db:c0:cd:0b:01:c6:8a:b7:45:d5:2b:65:20:72:
                    95:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:1B:4D:E7:CA:E6:D1:68:57:5A:73:BC:DE:D0:7C:8E:0F:CE:47:C8
            X509v3 Authority Key Identifier:
                keyid:27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/NBtN58rm0WhXWnO83tB8jg_OR8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.64.0/22
                  27.123.244.0/22
                  31.214.144.0/24
                  45.10.24.0/22
                  45.91.100.0/22
                  45.133.8.0/22
                  46.251.251.0/24
                  88.218.224.0-88.218.226.255
                  91.210.225.0-91.210.227.255
                  91.216.245.0/24
                  94.199.212.0/22
                  103.241.48.0/22
                  109.230.219.0/24
                  134.255.244.0/24
                  134.255.247.0/24
                  152.89.236.0/22
                  185.194.236.0/22
                  185.242.112.0/22
                  185.245.97.0-185.245.99.255
                  185.248.141.0-185.248.143.255
                  185.250.248.0/22
                  193.32.220.0/22
                  193.135.8.0/23
                  193.135.11.0/24
                  193.142.40.0/22
                  194.26.180.0/22
                  194.45.36.0/23
                  194.45.196.0/23
                  194.48.168.0/22
                  213.190.28.0/22
                IPv6:
                  2a0a:51c0::-2a0a:51c4:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         bf:f3:8c:b6:0e:5c:eb:bf:20:8d:5e:1b:a5:29:b1:35:78:1c:
         a3:e5:41:3f:c3:55:3a:78:ce:fb:7b:3e:63:e9:b9:a8:a3:9e:
         15:c2:d3:a1:61:32:99:94:f1:cc:73:82:3f:b2:58:81:9b:05:
         c2:22:8e:2e:92:29:a4:bb:a6:e7:bb:6f:2c:8e:65:16:4d:c4:
         95:51:f0:10:64:88:00:b6:97:31:c5:00:aa:96:06:1a:4a:d8:
         c4:ec:94:dc:60:94:dc:60:57:cb:64:7e:c9:02:7d:30:24:64:
         0b:4a:6e:62:47:fb:cd:d7:ea:32:34:7b:53:a1:94:f6:75:d7:
         3e:16:f9:51:91:56:75:96:cb:3d:09:ef:76:f9:8b:81:f4:42:
         c4:e1:28:3b:b2:2f:d2:63:f8:a6:be:a8:37:52:e7:e6:bc:c3:
         87:e0:3e:30:58:0b:c5:a8:d4:2f:f8:e9:fb:e5:b7:0d:b5:e8:
         7d:b2:b1:f6:7a:5b:48:3b:f0:46:7c:49:44:fd:e0:c5:bd:b1:
         f3:6d:91:c7:f0:49:79:43:c3:47:d3:05:03:81:7a:bb:7f:1f:
         c9:6b:c7:53:1e:35:de:38:20:58:4a:e4:80:c3:9d:16:9a:04:
         5d:bb:ee:68:46:87:1d:ad:38:bb:26:00:32:4b:de:8b:03:22:
         a0:dd:92:ff
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgISAYtq5tqC//VeZlB1gbYMPSxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzAwN2U1MDgyYjhlOGQ4Mjg5MDE4NzE4Y2ZkNTI3YTc4
OTNlNWUwHhcNMjMxMDI2MDczMzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDFiNGRlN2NhZTZkMTY4NTc1YTczYmNkZWQwN2M4ZTBmY2U0N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDlb1cQbni8VL/pf6uD24jcf/nUk
N+rUokDX6V2IZx8YN1k6LrnCsRWcaQbGqQ1h578SB6y4P08a7DPedFQ8xrhjlvsq
C1V9XmJMZLbIYj9Q5ZFw7wdIcrUCbLW4u2qisFhEtphMWKbK54JreRCcF9rEeKad
kgOFXYQBjjQyZVFtQ4ixuT9YjgZ7ZWq0J6WrRfEMUBb5T6TvnAjbXuSv4CuqGFHJ
dBFbAmK1fiHJm+CetWEG9vqdVBxnJzBPCr3k5pC9uT3pz6AMPP/SbAPfgONm6XL0
1Cqhh8ZYMxjUCm9kPpgdCf5RLob+dQV23o4M28DNCwHGirdF1StlIHKVqwIDAQAB
o4IC9TCCAvEwHQYDVR0OBBYEFDQbTefK5tFoV1pzvN7QfI4PzkfIMB8GA1UdIwQY
MBaAFCfAB+UIK46NgokBhxjP1SeniT5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEt
MmM2NGMyOTEzNTNlLzEvTkJ0TjU4cm0wV2hYV25PODN0QjhqZ19PUjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEtMmM2NGMyOTEzNTNl
LzEvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCQYIKwYBBQUHAQcBAf8EgfkwgfYwgdsEAgABMIHUAwQC
BbRAAwQCG3v0AwQAH9aQAwQCLQoYAwQCLVtkAwQCLYUIAwQALvv7MAwDBAVY2uAD
BABY2uIwDAMEAFvS4QMEAlvS4AMEAFvY9QMEAl7H1AMEAmfxMAMEAG3m2wMEAIb/
9AMEAIb/9wMEAphZ7AMEArnC7AMEArnycDAMAwQAufVhAwQCufVgMAwDBAC5+I0D
BAS5+IADBAK5+vgDBALBINwDBAHBhwgDBADBhwsDBALBjigDBALCGrQDBAHCLSQD
BAHCLcQDBALCMKgDBALVvhwwFgQCAAIwEDAOAwUGKgpRwAMFACoKUcQwDQYJKoZI
hvcNAQELBQADggEBAL/zjLYOXOu/II1eG6UpsTV4HKPlQT/DVTp4zvt7PmPpuaij
nhXC06FhMpmU8cxzgj+yWIGbBcIiji6SKaS7pue7byyOZRZNxJVR8BBkiAC2lzHF
AKqWBhpK2MTslNxglNxgV8tkfskCfTAkZAtKbmJH+83X6jI0e1OhlPZ11z4W+VGR
VnWWyz0J73b5i4H0QsThKDuyL9Jj+Ka+qDdS5+a8w4fgPjBYC8Wo1C/46fvltw21
6H2ysfZ6W0g78EZ8SUT94MW9sfNtkcfwSXlDw0fTBQOBert/H8lrx1MeNd44IFhK
5IDDnRaaBF277mhGhx2tOLsmADJL3osDIqDdkv8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:54 2024 by rpki-client on console-ams.rpki-client.org