Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/zmQbB1Bx5p7WjPJCb0QIWBrvK78.roa
File:                     zmQbB1Bx5p7WjPJCb0QIWBrvK78.roa (raw, json)
Hash identifier:          vF1xxn44T4xXDDP4ovqCvc3iFhMcxwDcZItNbcr98LQ=
Subject key identifier:   CE:64:1B:07:50:71:E6:9E:D6:8C:F2:42:6F:44:08:58:1A:EF:2B:BF
Certificate issuer:       /CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Certificate serial:       055AAA87
Authority key identifier: 27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/zmQbB1Bx5p7WjPJCb0QIWBrvK78.roa
Signing time:             Thu 17 Mar 2022 12:48:50 +0000
ROA not before:           Thu 17 Mar 2022 12:48:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48314
IP address blocks:        185.245.96.0/24 maxlen: 24
                          185.245.97.0/24 maxlen: 24
                          185.245.98.0/24 maxlen: 24
                          185.245.99.0/24 maxlen: 24
                          185.194.238.0/24 maxlen: 24
                          185.194.239.0/24 maxlen: 24
                          185.194.236.0/24 maxlen: 24
                          185.194.237.0/24 maxlen: 24
                          193.32.221.0/24 maxlen: 24
                          193.32.222.0/24 maxlen: 24
                          193.32.220.0/24 maxlen: 24
                          193.32.223.0/24 maxlen: 24
                          185.248.141.0/24 maxlen: 24
                          185.248.142.0/24 maxlen: 24
                          185.248.140.0/24 maxlen: 24
                          185.248.143.0/24 maxlen: 24
                          46.251.251.0/24 maxlen: 24
                          185.242.112.0/24 maxlen: 24
                          185.242.113.0/24 maxlen: 24
                          88.218.224.0/24 maxlen: 24
                          88.218.225.0/24 maxlen: 24
                          185.242.114.0/24 maxlen: 24
                          185.242.115.0/24 maxlen: 24
                          88.218.226.0/24 maxlen: 24
                          88.218.227.0/24 maxlen: 24
                          134.255.244.0/24 maxlen: 24
                          45.10.24.0/24 maxlen: 24
                          134.255.247.0/24 maxlen: 24
                          194.26.182.0/24 maxlen: 24
                          194.26.183.0/24 maxlen: 24
                          194.26.180.0/24 maxlen: 24
                          194.26.181.0/24 maxlen: 24
                          194.45.196.0/23 maxlen: 24
                          91.210.224.0/24 maxlen: 24
                          91.210.225.0/24 maxlen: 24
                          91.210.226.0/24 maxlen: 24
                          91.210.227.0/24 maxlen: 24
                          185.250.248.0/24 maxlen: 24
                          185.250.249.0/24 maxlen: 24
                          5.180.64.0/24 maxlen: 24
                          185.250.250.0/24 maxlen: 24
                          185.250.251.0/24 maxlen: 24
                          5.180.67.0/24 maxlen: 24
                          5.180.65.0/24 maxlen: 24
                          5.180.66.0/24 maxlen: 24
                          109.230.219.0/24 maxlen: 24
                          152.89.236.0/24 maxlen: 24
                          152.89.237.0/24 maxlen: 24
                          152.89.238.0/24 maxlen: 24
                          31.214.144.0/24 maxlen: 24
                          152.89.239.0/24 maxlen: 24
                          94.199.213.0/24 maxlen: 24
                          94.199.212.0/24 maxlen: 24
                          94.199.214.0/24 maxlen: 24
                          94.199.215.0/24 maxlen: 24
                          213.190.28.0/24 maxlen: 24
                          213.190.31.0/24 maxlen: 24
                          213.190.29.0/24 maxlen: 24
                          213.190.30.0/24 maxlen: 24
                          194.48.171.0/24 maxlen: 24
                          194.48.169.0/24 maxlen: 24
                          194.48.170.0/24 maxlen: 24
                          194.48.168.0/24 maxlen: 24
                          45.133.9.0/24 maxlen: 24
                          45.133.8.0/24 maxlen: 24
                          45.133.10.0/23 maxlen: 24
                          194.45.37.0/24 maxlen: 24
                          194.45.36.0/24 maxlen: 24
                          91.216.245.0/24 maxlen: 24
                          193.135.8.0/24 maxlen: 24
                          193.135.9.0/24 maxlen: 24
                          193.135.11.0/24 maxlen: 24
                          193.135.10.0/24 maxlen: 24
                          45.10.26.0/24 maxlen: 24
                          45.10.25.0/24 maxlen: 24
                          45.10.27.0/24 maxlen: 24
                          193.142.41.0/24 maxlen: 24
                          193.142.42.0/24 maxlen: 24
                          193.142.40.0/24 maxlen: 24
                          193.142.43.0/24 maxlen: 24
                          45.91.100.0/24 maxlen: 24
                          45.91.101.0/24 maxlen: 24
                          45.91.103.0/24 maxlen: 24
                          45.91.102.0/24 maxlen: 24
                          2a0a:51c3::/32 maxlen: 32
                          2a0a:51c1::/32 maxlen: 32
                          2a0a:51c0::/32 maxlen: 32
                          2a0a:51c2::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89827975 (0x55aaa87)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c007e5082b8e8d8289018718cfd527a7893e5e
        Validity
            Not Before: Mar 17 12:48:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ce641b075071e69ed68cf2426f4408581aef2bbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7a:b5:d6:6f:d3:63:69:ea:08:e4:2f:83:18:
                    76:33:e5:b6:64:b0:87:b3:47:55:f2:6d:77:86:a1:
                    9a:30:a0:8b:96:b6:7f:a2:4b:4d:d4:7c:b3:33:8b:
                    56:f0:bd:c4:d0:f9:d2:99:22:cf:5e:24:c9:df:d8:
                    27:60:0e:ef:33:33:d0:47:01:da:d6:5b:42:b6:32:
                    32:ec:52:9f:65:36:90:7b:85:11:b1:e7:04:5f:2a:
                    df:6b:ef:10:87:01:8c:b9:f6:c0:75:a3:c3:c7:a7:
                    54:7e:29:12:26:3e:34:a2:5e:3f:03:ad:e1:7a:b9:
                    3c:5b:00:a7:e6:e3:b2:2c:b4:bc:ad:67:0a:0e:37:
                    df:3e:fd:fb:f0:8a:61:92:a9:87:8f:93:21:a1:1d:
                    63:ac:53:75:8d:38:00:25:db:6e:61:1a:a2:7b:53:
                    32:45:61:bb:67:04:e4:00:f9:cb:c0:57:74:6b:cd:
                    53:7b:38:5c:f4:28:4b:18:20:da:35:a2:4f:aa:d4:
                    fc:a5:13:3e:66:ca:89:f6:3b:05:90:2e:f7:f3:43:
                    d8:3a:34:f7:c6:e7:62:06:9a:70:6b:22:80:09:45:
                    f6:96:aa:26:76:79:91:81:9f:ce:d1:fa:ad:50:a7:
                    f9:5e:ee:a2:b0:76:aa:07:b6:23:b6:9e:ea:a7:fb:
                    51:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:64:1B:07:50:71:E6:9E:D6:8C:F2:42:6F:44:08:58:1A:EF:2B:BF
            X509v3 Authority Key Identifier:
                keyid:27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/zmQbB1Bx5p7WjPJCb0QIWBrvK78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.64.0/22
                  31.214.144.0/24
                  45.10.24.0/22
                  45.91.100.0/22
                  45.133.8.0/22
                  46.251.251.0/24
                  88.218.224.0/22
                  91.210.224.0/22
                  91.216.245.0/24
                  94.199.212.0/22
                  109.230.219.0/24
                  134.255.244.0/24
                  134.255.247.0/24
                  152.89.236.0/22
                  185.194.236.0/22
                  185.242.112.0/22
                  185.245.96.0/22
                  185.248.140.0/22
                  185.250.248.0/22
                  193.32.220.0/22
                  193.135.8.0/22
                  193.142.40.0/22
                  194.26.180.0/22
                  194.45.36.0/23
                  194.45.196.0/23
                  194.48.168.0/22
                  213.190.28.0/22
                IPv6:
                  2a0a:51c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         a4:19:ee:eb:24:2a:a1:a0:48:93:c2:0e:e5:44:c7:10:35:bd:
         3b:6a:cb:18:17:ba:e1:b9:0f:13:a4:75:e9:aa:fd:0c:3d:e1:
         9e:22:94:bd:52:5a:cb:1e:fd:50:8c:a3:88:26:96:a4:05:04:
         fe:c8:73:12:6c:02:21:9d:82:64:98:e6:fd:35:c2:6d:ea:57:
         75:83:23:b5:81:f6:86:60:c8:b4:17:56:0f:83:3b:ad:45:58:
         b0:03:6a:50:94:c6:8d:11:bc:24:51:30:84:db:d3:3e:cf:e2:
         af:10:f1:9b:8c:dc:5c:a8:12:bd:15:2a:da:85:e2:27:4d:d2:
         70:ef:55:d7:77:cf:e4:b3:db:27:ac:c6:c1:56:ff:df:83:7e:
         41:2c:1e:21:1d:24:25:af:34:82:05:d8:8c:5c:f6:e9:44:61:
         71:da:e5:9c:a2:d8:41:0d:81:53:4d:9b:7e:2a:aa:80:a7:35:
         9d:ea:0e:2e:3f:c0:28:dd:c6:f9:97:12:7d:80:3c:73:e1:50:
         52:b4:2c:86:b5:d1:f9:26:2e:7b:83:81:dc:47:92:7f:45:41:
         6e:5f:42:1f:e7:8d:18:79:fa:e8:96:8f:f9:5c:5a:5f:d7:d8:
         85:53:06:74:70:da:7c:6c:99:91:23:7b:84:bb:6c:93:c3:af:
         37:8f:ea:37
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIEBVqqhzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
N2MwMDdlNTA4MmI4ZThkODI4OTAxODcxOGNmZDUyN2E3ODkzZTVlMB4XDTIyMDMx
NzEyNDg1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2U2NDFiMDc1MDcx
ZTY5ZWQ2OGNmMjQyNmY0NDA4NTgxYWVmMmJiZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANZ6tdZv02Np6gjkL4MYdjPltmSwh7NHVfJtd4ahmjCgi5a2
f6JLTdR8szOLVvC9xND50pkiz14kyd/YJ2AO7zMz0EcB2tZbQrYyMuxSn2U2kHuF
EbHnBF8q32vvEIcBjLn2wHWjw8enVH4pEiY+NKJePwOt4Xq5PFsAp+bjsiy0vK1n
Cg433z79+/CKYZKph4+TIaEdY6xTdY04ACXbbmEaontTMkVhu2cE5AD5y8BXdGvN
U3s4XPQoSxgg2jWiT6rU/KUTPmbKifY7BZAu9/ND2Do098bnYgaacGsigAlF9paq
JnZ5kYGfztH6rVCn+V7uorB2qge2I7ae6qf7UaECAwEAAaOCArkwggK1MB0GA1Ud
DgQWBBTOZBsHUHHmntaM8kJvRAhYGu8rvzAfBgNVHSMEGDAWgBQnwAflCCuOjYKJ
AYcYz9Unp4k+XjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0o4QUg1UWdyam8yQ2lRR0hHTV9WSjZlSlBsNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjYvMDZmZTE0LWQxNDYtNGU2Ni1hODQxLTJjNjRjMjkxMzUzZS8x
L3ptUWJCMUJ4NXA3V2pQSkNiMFFJV0Jydks3OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYv
MDZmZTE0LWQxNDYtNGU2Ni1hODQxLTJjNjRjMjkxMzUzZS8xL0o4QUg1UWdyam8y
Q2lRR0hHTV9WSjZlSlBsNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
zgYIKwYBBQUHAQcBAf8Egb4wgbswgakEAgABMIGiAwQCBbRAAwQAH9aQAwQCLQoY
AwQCLVtkAwQCLYUIAwQALvv7AwQCWNrgAwQCW9LgAwQAW9j1AwQCXsfUAwQAbebb
AwQAhv/0AwQAhv/3AwQCmFnsAwQCucLsAwQCufJwAwQCufVgAwQCufiMAwQCufr4
AwQCwSDcAwQCwYcIAwQCwY4oAwQCwhq0AwQBwi0kAwQBwi3EAwQCwjCoAwQC1b4c
MA0EAgACMAcDBQIqClHAMA0GCSqGSIb3DQEBCwUAA4IBAQCkGe7rJCqhoEiTwg7l
RMcQNb07assYF7rhuQ8TpHXpqv0MPeGeIpS9UlrLHv1QjKOIJpakBQT+yHMSbAIh
nYJkmOb9NcJt6ld1gyO1gfaGYMi0F1YPgzutRViwA2pQlMaNEbwkUTCE29M+z+Kv
EPGbjNxcqBK9FSraheInTdJw71XXd8/ks9snrMbBVv/fg35BLB4hHSQlrzSCBdiM
XPbpRGFx2uWcothBDYFTTZt+KqqApzWd6g4uP8Ao3cb5lxJ9gDxz4VBStCyGtdH5
Ji57g4HcR5J/RUFuX0If540Yefrolo/5XFpf19iFUwZ0cNp8bJmRI3uEu2yTw683
j+o3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:54 2024 by rpki-client on console-ams.rpki-client.org