Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/UYq4MNFRiO4n7L5p3sQlrYyvHKg.roa
File:                     UYq4MNFRiO4n7L5p3sQlrYyvHKg.roa (raw, json)
Hash identifier:          terFY/8QVjfiRJXhZlTT528G+pKPetYZaLAs4+LL2dA=
Subject key identifier:   51:8A:B8:30:D1:51:88:EE:27:EC:BE:69:DE:C4:25:AD:8C:AF:1C:A8
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018DC68067809297548505F4CE8ACA248AFD
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/UYq4MNFRiO4n7L5p3sQlrYyvHKg.roa
Signing time:             Tue 20 Feb 2024 12:32:00 +0000
ROA not before:           Tue 20 Feb 2024 12:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8851
IP address blocks:        62.164.128.0/18 maxlen: 18
                          62.164.144.0/21 maxlen: 21
                          62.164.192.0/21 maxlen: 21
                          62.169.150.0/24 maxlen: 24
                          62.169.154.0/24 maxlen: 24
                          86.54.0.0/16 maxlen: 16
                          193.108.169.0/24 maxlen: 24
                          194.164.2.0/24 maxlen: 24
                          194.164.12.0/24 maxlen: 24
                          194.164.38.0/24 maxlen: 24
                          194.164.80.0/22 maxlen: 22
                          194.164.85.0/24 maxlen: 24
                          194.164.86.0/24 maxlen: 24
                          194.164.97.0/24 maxlen: 24
                          194.164.100.0/24 maxlen: 24
                          194.164.104.0/24 maxlen: 24
                          194.164.106.0/24 maxlen: 24
                          194.164.114.0/24 maxlen: 24
                          194.164.140.0/22 maxlen: 22
                          194.164.144.0/24 maxlen: 24
                          194.164.181.0/24 maxlen: 24
                          194.164.223.0/24 maxlen: 24
                          194.164.231.0/24 maxlen: 24
                          194.164.232.0/24 maxlen: 24
                          194.164.238.0/24 maxlen: 24
                          194.164.241.0/24 maxlen: 24
                          194.164.242.0/23 maxlen: 23
                          194.164.247.0/24 maxlen: 24
                          195.26.228.0/24 maxlen: 24
                          195.26.236.0/24 maxlen: 24
                          195.184.228.0/23 maxlen: 23
                          195.184.236.0/24 maxlen: 24
                          195.184.245.0/24 maxlen: 24
                          195.200.0.0/19 maxlen: 19
                          195.200.22.0/24 maxlen: 24
                          195.200.27.0/24 maxlen: 24
                          212.32.28.0/24 maxlen: 24
                          212.32.42.0/24 maxlen: 24
                          212.32.44.0/24 maxlen: 24
                          212.32.55.0/24 maxlen: 24
                          212.32.66.0/24 maxlen: 24
                          212.47.80.0/23 maxlen: 23
                          212.47.84.0/24 maxlen: 24
                          212.56.57.0/24 maxlen: 24
                          213.254.171.0/24 maxlen: 24
                          213.254.178.0/24 maxlen: 24
                          213.254.185.0/24 maxlen: 24
                          217.154.0.0/16 maxlen: 16
                          217.154.12.0/24 maxlen: 24
                          217.154.25.0/24 maxlen: 24
                          217.154.28.0/24 maxlen: 24
                          217.154.30.0/24 maxlen: 24
                          217.154.31.0/24 maxlen: 24
                          217.154.39.0/24 maxlen: 24
                          217.154.46.0/24 maxlen: 24
                          217.154.49.0/24 maxlen: 24
                          217.154.72.0/23 maxlen: 23
                          217.154.90.0/24 maxlen: 24
                          217.154.96.0/24 maxlen: 24
                          217.154.103.0/24 maxlen: 24
                          217.154.104.0/24 maxlen: 24
                          217.154.109.0/24 maxlen: 24
                          217.154.110.0/23 maxlen: 23
                          217.154.122.0/23 maxlen: 23
                          217.154.127.0/24 maxlen: 24
                          217.154.131.0/24 maxlen: 24
                          217.154.132.0/22 maxlen: 22
                          217.154.137.0/24 maxlen: 24
                          217.154.138.0/24 maxlen: 24
                          217.154.141.0/24 maxlen: 24
                          217.154.151.0/24 maxlen: 24
                          217.154.157.0/24 maxlen: 24
                          217.154.158.0/24 maxlen: 24
                          217.154.176.0/24 maxlen: 24
                          217.154.187.0/24 maxlen: 24
                          217.154.209.0/24 maxlen: 24
                          217.154.219.0/24 maxlen: 24
                          217.154.221.0/24 maxlen: 24
                          217.154.230.0/24 maxlen: 24
                          217.154.236.0/24 maxlen: 24
                          217.154.246.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:80:67:80:92:97:54:85:05:f4:ce:8a:ca:24:8a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Feb 20 12:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=518ab830d15188ee27ecbe69dec425ad8caf1ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d1:e3:15:47:51:df:82:f7:2b:50:91:61:0d:
                    5a:c6:85:75:a2:b4:f2:cc:85:c7:73:18:0c:56:a8:
                    62:e3:d4:b7:4d:35:82:74:a7:50:da:4b:43:4e:d5:
                    b9:5e:70:85:8a:6f:6f:7e:c8:cb:40:8c:48:07:d4:
                    ea:15:2f:34:11:4e:f9:68:14:29:72:4e:c5:ac:33:
                    d2:42:27:8e:33:b3:77:5b:cc:59:70:11:e2:bc:75:
                    86:12:bb:b1:93:bd:d2:fa:1d:44:84:7d:6e:b4:89:
                    7b:05:8f:f4:8b:17:ed:d5:c4:99:6c:eb:6a:c6:d3:
                    eb:a3:1e:67:65:bb:8f:8c:d5:33:dc:2b:37:52:2a:
                    c3:83:30:17:b7:c5:f6:bc:e7:62:ac:f5:7d:f1:41:
                    61:f5:72:79:a8:09:e1:11:c9:6a:c2:16:99:c9:86:
                    5c:24:5c:ba:1f:74:c8:82:e3:ca:5a:ed:b4:ab:89:
                    eb:84:62:04:aa:57:fd:f8:1c:6c:fc:a3:7b:86:3f:
                    8a:a8:a6:f7:ff:3b:bc:94:ff:eb:60:30:d9:a4:70:
                    32:86:72:5b:dc:b5:0c:dc:42:57:9a:fd:83:6d:1f:
                    ad:b6:01:85:8a:65:ac:eb:4b:bf:84:0a:5b:6f:85:
                    ad:e4:07:09:1f:b7:7d:8c:61:c1:ed:cc:6e:e4:5b:
                    4b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:8A:B8:30:D1:51:88:EE:27:EC:BE:69:DE:C4:25:AD:8C:AF:1C:A8
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/UYq4MNFRiO4n7L5p3sQlrYyvHKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0-62.164.199.255
                  62.169.150.0/24
                  62.169.154.0/24
                  86.54.0.0/16
                  193.108.169.0/24
                  194.164.2.0/24
                  194.164.12.0/24
                  194.164.38.0/24
                  194.164.80.0/22
                  194.164.85.0-194.164.86.255
                  194.164.97.0/24
                  194.164.100.0/24
                  194.164.104.0/24
                  194.164.106.0/24
                  194.164.114.0/24
                  194.164.140.0-194.164.144.255
                  194.164.181.0/24
                  194.164.223.0/24
                  194.164.231.0-194.164.232.255
                  194.164.238.0/24
                  194.164.241.0-194.164.243.255
                  194.164.247.0/24
                  195.26.228.0/24
                  195.26.236.0/24
                  195.184.228.0/23
                  195.184.236.0/24
                  195.184.245.0/24
                  195.200.0.0/19
                  212.32.28.0/24
                  212.32.42.0/24
                  212.32.44.0/24
                  212.32.55.0/24
                  212.32.66.0/24
                  212.47.80.0/23
                  212.47.84.0/24
                  212.56.57.0/24
                  213.254.171.0/24
                  213.254.178.0/24
                  213.254.185.0/24
                  217.154.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:54:8a:89:3d:a9:06:6d:d8:61:62:24:81:6f:aa:09:21:22:
         00:4e:03:e4:16:38:4a:b8:1c:50:a8:24:68:43:f4:42:d2:91:
         19:a9:12:60:7f:2e:68:8d:25:ab:b2:e8:a0:94:12:a6:ba:12:
         6d:fe:cb:ad:4e:b9:6b:50:bd:af:e0:79:78:ab:7d:40:32:56:
         36:75:a9:78:a7:fa:b7:fe:cb:87:fa:89:f8:a3:77:14:0a:ac:
         a1:9b:39:15:9c:38:7f:c4:bd:62:0a:82:5b:9d:93:89:6b:fc:
         1a:07:07:42:8c:f0:97:c8:78:47:9f:b6:d0:ff:95:15:6c:01:
         c5:5a:6c:df:77:3f:de:64:ce:69:f6:ba:15:3d:3e:c3:cf:a5:
         30:9b:88:bb:0d:a1:51:61:ad:7c:17:a4:68:61:0f:92:57:c3:
         5b:5c:3e:51:c0:12:91:e1:70:ba:65:f5:e0:8f:da:b4:c7:af:
         c3:f7:6f:63:11:bc:86:77:37:19:83:76:21:ca:f5:40:56:6d:
         8f:f8:7f:a5:2b:a7:d0:42:37:65:78:29:6a:ec:10:0c:03:2f:
         a1:4a:2e:40:06:f7:d2:69:16:3b:44:ca:2f:ea:e6:db:3f:6d:
         0c:b9:43:6f:90:52:1e:e0:1f:83:99:11:dd:b5:be:30:60:a9:
         7a:af:15:69
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAY3GgGeAkpdUhQX0zorKJIr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjIwMTIzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MThhYjgzMGQxNTE4OGVlMjdlY2JlNjlkZWM0MjVhZDhjYWYxY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztHjFUdR34L3K1CRYQ1axoV1orTy
zIXHcxgMVqhi49S3TTWCdKdQ2ktDTtW5XnCFim9vfsjLQIxIB9TqFS80EU75aBQp
ck7FrDPSQieOM7N3W8xZcBHivHWGEruxk73S+h1EhH1utIl7BY/0ixft1cSZbOtq
xtProx5nZbuPjNUz3Cs3UirDgzAXt8X2vOdirPV98UFh9XJ5qAnhEclqwhaZyYZc
JFy6H3TIguPKWu20q4nrhGIEqlf9+Bxs/KN7hj+KqKb3/zu8lP/rYDDZpHAyhnJb
3LUM3EJXmv2DbR+ttgGFimWs60u/hApbb4Wt5AcJH7d9jGHB7cxu5FtLrwIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFFGKuDDRUYjuJ+y+ad7EJa2MrxyoMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvVVlxNE1ORlJpTzRuN0w1cDNzUWxyWXl2SEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FjAMAwQHPqSAAwQDPqTAAwQAPqmWAwQAPqmaAwMAVjYDBADBbKkDBADCpAIDBADC
pAwDBADCpCYDBALCpFAwDAMEAMKkVQMEAMKkVgMEAMKkYQMEAMKkZAMEAMKkaAME
AMKkagMEAMKkcjAMAwQCwqSMAwQAwqSQAwQAwqS1AwQAwqTfMAwDBADCpOcDBADC
pOgDBADCpO4wDAMEAMKk8QMEAsKk8AMEAMKk9wMEAMMa5AMEAMMa7AMEAcO45AME
AMO47AMEAMO49QMEBcPIAAMEANQgHAMEANQgKgMEANQgLAMEANQgNwMEANQgQgME
AdQvUAMEANQvVAMEANQ4OQMEANX+qwMEANX+sgMEANX+uQMDANmaMA0GCSqGSIb3
DQEBCwUAA4IBAQAbVIqJPakGbdhhYiSBb6oJISIATgPkFjhKuBxQqCRoQ/RC0pEZ
qRJgfy5ojSWrsuiglBKmuhJt/sutTrlrUL2v4Hl4q31AMlY2dal4p/q3/suH+on4
o3cUCqyhmzkVnDh/xL1iCoJbnZOJa/waBwdCjPCXyHhHn7bQ/5UVbAHFWmzfdz/e
ZM5p9roVPT7Dz6Uwm4i7DaFRYa18F6RoYQ+SV8NbXD5RwBKR4XC6ZfXgj9q0x6/D
929jEbyGdzcZg3YhyvVAVm2P+H+lK6fQQjdleClq7BAMAy+hSi5ABvfSaRY7RMov
6ubbP20MuUNvkFIe4B+DmRHdtb4wYKl6rxVp
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:16 2024 by rpki-client on console-fra.rpki-client.org