Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/xfhXs4_N24ywM3uIn2Z5g0uPOEo.roa
File:                     xfhXs4_N24ywM3uIn2Z5g0uPOEo.roa (raw, json)
Hash identifier:          t4M9s2SbHJzSTmiEEC1nOF/yrIzmBczH4KXlRgLCT/U=
Subject key identifier:   C5:F8:57:B3:8F:CD:DB:8C:B0:33:7B:88:9F:66:79:83:4B:8F:38:4A
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018DC788FD008251A7184E7D28F469F7C7D6
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/xfhXs4_N24ywM3uIn2Z5g0uPOEo.roa
Signing time:             Tue 20 Feb 2024 17:20:59 +0000
ROA not before:           Tue 20 Feb 2024 17:20:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8851
IP address blocks:        62.164.128.0/18 maxlen: 18
                          62.164.131.0/24 maxlen: 24
                          62.164.132.0/22 maxlen: 22
                          62.164.136.0/22 maxlen: 22
                          62.164.140.0/24 maxlen: 24
                          62.164.144.0/21 maxlen: 21
                          62.164.145.0/24 maxlen: 24
                          62.164.146.0/24 maxlen: 24
                          62.164.147.0/24 maxlen: 24
                          62.164.152.0/24 maxlen: 24
                          62.164.168.0/24 maxlen: 24
                          62.164.169.0/24 maxlen: 24
                          62.164.171.0/24 maxlen: 24
                          62.164.176.0/24 maxlen: 24
                          62.164.178.0/24 maxlen: 24
                          62.164.179.0/24 maxlen: 24
                          62.164.180.0/24 maxlen: 24
                          62.164.183.0/24 maxlen: 24
                          62.164.184.0/24 maxlen: 24
                          62.164.186.0/24 maxlen: 24
                          62.164.187.0/24 maxlen: 24
                          62.164.188.0/24 maxlen: 24
                          62.164.189.0/24 maxlen: 24
                          62.164.190.0/24 maxlen: 24
                          62.164.191.0/24 maxlen: 24
                          62.164.192.0/21 maxlen: 21
                          62.164.196.0/24 maxlen: 24
                          62.164.199.0/24 maxlen: 24
                          62.169.150.0/24 maxlen: 24
                          62.169.154.0/24 maxlen: 24
                          86.54.0.0/16 maxlen: 16
                          86.54.6.0/24 maxlen: 24
                          86.54.7.0/24 maxlen: 24
                          86.54.10.0/24 maxlen: 24
                          86.54.27.0/24 maxlen: 24
                          86.54.43.0/24 maxlen: 24
                          86.54.44.0/24 maxlen: 24
                          86.54.45.0/24 maxlen: 24
                          86.54.80.0/24 maxlen: 24
                          86.54.87.0/24 maxlen: 24
                          86.54.96.0/24 maxlen: 24
                          86.54.97.0/24 maxlen: 24
                          86.54.98.0/24 maxlen: 24
                          86.54.100.0/23 maxlen: 23
                          86.54.102.0/24 maxlen: 24
                          86.54.103.0/24 maxlen: 24
                          86.54.104.0/24 maxlen: 24
                          86.54.106.0/24 maxlen: 24
                          86.54.108.0/24 maxlen: 24
                          86.54.109.0/24 maxlen: 24
                          86.54.111.0/24 maxlen: 24
                          86.54.112.0/24 maxlen: 24
                          86.54.113.0/24 maxlen: 24
                          86.54.114.0/24 maxlen: 24
                          86.54.115.0/24 maxlen: 24
                          86.54.116.0/24 maxlen: 24
                          86.54.117.0/24 maxlen: 24
                          86.54.118.0/24 maxlen: 24
                          86.54.119.0/24 maxlen: 24
                          86.54.120.0/24 maxlen: 24
                          86.54.121.0/24 maxlen: 24
                          86.54.122.0/24 maxlen: 24
                          86.54.124.0/24 maxlen: 24
                          86.54.127.0/24 maxlen: 24
                          86.54.128.0/24 maxlen: 24
                          86.54.129.0/24 maxlen: 24
                          86.54.130.0/24 maxlen: 24
                          86.54.131.0/24 maxlen: 24
                          86.54.134.0/24 maxlen: 24
                          86.54.142.0/24 maxlen: 24
                          86.54.143.0/24 maxlen: 24
                          86.54.148.0/24 maxlen: 24
                          86.54.149.0/24 maxlen: 24
                          86.54.150.0/24 maxlen: 24
                          86.54.161.0/24 maxlen: 24
                          86.54.162.0/24 maxlen: 24
                          86.54.164.0/24 maxlen: 24
                          86.54.173.0/24 maxlen: 24
                          86.54.174.0/24 maxlen: 24
                          86.54.177.0/24 maxlen: 24
                          86.54.178.0/24 maxlen: 24
                          86.54.180.0/24 maxlen: 24
                          86.54.183.0/24 maxlen: 24
                          86.54.185.0/24 maxlen: 24
                          86.54.200.0/24 maxlen: 24
                          86.54.210.0/24 maxlen: 24
                          86.54.212.0/24 maxlen: 24
                          86.54.224.0/24 maxlen: 24
                          86.54.230.0/24 maxlen: 24
                          86.54.234.0/24 maxlen: 24
                          86.54.248.0/24 maxlen: 24
                          193.108.169.0/24 maxlen: 24
                          194.164.2.0/24 maxlen: 24
                          194.164.12.0/24 maxlen: 24
                          194.164.38.0/24 maxlen: 24
                          194.164.80.0/22 maxlen: 22
                          194.164.85.0/24 maxlen: 24
                          194.164.86.0/24 maxlen: 24
                          194.164.97.0/24 maxlen: 24
                          194.164.100.0/24 maxlen: 24
                          194.164.104.0/24 maxlen: 24
                          194.164.106.0/24 maxlen: 24
                          194.164.114.0/24 maxlen: 24
                          194.164.140.0/22 maxlen: 22
                          194.164.144.0/24 maxlen: 24
                          194.164.181.0/24 maxlen: 24
                          194.164.223.0/24 maxlen: 24
                          194.164.231.0/24 maxlen: 24
                          194.164.232.0/24 maxlen: 24
                          194.164.238.0/24 maxlen: 24
                          194.164.241.0/24 maxlen: 24
                          194.164.242.0/23 maxlen: 23
                          194.164.247.0/24 maxlen: 24
                          195.26.228.0/24 maxlen: 24
                          195.26.236.0/24 maxlen: 24
                          195.184.228.0/23 maxlen: 23
                          195.184.236.0/24 maxlen: 24
                          195.184.245.0/24 maxlen: 24
                          195.200.0.0/19 maxlen: 19
                          195.200.22.0/24 maxlen: 24
                          195.200.27.0/24 maxlen: 24
                          212.32.28.0/24 maxlen: 24
                          212.32.42.0/24 maxlen: 24
                          212.32.44.0/24 maxlen: 24
                          212.32.55.0/24 maxlen: 24
                          212.32.66.0/24 maxlen: 24
                          212.47.80.0/23 maxlen: 23
                          212.47.84.0/24 maxlen: 24
                          212.56.57.0/24 maxlen: 24
                          213.254.171.0/24 maxlen: 24
                          213.254.178.0/24 maxlen: 24
                          213.254.185.0/24 maxlen: 24
                          217.154.12.0/24 maxlen: 24
                          217.154.25.0/24 maxlen: 24
                          217.154.28.0/24 maxlen: 24
                          217.154.30.0/24 maxlen: 24
                          217.154.31.0/24 maxlen: 24
                          217.154.39.0/24 maxlen: 24
                          217.154.46.0/24 maxlen: 24
                          217.154.49.0/24 maxlen: 24
                          217.154.72.0/23 maxlen: 23
                          217.154.90.0/24 maxlen: 24
                          217.154.96.0/24 maxlen: 24
                          217.154.103.0/24 maxlen: 24
                          217.154.104.0/24 maxlen: 24
                          217.154.109.0/24 maxlen: 24
                          217.154.110.0/23 maxlen: 23
                          217.154.122.0/23 maxlen: 23
                          217.154.127.0/24 maxlen: 24
                          217.154.131.0/24 maxlen: 24
                          217.154.132.0/22 maxlen: 22
                          217.154.137.0/24 maxlen: 24
                          217.154.138.0/24 maxlen: 24
                          217.154.141.0/24 maxlen: 24
                          217.154.151.0/24 maxlen: 24
                          217.154.157.0/24 maxlen: 24
                          217.154.158.0/24 maxlen: 24
                          217.154.176.0/24 maxlen: 24
                          217.154.187.0/24 maxlen: 24
                          217.154.209.0/24 maxlen: 24
                          217.154.219.0/24 maxlen: 24
                          217.154.221.0/24 maxlen: 24
                          217.154.230.0/24 maxlen: 24
                          217.154.236.0/24 maxlen: 24
                          217.154.246.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:88:fd:00:82:51:a7:18:4e:7d:28:f4:69:f7:c7:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Feb 20 17:20:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5f857b38fcddb8cb0337b889f6679834b8f384a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:0a:c9:58:b6:ab:29:bc:20:89:02:42:23:
                    20:51:66:e8:35:51:53:f1:a3:0b:d4:59:3b:b6:13:
                    22:78:2e:d8:d8:64:56:23:ea:34:14:f8:80:61:15:
                    75:53:29:d1:91:74:25:01:1a:43:09:a1:5c:f2:ea:
                    21:7f:8d:c1:19:1d:cc:76:55:f0:8f:91:5b:44:70:
                    bc:b8:d0:2b:8c:33:6e:3b:c0:b3:ce:ff:cb:2a:9e:
                    b5:fa:26:de:ac:7c:39:7e:11:2c:d1:dd:de:95:54:
                    a0:65:96:8e:15:60:1e:c3:80:bc:b8:80:0c:16:6b:
                    80:af:9f:34:31:37:48:df:72:52:31:14:96:7c:9b:
                    6c:8a:5c:ab:19:7d:ca:e2:87:a1:04:df:fa:31:a1:
                    98:df:a0:51:d5:af:20:08:02:95:17:d1:58:06:3f:
                    20:1d:fa:7a:ff:0d:91:7e:66:a8:91:06:c0:a3:fd:
                    d1:ad:d6:e4:4d:b4:8a:3e:08:9c:ac:f6:c2:27:80:
                    80:e9:7e:89:43:70:82:d7:c8:3a:56:de:f9:bc:0e:
                    1a:4f:f1:be:78:29:6c:53:3c:20:40:5f:40:1d:5f:
                    18:e2:98:18:56:3a:53:b2:09:64:2d:08:ab:f7:5e:
                    4c:5c:e6:a7:8c:d8:13:77:f3:2f:ba:30:58:1e:a7:
                    e8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:F8:57:B3:8F:CD:DB:8C:B0:33:7B:88:9F:66:79:83:4B:8F:38:4A
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/xfhXs4_N24ywM3uIn2Z5g0uPOEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0-62.164.199.255
                  62.169.150.0/24
                  62.169.154.0/24
                  86.54.0.0/16
                  193.108.169.0/24
                  194.164.2.0/24
                  194.164.12.0/24
                  194.164.38.0/24
                  194.164.80.0/22
                  194.164.85.0-194.164.86.255
                  194.164.97.0/24
                  194.164.100.0/24
                  194.164.104.0/24
                  194.164.106.0/24
                  194.164.114.0/24
                  194.164.140.0-194.164.144.255
                  194.164.181.0/24
                  194.164.223.0/24
                  194.164.231.0-194.164.232.255
                  194.164.238.0/24
                  194.164.241.0-194.164.243.255
                  194.164.247.0/24
                  195.26.228.0/24
                  195.26.236.0/24
                  195.184.228.0/23
                  195.184.236.0/24
                  195.184.245.0/24
                  195.200.0.0/19
                  212.32.28.0/24
                  212.32.42.0/24
                  212.32.44.0/24
                  212.32.55.0/24
                  212.32.66.0/24
                  212.47.80.0/23
                  212.47.84.0/24
                  212.56.57.0/24
                  213.254.171.0/24
                  213.254.178.0/24
                  213.254.185.0/24
                  217.154.12.0/24
                  217.154.25.0/24
                  217.154.28.0/24
                  217.154.30.0/23
                  217.154.39.0/24
                  217.154.46.0/24
                  217.154.49.0/24
                  217.154.72.0/23
                  217.154.90.0/24
                  217.154.96.0/24
                  217.154.103.0-217.154.104.255
                  217.154.109.0-217.154.111.255
                  217.154.122.0/23
                  217.154.127.0/24
                  217.154.131.0-217.154.135.255
                  217.154.137.0-217.154.138.255
                  217.154.141.0/24
                  217.154.151.0/24
                  217.154.157.0-217.154.158.255
                  217.154.176.0/24
                  217.154.187.0/24
                  217.154.209.0/24
                  217.154.219.0/24
                  217.154.221.0/24
                  217.154.230.0/24
                  217.154.236.0/24
                  217.154.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:7c:91:e5:5a:60:71:25:f9:8a:78:99:22:b7:48:8c:37:65:
         61:87:7f:3f:ec:de:a3:23:b1:23:e4:37:99:79:38:a1:41:1c:
         a3:f6:68:fa:f3:f0:32:4d:d9:a9:e5:53:94:cb:83:c1:63:10:
         8e:55:27:3c:2a:69:3a:16:a5:fa:6b:7d:74:2e:a6:48:61:50:
         21:b1:e7:76:c6:60:40:0d:a3:17:3e:9a:8c:68:bb:f5:67:4e:
         1b:e3:ef:b8:6e:8b:18:4e:90:d4:bc:0f:5d:82:49:65:32:6a:
         30:dd:31:08:e3:dd:d4:bd:11:10:5e:b9:3a:69:51:3d:74:8f:
         43:5e:e4:53:47:0e:43:9a:44:c7:45:c7:fb:38:79:d4:35:76:
         fe:94:8a:a2:d0:8d:7b:f1:e0:ec:ad:51:df:00:02:f8:79:53:
         b5:4d:16:dd:bd:cd:5f:f6:f7:64:56:3a:b2:20:a5:9e:9b:11:
         0c:83:e1:8e:84:59:89:39:80:36:48:a3:60:9d:d8:06:75:b0:
         9b:8e:8d:97:5d:ab:8e:ee:f4:bd:e0:49:23:d7:98:35:c2:18:
         2c:62:80:f6:80:37:c2:11:35:24:b7:f8:5c:66:a0:12:7f:9a:
         08:6d:c6:02:59:a6:41:43:07:37:3f:42:0e:4d:1f:8f:db:3e:
         02:b4:18:97
-----BEGIN CERTIFICATE-----
MIIG3DCCBcSgAwIBAgISAY3HiP0AglGnGE59KPRp98fWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjIwMTcyMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWY4NTdiMzhmY2RkYjhjYjAzMzdiODg5ZjY2Nzk4MzRiOGYzODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0cKyVi2qym8IIkCQiMgUWboNVFT
8aML1Fk7thMieC7Y2GRWI+o0FPiAYRV1UynRkXQlARpDCaFc8uohf43BGR3MdlXw
j5FbRHC8uNArjDNuO8Czzv/LKp61+iberHw5fhEs0d3elVSgZZaOFWAew4C8uIAM
FmuAr580MTdI33JSMRSWfJtsilyrGX3K4oehBN/6MaGY36BR1a8gCAKVF9FYBj8g
Hfp6/w2RfmaokQbAo/3RrdbkTbSKPgicrPbCJ4CA6X6JQ3CC18g6Vt75vA4aT/G+
eClsUzwgQF9AHV8Y4pgYVjpTsglkLQir915MXOanjNgTd/MvujBYHqfo+QIDAQAB
o4ID6DCCA+QwHQYDVR0OBBYEFMX4V7OPzduMsDN7iJ9meYNLjzhKMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEveGZoWHM0X04yNHl3TTN1SW4yWjVnMHVQT0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB/AYIKwYBBQUHAQcBAf8EggHrMIIB5zCCAeMEAgABMIIB
2zAMAwQHPqSAAwQDPqTAAwQAPqmWAwQAPqmaAwMAVjYDBADBbKkDBADCpAIDBADC
pAwDBADCpCYDBALCpFAwDAMEAMKkVQMEAMKkVgMEAMKkYQMEAMKkZAMEAMKkaAME
AMKkagMEAMKkcjAMAwQCwqSMAwQAwqSQAwQAwqS1AwQAwqTfMAwDBADCpOcDBADC
pOgDBADCpO4wDAMEAMKk8QMEAsKk8AMEAMKk9wMEAMMa5AMEAMMa7AMEAcO45AME
AMO47AMEAMO49QMEBcPIAAMEANQgHAMEANQgKgMEANQgLAMEANQgNwMEANQgQgME
AdQvUAMEANQvVAMEANQ4OQMEANX+qwMEANX+sgMEANX+uQMEANmaDAMEANmaGQME
ANmaHAMEAdmaHgMEANmaJwMEANmaLgMEANmaMQMEAdmaSAMEANmaWgMEANmaYDAM
AwQA2ZpnAwQA2ZpoMAwDBADZmm0DBATZmmADBAHZmnoDBADZmn8wDAMEANmagwME
A9magDAMAwQA2ZqJAwQA2ZqKAwQA2ZqNAwQA2ZqXMAwDBADZmp0DBADZmp4DBADZ
mrADBADZmrsDBADZmtEDBADZmtsDBADZmt0DBADZmuYDBADZmuwDBADZmvYwDQYJ
KoZIhvcNAQELBQADggEBAD98keVaYHEl+Yp4mSK3SIw3ZWGHfz/s3qMjsSPkN5l5
OKFBHKP2aPrz8DJN2anlU5TLg8FjEI5VJzwqaToWpfprfXQupkhhUCGx53bGYEAN
oxc+moxou/VnThvj77huixhOkNS8D12CSWUyajDdMQjj3dS9ERBeuTppUT10j0Ne
5FNHDkOaRMdFx/s4edQ1dv6UiqLQjXvx4OytUd8AAvh5U7VNFt29zV/292RWOrIg
pZ6bEQyD4Y6EWYk5gDZIo2Cd2AZ1sJuOjZddq47u9L3gSSPXmDXCGCxigPaAN8IR
NSS3+FxmoBJ/mghtxgJZpkFDBzc/Qg5NH4/bPgK0GJc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:16 2024 by rpki-client on console-fra.rpki-client.org