Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa
File:                     MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa (raw, json)
Hash identifier:          oUq3QKyDKXyVVSrXZxos5oPAlE+OdICdHK6GymH41pw=
Subject key identifier:   30:A1:79:1B:D4:1B:7B:BC:B0:28:4D:26:85:26:36:65:F6:AA:42:62
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195A3D96CE3D09C59115DB61AD3FF5620CC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa
Signing time:             Mon 17 Mar 2025 11:24:50 +0000
ROA not before:           Mon 17 Mar 2025 11:24:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        5.252.132.0/22 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.9.157.0/24 maxlen: 24
                          45.14.164.0/24 maxlen: 24
                          45.66.228.0/24 maxlen: 24
                          45.66.230.0/24 maxlen: 24
                          45.66.231.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.89.247.0/24 maxlen: 24
                          45.90.89.0/24 maxlen: 24
                          45.139.106.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          45.151.90.0/24 maxlen: 24
                          45.151.91.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          81.161.238.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          84.54.48.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          87.120.112.0/22 maxlen: 24
                          87.120.116.0/23 maxlen: 24
                          87.120.120.0/23 maxlen: 24
                          87.120.125.0/24 maxlen: 24
                          87.120.126.0/23 maxlen: 24
                          87.120.166.0/24 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.87.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          87.121.165.0/24 maxlen: 24
                          91.92.240.0/20 maxlen: 32
                          92.119.196.0/23 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          93.123.109.0/24 maxlen: 24
                          94.154.160.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.156.64.0/21 maxlen: 32
                          94.156.105.0/24 maxlen: 24
                          94.156.106.0/24 maxlen: 32
                          94.156.167.0/24 maxlen: 24
                          94.156.179.0/24 maxlen: 24
                          109.206.237.0/24 maxlen: 24
                          141.98.1.0/24 maxlen: 24
                          141.98.6.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.84.0/22 maxlen: 24
                          193.25.216.0/24 maxlen: 24
                          194.55.186.0/24 maxlen: 24
                          194.169.175.0/24 maxlen: 24
                          195.178.121.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:d9:6c:e3:d0:9c:59:11:5d:b6:1a:d3:ff:56:20:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 17 11:24:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30a1791bd41b7bbcb0284d2685263665f6aa4262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:36:14:b6:39:b7:e4:3d:c9:ce:78:1c:00:56:
                    16:6f:9d:38:60:94:e0:95:0f:71:b0:a3:d8:dd:a9:
                    cb:76:14:da:2b:2c:ef:5d:73:d4:d4:31:01:4a:17:
                    49:d4:0a:73:46:44:df:9f:6d:3f:68:06:ff:5f:43:
                    d0:58:e5:52:25:42:4e:51:06:93:ae:e6:51:6a:49:
                    96:2b:8c:dd:41:23:5c:81:c4:96:34:ac:ca:d8:d1:
                    b2:f3:d9:d7:5a:c4:f7:86:dd:45:0e:f2:9d:37:2d:
                    47:8b:37:37:ff:b9:e7:18:63:34:65:51:42:03:90:
                    7e:a6:41:86:67:6f:0c:65:4e:d8:83:e6:1b:81:00:
                    5e:47:b2:65:fe:9e:7e:3a:b6:65:18:9c:a2:6f:f4:
                    04:09:b1:92:a3:e3:38:27:0d:a1:29:fb:5c:08:50:
                    2a:da:ac:dc:62:62:cf:e1:87:8c:00:4e:5b:2e:29:
                    d4:64:e8:fe:39:73:dd:d2:47:81:e0:7f:15:c2:3f:
                    58:aa:ba:18:27:25:ad:0e:6c:a0:3e:a5:40:02:3e:
                    52:64:ec:b2:b6:bd:1a:63:68:7a:b4:ab:4f:c1:5d:
                    7a:cc:d5:77:5b:dd:a6:2e:70:76:61:a4:d9:61:7a:
                    26:5c:f5:42:5e:1a:83:b1:da:c5:61:5d:20:8b:b2:
                    19:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A1:79:1B:D4:1B:7B:BC:B0:28:4D:26:85:26:36:65:F6:AA:42:62
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.132.0/22
                  45.9.156.0/23
                  45.14.164.0/24
                  45.66.228.0/24
                  45.66.230.0/23
                  45.88.64.0/24
                  45.89.247.0/24
                  45.90.89.0/24
                  45.139.106.0/24
                  45.141.158.0/24
                  45.151.89.0-45.151.91.255
                  79.110.50.0/24
                  81.161.238.0/24
                  83.219.97.0/24
                  84.54.48.0/24
                  87.120.87.0/24
                  87.120.112.0-87.120.117.255
                  87.120.120.0/23
                  87.120.125.0-87.120.127.255
                  87.120.166.0/24
                  87.121.45.0/24
                  87.121.87.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  87.121.165.0/24
                  91.92.240.0/20
                  92.119.196.0/23
                  92.249.50.0/24
                  93.123.109.0/24
                  94.154.160.0/22
                  94.156.64.0/21
                  94.156.105.0-94.156.106.255
                  94.156.167.0/24
                  94.156.179.0/24
                  109.206.237.0/24
                  141.98.1.0/24
                  141.98.6.0/24
                  147.78.100.0/24
                  171.22.72.0/22
                  178.215.224.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  193.25.216.0/24
                  194.55.186.0/24
                  194.169.175.0/24
                  195.178.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5e:a3:de:89:2e:ed:fc:d5:59:a3:4d:96:a3:a5:df:60:df:
         0f:65:48:aa:c5:66:4c:b5:fe:36:00:30:70:17:07:22:19:d5:
         d8:b8:87:de:a6:10:7d:1a:da:fa:09:93:c2:4c:72:20:eb:11:
         2d:0a:39:f8:02:0e:7f:76:e4:a7:52:88:24:49:29:9b:a0:fb:
         6b:9e:26:e8:c6:24:8b:6b:c1:5f:49:3b:03:97:98:ac:fe:31:
         df:56:cc:5d:86:5e:8b:92:6f:65:ac:90:2a:62:b2:01:08:b4:
         7e:6f:37:21:93:a8:13:4f:7f:88:e4:5b:8a:f3:c8:03:70:5a:
         67:e5:ca:f9:ce:f3:8e:cd:fd:89:90:72:73:f2:15:f2:71:8f:
         93:f9:fe:e4:a0:11:06:83:06:39:f9:1b:c4:fb:42:44:2e:fc:
         cd:a5:e9:80:2b:cb:7d:4f:22:40:8d:ab:39:04:08:b9:f0:1c:
         8a:f8:e0:16:40:95:2e:84:1b:cd:d5:d0:69:18:5c:f7:69:e3:
         5d:d5:7d:54:ee:a1:f1:bb:db:bf:84:f7:21:86:18:37:d6:50:
         e7:a9:d5:b1:b3:bb:94:72:dc:97:2c:06:5a:a2:1d:43:04:4f:
         86:cb:e2:7b:fb:20:94:e7:b8:4c:b3:ed:f9:c2:48:14:96:f0:
         2d:01:e2:a7
-----BEGIN CERTIFICATE-----
MIIGNTCCBR2gAwIBAgISAZWj2Wzj0JxZEV22GtP/ViDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE3MTEyNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGExNzkxYmQ0MWI3YmJjYjAyODRkMjY4NTI2MzY2NWY2YWE0MjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzYUtjm35D3JzngcAFYWb504YJTg
lQ9xsKPY3anLdhTaKyzvXXPU1DEBShdJ1ApzRkTfn20/aAb/X0PQWOVSJUJOUQaT
ruZRakmWK4zdQSNcgcSWNKzK2NGy89nXWsT3ht1FDvKdNy1Hizc3/7nnGGM0ZVFC
A5B+pkGGZ28MZU7Yg+YbgQBeR7Jl/p5+OrZlGJyib/QECbGSo+M4Jw2hKftcCFAq
2qzcYmLP4YeMAE5bLinUZOj+OXPd0keB4H8Vwj9YqroYJyWtDmygPqVAAj5SZOyy
tr0aY2h6tKtPwV16zNV3W92mLnB2YaTZYXomXPVCXhqDsdrFYV0gi7IZkQIDAQAB
o4IDQTCCAz0wHQYDVR0OBBYEFDCheRvUG3u8sChNJoUmNmX2qkJiMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTUtGNUc5UWJlN3l3S0UwbWhTWTJaZmFxUW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBVQYIKwYBBQUHAQcBAf8EggFEMIIBQDCCATwEAgABMIIB
NAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4
pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5
MgMEAF17bQMEAl6aoAMEA16cQDAMAwQAXpxpAwQAXpxqAwQAXpynAwQAXpyzAwQA
bc7tAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstfgAwQCudhUAwQCudpUAwQA
wRnYAwQAwje6AwQAwqmvAwQAw7J5MA0GCSqGSIb3DQEBCwUAA4IBAQCHXqPeiS7t
/NVZo02Wo6XfYN8PZUiqxWZMtf42ADBwFwciGdXYuIfephB9Gtr6CZPCTHIg6xEt
Cjn4Ag5/duSnUogkSSmboPtrniboxiSLa8FfSTsDl5is/jHfVsxdhl6Lkm9lrJAq
YrIBCLR+bzchk6gTT3+I5FuK88gDcFpn5cr5zvOOzf2JkHJz8hXycY+T+f7koBEG
gwY5+RvE+0JELvzNpemAK8t9TyJAjas5BAi58ByK+OAWQJUuhBvN1dBpGFz3aeNd
1X1U7qHxu9u/hPchhhg31lDnqdWxs7uUctyXLAZaoh1DBE+Gy+J7+yCU57hMs+35
wkgUlvAtAeKn
-----END CERTIFICATE-----
Generated at Mon Apr 28 14:28:47 2025 by rpki-client