Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0J0Qymql27CtEcW-4q2aVBkNNpU.roa
File:                     0J0Qymql27CtEcW-4q2aVBkNNpU.roa (raw, json)
Hash identifier:          lYbVq5Gk35iDAzJLQL4doETJb3bUYrVijWO62kCHtAk=
Subject key identifier:   D0:9D:10:CA:6A:A5:DB:B0:AD:11:C5:BE:E2:AD:9A:54:19:0D:36:95
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018756D1CB964DE6B4D8C1457475613AB708
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0J0Qymql27CtEcW-4q2aVBkNNpU.roa
Signing time:             Thu 06 Apr 2023 13:46:42 +0000
ROA not before:           Thu 06 Apr 2023 13:46:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          45.128.233.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          82.115.209.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          141.98.7.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          45.149.233.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          94.103.125.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          194.49.87.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          185.221.64.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:56:d1:cb:96:4d:e6:b4:d8:c1:45:74:75:61:3a:b7:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  6 13:46:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d09d10ca6aa5dbb0ad11c5bee2ad9a54190d3695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:58:bb:a8:e6:62:fc:f3:2a:56:b2:a8:b7:fe:
                    51:86:05:de:c2:b3:34:a4:ef:0a:78:8c:52:cc:50:
                    7f:7f:9d:e0:48:9c:5c:f1:e3:63:ee:55:0b:3e:c8:
                    cf:88:54:df:0c:07:40:d6:6c:00:4c:9b:f2:f2:40:
                    69:ec:42:3b:ba:3b:db:62:dc:2d:50:1e:a5:26:e0:
                    cf:4a:7b:5a:a0:ac:bf:94:3d:61:f1:2c:79:27:73:
                    50:a3:13:bb:7c:12:42:93:06:26:2a:57:91:28:61:
                    da:67:ba:01:c4:95:83:47:88:4e:79:d3:30:2f:20:
                    2c:b4:c8:b5:ac:33:f4:6c:3d:8e:52:9c:4c:55:ab:
                    38:96:88:b9:36:9a:5b:69:c4:0f:5c:8d:70:4c:a1:
                    94:55:24:a0:da:58:c7:c9:cd:84:80:39:81:3a:5e:
                    5b:d0:51:33:e2:5c:37:eb:cb:98:93:bb:60:66:9b:
                    1a:9f:78:e4:a2:31:d1:8e:75:f6:05:08:79:27:fe:
                    f5:2a:79:07:e5:ad:02:06:89:dd:34:70:01:68:92:
                    ec:9a:b8:b7:df:d4:aa:dc:ba:7e:28:f5:50:ea:78:
                    c0:54:13:5b:81:00:9c:a2:75:79:95:0f:fb:db:7a:
                    29:a1:cc:1d:bb:aa:b8:b0:6b:78:81:92:74:f8:f4:
                    71:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9D:10:CA:6A:A5:DB:B0:AD:11:C5:BE:E2:AD:9A:54:19:0D:36:95
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0J0Qymql27CtEcW-4q2aVBkNNpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.233.0/24
                  45.149.233.0/24
                  45.151.89.0/24
                  82.115.209.0/24
                  84.54.49.0/24
                  87.120.64.0/23
                  87.121.220.0/24
                  92.119.196.0/23
                  94.103.125.0/24
                  94.154.161.0-94.154.163.255
                  94.154.172.0/24
                  141.98.7.0/24
                  147.78.100.0/23
                  171.22.19.0/24
                  171.22.72.0/22
                  178.215.236.0/23
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.221.64.0/24
                  193.25.217.0/24
                  194.49.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:7f:ac:86:d3:17:31:ee:89:ab:e3:51:26:3f:5b:42:80:0c:
         a1:d2:2e:6e:89:fb:36:19:8c:2a:56:c2:fe:ce:61:30:5c:98:
         42:16:33:c7:37:2e:59:09:7c:70:e6:31:5d:0a:4f:f1:15:52:
         56:88:b6:61:3c:64:82:1a:e7:22:8c:f4:2c:ae:70:42:8a:50:
         28:b8:e0:cb:3a:9d:d7:65:ab:b3:4a:d2:cf:7b:ba:81:b8:9b:
         50:a0:c5:e8:d6:6f:1a:16:f7:7e:2e:fd:32:3e:fc:1e:9b:cd:
         f6:21:1a:48:e5:cf:da:df:04:82:23:5e:ba:9a:e3:b8:0c:3c:
         88:13:28:b5:76:81:cb:1b:89:99:ff:e1:8c:f9:5a:61:7e:20:
         4e:ec:16:98:fa:e8:5a:11:dc:7f:6c:8e:56:c3:ce:74:1d:b6:
         b4:96:53:f1:16:e6:c0:fe:f2:58:64:65:5c:93:84:fe:6b:34:
         bf:b7:93:a8:1c:1e:d0:cd:18:fb:6a:68:9f:2a:e9:7f:53:05:
         ce:57:84:13:cd:0c:99:02:c9:d3:c6:90:4a:80:47:12:32:fb:
         97:46:0b:d9:6b:08:ac:94:0a:4b:7e:99:a3:c7:44:dc:ab:16:
         fd:0e:5b:12:24:90:d3:98:4b:26:7a:53:bc:98:f7:12:84:4d:
         4d:4f:98:89
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYdW0cuWTea02MFFdHVhOrcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDA2MTM0NjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDlkMTBjYTZhYTVkYmIwYWQxMWM1YmVlMmFkOWE1NDE5MGQzNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVi7qOZi/PMqVrKot/5RhgXewrM0
pO8KeIxSzFB/f53gSJxc8eNj7lULPsjPiFTfDAdA1mwATJvy8kBp7EI7ujvbYtwt
UB6lJuDPSntaoKy/lD1h8Sx5J3NQoxO7fBJCkwYmKleRKGHaZ7oBxJWDR4hOedMw
LyAstMi1rDP0bD2OUpxMVas4loi5NppbacQPXI1wTKGUVSSg2ljHyc2EgDmBOl5b
0FEz4lw368uYk7tgZpsan3jkojHRjnX2BQh5J/71KnkH5a0CBondNHABaJLsmri3
39Sq3Lp+KPVQ6njAVBNbgQCconV5lQ/723opocwdu6q4sGt4gZJ0+PRxUQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFNCdEMpqpduwrRHFvuKtmlQZDTaVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMEowUXltcWwyN0N0RWNXLTRxMmFWQmtOTnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBmQQCAAEwgZIDBAAt
gOkDBAAtlekDBAAtl1kDBABSc9EDBABUNjEDBAFXeEADBABXedwDBAFcd8QDBABe
Z30wDAMEAF6aoQMEAl6aoAMEAF6arAMEAI1iBwMEAZNOZAMEAKsWEwMEAqsWSAME
AbLX7AMEArnYVAMEArnaVAMEALnaiQMEALnbfgMEALndQAMEAMEZ2QMEAMIxVzAN
BgkqhkiG9w0BAQsFAAOCAQEAkH+shtMXMe6Jq+NRJj9bQoAModIubon7NhmMKlbC
/s5hMFyYQhYzxzcuWQl8cOYxXQpP8RVSVoi2YTxkghrnIoz0LK5wQopQKLjgyzqd
12Wrs0rSz3u6gbibUKDF6NZvGhb3fi79Mj78HpvN9iEaSOXP2t8EgiNeuprjuAw8
iBMotXaByxuJmf/hjPlaYX4gTuwWmProWhHcf2yOVsPOdB22tJZT8RbmwP7yWGRl
XJOE/ms0v7eTqBwe0M0Y+2ponyrpf1MFzleEE80MmQLJ08aQSoBHEjL7l0YL2WsI
rJQKS36Zo8dE3KsW/Q5bEiSQ05hLJnpTvJj3EoRNTU+YiQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:55 2024 by rpki-client on console-fra.rpki-client.org