Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0K8jOG4FOl0Gdn5rLGqstqxHwEE.roa
File:                     0K8jOG4FOl0Gdn5rLGqstqxHwEE.roa (raw, json)
Hash identifier:          Kp28lbidD9wcEdJHUULNvKunyNc0JSWPTzQDxJmHacw=
Subject key identifier:   D0:AF:23:38:6E:05:3A:5D:06:76:7E:6B:2C:6A:AC:B6:AC:47:C0:41
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018AA75FD6A0910AC667D09B96ACE73D99D9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0K8jOG4FOl0Gdn5rLGqstqxHwEE.roa
Signing time:             Mon 18 Sep 2023 08:19:50 +0000
ROA not before:           Mon 18 Sep 2023 08:19:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        85.217.145.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a7:5f:d6:a0:91:0a:c6:67:d0:9b:96:ac:e7:3d:99:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 18 08:19:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d0af23386e053a5d06767e6b2c6aacb6ac47c041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:62:aa:a1:71:1e:04:d6:19:40:ac:0c:20:70:
                    f6:fd:c1:66:a0:70:8d:68:9d:f0:00:b7:b8:21:4a:
                    fe:57:a9:68:4d:dc:1b:4d:79:72:92:88:c1:ed:51:
                    ac:a5:bd:57:10:9b:1b:c2:01:69:11:93:e2:35:90:
                    83:61:38:33:d0:ca:5e:46:1f:88:3a:41:f6:5a:03:
                    9e:e9:f7:ad:14:7c:28:fc:e2:27:9e:b6:f2:ae:e4:
                    b3:0e:52:2e:5d:66:07:1f:66:3f:91:78:ba:fe:be:
                    34:6a:02:17:c8:f4:23:51:3d:41:83:ea:a7:9e:82:
                    6b:a3:4f:09:68:97:42:b5:64:b0:90:be:d2:67:5e:
                    61:c2:23:c0:61:a9:f4:fa:86:c5:29:e1:9e:65:04:
                    4f:65:53:17:07:d6:7d:84:d3:f0:f3:3a:f2:0b:84:
                    25:22:b5:ea:8f:88:ea:7d:2f:75:c1:0c:81:f4:92:
                    4e:d0:a3:29:ed:c1:65:39:f3:76:a5:ac:b9:d7:f2:
                    14:e3:71:d1:d4:6e:c9:2d:52:88:43:15:26:02:66:
                    7d:96:84:98:de:46:73:92:40:df:ac:01:89:ad:97:
                    31:d7:8a:65:34:f4:f5:11:ff:da:34:11:47:02:1f:
                    89:a0:c4:6b:b2:a5:b2:4f:cf:07:ce:c8:52:ae:b8:
                    24:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:AF:23:38:6E:05:3A:5D:06:76:7E:6B:2C:6A:AC:B6:AC:47:C0:41
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0K8jOG4FOl0Gdn5rLGqstqxHwEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.90.0/24
                  79.110.50.0/24
                  80.76.50.0/24
                  85.217.145.0/24
                  93.123.85.0/24
                  176.125.252.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  194.48.249.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:58:10:ad:4e:59:44:3b:3c:35:ef:4d:a6:f4:9e:40:05:6a:
         02:8a:be:24:bb:9f:b5:1f:8e:cb:7f:e1:c2:b2:59:ec:2f:ee:
         b4:4f:c9:da:ed:41:fe:24:38:f6:d7:dc:21:1f:44:9c:4e:1b:
         c7:85:8e:23:de:71:39:13:45:40:ad:23:33:b4:b3:57:9b:25:
         36:c0:7b:bd:89:e0:42:6e:2e:c8:21:b4:6c:21:08:5f:b1:05:
         f2:0f:14:8b:1a:b1:29:56:98:28:f2:e7:b2:17:d7:b2:13:b8:
         2d:85:f4:a4:3d:97:8c:2e:8a:70:67:a1:95:73:eb:a5:f8:40:
         d1:ed:9a:02:e3:bc:4f:15:c0:58:76:8a:cf:e9:c2:66:bf:fa:
         2e:70:62:2e:42:d5:3f:96:c4:91:15:9d:63:a9:58:7d:b7:e8:
         2f:10:6f:db:da:e0:69:14:dc:73:9c:3e:d1:42:8c:38:1c:d7:
         19:65:76:58:37:13:19:9b:2b:c5:02:36:56:11:16:0c:02:e2:
         cd:56:08:6c:af:9f:f8:56:19:e4:40:94:0b:51:42:9f:eb:6d:
         69:14:fb:10:2d:d2:cb:20:cb:cf:c2:1e:ab:d0:4d:44:6d:0b:
         3e:0d:ec:8a:d9:6d:c0:d8:0d:61:b3:56:00:00:3e:25:d7:ad:
         6d:40:4e:a9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYqnX9agkQrGZ9CblqznPZnZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTE4MDgxOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGFmMjMzODZlMDUzYTVkMDY3NjdlNmIyYzZhYWNiNmFjNDdjMDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWKqoXEeBNYZQKwMIHD2/cFmoHCN
aJ3wALe4IUr+V6loTdwbTXlykojB7VGspb1XEJsbwgFpEZPiNZCDYTgz0MpeRh+I
OkH2WgOe6fetFHwo/OInnrbyruSzDlIuXWYHH2Y/kXi6/r40agIXyPQjUT1Bg+qn
noJro08JaJdCtWSwkL7SZ15hwiPAYan0+obFKeGeZQRPZVMXB9Z9hNPw8zryC4Ql
IrXqj4jqfS91wQyB9JJO0KMp7cFlOfN2pay51/IU43HR1G7JLVKIQxUmAmZ9loSY
3kZzkkDfrAGJrZcx14plNPT1Ef/aNBFHAh+JoMRrsqWyT88HzshSrrgk9QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNCvIzhuBTpdBnZ+ayxqrLasR8BBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMEs4ak9HNEZPbDBHZG41ckxHcXN0cXhId0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVRaAwQA
T24yAwQAUEwyAwQAVdmRAwQAXXtVAwQAsH38AwQAud6jAwQAwSoiAwQAwjD5AwQA
wjD7MA0GCSqGSIb3DQEBCwUAA4IBAQBVWBCtTllEOzw1702m9J5ABWoCir4ku5+1
H47Lf+HCslnsL+60T8na7UH+JDj219whH0ScThvHhY4j3nE5E0VArSMztLNXmyU2
wHu9ieBCbi7IIbRsIQhfsQXyDxSLGrEpVpgo8ueyF9eyE7gthfSkPZeMLopwZ6GV
c+ul+EDR7ZoC47xPFcBYdorP6cJmv/oucGIuQtU/lsSRFZ1jqVh9t+gvEG/b2uBp
FNxznD7RQow4HNcZZXZYNxMZmyvFAjZWERYMAuLNVghsr5/4VhnkQJQLUUKf621p
FPsQLdLLIMvPwh6r0E1EbQs+DeyK2W3A2A1hs1YAAD4l161tQE6p
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:21 2024 by rpki-client on console-ams.rpki-client.org