Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-4F5tAbSoCZV4nVvez2bV4C9AB8.roa
File:                     1-4F5tAbSoCZV4nVvez2bV4C9AB8.roa (raw, json)
Hash identifier:          ESsSSygquIxeNbhM0NxIKdrNHsmkcKyibXQ51vCgzj0=
Subject key identifier:   FB:81:79:B4:06:D2:A0:26:55:E2:75:6F:7B:3D:9B:57:80:BD:00:1F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018C34D79E3375353D3338E74625A1E43F46
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-4F5tAbSoCZV4nVvez2bV4C9AB8.roa
Signing time:             Mon 04 Dec 2023 12:39:54 +0000
ROA not before:           Mon 04 Dec 2023 12:39:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25369
IP address blocks:        194.31.204.0/24 maxlen: 24
                          45.90.88.0/23 maxlen: 24
                          5.252.132.0/22 maxlen: 24
                          193.58.120.0/24 maxlen: 24
                          45.149.241.0/24 maxlen: 24
                          94.156.72.0/22 maxlen: 24
                          193.25.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:34:d7:9e:33:75:35:3d:33:38:e7:46:25:a1:e4:3f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec  4 12:39:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fb8179b406d2a02655e2756f7b3d9b5780bd001f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:93:9c:e1:a8:32:b7:d7:8e:4b:40:c9:f3:c7:
                    18:ba:65:be:40:c4:92:09:72:37:d5:7a:20:b2:fe:
                    17:9a:21:e3:6a:ac:a5:bf:79:e2:e5:55:39:14:9e:
                    9d:5f:bb:b3:31:12:97:49:fc:11:e1:30:4b:e2:06:
                    f5:42:02:35:f7:d8:50:56:eb:42:ee:e9:c4:a0:43:
                    b3:b0:15:0d:8f:07:64:7a:3a:a5:b5:3e:28:85:96:
                    ee:c2:40:5e:3d:9a:25:5c:d2:53:e5:93:58:78:28:
                    c0:7e:a5:c7:a1:29:43:45:44:0f:5c:f9:a9:aa:82:
                    c2:a9:9c:4f:c1:e5:3a:57:b0:f4:8d:da:80:9f:c8:
                    82:68:60:03:a9:d6:07:47:24:52:cf:e6:da:73:b5:
                    55:69:b3:cf:f4:05:c8:b5:1e:50:f4:69:1e:c2:23:
                    4d:64:7d:16:51:cf:c4:c2:59:e4:cc:8a:08:83:64:
                    c0:8b:8e:d6:df:ea:f5:71:44:82:5d:9a:c1:bd:e4:
                    d3:06:91:f3:3b:56:68:71:e6:ef:15:64:a2:5a:63:
                    f8:0d:7b:e6:75:c0:7a:80:9a:f3:64:5c:7b:bf:69:
                    48:0f:9f:2f:2b:2f:16:a5:78:48:6f:69:25:43:ed:
                    21:d6:ec:17:6d:14:ae:de:69:4c:89:60:b5:20:1a:
                    3d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:81:79:B4:06:D2:A0:26:55:E2:75:6F:7B:3D:9B:57:80:BD:00:1F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-4F5tAbSoCZV4nVvez2bV4C9AB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.132.0/22
                  45.90.88.0/23
                  45.149.241.0/24
                  94.156.72.0/22
                  193.25.218.0/24
                  193.58.120.0/24
                  194.31.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:c2:4a:a4:77:ee:82:86:f7:63:02:e1:f9:83:22:89:96:f4:
         9b:94:6b:bf:2e:85:a1:ba:2a:2b:5c:c4:b1:4b:10:5d:d4:9a:
         fb:24:43:5e:21:e6:18:d2:82:df:67:55:fb:bb:9a:29:f4:ad:
         3b:0a:0f:57:cd:8d:82:c8:9d:3f:73:cc:73:6e:f2:f2:f8:5e:
         d4:b1:7e:9e:39:ed:2b:ea:31:0a:95:52:d4:1d:91:ad:8b:9b:
         ef:b6:25:25:b9:29:53:27:d5:30:01:cb:aa:35:6e:ff:61:9b:
         88:37:08:bb:eb:91:d1:e9:62:56:e9:0c:e4:fe:83:e0:0f:53:
         45:c0:2a:37:a8:0f:71:7b:48:1c:0f:86:20:0e:d1:cb:0b:11:
         48:67:90:b9:78:57:02:1f:a9:39:63:2d:2d:a1:9e:16:f6:e0:
         de:3d:1b:bf:ab:92:56:95:f4:74:cf:f8:1a:bd:ae:78:ca:99:
         e7:d1:7f:53:de:88:d1:5d:78:16:ba:40:1f:3d:03:c4:99:f2:
         0f:7f:8c:8a:ee:7f:c4:56:cd:11:a1:e0:87:82:24:b8:f5:b1:
         ab:71:9f:77:2c:ae:7e:46:9f:9b:19:40:86:25:2f:d1:3d:5b:
         8b:6f:15:15:11:d4:af:03:fb:0c:88:51:98:8b:6a:78:ae:82:
         f8:e0:56:2f
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYw0154zdTU9MzjnRiWh5D9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjA0MTIzOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjgxNzliNDA2ZDJhMDI2NTVlMjc1NmY3YjNkOWI1NzgwYmQwMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJOc4agyt9eOS0DJ88cYumW+QMSS
CXI31Xogsv4XmiHjaqylv3ni5VU5FJ6dX7uzMRKXSfwR4TBL4gb1QgI199hQVutC
7unEoEOzsBUNjwdkejqltT4ohZbuwkBePZolXNJT5ZNYeCjAfqXHoSlDRUQPXPmp
qoLCqZxPweU6V7D0jdqAn8iCaGADqdYHRyRSz+bac7VVabPP9AXItR5Q9GkewiNN
ZH0WUc/EwlnkzIoIg2TAi47W3+r1cUSCXZrBveTTBpHzO1ZocebvFWSiWmP4DXvm
dcB6gJrzZFx7v2lID58vKy8WpXhIb2klQ+0h1uwXbRSu3mlMiWC1IBo9fwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFPuBebQG0qAmVeJ1b3s9m1eAvQAfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS00RjV0QWJTb0NaVjRuVnZlejJiVjRDOUFCOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBDBggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAgX8hAME
AS1aWAMEAC2V8QMEAl6cSAMEAMEZ2gMEAME6eAMEAMIfzDANBgkqhkiG9w0BAQsF
AAOCAQEAQsJKpHfugob3YwLh+YMiiZb0m5Rrvy6FoboqK1zEsUsQXdSa+yRDXiHm
GNKC32dV+7uaKfStOwoPV82NgsidP3PMc27y8vhe1LF+njntK+oxCpVS1B2RrYub
77YlJbkpUyfVMAHLqjVu/2GbiDcIu+uR0eliVukM5P6D4A9TRcAqN6gPcXtIHA+G
IA7RywsRSGeQuXhXAh+pOWMtLaGeFvbg3j0bv6uSVpX0dM/4Gr2ueMqZ59F/U96I
0V14FrpAHz0DxJnyD3+Miu5/xFbNEaHgh4IkuPWxq3GfdyyufkafmxlAhiUv0T1b
i28VFRHUrwP7DIhRmItqeK6C+OBWLw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:55 2024 by rpki-client on console-fra.rpki-client.org