Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-Q6fxcSi-FlEZn8yC_5DTe231uQ.roa
File:                     1-Q6fxcSi-FlEZn8yC_5DTe231uQ.roa (raw, json)
Hash identifier:          1tm1+fpjgAifdTVMsxzwnuKcB6f4mSwXDCpw/ObL5gE=
Subject key identifier:   F9:0E:9F:C5:C4:A2:F8:59:44:66:7F:32:0B:FE:43:4D:ED:B7:D6:E4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018606E2BF074495D3D878B52C73A1CBB546
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-Q6fxcSi-FlEZn8yC_5DTe231uQ.roa
Signing time:             Tue 31 Jan 2023 08:12:48 +0000
ROA not before:           Tue 31 Jan 2023 08:12:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        81.161.230.0/24 maxlen: 24
                          94.156.234.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.66.228.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          94.156.160.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:06:e2:bf:07:44:95:d3:d8:78:b5:2c:73:a1:cb:b5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 31 08:12:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f90e9fc5c4a2f85944667f320bfe434dedb7d6e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4d:55:00:c7:4a:09:b8:46:c3:9b:68:9b:ff:
                    67:6e:19:0b:fe:95:8a:a3:a5:3f:be:c4:b6:6b:3b:
                    94:de:19:89:1c:f8:d8:73:19:c9:52:88:f1:df:b5:
                    9d:95:51:1b:49:eb:6c:6a:b9:2a:bc:57:b5:97:6c:
                    fb:27:f2:1b:e8:41:04:39:34:8e:65:06:d7:c9:51:
                    45:87:71:4d:65:34:e1:d2:a5:8b:e1:e6:27:c2:3d:
                    66:f2:f8:94:5e:c9:01:5d:4d:b5:0d:52:a0:73:f5:
                    51:b6:b5:58:95:3f:75:d2:5b:2d:71:c5:45:82:09:
                    b2:c1:fe:ed:a8:61:86:5f:02:fc:6d:0b:58:e4:3f:
                    d0:4e:2c:e5:a3:60:a5:43:0e:eb:ad:cf:98:10:ac:
                    7b:7c:cf:25:0d:73:10:f7:86:1e:5c:0d:6e:be:91:
                    74:bf:cd:4e:bc:1b:b8:c8:90:7f:95:0c:8a:b4:3d:
                    58:60:5f:8e:42:5c:84:90:2d:0c:09:1b:b1:44:e5:
                    f6:06:52:68:38:18:8e:79:39:72:d0:ce:2f:b6:e5:
                    c9:7e:9e:a1:a7:29:e9:e9:df:78:ab:8b:86:03:3f:
                    82:e1:f6:4f:49:c5:1a:09:b6:ed:fc:b1:84:5e:94:
                    22:96:3b:49:95:66:02:01:a5:5e:06:55:f2:88:60:
                    2f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0E:9F:C5:C4:A2:F8:59:44:66:7F:32:0B:FE:43:4D:ED:B7:D6:E4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-Q6fxcSi-FlEZn8yC_5DTe231uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.12.255.0/24
                  45.66.228.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  81.161.230.0/24
                  94.154.162.0/24
                  94.156.160.0/24
                  94.156.234.0/24
                  178.215.226.0/24
                  185.222.160.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.55.224.0/23
                  194.180.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:fb:d3:64:e3:c8:7f:5b:e4:39:69:b2:b4:ac:c7:fc:64:ec:
         08:46:fc:d9:a8:34:eb:b4:9f:9d:85:8f:f8:5c:95:97:66:10:
         32:7a:e8:8a:13:9a:e5:cf:8a:da:65:d4:aa:8f:9e:e3:51:1f:
         74:95:99:ff:2f:04:bd:19:7b:13:ba:e6:c4:28:3e:fa:d9:ba:
         ca:8a:d7:9f:9c:c2:8d:da:45:89:64:01:03:e8:b2:9f:0e:81:
         46:d8:67:ba:4b:33:a6:0a:71:a8:f9:44:f6:9a:d0:3d:46:92:
         40:b6:41:59:d8:53:f4:6a:2f:6b:6e:b9:fc:14:d7:8c:5a:f9:
         7e:98:cd:71:c5:5f:43:5e:63:18:e0:22:97:7b:80:48:9a:50:
         15:58:19:ab:b6:70:b3:d2:34:ae:0a:21:f5:93:e6:48:5a:d5:
         99:61:0d:7e:9d:0a:cb:dc:00:01:8f:86:cd:47:26:93:0e:9d:
         7f:a5:71:69:b7:7f:3b:7b:f0:1d:3b:86:c9:fd:69:52:d0:7f:
         a0:39:a1:23:c7:ab:8a:d1:ee:e4:20:0a:de:7f:61:21:6e:8c:
         88:c0:6f:1a:d1:69:c1:9d:67:7e:97:81:e3:94:f4:50:3f:da:
         5c:a2:b2:7f:50:3b:00:68:d8:94:02:6f:aa:3f:a0:53:41:b0:
         75:ef:a6:4c
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAYYG4r8HRJXT2Hi1LHOhy7VGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTMxMDgxMjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTBlOWZjNWM0YTJmODU5NDQ2NjdmMzIwYmZlNDM0ZGVkYjdkNmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu01VAMdKCbhGw5tom/9nbhkL/pWK
o6U/vsS2azuU3hmJHPjYcxnJUojx37WdlVEbSetsarkqvFe1l2z7J/Ib6EEEOTSO
ZQbXyVFFh3FNZTTh0qWL4eYnwj1m8viUXskBXU21DVKgc/VRtrVYlT910lstccVF
ggmywf7tqGGGXwL8bQtY5D/QTizlo2ClQw7rrc+YEKx7fM8lDXMQ94YeXA1uvpF0
v81OvBu4yJB/lQyKtD1YYF+OQlyEkC0MCRuxROX2BlJoOBiOeTly0M4vtuXJfp6h
pynp6d94q4uGAz+C4fZPScUaCbbt/LGEXpQiljtJlWYCAaVeBlXyiGAvrwIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFPkOn8XEovhZRGZ/Mgv+Q03tt9bkMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS1RNmZ4Y1NpLUZsRVpuOHlDXzVEVGUyMzF1US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBhQYIKwYBBQUHAQcBAf8EdjB0MHIEAgABMGwDBAAtCZwD
BAAtDP8DBAAtQuQDBAAtVFsDBAAtWEADBAAtgVQDBAAtgVYDBABRoeYDBABemqID
BABenKADBABenOoDBACy1+IDBAC53qADBADBKiIDBADBLzwDBADBLz8DBAHCN+AD
BADCtCcwDQYJKoZIhvcNAQELBQADggEBAIr702TjyH9b5DlpsrSsx/xk7AhG/Nmo
NOu0n52Fj/hclZdmEDJ66IoTmuXPitpl1KqPnuNRH3SVmf8vBL0ZexO65sQoPvrZ
usqK15+cwo3aRYlkAQPosp8OgUbYZ7pLM6YKcaj5RPaa0D1GkkC2QVnYU/RqL2tu
ufwU14xa+X6YzXHFX0NeYxjgIpd7gEiaUBVYGau2cLPSNK4KIfWT5kha1ZlhDX6d
CsvcAAGPhs1HJpMOnX+lcWm3fzt78B07hsn9aVLQf6A5oSPHq4rR7uQgCt5/YSFu
jIjAbxrRacGdZ36XgeOU9FA/2lyisn9QOwBo2JQCb6o/oFNBsHXvpkw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:22 2024 by rpki-client on console-ams.rpki-client.org