Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-bFQhHLwnPq59INBedG5PDmBGRE.roa
File:                     1-bFQhHLwnPq59INBedG5PDmBGRE.roa (raw, json)
Hash identifier:          ayterW6BIMDnx4QON1ax9IkK78CefkbBkE8lBgprmBo=
Subject key identifier:   F9:B1:50:84:72:F0:9C:FA:B9:F4:83:41:79:D1:B9:3C:39:81:19:11
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018529D07C289DCFD71DA9425A7D8B29778F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-bFQhHLwnPq59INBedG5PDmBGRE.roa
Signing time:             Mon 19 Dec 2022 09:56:47 +0000
ROA not before:           Mon 19 Dec 2022 09:56:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        194.55.224.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          45.128.96.0/22 maxlen: 24
                          80.76.48.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          85.31.45.0/24 maxlen: 24
                          45.84.89.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          45.139.107.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:29:d0:7c:28:9d:cf:d7:1d:a9:42:5a:7d:8b:29:77:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 19 09:56:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f9b1508472f09cfab9f4834179d1b93c39811911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c0:52:d3:af:50:89:0b:92:13:27:b5:f5:70:
                    36:d6:df:6b:49:e6:3e:41:0f:40:c1:bf:dc:d2:0d:
                    3f:fd:ad:a7:a6:4b:92:69:4b:0f:b3:83:fc:8a:99:
                    79:59:36:a5:25:75:94:0d:9a:8a:1d:8e:87:04:05:
                    92:f0:80:02:dd:30:a4:11:07:a0:e8:9b:2e:d4:89:
                    35:ee:ee:ba:58:d4:6c:fd:f4:40:13:0f:85:0f:ae:
                    5e:64:59:3f:47:c5:18:62:7e:07:2b:52:0d:62:39:
                    4c:e7:fc:0e:22:86:be:9c:97:b1:48:81:79:42:ad:
                    c7:93:5b:ab:08:e5:7a:75:f2:c9:89:a3:c3:88:61:
                    d1:cb:ee:0b:4b:6b:40:d2:0d:c5:69:73:9a:12:79:
                    80:8f:ed:ef:a3:38:6f:9d:f3:84:0e:77:ae:cf:56:
                    25:af:10:90:e2:88:84:79:4b:36:90:aa:62:79:fd:
                    bf:a6:c0:30:b6:3c:bb:42:a4:ef:ef:29:f4:4a:00:
                    40:65:68:2f:db:92:aa:75:0d:61:63:9d:04:1c:8d:
                    4e:98:10:f2:71:7e:7a:e7:86:3c:08:96:c2:2b:f4:
                    a7:72:1e:67:9a:44:b1:dd:94:3a:ef:35:70:aa:f2:
                    cc:2e:4e:64:3e:df:54:9d:7b:81:d0:20:53:74:94:
                    a7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B1:50:84:72:F0:9C:FA:B9:F4:83:41:79:D1:B9:3C:39:81:19:11
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-bFQhHLwnPq59INBedG5PDmBGRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.89.0/24
                  45.128.96.0/22
                  45.139.107.0/24
                  80.76.48.0/24
                  85.31.45.0/24
                  85.31.47.0/24
                  87.120.87.0/24
                  94.154.172.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.239.0/24
                  185.216.69.0-185.216.70.255
                  193.35.19.0/24
                  194.55.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:49:49:91:0a:f2:51:0a:a9:6b:5a:4c:8d:42:e7:fa:ed:e8:
         fc:d2:83:00:bf:26:17:3d:48:66:06:2a:d4:2f:fc:4d:4d:ce:
         e1:4c:9c:00:70:85:6b:d5:ba:3f:85:07:82:38:00:26:c1:b0:
         a3:9b:8b:d1:98:18:bf:f3:b4:4a:8e:d1:62:66:ef:61:1a:b2:
         3a:6f:e0:09:68:6b:b3:82:14:87:48:8a:61:ce:7e:1d:f9:14:
         bb:7e:e6:81:e0:8d:fa:cd:1f:70:5b:1c:87:21:e6:9a:c5:f2:
         9a:f9:d3:20:92:9c:b3:56:d2:67:05:2b:b9:16:73:5e:e3:2a:
         78:5d:95:a1:8d:3f:d1:e7:dc:b3:9b:a0:3d:b0:d2:aa:0b:2f:
         60:99:d2:54:cb:ae:5a:39:6a:c9:cb:3e:5d:54:88:0b:d7:4e:
         d5:19:49:3d:f1:88:77:9a:84:c3:5c:5b:c1:91:5a:03:dd:84:
         2b:6a:49:06:58:d9:ba:2f:c3:5f:f0:c8:98:0e:83:8b:53:c5:
         a6:8c:3e:86:20:c4:3b:83:79:31:17:6b:52:c5:89:e0:f2:79:
         14:0e:f1:70:1d:a8:9d:7e:04:ea:9f:31:12:a4:c5:6a:9c:3a:
         59:74:58:13:a2:0f:1f:9a:b2:cf:e5:89:a4:aa:b8:25:c7:e3:
         73:c7:50:e5
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYUp0Hwonc/XHalCWn2LKXePMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjE5MDk1NjQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWIxNTA4NDcyZjA5Y2ZhYjlmNDgzNDE3OWQxYjkzYzM5ODExOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8BS069QiQuSEye19XA21t9rSeY+
QQ9Awb/c0g0//a2npkuSaUsPs4P8ipl5WTalJXWUDZqKHY6HBAWS8IAC3TCkEQeg
6Jsu1Ik17u66WNRs/fRAEw+FD65eZFk/R8UYYn4HK1INYjlM5/wOIoa+nJexSIF5
Qq3Hk1urCOV6dfLJiaPDiGHRy+4LS2tA0g3FaXOaEnmAj+3vozhvnfOEDneuz1Yl
rxCQ4oiEeUs2kKpief2/psAwtjy7QqTv7yn0SgBAZWgv25KqdQ1hY50EHI1OmBDy
cX5654Y8CJbCK/Snch5nmkSx3ZQ67zVwqvLMLk5kPt9UnXuB0CBTdJSnLQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFPmxUIRy8Jz6ufSDQXnRuTw5gRkRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS1iRlFoSEx3blBxNTlJTkJlZEc1UERtQkdSRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB1BggrBgEFBQcBBwEB/wRmMGQwYgQCAAEwXAMEAC1UWQME
Ai2AYAMEAC2LawMEAFBMMAMEAFUfLQMEAFUfLwMEAFd4VwMEAF6arAMEALLX4QME
ALLX4wMEALLX7zAMAwQAudhFAwQAudhGAwQAwSMTAwQBwjfgMA0GCSqGSIb3DQEB
CwUAA4IBAQCLSUmRCvJRCqlrWkyNQuf67ej80oMAvyYXPUhmBirUL/xNTc7hTJwA
cIVr1bo/hQeCOAAmwbCjm4vRmBi/87RKjtFiZu9hGrI6b+AJaGuzghSHSIphzn4d
+RS7fuaB4I36zR9wWxyHIeaaxfKa+dMgkpyzVtJnBSu5FnNe4yp4XZWhjT/R59yz
m6A9sNKqCy9gmdJUy65aOWrJyz5dVIgL107VGUk98Yh3moTDXFvBkVoD3YQrakkG
WNm6L8Nf8MiYDoOLU8WmjD6GIMQ7g3kxF2tSxYng8nkUDvFwHaidfgTqnzESpMVq
nDpZdFgTog8fmrLP5Ymkqrglx+Nzx1Dl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:56 2024 by rpki-client on console-fra.rpki-client.org