Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-f1a6IPDDoyT0xOZLnTJdAo9zJw.roa
File:                     1-f1a6IPDDoyT0xOZLnTJdAo9zJw.roa (raw, json)
Hash identifier:          rge/7OOSlF8e4tByvAKrXF+4n7EU74BOouSH+fmZU6o=
Subject key identifier:   F9:FD:5A:E8:83:C3:0E:8C:93:D3:13:99:2E:74:C9:74:0A:3D:CC:9C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01856D81D73BF2D756636FB5A933D511A420
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-f1a6IPDDoyT0xOZLnTJdAo9zJw.roa
Signing time:             Sun 01 Jan 2023 13:25:03 +0000
ROA not before:           Sun 01 Jan 2023 13:25:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20454
IP address blocks:        81.161.237.0/24 maxlen: 24
                          94.103.124.0/23 maxlen: 24
                          87.121.58.0/24 maxlen: 24
                          93.123.81.0/24 maxlen: 24
                          83.219.98.0/23 maxlen: 24
                          87.120.5.0/24 maxlen: 24
                          176.125.252.0/22 maxlen: 24
                          94.156.182.0/23 maxlen: 24
                          194.55.184.0/24 maxlen: 24
                          94.154.174.0/23 maxlen: 24
                          194.59.30.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:d7:3b:f2:d7:56:63:6f:b5:a9:33:d5:11:a4:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 13:25:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f9fd5ae883c30e8c93d313992e74c9740a3dcc9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:78:36:39:e7:ed:7d:c8:cd:c8:49:be:37:fb:
                    72:42:52:5a:64:a5:b7:96:2e:bf:a2:58:f9:29:11:
                    29:56:37:fe:c1:86:ec:ed:8d:ca:e5:c0:8c:62:28:
                    2e:76:f1:4e:e6:e8:13:63:b7:8b:c7:7b:dd:43:a1:
                    b6:fb:5b:b3:8a:22:91:70:26:20:c7:4d:98:02:a1:
                    2d:7f:64:2e:17:d7:8d:35:70:58:3c:47:ca:95:70:
                    0f:99:9c:2e:8f:74:a1:8d:c3:b3:8c:17:ba:33:96:
                    96:37:3b:d2:8d:b9:b1:6e:8f:49:5c:ee:91:cf:78:
                    f2:90:92:bf:98:ae:7a:e4:25:cd:e7:db:ad:92:39:
                    c9:e6:2f:23:9e:cd:a1:69:c4:62:8d:8a:49:17:67:
                    fe:52:22:78:66:ae:44:70:5b:8d:2b:3d:96:c0:b3:
                    58:20:df:a0:bc:8a:43:48:9f:12:e1:a3:fe:49:e6:
                    be:6d:42:77:d4:5a:07:2c:f0:8c:65:3f:d8:8a:50:
                    fa:92:22:d4:db:cf:68:a4:d5:6b:5d:eb:57:eb:2d:
                    bb:0f:df:77:75:45:fe:f0:e7:b7:0c:ba:5c:d2:e6:
                    ed:2e:a7:93:33:9b:3f:88:72:58:f2:4d:8a:48:32:
                    1b:e3:6e:c2:bb:00:f7:14:97:2a:24:cf:58:bf:df:
                    02:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FD:5A:E8:83:C3:0E:8C:93:D3:13:99:2E:74:C9:74:0A:3D:CC:9C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-f1a6IPDDoyT0xOZLnTJdAo9zJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.237.0/24
                  83.219.98.0/23
                  87.120.5.0/24
                  87.121.58.0/24
                  93.123.81.0/24
                  94.103.124.0/23
                  94.154.174.0/23
                  94.156.182.0/23
                  176.125.252.0/22
                  194.55.184.0/24
                  194.59.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:fb:cc:43:ef:b6:b2:d7:68:d4:8e:0c:99:69:ce:bf:2f:1c:
         a4:20:77:8e:d2:9c:e5:12:58:21:32:93:d1:8b:63:86:e3:0e:
         5d:d6:a9:8a:d6:97:a9:54:8b:fd:96:44:ae:b2:3a:2a:38:4b:
         26:c0:b1:01:7f:01:29:4c:95:27:83:e4:17:de:25:6d:69:94:
         12:1c:1f:25:55:dc:89:84:ec:da:01:a5:4b:be:c5:91:1e:18:
         8d:18:0a:53:5c:8e:e8:51:bb:3c:b8:b3:5a:3f:13:25:37:87:
         8c:21:4f:ae:ab:24:61:14:f5:5d:e4:8f:30:59:cb:26:dc:aa:
         df:f0:2a:97:72:0b:b4:6f:d2:f3:d9:ab:26:78:80:1c:dd:85:
         2a:06:5a:0e:9b:8d:06:96:c4:10:91:09:fc:12:e4:81:78:09:
         8a:8f:60:a2:cd:7f:2f:dc:88:22:c9:ce:0c:33:2b:47:c6:b0:
         bc:a9:fd:28:55:c6:06:fb:c1:f8:27:90:71:89:0a:7d:c6:27:
         00:76:73:fa:e5:10:96:6f:02:e9:c1:d5:e0:cf:93:fd:61:72:
         ce:3b:b0:4d:81:56:fb:61:4f:d3:77:57:4f:46:1e:50:1c:9e:
         5c:c1:ed:54:21:b7:e4:e5:60:26:ed:35:c8:d0:90:5a:97:34:
         b2:f5:12:c0
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYVtgdc78tdWY2+1qTPVEaQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWZkNWFlODgzYzMwZThjOTNkMzEzOTkyZTc0Yzk3NDBhM2RjYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXg2OeftfcjNyEm+N/tyQlJaZKW3
li6/olj5KREpVjf+wYbs7Y3K5cCMYigudvFO5ugTY7eLx3vdQ6G2+1uziiKRcCYg
x02YAqEtf2QuF9eNNXBYPEfKlXAPmZwuj3ShjcOzjBe6M5aWNzvSjbmxbo9JXO6R
z3jykJK/mK565CXN59utkjnJ5i8jns2hacRijYpJF2f+UiJ4Zq5EcFuNKz2WwLNY
IN+gvIpDSJ8S4aP+Sea+bUJ31FoHLPCMZT/YilD6kiLU289opNVrXetX6y27D993
dUX+8Oe3DLpc0ubtLqeTM5s/iHJY8k2KSDIb427CuwD3FJcqJM9Yv98CkQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFPn9WuiDww6Mk9MTmS50yXQKPcycMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS1mMWE2SVBERG95VDB4T1pMblRKZEFvOXpKdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBbBggrBgEFBQcBBwEB/wRMMEowSAQCAAEwQgMEAFGh7QME
AVPbYgMEAFd4BQMEAFd5OgMEAF17UQMEAV5nfAMEAV6argMEAV6ctgMEArB9/AME
AMI3uAMEAcI7HjANBgkqhkiG9w0BAQsFAAOCAQEADvvMQ++2stdo1I4MmWnOvy8c
pCB3jtKc5RJYITKT0YtjhuMOXdapitaXqVSL/ZZErrI6KjhLJsCxAX8BKUyVJ4Pk
F94lbWmUEhwfJVXciYTs2gGlS77FkR4YjRgKU1yO6FG7PLizWj8TJTeHjCFPrqsk
YRT1XeSPMFnLJtyq3/Aql3ILtG/S89mrJniAHN2FKgZaDpuNBpbEEJEJ/BLkgXgJ
io9gos1/L9yIIsnODDMrR8awvKn9KFXGBvvB+CeQcYkKfcYnAHZz+uUQlm8C6cHV
4M+T/WFyzjuwTYFW+2FP03dXT0YeUByeXMHtVCG35OVgJu01yNCQWpc0svUSwA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:56 2024 by rpki-client on console-fra.rpki-client.org