Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-oo58aVBKkFYqGGHqQx-w_f737s.roa
File:                     1-oo58aVBKkFYqGGHqQx-w_f737s.roa (raw, json)
Hash identifier:          +x23G+pnlSrEY7IRH3xoO+ozXeqrkLKf5oVlLpxwS9I=
Subject key identifier:   FA:8A:39:F1:A5:41:2A:41:58:A8:61:87:A9:0C:7E:C3:F7:FB:DF:BB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018ACB3D76983472437EABA65538EAC69CC9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-oo58aVBKkFYqGGHqQx-w_f737s.roa
Signing time:             Mon 25 Sep 2023 07:28:37 +0000
ROA not before:           Mon 25 Sep 2023 07:28:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          91.92.24.0/23 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          94.156.177.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cb:3d:76:98:34:72:43:7e:ab:a6:55:38:ea:c6:9c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 25 07:28:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa8a39f1a5412a4158a86187a90c7ec3f7fbdfbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1c:69:09:cd:cd:5e:9a:11:34:95:8a:b1:59:
                    21:8f:0a:73:69:66:08:f3:9d:82:02:c0:a8:e3:64:
                    e8:eb:44:78:f3:3f:67:d9:78:08:c9:8f:46:35:1e:
                    3a:ef:cc:c1:70:49:0e:ca:8f:0a:83:16:bc:cf:87:
                    dd:3d:22:c9:f0:e9:5d:03:c6:57:d2:2f:72:3a:67:
                    d1:b5:8b:d5:72:02:5e:a2:d3:ce:f7:49:8a:03:46:
                    9a:48:27:e1:ff:fa:6a:20:18:90:34:ed:21:49:a3:
                    ae:64:8f:eb:ea:a9:c3:49:40:69:a7:be:00:b7:7c:
                    4e:95:dc:09:b7:92:fc:34:25:3e:bd:82:3c:ff:e7:
                    8f:60:b3:95:d3:06:69:52:ff:57:78:bd:59:c1:41:
                    9d:96:82:25:bb:46:bc:93:c3:4a:2d:fd:98:87:21:
                    ae:3e:47:d0:c4:00:36:c2:ec:9a:c0:17:fc:ab:8b:
                    2c:ad:82:00:69:a0:07:ab:6b:18:a9:59:f8:89:51:
                    0b:db:83:c5:f5:08:a4:89:4b:de:fe:7b:07:88:c6:
                    37:bd:8e:03:9f:7f:fe:39:a1:27:56:72:22:81:d8:
                    0b:db:1a:fd:d2:64:da:d5:20:01:0f:c5:3e:cf:da:
                    87:b8:ce:b0:30:72:06:b0:11:b4:f2:96:71:76:65:
                    ce:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:8A:39:F1:A5:41:2A:41:58:A8:61:87:A9:0C:7E:C3:F7:FB:DF:BB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-oo58aVBKkFYqGGHqQx-w_f737s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  87.120.87.0/24
                  87.121.45.0/24
                  87.121.59.0/24
                  91.92.24.0/23
                  92.119.196.0/23
                  93.123.116.0/24
                  94.154.161.0-94.154.163.255
                  94.156.78.0/24
                  94.156.177.0/24
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.219.126.0/24
                  194.169.174.0/24
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:de:04:b1:e6:58:f0:ef:90:5a:95:66:bc:ff:d1:a7:e3:d9:
         48:21:51:0b:5a:35:00:8f:f4:6a:5a:b0:6d:43:d1:0d:0d:4e:
         25:17:91:c9:68:2a:54:9f:b4:4d:b6:89:50:cd:3f:43:b1:25:
         5e:f1:fc:3a:ae:3a:0b:44:47:53:91:00:d7:14:f7:df:e7:ba:
         cd:7c:bc:77:ba:94:cd:d9:8d:60:db:53:c8:a4:fb:2e:66:09:
         26:fc:0c:51:42:bf:16:86:8d:a1:66:4e:ee:bb:74:b0:e9:4c:
         0d:49:95:8f:07:43:0e:67:d7:e1:fa:93:cb:62:62:5a:91:94:
         76:fd:1d:76:0d:f7:cb:6a:d3:3a:e3:8b:a5:df:55:ae:07:07:
         08:35:2a:09:a7:9b:40:43:45:70:9a:e0:60:1b:60:20:a2:3c:
         62:ce:cf:ba:25:98:5d:5a:71:71:29:a9:4a:a1:1f:63:f4:8a:
         80:06:b8:74:2d:d0:55:52:52:ae:5f:8f:e3:99:87:20:e8:e5:
         39:81:a5:41:59:f5:c6:cf:cb:1a:f3:a8:d0:43:39:a6:bb:83:
         66:f1:38:e0:9a:d7:68:0e:99:f2:13:e9:61:a4:3b:5a:d3:4b:
         bb:1f:00:36:f0:61:94:39:be:5c:2f:d5:a5:83:d2:85:ef:07:
         30:db:42:b0
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgISAYrLPXaYNHJDfqumVTjqxpzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTI1MDcyODM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYThhMzlmMWE1NDEyYTQxNThhODYxODdhOTBjN2VjM2Y3ZmJkZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshxpCc3NXpoRNJWKsVkhjwpzaWYI
852CAsCo42To60R48z9n2XgIyY9GNR4678zBcEkOyo8Kgxa8z4fdPSLJ8OldA8ZX
0i9yOmfRtYvVcgJeotPO90mKA0aaSCfh//pqIBiQNO0hSaOuZI/r6qnDSUBpp74A
t3xOldwJt5L8NCU+vYI8/+ePYLOV0wZpUv9XeL1ZwUGdloIlu0a8k8NKLf2YhyGu
PkfQxAA2wuyawBf8q4ssrYIAaaAHq2sYqVn4iVEL24PF9QikiUve/nsHiMY3vY4D
n3/+OaEnVnIigdgL2xr90mTa1SABD8U+z9qHuM6wMHIGsBG08pZxdmXOrwIDAQAB
o4ICkTCCAo0wHQYDVR0OBBYEFPqKOfGlQSpBWKhhh6kMfsP3+9+7MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS1vbzU4YVZCS2tGWXFHR0hxUXgtd19mNzM3cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBpQYIKwYBBQUHAQcBAf8EgZUwgZIwgY8EAgABMIGIAwQA
LZdZAwQAV3hXAwQAV3ktAwQAV3k7AwQBW1wYAwQBXHfEAwQAXXt0MAwDBABemqED
BAJemqADBABenE4DBABenLEDBABenO8wDAMEApNOZAMEAJNOZgMEAqsWSAMEALLX
4AMEALLX7AMEArnYVAMEArnaVAMEALnbfgMEAMKprgMEAMK0MjANBgkqhkiG9w0B
AQsFAAOCAQEAh94EseZY8O+QWpVmvP/Rp+PZSCFRC1o1AI/0alqwbUPRDQ1OJReR
yWgqVJ+0TbaJUM0/Q7ElXvH8Oq46C0RHU5EA1xT33+e6zXy8d7qUzdmNYNtTyKT7
LmYJJvwMUUK/FoaNoWZO7rt0sOlMDUmVjwdDDmfX4fqTy2JiWpGUdv0ddg33y2rT
OuOLpd9VrgcHCDUqCaebQENFcJrgYBtgIKI8Ys7PuiWYXVpxcSmpSqEfY/SKgAa4
dC3QVVJSrl+P45mHIOjlOYGlQVn1xs/LGvOo0EM5pruDZvE44JrXaA6Z8hPpYaQ7
WtNLux8ANvBhlDm+XC/VpYPShe8HMNtCsA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:56 2024 by rpki-client on console-fra.rpki-client.org