Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1emRWfjeA5MHD8WwRfQhTjfc87c.roa
File:                     1emRWfjeA5MHD8WwRfQhTjfc87c.roa (raw, json)
Hash identifier:          Pu4UIyGoqFlf11hKCa1EUJHlEfdxTkaQrQDIUZT6dr8=
Subject key identifier:   D5:E9:91:59:F8:DE:03:93:07:0F:C5:B0:45:F4:21:4E:37:DC:F3:B7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01853F7AACAEB653837DAD609DCE9E453EF7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1emRWfjeA5MHD8WwRfQhTjfc87c.roa
Signing time:             Fri 23 Dec 2022 14:54:42 +0000
ROA not before:           Fri 23 Dec 2022 14:54:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25369
IP address blocks:        45.90.88.0/22 maxlen: 24
                          45.12.254.0/24 maxlen: 24
                          193.58.120.0/24 maxlen: 24
                          147.78.100.0/23 maxlen: 24
                          84.21.173.0/24 maxlen: 24
                          194.31.204.0/24 maxlen: 24
                          195.178.121.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          194.169.173.0/24 maxlen: 24
                          82.115.208.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          171.22.31.0/24 maxlen: 24
                          81.161.238.0/23 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          141.98.4.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          141.98.7.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          45.149.233.0/24 maxlen: 24
                          45.149.241.0/24 maxlen: 24
                          193.222.98.0/23 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          185.221.67.0/24 maxlen: 24
                          79.110.48.0/23 maxlen: 24
                          194.49.87.0/24 maxlen: 24
                          194.49.95.0/24 maxlen: 24
                          193.25.218.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3f:7a:ac:ae:b6:53:83:7d:ad:60:9d:ce:9e:45:3e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 23 14:54:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d5e99159f8de0393070fc5b045f4214e37dcf3b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:88:19:e3:83:ac:99:56:cf:6d:8a:9f:85:7f:
                    6b:9c:75:93:eb:60:15:aa:57:60:d7:65:c6:d8:31:
                    88:cc:8d:96:c6:f0:a0:96:ff:a1:e6:9e:1b:c4:3f:
                    fa:19:69:1d:3c:cb:bb:46:64:92:80:a3:23:54:77:
                    58:84:65:d0:35:72:8b:e2:6a:82:ad:e6:61:af:ba:
                    c3:6d:0b:99:12:fa:fe:e3:0a:74:85:53:6d:d5:68:
                    15:2e:75:3d:a0:c8:6e:34:91:3e:02:6e:63:26:cb:
                    6a:97:98:69:d2:ef:06:7c:6f:ba:35:39:83:23:f8:
                    e9:c7:51:fc:2a:3e:7c:ac:5f:bd:1b:e4:4f:90:4c:
                    a7:fa:29:55:6a:42:0c:97:19:35:97:37:f1:11:c6:
                    77:69:c6:08:14:31:d7:97:0d:2b:07:d5:be:c8:86:
                    a5:16:6a:d3:56:4a:ca:9a:8f:cb:21:de:99:6c:2d:
                    4d:a1:e2:d8:1f:54:69:89:d5:ae:31:0a:c5:c0:7b:
                    c3:05:4a:b6:89:97:71:db:8f:4c:ef:f4:3d:aa:47:
                    b0:57:7a:cf:53:44:f7:f2:eb:8b:9d:69:a4:43:68:
                    75:76:5e:a3:5a:a6:2f:d1:2d:ba:87:3a:ac:53:22:
                    51:2d:0f:9a:e5:de:bf:81:55:93:50:6c:4f:52:33:
                    99:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E9:91:59:F8:DE:03:93:07:0F:C5:B0:45:F4:21:4E:37:DC:F3:B7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1emRWfjeA5MHD8WwRfQhTjfc87c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.254.0/24
                  45.90.88.0/22
                  45.149.233.0/24
                  45.149.241.0/24
                  79.110.48.0/23
                  81.161.238.0/23
                  82.115.208.0/24
                  84.21.173.0/24
                  84.54.49.0/24
                  87.121.220.0/24
                  109.206.239.0/24
                  141.98.4.0/24
                  141.98.7.0/24
                  147.78.100.0/23
                  171.22.18.0/24
                  171.22.31.0/24
                  178.215.226.0/24
                  178.215.237.0/24
                  185.221.67.0/24
                  193.25.217.0-193.25.218.255
                  193.47.63.0/24
                  193.58.120.0/24
                  193.222.98.0/23
                  194.31.204.0/24
                  194.48.248.0/24
                  194.49.87.0/24
                  194.49.95.0/24
                  194.55.227.0/24
                  194.169.173.0-194.169.174.255
                  195.178.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d1:f3:e5:f7:37:82:d9:f1:cf:e5:87:bc:09:2c:72:01:64:
         4d:18:aa:3c:c6:8b:25:88:1f:4b:c3:a9:e5:f7:31:1f:93:80:
         f1:6c:f0:6d:fc:07:fd:6d:2c:1a:46:0d:fd:04:f0:ba:a7:1a:
         71:f5:4f:2b:a9:4e:0a:27:87:af:3c:c8:1e:3f:9a:2b:9a:14:
         43:01:5d:4e:f0:a9:1b:bc:0b:54:6e:24:7d:dd:43:4c:fc:fb:
         98:72:5d:3f:55:71:06:14:ee:91:30:ac:46:f9:bc:9f:ea:12:
         c1:4b:61:5c:29:31:8e:55:8c:c0:f1:93:ec:16:08:38:93:9e:
         e7:ab:92:3c:b0:e6:c7:04:8e:c1:15:d2:37:78:9d:b7:92:4a:
         65:71:4c:a5:0b:38:e8:1b:cb:fa:a2:d4:88:0f:16:12:a3:7d:
         47:e8:60:e1:c1:de:fe:8b:3d:c4:60:51:3e:7a:90:9f:b4:e9:
         69:12:33:7d:f7:52:9b:de:32:93:10:67:b5:08:9b:aa:fb:5b:
         1e:48:eb:3e:45:20:b7:20:40:70:88:6d:c5:3c:03:08:8b:4f:
         47:09:4a:f0:99:73:80:4c:d5:59:0c:55:bd:7e:44:6c:29:41:
         d2:f8:f0:4c:18:ad:51:59:5b:76:3e:78:39:39:80:4c:76:aa:
         d4:e3:78:27
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAYU/eqyutlODfa1gnc6eRT73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjIzMTQ1NDQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWU5OTE1OWY4ZGUwMzkzMDcwZmM1YjA0NWY0MjE0ZTM3ZGNmM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIgZ44OsmVbPbYqfhX9rnHWT62AV
qldg12XG2DGIzI2WxvCglv+h5p4bxD/6GWkdPMu7RmSSgKMjVHdYhGXQNXKL4mqC
reZhr7rDbQuZEvr+4wp0hVNt1WgVLnU9oMhuNJE+Am5jJstql5hp0u8GfG+6NTmD
I/jpx1H8Kj58rF+9G+RPkEyn+ilVakIMlxk1lzfxEcZ3acYIFDHXlw0rB9W+yIal
FmrTVkrKmo/LId6ZbC1NoeLYH1RpidWuMQrFwHvDBUq2iZdx249M7/Q9qkewV3rP
U0T38uuLnWmkQ2h1dl6jWqYv0S26hzqsUyJRLQ+a5d6/gVWTUGxPUjOZwwIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFNXpkVn43gOTBw/FsEX0IU433PO3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMWVtUldmamVBNU1IRDhXd1JmUWhUamZjODdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBywQCAAEwgcQDBAAt
DP4DBAItWlgDBAAtlekDBAAtlfEDBAFPbjADBAFRoe4DBABSc9ADBABUFa0DBABU
NjEDBABXedwDBABtzu8DBACNYgQDBACNYgcDBAGTTmQDBACrFhIDBACrFh8DBACy
1+IDBACy1+0DBAC53UMwDAMEAMEZ2QMEAMEZ2gMEAMEvPwMEAME6eAMEAcHeYgME
AMIfzAMEAMIw+AMEAMIxVwMEAMIxXwMEAMI34zAMAwQAwqmtAwQAwqmuAwQAw7J5
MA0GCSqGSIb3DQEBCwUAA4IBAQA80fPl9zeC2fHP5Ye8CSxyAWRNGKo8xosliB9L
w6nl9zEfk4DxbPBt/Af9bSwaRg39BPC6pxpx9U8rqU4KJ4evPMgeP5ormhRDAV1O
8KkbvAtUbiR93UNM/PuYcl0/VXEGFO6RMKxG+byf6hLBS2FcKTGOVYzA8ZPsFgg4
k57nq5I8sObHBI7BFdI3eJ23kkplcUylCzjoG8v6otSIDxYSo31H6GDhwd7+iz3E
YFE+epCftOlpEjN991Kb3jKTEGe1CJuq+1seSOs+RSC3IEBwiG3FPAMIi09HCUrw
mXOATNVZDFW9fkRsKUHS+PBMGK1RWVt2Png5OYBMdqrU43gn
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:22 2024 by rpki-client on console-ams.rpki-client.org