Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1hLp8uPfYTOAzoLThn9fSozO15o.roa
File:                     1hLp8uPfYTOAzoLThn9fSozO15o.roa (raw, json)
Hash identifier:          zPW353mhYZU3s6Ao1Oxc/IiP3rLDERjVf8neCi91fH8=
Subject key identifier:   D6:12:E9:F2:E3:DF:61:33:80:CE:82:D3:86:7F:5F:4A:8C:CE:D7:9A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018BF700B91539970029285FFBA1AA8F7293
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1hLp8uPfYTOAzoLThn9fSozO15o.roa
Signing time:             Wed 22 Nov 2023 12:28:21 +0000
ROA not before:           Wed 22 Nov 2023 12:28:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          91.92.24.0/23 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          185.226.173.0/24 maxlen: 24
                          185.226.175.0/24 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          45.88.90.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f7:00:b9:15:39:97:00:29:28:5f:fb:a1:aa:8f:72:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 22 12:28:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d612e9f2e3df613380ce82d3867f5f4a8cced79a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:db:26:dd:9c:fa:74:25:fe:b0:7f:3e:61:39:
                    bd:d6:4d:50:97:62:c2:8d:f0:22:c5:3d:b3:13:87:
                    a7:7d:21:34:41:bb:36:b3:34:45:5f:b6:f1:cd:73:
                    06:8d:21:41:09:42:42:4f:02:11:61:fa:52:51:47:
                    33:23:db:e9:9a:db:26:d0:f9:8c:4e:ad:f4:67:82:
                    d9:a0:32:49:2d:1a:17:b9:08:57:04:84:dd:40:99:
                    73:f0:ba:9f:c8:66:ae:55:63:89:50:86:5f:50:5d:
                    f3:80:f9:99:16:a9:22:9d:68:d4:f4:bf:95:92:e8:
                    e4:13:2c:c4:39:22:50:77:71:50:2c:51:09:a6:c6:
                    35:c3:6b:f5:37:93:ba:b5:ad:ac:c1:a5:0a:81:c4:
                    22:5a:75:af:5a:10:66:6b:11:47:bf:d0:16:da:7a:
                    10:90:de:d6:2f:2e:d7:72:c9:1a:12:b2:1c:0e:8a:
                    67:70:29:78:83:5a:03:f5:43:cf:c4:0a:16:97:33:
                    a4:8e:07:be:aa:a5:42:38:0f:b5:90:45:6c:22:f3:
                    1e:68:6c:49:2a:19:23:cb:b8:87:fe:fa:61:8d:2f:
                    c6:a1:6f:2d:5c:0e:e0:b6:0a:6c:20:a4:b8:b1:7a:
                    f0:61:ae:5c:16:5e:41:c3:6d:7d:1f:9b:b7:33:f9:
                    19:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:12:E9:F2:E3:DF:61:33:80:CE:82:D3:86:7F:5F:4A:8C:CE:D7:9A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1hLp8uPfYTOAzoLThn9fSozO15o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.90.0/24
                  45.151.89.0/24
                  87.120.87.0/24
                  87.121.45.0/24
                  87.121.59.0/24
                  87.121.220.0/23
                  91.92.24.0/23
                  92.119.196.0/23
                  93.123.116.0/24
                  94.154.161.0-94.154.163.255
                  94.156.78.0/24
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.226.173.0/24
                  185.226.175.0/24
                  185.246.223.0/24
                  185.252.176.0/24
                  194.169.174.0/24
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:31:87:c4:cf:da:98:0b:fa:fd:8d:f6:df:34:43:f0:3a:3a:
         e6:75:49:ea:14:90:73:2b:48:8d:b1:62:b0:af:9e:b2:14:f5:
         08:24:69:6e:29:72:e3:79:e6:68:bb:a7:19:99:39:8b:75:2d:
         88:11:e0:fc:ec:a3:b5:c1:25:1c:e7:2e:77:30:a2:29:e9:b3:
         f2:02:a5:72:31:c6:79:2c:51:b1:38:23:db:d3:2a:c7:8a:d0:
         b9:e1:53:af:19:78:ba:12:1f:db:a3:b5:31:3c:92:a4:c6:81:
         50:14:9a:6c:6b:bc:8e:bf:0e:1c:14:15:de:fd:25:73:73:c2:
         33:56:2f:ff:06:81:d4:3c:a3:b2:57:cb:66:30:77:48:d6:d0:
         db:e6:42:0a:fa:46:1f:ac:4b:42:00:e9:c9:0b:a4:b5:3f:e1:
         f1:f8:ed:ad:fe:da:22:9e:ed:e1:af:87:1b:6c:fc:f1:30:16:
         cc:60:6a:97:a8:b8:bb:0a:cd:9d:a2:b9:5d:2a:14:b5:f5:da:
         8f:46:04:29:d8:d2:3c:ec:b1:95:c2:58:f4:2d:f7:47:0b:e8:
         61:1b:d6:06:ce:f7:95:cc:76:f2:a9:31:0f:10:28:42:b9:75:
         cc:69:cb:dd:25:23:12:58:f3:20:9b:a7:51:1f:4d:56:64:85:
         25:fe:1d:fa
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYv3ALkVOZcAKShf+6Gqj3KTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTIyMTIyODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjEyZTlmMmUzZGY2MTMzODBjZTgyZDM4NjdmNWY0YThjY2VkNzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotsm3Zz6dCX+sH8+YTm91k1Ql2LC
jfAixT2zE4enfSE0Qbs2szRFX7bxzXMGjSFBCUJCTwIRYfpSUUczI9vpmtsm0PmM
Tq30Z4LZoDJJLRoXuQhXBITdQJlz8LqfyGauVWOJUIZfUF3zgPmZFqkinWjU9L+V
kujkEyzEOSJQd3FQLFEJpsY1w2v1N5O6ta2swaUKgcQiWnWvWhBmaxFHv9AW2noQ
kN7WLy7XcskaErIcDopncCl4g1oD9UPPxAoWlzOkjge+qqVCOA+1kEVsIvMeaGxJ
Khkjy7iH/vphjS/GoW8tXA7gtgpsIKS4sXrwYa5cFl5Bw219H5u3M/kZMQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFNYS6fLj32EzgM6C04Z/X0qMzteaMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMWhMcDh1UGZZVE9Bem9MVGhuOWZTb3pPMTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBAAt
WFoDBAAtl1kDBABXeFcDBABXeS0DBABXeTsDBAFXedwDBAFbXBgDBAFcd8QDBABd
e3QwDAMEAF6aoQMEAl6aoAMEAF6cTgMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZI
AwQAstfgAwQAstfsAwQCudhUAwQCudpUAwQAueKtAwQAueKvAwQAufbfAwQAufyw
AwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQAoMYfEz9qYC/r9jfbfNEPw
OjrmdUnqFJBzK0iNsWKwr56yFPUIJGluKXLjeeZou6cZmTmLdS2IEeD87KO1wSUc
5y53MKIp6bPyAqVyMcZ5LFGxOCPb0yrHitC54VOvGXi6Eh/bo7UxPJKkxoFQFJps
a7yOvw4cFBXe/SVzc8IzVi//BoHUPKOyV8tmMHdI1tDb5kIK+kYfrEtCAOnJC6S1
P+Hx+O2t/toinu3hr4cbbPzxMBbMYGqXqLi7Cs2dorldKhS19dqPRgQp2NI87LGV
wlj0LfdHC+hhG9YGzveVzHbyqTEPEChCuXXMacvdJSMSWPMgm6dRH01WZIUl/h36
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:22 2024 by rpki-client on console-ams.rpki-client.org