Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1jpUngGrDI5uIMH0qI1hp0ivBWg.roa
File:                     1jpUngGrDI5uIMH0qI1hp0ivBWg.roa (raw, json)
Hash identifier:          EekTBt0ed2Y4Vg526FVAar83v5n7CZWyt2sEbNrcpiE=
Subject key identifier:   D6:3A:54:9E:01:AB:0C:8E:6E:20:C1:F4:A8:8D:61:A7:48:AF:05:68
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01882F455B5515A96C2051BC547FBC6709AD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1jpUngGrDI5uIMH0qI1hp0ivBWg.roa
Signing time:             Thu 18 May 2023 14:30:54 +0000
ROA not before:           Thu 18 May 2023 14:30:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34224
IP address blocks:        212.73.131.0/24 maxlen: 24
                          212.73.128.0/23 maxlen: 24
                          212.73.132.0/24 maxlen: 24
                          212.73.130.0/23 maxlen: 24
                          212.73.136.0/24 maxlen: 24
                          87.120.176.0/24 maxlen: 24
                          212.73.133.0/24 maxlen: 24
                          212.73.138.0/23 maxlen: 24
                          212.73.138.0/24 maxlen: 24
                          212.73.134.0/24 maxlen: 24
                          212.73.143.0/24 maxlen: 24
                          212.73.140.0/24 maxlen: 24
                          212.73.144.0/24 maxlen: 24
                          212.73.141.0/24 maxlen: 24
                          212.73.145.0/24 maxlen: 24
                          212.73.142.0/24 maxlen: 24
                          212.73.147.0/24 maxlen: 24
                          212.73.148.0/24 maxlen: 24
                          212.73.146.0/24 maxlen: 24
                          212.73.155.0/24 maxlen: 24
                          212.73.157.0/24 maxlen: 24
                          87.120.195.0/24 maxlen: 24
                          87.120.199.0/24 maxlen: 24
                          87.120.206.0/24 maxlen: 24
                          87.120.206.0/23 maxlen: 24
                          87.120.201.0/24 maxlen: 24
                          87.120.200.0/24 maxlen: 24
                          87.120.207.0/24 maxlen: 24
                          87.120.109.0/24 maxlen: 24
                          87.120.128.0/23 maxlen: 24
                          87.120.132.0/24 maxlen: 24
                          87.120.134.0/24 maxlen: 24
                          87.120.133.0/24 maxlen: 24
                          87.120.135.0/24 maxlen: 24
                          37.60.138.0/24 maxlen: 24
                          87.121.42.0/24 maxlen: 24
                          37.60.139.0/24 maxlen: 24
                          92.249.49.0/24 maxlen: 24
                          87.121.52.0/24 maxlen: 24
                          87.121.64.0/24 maxlen: 24
                          87.120.217.0/24 maxlen: 24
                          87.120.223.0/24 maxlen: 24
                          87.120.36.100/32 maxlen: 32
                          87.120.253.0/24 maxlen: 24
                          87.120.255.0/24 maxlen: 24
                          87.121.0.0/23 maxlen: 24
                          87.121.0.0/24 maxlen: 24
                          87.121.1.0/24 maxlen: 24
                          87.121.2.0/24 maxlen: 24
                          87.120.254.0/24 maxlen: 24
                          87.121.6.0/23 maxlen: 24
                          91.92.219.0/24 maxlen: 24
                          91.92.230.0/24 maxlen: 24
                          91.92.198.0/23 maxlen: 24
                          91.92.197.0/24 maxlen: 24
                          87.120.61.0/24 maxlen: 24
                          87.120.104.0/24 maxlen: 24
                          87.120.6.0/23 maxlen: 24
                          87.120.6.0/24 maxlen: 24
                          87.120.8.0/24 maxlen: 24
                          87.120.13.0/24 maxlen: 24
                          87.120.37.0/24 maxlen: 24
                          87.120.43.0/24 maxlen: 24
                          87.120.39.0/24 maxlen: 24
                          91.92.0.0/24 maxlen: 24
                          91.92.2.0/24 maxlen: 24
                          91.92.1.0/24 maxlen: 24
                          91.92.109.0/24 maxlen: 24
                          91.92.139.0/24 maxlen: 24
                          91.92.69.0/24 maxlen: 24
                          91.92.65.0/24 maxlen: 24
                          91.92.66.0/24 maxlen: 24
                          91.92.68.0/24 maxlen: 24
                          91.92.105.0/24 maxlen: 24
                          94.156.216.0/21 maxlen: 24
                          94.156.233.0/24 maxlen: 24
                          94.156.227.0/24 maxlen: 24
                          94.156.232.0/22 maxlen: 22
                          94.156.232.0/24 maxlen: 24
                          93.123.64.0/24 maxlen: 24
                          94.156.249.0/24 maxlen: 24
                          94.156.251.0/24 maxlen: 24
                          94.156.252.0/24 maxlen: 24
                          94.156.172.0/23 maxlen: 24
                          93.123.8.0/24 maxlen: 24
                          94.156.185.0/24 maxlen: 24
                          94.156.188.0/24 maxlen: 24
                          94.156.190.0/24 maxlen: 24
                          93.123.12.0/24 maxlen: 24
                          93.123.18.0/24 maxlen: 24
                          93.123.28.0/23 maxlen: 24
                          93.123.37.0/24 maxlen: 24
                          93.123.36.0/24 maxlen: 24
                          93.123.32.0/22 maxlen: 24
                          94.156.15.0/24 maxlen: 24
                          94.156.12.0/24 maxlen: 24
                          94.156.44.0/24 maxlen: 24
                          94.156.42.0/24 maxlen: 24
                          94.156.106.0/24 maxlen: 24
                          94.156.130.0/24 maxlen: 24
                          94.156.129.0/24 maxlen: 24
                          94.156.159.0/24 maxlen: 24
                          94.156.158.0/24 maxlen: 24
                          94.156.153.0/24 maxlen: 24
                          94.156.77.0/24 maxlen: 24
                          94.156.98.0/24 maxlen: 24
                          94.156.94.0/24 maxlen: 24
                          94.156.100.0/24 maxlen: 24
                          31.13.195.0/24 maxlen: 24
                          31.13.197.0/24 maxlen: 24
                          87.121.150.0/23 maxlen: 24
                          31.13.217.0/24 maxlen: 24
                          87.121.161.0/24 maxlen: 24
                          31.13.216.0/21 maxlen: 24
                          31.13.223.0/24 maxlen: 24
                          31.13.221.0/24 maxlen: 24
                          87.121.79.0/24 maxlen: 24
                          87.121.83.0/24 maxlen: 24
                          87.121.82.0/24 maxlen: 24
                          87.121.90.0/23 maxlen: 24
                          87.121.112.0/24 maxlen: 24
                          87.121.111.0/24 maxlen: 24
                          87.121.118.0/24 maxlen: 24
                          87.121.113.0/24 maxlen: 24
                          31.13.230.0/23 maxlen: 24
                          31.13.236.0/22 maxlen: 24
                          31.13.245.0/24 maxlen: 24
                          31.13.241.0/24 maxlen: 24
                          2a00:1728:35::/48 maxlen: 48
                          2a00:1728:27::/48 maxlen: 48
                          2a00:1728:21::/48 maxlen: 48
                          2a00:1728:0:d::/64 maxlen: 64
                          2a00:1728:1b::/48 maxlen: 48
                          2a00:1728:34::/48 maxlen: 48
                          2a00:1728:23::/48 maxlen: 48
                          2a00:1728:31::/48 maxlen: 48
                          2a00:1728:25::/48 maxlen: 48
                          2a00:1728:3::/48 maxlen: 48
                          2a00:1728:1f::/48 maxlen: 48
                          2a00:1728::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2f:45:5b:55:15:a9:6c:20:51:bc:54:7f:bc:67:09:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 18 14:30:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d63a549e01ab0c8e6e20c1f4a88d61a748af0568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5b:8e:13:76:7c:c3:ee:8e:06:ff:be:b4:97:
                    11:b9:1d:5f:cf:6f:f6:4a:e6:8f:19:81:bb:69:42:
                    ea:3b:b0:33:d6:85:a5:55:8e:36:b0:9b:83:9a:5b:
                    1a:d3:2a:f3:39:8a:23:4a:fa:c8:5d:50:73:af:d8:
                    c4:28:f0:cd:86:05:f6:6c:c2:25:62:68:8c:5c:c7:
                    58:d6:8f:0f:6b:36:05:c3:10:31:90:ef:8b:f3:cd:
                    71:0f:07:3b:63:d8:14:3f:c9:c0:74:90:9a:94:ff:
                    24:65:87:f5:06:af:56:1e:6f:1c:20:08:86:db:50:
                    1c:17:ec:3a:00:7a:3c:82:e4:03:11:52:c2:28:df:
                    ea:62:22:fe:d0:f5:ae:cc:7e:76:9d:5b:02:a1:eb:
                    72:ac:f2:25:3f:dc:fd:25:a9:ed:d1:cd:01:84:74:
                    c7:f0:1b:e4:a6:f4:34:d0:60:34:e6:25:2c:18:61:
                    ff:79:8a:8e:c4:78:f6:58:2f:93:fc:47:06:ff:90:
                    c9:01:d5:e6:07:08:c6:ad:8c:df:56:e6:a4:0b:b3:
                    29:03:29:27:9b:71:fa:d7:b8:31:38:4d:bb:ef:b3:
                    c3:0d:f2:9d:17:59:b9:29:ba:71:28:c7:fa:e5:3f:
                    0b:41:71:de:3d:fb:d3:52:f0:91:ed:95:23:18:3f:
                    ac:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3A:54:9E:01:AB:0C:8E:6E:20:C1:F4:A8:8D:61:A7:48:AF:05:68
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1jpUngGrDI5uIMH0qI1hp0ivBWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.195.0/24
                  31.13.197.0/24
                  31.13.216.0/21
                  31.13.230.0/23
                  31.13.236.0/22
                  31.13.241.0/24
                  31.13.245.0/24
                  37.60.138.0/23
                  87.120.6.0-87.120.8.255
                  87.120.13.0/24
                  87.120.36.100/32
                  87.120.37.0/24
                  87.120.39.0/24
                  87.120.43.0/24
                  87.120.61.0/24
                  87.120.104.0/24
                  87.120.109.0/24
                  87.120.128.0/23
                  87.120.132.0/22
                  87.120.176.0/24
                  87.120.195.0/24
                  87.120.199.0-87.120.201.255
                  87.120.206.0/23
                  87.120.217.0/24
                  87.120.223.0/24
                  87.120.253.0-87.121.2.255
                  87.121.6.0/23
                  87.121.42.0/24
                  87.121.52.0/24
                  87.121.64.0/24
                  87.121.79.0/24
                  87.121.82.0/23
                  87.121.90.0/23
                  87.121.111.0-87.121.113.255
                  87.121.118.0/24
                  87.121.150.0/23
                  87.121.161.0/24
                  91.92.0.0-91.92.2.255
                  91.92.65.0-91.92.66.255
                  91.92.68.0/23
                  91.92.105.0/24
                  91.92.109.0/24
                  91.92.139.0/24
                  91.92.197.0-91.92.199.255
                  91.92.219.0/24
                  91.92.230.0/24
                  92.249.49.0/24
                  93.123.8.0/24
                  93.123.12.0/24
                  93.123.18.0/24
                  93.123.28.0/23
                  93.123.32.0-93.123.37.255
                  93.123.64.0/24
                  94.156.12.0/24
                  94.156.15.0/24
                  94.156.42.0/24
                  94.156.44.0/24
                  94.156.77.0/24
                  94.156.94.0/24
                  94.156.98.0/24
                  94.156.100.0/24
                  94.156.106.0/24
                  94.156.129.0-94.156.130.255
                  94.156.153.0/24
                  94.156.158.0/23
                  94.156.172.0/23
                  94.156.185.0/24
                  94.156.188.0/24
                  94.156.190.0/24
                  94.156.216.0/21
                  94.156.227.0/24
                  94.156.232.0/22
                  94.156.249.0/24
                  94.156.251.0-94.156.252.255
                  212.73.128.0-212.73.134.255
                  212.73.136.0/24
                  212.73.138.0-212.73.148.255
                  212.73.155.0/24
                  212.73.157.0/24
                IPv6:
                  2a00:1728::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:39:c9:db:be:06:73:19:a9:55:5a:a4:58:50:72:bf:07:06:
         c4:03:cb:c3:59:eb:2a:77:5d:d3:3f:aa:e0:ee:d3:d1:b4:50:
         5c:d2:46:66:4c:0d:6b:5a:8a:69:4a:d9:8c:dd:82:fd:e1:7f:
         8a:e0:f9:cc:ab:f0:b2:7f:99:dc:78:03:21:26:47:14:09:d6:
         32:7a:e2:99:40:22:2e:8e:82:52:51:85:0c:70:92:4e:55:4c:
         62:c7:8b:fc:94:b8:0e:d0:9a:a3:6d:e4:25:c9:e8:aa:8e:e2:
         4c:12:a3:07:d5:54:18:62:2d:67:c7:0f:af:1e:36:f7:76:c5:
         fa:55:77:ab:38:30:da:cf:a1:94:d7:7e:02:af:d9:06:82:2b:
         c4:5e:eb:f9:a7:20:89:42:ff:c9:c3:71:c7:5b:2c:44:a8:ae:
         e7:7f:3b:96:ed:64:24:0e:8a:8a:82:67:00:68:a8:ca:7f:50:
         92:0b:a0:c2:7b:f0:f5:1a:1a:8c:91:90:f1:88:19:3a:de:eb:
         42:36:f7:72:52:39:92:11:54:2d:8f:13:d3:ca:48:29:2d:b5:
         f2:8d:83:9c:4d:7f:76:56:3f:2b:f3:14:4b:64:f6:25:7f:f7:
         22:e5:0d:85:d1:8e:24:b7:0f:ff:38:fd:86:63:3d:da:45:a9:
         06:a8:a1:a8
-----BEGIN CERTIFICATE-----
MIIHSjCCBjKgAwIBAgISAYgvRVtVFalsIFG8VH+8ZwmtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE4MTQzMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjNhNTQ5ZTAxYWIwYzhlNmUyMGMxZjRhODhkNjFhNzQ4YWYwNTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFuOE3Z8w+6OBv++tJcRuR1fz2/2
SuaPGYG7aULqO7Az1oWlVY42sJuDmlsa0yrzOYojSvrIXVBzr9jEKPDNhgX2bMIl
YmiMXMdY1o8PazYFwxAxkO+L881xDwc7Y9gUP8nAdJCalP8kZYf1Bq9WHm8cIAiG
21AcF+w6AHo8guQDEVLCKN/qYiL+0PWuzH52nVsCoetyrPIlP9z9Jant0c0BhHTH
8BvkpvQ00GA05iUsGGH/eYqOxHj2WC+T/EcG/5DJAdXmBwjGrYzfVuakC7MpAykn
m3H617gxOE2777PDDfKdF1m5KbpxKMf65T8LQXHePfvTUvCR7ZUjGD+skQIDAQAB
o4IEVjCCBFIwHQYDVR0OBBYEFNY6VJ4BqwyObiDB9KiNYadIrwVoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMWpwVW5nR3JESTV1SU1IMHFJMWhwMGl2QldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICagYIKwYBBQUHAQcBAf8EggJZMIICVTCCAkIEAgABMIIC
OgMEAB8NwwMEAB8NxQMEAx8N2AMEAR8N5gMEAh8N7AMEAB8N8QMEAB8N9QMEASU8
ijAMAwQBV3gGAwQAV3gIAwQAV3gNAwUAV3gkZAMEAFd4JQMEAFd4JwMEAFd4KwME
AFd4PQMEAFd4aAMEAFd4bQMEAVd4gAMEAld4hAMEAFd4sAMEAFd4wzAMAwQAV3jH
AwQBV3jIAwQBV3jOAwQAV3jZAwQAV3jfMAwDBABXeP0DBABXeQIDBAFXeQYDBABX
eSoDBABXeTQDBABXeUADBABXeU8DBAFXeVIDBAFXeVowDAMEAFd5bwMEAVd5cAME
AFd5dgMEAVd5lgMEAFd5oTALAwMCW1wDBABbXAIwDAMEAFtcQQMEAFtcQgMEAVtc
RAMEAFtcaQMEAFtcbQMEAFtcizAMAwQAW1zFAwQDW1zAAwQAW1zbAwQAW1zmAwQA
XPkxAwQAXXsIAwQAXXsMAwQAXXsSAwQBXXscMAwDBAVdeyADBAFdeyQDBABde0AD
BABenAwDBABenA8DBABenCoDBABenCwDBABenE0DBABenF4DBABenGIDBABenGQD
BABenGowDAMEAF6cgQMEAF6cggMEAF6cmQMEAV6cngMEAV6crAMEAF6cuQMEAF6c
vAMEAF6cvgMEA16c2AMEAF6c4wMEAl6c6AMEAF6c+TAMAwQAXpz7AwQAXpz8MAwD
BAfUSYADBADUSYYDBADUSYgwDAMEAdRJigMEANRJlAMEANRJmwMEANRJnTANBAIA
AjAHAwUAKgAXKDANBgkqhkiG9w0BAQsFAAOCAQEAGTnJ274GcxmpVVqkWFByvwcG
xAPLw1nrKndd0z+q4O7T0bRQXNJGZkwNa1qKaUrZjN2C/eF/iuD5zKvwsn+Z3HgD
ISZHFAnWMnrimUAiLo6CUlGFDHCSTlVMYseL/JS4DtCao23kJcnoqo7iTBKjB9VU
GGItZ8cPrx4293bF+lV3qzgw2s+hlNd+Aq/ZBoIrxF7r+acgiUL/ycNxx1ssRKiu
5387lu1kJA6KioJnAGioyn9Qkgugwnvw9RoajJGQ8YgZOt7rQjb3clI5khFULY8T
08pIKS218o2DnE1/dlY/K/MUS2T2JX/3IuUNhdGOJLcP/zj9hmM92kWpBqihqA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:22 2024 by rpki-client on console-ams.rpki-client.org