Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1xN7uljFJFtBejOXIeBzyMjafLc.roa
File:                     1xN7uljFJFtBejOXIeBzyMjafLc.roa (raw, json)
Hash identifier:          kKRUUQUCgqdLz09skJ9EJeTvqihTBEEFszD0y2DUmYQ=
Subject key identifier:   D7:13:7B:BA:58:C5:24:5B:41:7A:33:97:21:E0:73:C8:C8:DA:7C:B7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018756A27A8EE562B10FB9A6C8453E7B9A03
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1xN7uljFJFtBejOXIeBzyMjafLc.roa
Signing time:             Thu 06 Apr 2023 12:55:01 +0000
ROA not before:           Thu 06 Apr 2023 12:55:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        81.161.230.0/24 maxlen: 24
                          94.156.234.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          185.222.162.0/24 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.66.228.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          94.156.160.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          45.139.104.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          176.125.253.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:56:a2:7a:8e:e5:62:b1:0f:b9:a6:c8:45:3e:7b:9a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  6 12:55:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d7137bba58c5245b417a339721e073c8c8da7cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:96:fe:ac:26:6c:2f:e8:08:0a:8a:70:04:c6:
                    14:9a:9e:6c:d5:38:a5:de:a5:b2:8a:2a:57:17:82:
                    32:ef:55:e2:ea:a5:b7:2f:00:30:85:90:af:f7:63:
                    b4:96:b2:09:66:fc:48:7d:84:08:20:4b:7a:f6:67:
                    a8:2d:73:74:51:b0:b5:74:47:29:54:32:6b:d0:96:
                    8a:87:9f:ff:9a:01:d6:7a:8b:4a:23:9d:5f:2b:6b:
                    55:45:a6:b6:ef:82:1a:4a:6f:3e:30:a3:16:8c:59:
                    37:24:2d:c8:5a:a7:33:a7:09:29:02:9c:5e:ff:dd:
                    29:97:07:3a:85:03:96:7a:23:cc:bc:48:de:1e:fb:
                    e4:03:bb:d4:34:99:39:3b:f1:6a:49:05:02:fa:fe:
                    bd:3d:1b:9c:fc:2a:9a:25:90:bc:ad:4f:8c:82:41:
                    05:18:35:8d:4a:41:d6:66:ad:f9:bb:7f:21:84:11:
                    7e:b5:ef:2e:6c:ab:eb:f0:3e:2e:e5:4a:85:5d:04:
                    0b:2d:cf:d9:06:a2:b7:a4:20:3f:85:af:49:13:17:
                    2f:24:29:67:c6:7c:53:6e:1b:d5:09:0e:57:19:34:
                    9c:6e:ff:ab:9e:24:c2:fe:bc:d4:57:9e:10:6e:0f:
                    5b:17:d4:92:86:52:9f:cf:e6:e1:ae:3e:aa:99:0a:
                    70:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:13:7B:BA:58:C5:24:5B:41:7A:33:97:21:E0:73:C8:C8:DA:7C:B7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1xN7uljFJFtBejOXIeBzyMjafLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.12.255.0/24
                  45.66.228.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  45.139.104.0/24
                  81.161.230.0/24
                  94.154.162.0/24
                  94.156.160.0/24
                  94.156.234.0/24
                  176.125.252.0/23
                  178.215.226.0/24
                  185.222.162.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:1c:99:e4:f2:0f:20:2d:8f:5a:3c:d4:bb:bb:02:49:e4:63:
         95:17:47:92:e7:69:3a:c7:8e:68:28:43:03:b1:ae:06:2b:99:
         ab:8a:a4:6a:8c:b5:97:99:e2:e2:2a:85:59:58:a0:2e:8b:cf:
         a6:fd:d2:13:67:33:23:f1:a4:9c:c4:8e:bb:ba:1f:e6:ac:d8:
         cf:6c:98:93:54:12:e4:bb:ef:94:c5:1a:d2:12:6b:99:2b:34:
         e8:e1:59:7a:40:4b:a4:26:00:33:de:59:70:56:64:d1:ff:c0:
         d6:73:f4:3d:70:fb:b7:e5:11:82:2c:56:87:89:3a:20:01:e7:
         f5:04:15:f5:2a:f3:0c:79:a1:e3:0c:40:72:f5:cf:22:4e:e7:
         19:3a:72:d4:85:4b:30:f7:0a:20:db:6f:04:6b:9c:41:d5:96:
         e3:8d:10:83:c8:7c:f1:a5:db:e3:15:28:1f:dc:ee:00:33:13:
         f8:ac:43:ce:a1:b6:9d:a6:79:b4:fb:69:3d:db:29:dd:eb:80:
         07:9f:14:ba:f7:10:d6:02:9e:57:37:53:d3:18:21:69:a9:57:
         26:f6:58:d8:d1:ef:25:ae:12:e0:2d:77:d4:5a:2d:af:20:06:
         5a:1b:e7:5b:84:0d:e2:70:db:9d:b4:32:7c:14:ac:0f:32:70:
         23:1d:8c:4f
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYdWonqO5WKxD7mmyEU+e5oDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDA2MTI1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzEzN2JiYTU4YzUyNDViNDE3YTMzOTcyMWUwNzNjOGM4ZGE3Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJb+rCZsL+gICopwBMYUmp5s1Til
3qWyiipXF4Iy71Xi6qW3LwAwhZCv92O0lrIJZvxIfYQIIEt69meoLXN0UbC1dEcp
VDJr0JaKh5//mgHWeotKI51fK2tVRaa274IaSm8+MKMWjFk3JC3IWqczpwkpApxe
/90plwc6hQOWeiPMvEjeHvvkA7vUNJk5O/FqSQUC+v69PRuc/CqaJZC8rU+MgkEF
GDWNSkHWZq35u38hhBF+te8ubKvr8D4u5UqFXQQLLc/ZBqK3pCA/ha9JExcvJCln
xnxTbhvVCQ5XGTScbv+rniTC/rzUV54Qbg9bF9SShlKfz+bhrj6qmQpwjQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFNcTe7pYxSRbQXozlyHgc8jI2ny3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMXhON3VsakZKRnRCZWpPWEllQnp5TWphZkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQALQmcAwQA
LQz/AwQALULkAwQALYFUAwQALYFWAwQALYtoAwQAUaHmAwQAXpqiAwQAXpygAwQA
XpzqAwQBsH38AwQAstfiAwQAud6iAwQAwSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3
DQEBCwUAA4IBAQB2HJnk8g8gLY9aPNS7uwJJ5GOVF0eS52k6x45oKEMDsa4GK5mr
iqRqjLWXmeLiKoVZWKAui8+m/dITZzMj8aScxI67uh/mrNjPbJiTVBLku++UxRrS
EmuZKzTo4Vl6QEukJgAz3llwVmTR/8DWc/Q9cPu35RGCLFaHiTogAef1BBX1KvMM
eaHjDEBy9c8iTucZOnLUhUsw9wog228Ea5xB1ZbjjRCDyHzxpdvjFSgf3O4AMxP4
rEPOobadpnm0+2k92ynd64AHnxS69xDWAp5XN1PTGCFpqVcm9ljY0e8lrhLgLXfU
Wi2vIAZaG+dbhA3icNudtDJ8FKwPMnAjHYxP
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org