Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2s-OiQiXSdd9SEoI3ehidLOLQb4.roa
File:                     2s-OiQiXSdd9SEoI3ehidLOLQb4.roa (raw, json)
Hash identifier:          ETvtvMkRhJVBReGqW/CBaB4lY5pDvKBY3Vgr0NX9L5k=
Subject key identifier:   DA:CF:8E:89:08:97:49:D7:7D:48:4A:08:DD:E8:62:74:B3:8B:41:BE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01870900EAB5C9B431121D3ABFE1AB70A2A6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2s-OiQiXSdd9SEoI3ehidLOLQb4.roa
Signing time:             Wed 22 Mar 2023 11:07:47 +0000
ROA not before:           Wed 22 Mar 2023 11:07:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34224
IP address blocks:        212.73.131.0/24 maxlen: 24
                          212.73.128.0/23 maxlen: 24
                          212.73.132.0/24 maxlen: 24
                          212.73.130.0/23 maxlen: 24
                          212.73.136.0/24 maxlen: 24
                          87.120.176.0/24 maxlen: 24
                          212.73.133.0/24 maxlen: 24
                          212.73.138.0/23 maxlen: 24
                          212.73.138.0/24 maxlen: 24
                          212.73.134.0/24 maxlen: 24
                          212.73.143.0/24 maxlen: 24
                          212.73.140.0/24 maxlen: 24
                          212.73.144.0/24 maxlen: 24
                          212.73.141.0/24 maxlen: 24
                          212.73.145.0/24 maxlen: 24
                          212.73.142.0/24 maxlen: 24
                          212.73.147.0/24 maxlen: 24
                          212.73.148.0/24 maxlen: 24
                          212.73.146.0/24 maxlen: 24
                          212.73.155.0/24 maxlen: 24
                          212.73.157.0/24 maxlen: 24
                          87.120.195.0/24 maxlen: 24
                          87.120.199.0/24 maxlen: 24
                          87.120.206.0/24 maxlen: 24
                          87.120.206.0/23 maxlen: 24
                          87.120.201.0/24 maxlen: 24
                          87.120.200.0/24 maxlen: 24
                          87.120.207.0/24 maxlen: 24
                          87.120.109.0/24 maxlen: 24
                          87.120.128.0/23 maxlen: 24
                          87.120.132.0/24 maxlen: 24
                          87.120.134.0/24 maxlen: 24
                          87.120.133.0/24 maxlen: 24
                          87.120.135.0/24 maxlen: 24
                          37.60.138.0/24 maxlen: 24
                          87.121.42.0/24 maxlen: 24
                          37.60.139.0/24 maxlen: 24
                          92.249.49.0/24 maxlen: 24
                          87.121.52.0/24 maxlen: 24
                          87.121.64.0/24 maxlen: 24
                          87.120.217.0/24 maxlen: 24
                          87.120.223.0/24 maxlen: 24
                          87.120.36.100/32 maxlen: 32
                          87.120.253.0/24 maxlen: 24
                          87.120.255.0/24 maxlen: 24
                          87.121.0.0/23 maxlen: 24
                          87.121.0.0/24 maxlen: 24
                          87.121.1.0/24 maxlen: 24
                          87.121.2.0/24 maxlen: 24
                          87.120.254.0/24 maxlen: 24
                          87.121.6.0/23 maxlen: 24
                          91.92.219.0/24 maxlen: 24
                          91.92.230.0/24 maxlen: 24
                          91.92.198.0/23 maxlen: 24
                          91.92.197.0/24 maxlen: 24
                          87.120.61.0/24 maxlen: 24
                          87.120.104.0/24 maxlen: 24
                          87.120.6.0/23 maxlen: 24
                          87.120.6.0/24 maxlen: 24
                          87.120.8.0/24 maxlen: 24
                          87.120.13.0/24 maxlen: 24
                          87.120.37.0/24 maxlen: 24
                          87.120.43.0/24 maxlen: 24
                          87.120.39.0/24 maxlen: 24
                          91.92.0.0/24 maxlen: 24
                          91.92.2.0/24 maxlen: 24
                          91.92.1.0/24 maxlen: 24
                          91.92.109.0/24 maxlen: 24
                          91.92.139.0/24 maxlen: 24
                          91.92.69.0/24 maxlen: 24
                          91.92.65.0/24 maxlen: 24
                          91.92.66.0/24 maxlen: 24
                          91.92.68.0/24 maxlen: 24
                          91.92.105.0/24 maxlen: 24
                          94.156.216.0/21 maxlen: 24
                          94.156.233.0/24 maxlen: 24
                          94.156.227.0/24 maxlen: 24
                          94.156.232.0/22 maxlen: 22
                          94.156.232.0/24 maxlen: 24
                          93.123.64.0/24 maxlen: 24
                          94.156.249.0/24 maxlen: 24
                          94.156.251.0/24 maxlen: 24
                          94.156.252.0/24 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          94.156.172.0/23 maxlen: 24
                          93.123.8.0/24 maxlen: 24
                          94.156.185.0/24 maxlen: 24
                          94.156.188.0/24 maxlen: 24
                          94.156.190.0/24 maxlen: 24
                          93.123.12.0/24 maxlen: 24
                          93.123.18.0/24 maxlen: 24
                          93.123.28.0/23 maxlen: 24
                          93.123.37.0/24 maxlen: 24
                          93.123.36.0/24 maxlen: 24
                          93.123.32.0/22 maxlen: 24
                          94.156.10.0/24 maxlen: 24
                          94.156.15.0/24 maxlen: 24
                          94.156.12.0/24 maxlen: 24
                          94.156.44.0/24 maxlen: 24
                          94.156.42.0/24 maxlen: 24
                          94.156.106.0/24 maxlen: 24
                          94.156.129.0/24 maxlen: 24
                          94.156.159.0/24 maxlen: 24
                          94.156.158.0/24 maxlen: 24
                          94.156.153.0/24 maxlen: 24
                          94.156.77.0/24 maxlen: 24
                          94.156.98.0/24 maxlen: 24
                          94.156.94.0/24 maxlen: 24
                          94.156.100.0/24 maxlen: 24
                          31.13.195.0/24 maxlen: 24
                          31.13.197.0/24 maxlen: 24
                          87.121.150.0/23 maxlen: 24
                          31.13.217.0/24 maxlen: 24
                          87.121.161.0/24 maxlen: 24
                          31.13.216.0/21 maxlen: 24
                          31.13.223.0/24 maxlen: 24
                          31.13.221.0/24 maxlen: 24
                          87.121.79.0/24 maxlen: 24
                          87.121.83.0/24 maxlen: 24
                          87.121.82.0/24 maxlen: 24
                          87.121.90.0/23 maxlen: 24
                          87.121.112.0/24 maxlen: 24
                          87.121.111.0/24 maxlen: 24
                          87.121.118.0/24 maxlen: 24
                          87.121.113.0/24 maxlen: 24
                          31.13.230.0/23 maxlen: 24
                          31.13.236.0/22 maxlen: 24
                          31.13.245.0/24 maxlen: 24
                          31.13.241.0/24 maxlen: 24
                          2a00:1728:35::/48 maxlen: 48
                          2a00:1728:27::/48 maxlen: 48
                          2a00:1728:21::/48 maxlen: 48
                          2a00:1728:0:d::/64 maxlen: 64
                          2a00:1728:1b::/48 maxlen: 48
                          2a00:1728:34::/48 maxlen: 48
                          2a00:1728:23::/48 maxlen: 48
                          2a00:1728:31::/48 maxlen: 48
                          2a00:1728:25::/48 maxlen: 48
                          2a00:1728:3::/48 maxlen: 48
                          2a00:1728:1f::/48 maxlen: 48
                          2a00:1728::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:09:00:ea:b5:c9:b4:31:12:1d:3a:bf:e1:ab:70:a2:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 22 11:07:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dacf8e89089749d77d484a08dde86274b38b41be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d9:de:9c:c9:f4:7e:0a:56:c0:e8:87:e1:3f:
                    cc:bf:29:28:9b:73:ef:13:62:b9:2e:e5:37:d6:25:
                    3e:cc:e4:0b:25:8d:16:56:a8:33:c2:0a:3c:0d:85:
                    ed:fa:6f:33:62:a9:c9:cb:25:26:2b:94:a2:2a:f2:
                    20:c5:4a:31:d5:d3:d8:59:1c:d7:13:36:97:91:90:
                    05:8f:3a:22:cd:11:71:45:4d:51:0e:f7:48:7e:11:
                    82:c9:42:7b:f0:13:e8:de:98:7a:fa:24:2c:b3:f7:
                    54:32:48:f8:28:7c:69:d5:4f:10:ad:e5:43:03:34:
                    5f:80:d9:fa:fc:ff:cf:bb:13:1d:4f:13:c1:41:dc:
                    6e:57:6f:5f:31:e3:0d:74:21:9b:a0:04:f2:64:c7:
                    a2:2e:f1:dd:8a:63:d0:4b:b0:3f:97:ac:cb:c2:99:
                    45:9d:37:8d:19:54:03:e8:d8:e8:06:76:dd:b7:a1:
                    af:22:c7:55:16:a1:67:a4:ed:0d:da:44:c0:0c:68:
                    4a:01:a7:17:e9:10:19:27:b3:61:ee:b1:27:76:22:
                    d4:10:60:32:ba:18:8d:89:eb:49:8c:0b:4d:9f:57:
                    49:f1:40:5f:26:00:57:d8:6f:22:4f:4b:2c:5e:39:
                    bc:ae:a2:9d:a8:a2:03:c9:18:87:d1:26:62:59:15:
                    78:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CF:8E:89:08:97:49:D7:7D:48:4A:08:DD:E8:62:74:B3:8B:41:BE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2s-OiQiXSdd9SEoI3ehidLOLQb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.195.0/24
                  31.13.197.0/24
                  31.13.216.0/21
                  31.13.230.0/23
                  31.13.236.0/22
                  31.13.241.0/24
                  31.13.245.0/24
                  37.60.138.0/23
                  87.120.6.0-87.120.8.255
                  87.120.13.0/24
                  87.120.36.100/32
                  87.120.37.0/24
                  87.120.39.0/24
                  87.120.43.0/24
                  87.120.61.0/24
                  87.120.104.0/24
                  87.120.109.0/24
                  87.120.128.0/23
                  87.120.132.0/22
                  87.120.176.0/24
                  87.120.195.0/24
                  87.120.199.0-87.120.201.255
                  87.120.206.0/23
                  87.120.217.0/24
                  87.120.223.0/24
                  87.120.253.0-87.121.2.255
                  87.121.6.0/23
                  87.121.42.0/24
                  87.121.52.0/24
                  87.121.64.0/24
                  87.121.79.0/24
                  87.121.82.0/23
                  87.121.90.0/23
                  87.121.111.0-87.121.113.255
                  87.121.118.0/24
                  87.121.150.0/23
                  87.121.161.0/24
                  91.92.0.0-91.92.2.255
                  91.92.65.0-91.92.66.255
                  91.92.68.0/23
                  91.92.105.0/24
                  91.92.109.0/24
                  91.92.139.0/24
                  91.92.197.0-91.92.199.255
                  91.92.219.0/24
                  91.92.230.0/24
                  92.249.49.0/24
                  93.123.8.0/24
                  93.123.12.0/24
                  93.123.18.0/24
                  93.123.28.0/23
                  93.123.32.0-93.123.37.255
                  93.123.64.0/24
                  94.156.10.0/24
                  94.156.12.0/24
                  94.156.15.0/24
                  94.156.42.0/24
                  94.156.44.0/24
                  94.156.77.0/24
                  94.156.94.0/24
                  94.156.98.0/24
                  94.156.100.0/24
                  94.156.106.0/24
                  94.156.129.0/24
                  94.156.153.0/24
                  94.156.158.0/23
                  94.156.172.0/23
                  94.156.185.0/24
                  94.156.188.0/24
                  94.156.190.0/24
                  94.156.216.0/21
                  94.156.227.0/24
                  94.156.232.0/22
                  94.156.248.0/23
                  94.156.251.0-94.156.252.255
                  212.73.128.0-212.73.134.255
                  212.73.136.0/24
                  212.73.138.0-212.73.148.255
                  212.73.155.0/24
                  212.73.157.0/24
                IPv6:
                  2a00:1728::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:0d:fe:e1:41:93:69:1b:43:d2:a6:b5:cd:5e:b0:9d:73:b2:
         07:b5:25:3b:8f:f4:1f:38:9f:5c:b3:5a:0c:a4:74:3a:47:76:
         dc:d0:4e:ee:a1:1a:c1:c1:cb:66:90:a2:8a:1f:bb:67:18:22:
         25:14:b6:6a:56:98:76:93:d7:d5:5f:a3:75:3b:99:e9:e0:db:
         b9:c1:43:65:e7:9b:6c:e3:59:38:64:c3:c9:f2:45:f7:bd:e4:
         08:f6:2f:1b:3d:5f:ed:ba:57:c9:53:80:bc:49:aa:10:13:f6:
         fb:ef:7b:a6:51:9a:08:cf:87:ae:2a:7b:d7:b0:3e:f4:f3:f1:
         63:a8:fd:68:c7:46:b9:b7:8c:0e:e2:18:bf:b9:b0:a8:df:a3:
         44:61:0b:0f:51:0f:8c:75:43:4d:a4:d9:5d:da:c7:1d:89:84:
         63:4a:1a:e5:d4:4e:5d:52:5e:8d:4b:a1:a4:b5:52:8d:bc:ee:
         96:2c:ff:9b:e5:b9:82:da:00:8c:8d:49:40:9d:54:4a:78:58:
         00:9d:d3:b0:d0:3b:f4:c4:70:ae:8b:a7:f5:29:79:1c:f1:83:
         b1:94:46:1a:07:5d:a8:f0:5f:20:04:1c:f6:5a:d5:97:d1:c4:
         36:b8:bf:b0:72:72:7e:9d:c0:be:9a:fc:60:25:81:fc:c2:e5:
         6f:d8:62:63
-----BEGIN CERTIFICATE-----
MIIHSDCCBjCgAwIBAgISAYcJAOq1ybQxEh06v+GrcKKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzIyMTEwNzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNmOGU4OTA4OTc0OWQ3N2Q0ODRhMDhkZGU4NjI3NGIzOGI0MWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNnenMn0fgpWwOiH4T/Mvykom3Pv
E2K5LuU31iU+zOQLJY0WVqgzwgo8DYXt+m8zYqnJyyUmK5SiKvIgxUox1dPYWRzX
EzaXkZAFjzoizRFxRU1RDvdIfhGCyUJ78BPo3ph6+iQss/dUMkj4KHxp1U8QreVD
AzRfgNn6/P/PuxMdTxPBQdxuV29fMeMNdCGboATyZMeiLvHdimPQS7A/l6zLwplF
nTeNGVQD6NjoBnbdt6GvIsdVFqFnpO0N2kTADGhKAacX6RAZJ7Nh7rEndiLUEGAy
uhiNietJjAtNn1dJ8UBfJgBX2G8iT0ssXjm8rqKdqKIDyRiH0SZiWRV4xQIDAQAB
o4IEVDCCBFAwHQYDVR0OBBYEFNrPjokIl0nXfUhKCN3oYnSzi0G+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMnMtT2lRaVhTZGQ5U0VvSTNlaGlkTE9MUWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICaAYIKwYBBQUHAQcBAf8EggJXMIICUzCCAkAEAgABMIIC
OAMEAB8NwwMEAB8NxQMEAx8N2AMEAR8N5gMEAh8N7AMEAB8N8QMEAB8N9QMEASU8
ijAMAwQBV3gGAwQAV3gIAwQAV3gNAwUAV3gkZAMEAFd4JQMEAFd4JwMEAFd4KwME
AFd4PQMEAFd4aAMEAFd4bQMEAVd4gAMEAld4hAMEAFd4sAMEAFd4wzAMAwQAV3jH
AwQBV3jIAwQBV3jOAwQAV3jZAwQAV3jfMAwDBABXeP0DBABXeQIDBAFXeQYDBABX
eSoDBABXeTQDBABXeUADBABXeU8DBAFXeVIDBAFXeVowDAMEAFd5bwMEAVd5cAME
AFd5dgMEAVd5lgMEAFd5oTALAwMCW1wDBABbXAIwDAMEAFtcQQMEAFtcQgMEAVtc
RAMEAFtcaQMEAFtcbQMEAFtcizAMAwQAW1zFAwQDW1zAAwQAW1zbAwQAW1zmAwQA
XPkxAwQAXXsIAwQAXXsMAwQAXXsSAwQBXXscMAwDBAVdeyADBAFdeyQDBABde0AD
BABenAoDBABenAwDBABenA8DBABenCoDBABenCwDBABenE0DBABenF4DBABenGID
BABenGQDBABenGoDBABenIEDBABenJkDBAFenJ4DBAFenKwDBABenLkDBABenLwD
BABenL4DBANenNgDBABenOMDBAJenOgDBAFenPgwDAMEAF6c+wMEAF6c/DAMAwQH
1EmAAwQA1EmGAwQA1EmIMAwDBAHUSYoDBADUSZQDBADUSZsDBADUSZ0wDQQCAAIw
BwMFACoAFygwDQYJKoZIhvcNAQELBQADggEBAJsN/uFBk2kbQ9Kmtc1esJ1zsge1
JTuP9B84n1yzWgykdDpHdtzQTu6hGsHBy2aQooofu2cYIiUUtmpWmHaT19Vfo3U7
meng27nBQ2Xnm2zjWThkw8nyRfe95Aj2Lxs9X+26V8lTgLxJqhAT9vvve6ZRmgjP
h64qe9ewPvTz8WOo/WjHRrm3jA7iGL+5sKjfo0RhCw9RD4x1Q02k2V3axx2JhGNK
GuXUTl1SXo1LoaS1Uo287pYs/5vluYLaAIyNSUCdVEp4WACd07DQO/TEcK6Lp/Up
eRzxg7GURhoHXajwXyAEHPZa1ZfRxDa4v7Bycn6dwL6a/GAlgfzC5W/YYmM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org