Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/36t_atc0M4lR3yrGBTLZcHXRVgk.roa
File:                     36t_atc0M4lR3yrGBTLZcHXRVgk.roa (raw, json)
Hash identifier:          ue7rr6D5+BBf12UPoB7OpF3yA372fl50ytH03yBNmPo=
Subject key identifier:   DF:AB:7F:6A:D7:34:33:89:51:DF:2A:C6:05:32:D9:70:75:D1:56:09
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0189ABC8245488C07BB26234BE909932CA65
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/36t_atc0M4lR3yrGBTLZcHXRVgk.roa
Signing time:             Mon 31 Jul 2023 11:49:27 +0000
ROA not before:           Mon 31 Jul 2023 11:49:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211252
IP address blocks:        2.59.254.0/24 maxlen: 24
                          94.156.6.0/24 maxlen: 24
                          45.81.243.0/24 maxlen: 24
                          45.12.253.0/24 maxlen: 24
                          45.66.230.0/24 maxlen: 24
                          85.31.44.0/24 maxlen: 24
                          85.31.46.0/24 maxlen: 24
                          85.31.45.0/24 maxlen: 24
                          185.246.221.0/24 maxlen: 24
                          185.246.220.0/24 maxlen: 24
                          109.206.243.0/24 maxlen: 24
                          109.206.241.0/24 maxlen: 24
                          185.254.37.0/24 maxlen: 24
                          194.180.48.0/24 maxlen: 24
                          194.180.49.0/24 maxlen: 24
                          185.225.73.0/24 maxlen: 24
                          45.139.105.0/24 maxlen: 24
                          185.225.75.0/24 maxlen: 24
                          185.225.74.0/24 maxlen: 24
                          37.139.128.0/24 maxlen: 24
                          37.139.129.0/24 maxlen: 24
                          87.121.3.0/24 maxlen: 24
                          94.156.102.0/24 maxlen: 24
                          84.21.172.0/24 maxlen: 24
                          109.206.240.0/24 maxlen: 24
                          212.87.204.0/24 maxlen: 24
                          95.214.27.0/24 maxlen: 24
                          84.54.50.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          85.217.144.0/24 maxlen: 24
                          45.81.39.0/24 maxlen: 24
                          94.156.253.0/24 maxlen: 24
                          80.76.51.0/24 maxlen: 24
                          94.156.161.0/24 maxlen: 24
                          193.42.33.0/24 maxlen: 24
                          193.42.32.0/24 maxlen: 24
                          185.252.178.0/24 maxlen: 24
                          193.47.61.0/24 maxlen: 24
                          194.55.186.0/24 maxlen: 24
                          185.216.68.0/24 maxlen: 24
                          45.88.67.0/24 maxlen: 24
                          185.216.71.0/24 maxlen: 24
                          79.110.62.0/24 maxlen: 24
                          79.110.63.0/24 maxlen: 24
                          93.123.118.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ab:c8:24:54:88:c0:7b:b2:62:34:be:90:99:32:ca:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 31 11:49:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dfab7f6ad734338951df2ac60532d97075d15609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:14:cc:a0:9c:9f:e3:21:97:92:eb:6a:84:a2:
                    53:6a:1d:a1:a0:34:e8:fd:d5:ce:ee:01:6b:27:d1:
                    a8:9c:01:0f:71:74:e6:94:52:de:df:25:64:f1:19:
                    b9:e1:f0:89:dd:7e:fb:73:5c:ee:91:2e:8b:cf:e4:
                    6f:26:95:82:2d:af:65:41:11:d2:ee:e6:65:3c:97:
                    bb:c7:b9:e1:02:27:7e:78:6d:03:85:01:dd:8d:5f:
                    9e:f3:f7:b4:1e:10:20:33:7e:14:54:2f:65:63:b5:
                    67:e7:2c:bd:3d:11:30:80:34:31:4c:6f:4f:8d:12:
                    d8:10:4b:95:42:ef:0e:3f:34:d0:4a:36:d2:28:7c:
                    f7:a1:20:86:19:f9:86:c1:83:3e:0d:d3:dc:0e:5f:
                    b8:47:72:23:ab:6c:a1:37:df:fb:05:75:c8:ec:bc:
                    0c:90:62:af:16:b7:56:c2:30:cc:32:ec:48:fe:4a:
                    f7:91:15:14:98:87:4b:68:f3:38:a4:1d:e5:3b:eb:
                    bc:ff:58:1b:8b:33:c7:4e:50:ea:0c:29:49:21:84:
                    81:1f:fc:92:6c:4b:09:04:dc:24:57:ae:d4:63:66:
                    d0:4f:08:1b:9e:8f:23:8c:37:9a:b2:9b:eb:ef:e8:
                    91:5a:76:1c:bf:2f:f5:71:19:2b:df:44:c5:9f:10:
                    a7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:AB:7F:6A:D7:34:33:89:51:DF:2A:C6:05:32:D9:70:75:D1:56:09
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/36t_atc0M4lR3yrGBTLZcHXRVgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.254.0/24
                  37.139.128.0/23
                  45.12.253.0/24
                  45.66.230.0/24
                  45.81.39.0/24
                  45.81.243.0/24
                  45.88.67.0/24
                  45.139.105.0/24
                  79.110.62.0/23
                  80.76.51.0/24
                  84.21.172.0/24
                  84.54.50.0/24
                  85.31.44.0-85.31.46.255
                  85.217.144.0/24
                  87.121.3.0/24
                  87.121.221.0/24
                  93.123.118.0/24
                  94.156.6.0/24
                  94.156.102.0/24
                  94.156.161.0/24
                  94.156.253.0/24
                  95.214.27.0/24
                  109.206.240.0/23
                  109.206.243.0/24
                  185.216.68.0/24
                  185.216.71.0/24
                  185.225.73.0-185.225.75.255
                  185.246.220.0/23
                  185.252.178.0/24
                  185.254.37.0/24
                  193.42.32.0/23
                  193.47.61.0/24
                  194.55.186.0/24
                  194.55.224.0/24
                  194.180.48.0/23
                  212.87.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ab:0c:41:88:69:72:70:e4:02:fb:2e:76:44:35:2b:8f:ee:
         5c:50:0b:e6:b0:0b:8c:9a:d0:ae:f8:7f:8e:17:c8:12:68:39:
         12:fb:fe:13:85:7b:69:bb:e4:6d:53:4b:fe:c9:d0:82:e5:f8:
         f5:8d:de:e5:fc:48:68:f9:d0:01:a9:2e:5d:5b:ac:53:49:1e:
         2a:81:b0:be:af:a2:e9:db:ee:90:54:55:bc:1c:7b:08:70:ec:
         78:99:6b:9c:e4:bf:4a:39:f2:c2:3c:95:50:34:e0:8e:e0:b3:
         c8:33:5d:ff:ed:48:62:1c:77:f5:48:e9:34:86:e6:21:bb:2b:
         aa:6f:64:e3:2f:56:56:01:5b:34:b6:72:c8:d7:b5:16:a6:1f:
         9d:b0:56:e7:1a:a5:a5:c6:82:f1:be:37:27:d9:2d:a5:ee:c9:
         66:fb:35:4d:fb:0a:28:86:64:ae:c0:fb:13:73:b9:e2:28:05:
         a5:92:84:51:a7:18:b9:0d:b1:94:0d:31:92:94:d3:d0:63:c6:
         48:18:dc:63:2d:3b:32:1f:3e:42:69:30:7f:ae:27:ef:e1:ec:
         e8:21:a8:a0:35:2d:13:a8:43:ff:bb:46:01:cd:09:ad:c1:c2:
         80:7f:c5:f4:80:30:6d:f0:33:fe:9f:57:27:c7:4d:6e:c7:e6:
         f4:f1:e3:b4
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgISAYmryCRUiMB7smI0vpCZMsplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzMxMTE0OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmFiN2Y2YWQ3MzQzMzg5NTFkZjJhYzYwNTMyZDk3MDc1ZDE1NjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohTMoJyf4yGXkutqhKJTah2hoDTo
/dXO7gFrJ9GonAEPcXTmlFLe3yVk8Rm54fCJ3X77c1zukS6Lz+RvJpWCLa9lQRHS
7uZlPJe7x7nhAid+eG0DhQHdjV+e8/e0HhAgM34UVC9lY7Vn5yy9PREwgDQxTG9P
jRLYEEuVQu8OPzTQSjbSKHz3oSCGGfmGwYM+DdPcDl+4R3Ijq2yhN9/7BXXI7LwM
kGKvFrdWwjDMMuxI/kr3kRUUmIdLaPM4pB3lO+u8/1gbizPHTlDqDClJIYSBH/yS
bEsJBNwkV67UY2bQTwgbno8jjDeaspvr7+iRWnYcvy/1cRkr30TFnxCnfwIDAQAB
o4IC8TCCAu0wHQYDVR0OBBYEFN+rf2rXNDOJUd8qxgUy2XB10VYJMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMzZ0X2F0YzBNNGxSM3lyR0JUTFpjSFhSVmdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBQYIKwYBBQUHAQcBAf8EgfUwgfIwge8EAgABMIHoAwQA
Ajv+AwQBJYuAAwQALQz9AwQALULmAwQALVEnAwQALVHzAwQALVhDAwQALYtpAwQB
T24+AwQAUEwzAwQAVBWsAwQAVDYyMAwDBAJVHywDBABVHy4DBABV2ZADBABXeQMD
BABXed0DBABde3YDBABenAYDBABenGYDBABenKEDBABenP0DBABf1hsDBAFtzvAD
BABtzvMDBAC52EQDBAC52EcwDAMEALnhSQMEArnhSAMEAbn23AMEALn8sgMEALn+
JQMEAcEqIAMEAMEvPQMEAMI3ugMEAMI34AMEAcK0MAMEANRXzDANBgkqhkiG9w0B
AQsFAAOCAQEAfKsMQYhpcnDkAvsudkQ1K4/uXFAL5rALjJrQrvh/jhfIEmg5Evv+
E4V7abvkbVNL/snQguX49Y3e5fxIaPnQAakuXVusU0keKoGwvq+i6dvukFRVvBx7
CHDseJlrnOS/SjnywjyVUDTgjuCzyDNd/+1IYhx39UjpNIbmIbsrqm9k4y9WVgFb
NLZyyNe1FqYfnbBW5xqlpcaC8b43J9ktpe7JZvs1TfsKKIZkrsD7E3O54igFpZKE
UacYuQ2xlA0xkpTT0GPGSBjcYy07Mh8+Qmkwf64n7+Hs6CGooDUtE6hD/7tGAc0J
rcHCgH/F9IAwbfAz/p9XJ8dNbsfm9PHjtA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org