Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3X7TavwHlQe_eFH5M8SnkiSftNc.roa
File:                     3X7TavwHlQe_eFH5M8SnkiSftNc.roa (raw, json)
Hash identifier:          gUPcj9YK9lD3nTdVjZYnUeZ5qDJ4W7WizOxTMD5+7NY=
Subject key identifier:   DD:7E:D3:6A:FC:07:95:07:BF:78:51:F9:33:C4:A7:92:24:9F:B4:D7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0188FD365067732608D561D6CA938CD971BE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3X7TavwHlQe_eFH5M8SnkiSftNc.roa
Signing time:             Tue 27 Jun 2023 14:16:15 +0000
ROA not before:           Tue 27 Jun 2023 14:16:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31420
IP address blocks:        87.121.171.0/24 maxlen: 24
                          87.121.168.0/22 maxlen: 22
                          87.121.172.0/22 maxlen: 22
                          87.121.170.0/24 maxlen: 24
                          87.121.169.0/24 maxlen: 24
                          87.121.172.0/24 maxlen: 24
                          87.121.175.0/24 maxlen: 24
                          87.121.174.0/24 maxlen: 24
                          87.121.173.0/24 maxlen: 24
                          94.156.64.0/24 maxlen: 24
                          94.156.66.0/24 maxlen: 24
                          94.156.70.0/24 maxlen: 24
                          94.156.67.0/24 maxlen: 24
                          94.156.71.0/24 maxlen: 24
                          94.156.68.0/24 maxlen: 24
                          94.156.65.0/24 maxlen: 24
                          94.156.69.0/24 maxlen: 24
                          94.156.74.0/24 maxlen: 24
                          94.156.75.0/24 maxlen: 24
                          94.156.72.0/24 maxlen: 24
                          94.156.73.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fd:36:50:67:73:26:08:d5:61:d6:ca:93:8c:d9:71:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 27 14:16:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd7ed36afc079507bf7851f933c4a792249fb4d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:12:e4:f5:57:8f:98:e5:f8:26:7a:05:cc:cd:
                    c6:1f:f2:e3:01:0e:17:55:49:1f:19:1e:d1:e3:1a:
                    d4:7b:3b:66:62:d8:ab:a2:7f:cf:71:a9:a1:66:e7:
                    55:9b:56:e5:e0:7d:74:eb:59:06:81:e1:36:1d:32:
                    55:d1:92:a2:33:9c:d9:fc:c3:f0:5b:c4:fd:9c:4c:
                    b9:90:07:2d:c2:77:3e:2d:a1:99:b1:65:e2:ac:63:
                    c4:9f:a7:e3:bc:f6:ea:45:65:d1:d8:f0:60:67:f9:
                    f3:c7:10:92:92:ff:c8:24:72:3b:51:bd:0b:0e:c8:
                    68:be:dc:18:dd:e6:40:a0:ed:96:22:51:c2:97:51:
                    53:de:12:49:cc:ed:ea:75:50:06:e4:ff:15:6f:5f:
                    f7:7f:60:65:be:28:a3:72:0d:16:1d:12:bc:b0:92:
                    a5:91:e5:af:8a:0e:b0:c3:43:dd:8c:6f:56:57:7b:
                    14:95:18:58:bd:08:14:49:72:ac:47:7e:e4:18:7c:
                    a8:06:4e:05:e0:5a:31:11:e3:e7:9d:1c:c0:c9:c5:
                    b4:8f:0a:42:71:61:ff:28:1f:b8:57:13:bb:f3:3d:
                    4d:5a:17:37:bf:d2:01:85:cb:5d:08:88:38:e4:6b:
                    c7:5d:cb:39:01:da:ff:1a:7b:08:0d:44:d2:d9:d5:
                    ef:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:7E:D3:6A:FC:07:95:07:BF:78:51:F9:33:C4:A7:92:24:9F:B4:D7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3X7TavwHlQe_eFH5M8SnkiSftNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.168.0/21
                  94.156.64.0-94.156.75.255

    Signature Algorithm: sha256WithRSAEncryption
         34:88:8c:02:a9:27:a4:97:28:91:90:bb:61:97:75:1b:63:61:
         7b:f8:3e:f6:57:c4:c7:85:04:ab:b8:d0:4d:5e:49:07:3f:a5:
         0c:2e:3c:8e:3b:5b:b9:f4:a2:cf:74:dc:88:e8:9f:d8:f9:3a:
         04:4a:a7:92:b0:35:c9:73:df:e4:c0:fd:79:31:7b:98:14:53:
         bd:98:1d:f7:ad:81:3d:15:59:52:0c:fd:59:3e:ea:91:a4:e0:
         ff:e1:a1:8a:8f:fd:04:17:f3:11:44:40:af:34:5c:eb:73:36:
         27:b1:a9:34:b7:13:37:2e:94:d9:6a:55:be:1a:f6:95:7c:c7:
         47:a1:bb:c4:d7:11:4f:ad:ca:52:56:87:ca:5f:7c:c6:d6:00:
         74:37:21:cc:33:af:e5:b9:75:e6:c2:ec:9c:38:1e:3c:3b:e7:
         dc:ff:60:7e:61:40:c6:44:d2:d3:43:20:6f:72:63:dd:30:c7:
         c2:1b:13:38:d9:05:7e:80:a7:f5:d9:c9:d8:a9:e8:e2:49:72:
         36:80:c6:e3:99:95:1d:79:57:96:e7:24:3f:51:b9:e2:f6:e8:
         3a:d1:d2:35:a2:7e:b7:ec:c9:f0:dc:40:69:60:9b:cb:12:f1:
         17:08:24:e0:c2:30:5c:31:57:3f:9b:d2:ae:3d:cb:1b:0a:80:
         aa:b4:f1:4e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYj9NlBncyYI1WHWypOM2XG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjI3MTQxNjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDdlZDM2YWZjMDc5NTA3YmY3ODUxZjkzM2M0YTc5MjI0OWZiNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhLk9VePmOX4JnoFzM3GH/LjAQ4X
VUkfGR7R4xrUeztmYtiron/PcamhZudVm1bl4H1061kGgeE2HTJV0ZKiM5zZ/MPw
W8T9nEy5kActwnc+LaGZsWXirGPEn6fjvPbqRWXR2PBgZ/nzxxCSkv/IJHI7Ub0L
DshovtwY3eZAoO2WIlHCl1FT3hJJzO3qdVAG5P8Vb1/3f2Blviijcg0WHRK8sJKl
keWvig6ww0PdjG9WV3sUlRhYvQgUSXKsR37kGHyoBk4F4FoxEePnnRzAycW0jwpC
cWH/KB+4VxO78z1NWhc3v9IBhctdCIg45GvHXcs5Adr/GnsIDUTS2dXvvQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFN1+02r8B5UHv3hR+TPEp5Ikn7TXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM1g3VGF2d0hsUWVfZUZINU04U25raVNmdE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDV3moMAwD
BAZenEADBAJenEgwDQYJKoZIhvcNAQELBQADggEBADSIjAKpJ6SXKJGQu2GXdRtj
YXv4PvZXxMeFBKu40E1eSQc/pQwuPI47W7n0os903Ijon9j5OgRKp5KwNclz3+TA
/Xkxe5gUU72YHfetgT0VWVIM/Vk+6pGk4P/hoYqP/QQX8xFEQK80XOtzNiexqTS3
EzculNlqVb4a9pV8x0ehu8TXEU+tylJWh8pffMbWAHQ3Icwzr+W5debC7Jw4Hjw7
59z/YH5hQMZE0tNDIG9yY90wx8IbEzjZBX6Ap/XZydip6OJJcjaAxuOZlR15V5bn
JD9RueL26DrR0jWifrfsyfDcQGlgm8sS8RcIJODCMFwxVz+b0q49yxsKgKq08U4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org