Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/49TiyWZbbGHpBj-aNYr-9pss0F4.roa
File:                     49TiyWZbbGHpBj-aNYr-9pss0F4.roa (raw, json)
Hash identifier:          LUzvlusmlr5NC7a3Az9dQxsKZiF9ARUlzuLmX1zCPmA=
Subject key identifier:   E3:D4:E2:C9:66:5B:6C:61:E9:06:3F:9A:35:8A:FE:F6:9B:2C:D0:5E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018220FC054A8EBB2328F53FAB7B70CE6C3D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/49TiyWZbbGHpBj-aNYr-9pss0F4.roa
Signing time:             Thu 21 Jul 2022 13:39:23 +0000
ROA not before:           Thu 21 Jul 2022 13:39:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22653
IP address blocks:        31.169.124.0/24 maxlen: 24
                          31.169.125.0/24 maxlen: 24
                          31.169.127.0/24 maxlen: 24
                          31.169.126.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          84.54.50.0/23 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          193.37.43.0/24 maxlen: 24
                          79.110.49.0/24 maxlen: 24
                          194.180.49.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          194.169.173.0/24 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:20:fc:05:4a:8e:bb:23:28:f5:3f:ab:7b:70:ce:6c:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 21 13:39:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e3d4e2c9665b6c61e9063f9a358afef69b2cd05e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f9:3e:b5:11:2b:6c:a3:e0:23:3a:13:0a:82:
                    88:21:05:eb:43:f8:31:08:ab:26:12:34:d4:e1:c2:
                    15:66:6a:0c:42:8c:c4:06:6f:62:28:db:3e:54:2d:
                    46:7c:64:e5:87:32:23:0c:75:1e:d7:e3:21:e1:7a:
                    b5:50:b2:32:bc:5f:9f:c2:1c:df:0a:78:fa:ed:3d:
                    5e:e0:45:12:d2:61:ab:22:7b:fa:64:5c:12:6d:85:
                    1f:7f:a2:66:49:6c:61:4b:ef:ae:75:f9:85:7e:dc:
                    31:4e:3c:6c:43:e1:36:8c:15:39:3d:68:a7:b3:81:
                    e3:7a:6b:f7:54:05:3c:f3:65:c6:59:b2:fe:d7:67:
                    4e:1c:e7:96:9a:fd:e5:36:fa:ea:b3:88:dc:04:07:
                    e2:05:ac:72:44:7b:29:f8:e5:8f:d3:6c:4e:90:82:
                    fc:7c:e8:48:33:74:ef:cb:f8:d9:13:5f:85:2c:fe:
                    70:38:78:e0:57:09:0c:d0:19:b1:5c:8c:05:19:3c:
                    2f:13:b5:29:90:b4:03:f2:5b:f1:0b:1d:c3:da:4e:
                    29:80:ee:5a:4f:ef:91:48:a1:f7:c5:df:4c:8c:77:
                    e0:8a:9b:33:4b:a4:da:6b:60:e4:6d:fc:b7:a4:b1:
                    1e:37:8b:9e:9d:28:0d:80:05:1f:7a:ee:4c:be:d0:
                    1f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:D4:E2:C9:66:5B:6C:61:E9:06:3F:9A:35:8A:FE:F6:9B:2C:D0:5E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/49TiyWZbbGHpBj-aNYr-9pss0F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.124.0/22
                  79.110.49.0/24
                  84.54.50.0/23
                  94.154.161.0-94.154.163.255
                  193.37.43.0/24
                  194.55.224.0/22
                  194.169.173.0-194.169.174.255
                  194.180.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:54:45:9d:0e:88:ae:2c:cc:cc:5e:f8:93:ca:0a:9d:56:e3:
         3f:d1:b9:ae:3b:75:e0:0b:0d:2d:d5:ea:22:1e:76:94:e1:01:
         68:63:9b:d0:df:3b:a2:a0:e7:ca:c6:b2:a7:4f:31:34:b9:43:
         09:af:53:67:0f:ce:f3:4a:5d:9f:46:07:fb:4c:ee:49:41:31:
         28:a7:c3:6e:a4:e4:27:60:48:a8:fc:30:3c:c6:cc:5a:39:62:
         e3:75:84:0e:aa:2c:31:bd:46:07:6f:d9:39:6d:57:b7:c5:e3:
         63:d9:5d:5e:3f:9d:6e:de:13:6d:56:4e:ea:7e:cd:12:f0:8b:
         a8:28:51:3d:c1:10:e4:47:55:fb:57:60:92:bf:ad:5d:9a:0e:
         c3:23:0e:4a:49:21:be:b1:d5:cb:f7:59:fa:21:42:35:24:e1:
         18:54:21:d6:ce:d8:eb:8c:9b:74:1e:9f:25:bf:ff:7b:0e:76:
         c7:75:45:28:c4:cd:30:07:80:e3:4b:df:23:ef:a5:ac:73:31:
         52:45:be:e0:f0:88:11:4d:e9:36:2c:82:b1:4d:fc:f3:31:b2:
         93:6b:98:4a:91:46:48:2c:4e:e8:5a:e0:c9:fb:53:1f:8a:8a:
         ea:7e:57:36:5a:80:36:14:52:69:00:b7:c0:12:20:1f:9c:e6:
         7f:5c:c4:ae
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYIg/AVKjrsjKPU/q3twzmw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwNzIxMTMzOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2Q0ZTJjOTY2NWI2YzYxZTkwNjNmOWEzNThhZmVmNjliMmNkMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/k+tRErbKPgIzoTCoKIIQXrQ/gx
CKsmEjTU4cIVZmoMQozEBm9iKNs+VC1GfGTlhzIjDHUe1+Mh4Xq1ULIyvF+fwhzf
Cnj67T1e4EUS0mGrInv6ZFwSbYUff6JmSWxhS++udfmFftwxTjxsQ+E2jBU5PWin
s4Hjemv3VAU882XGWbL+12dOHOeWmv3lNvrqs4jcBAfiBaxyRHsp+OWP02xOkIL8
fOhIM3Tvy/jZE1+FLP5wOHjgVwkM0BmxXIwFGTwvE7UpkLQD8lvxCx3D2k4pgO5a
T++RSKH3xd9MjHfgipszS6Taa2Dkbfy3pLEeN4uenSgNgAUfeu5MvtAf7wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFOPU4slmW2xh6QY/mjWK/vabLNBeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNDlUaXlXWmJiR0hwQmotYU5Zci05cHNzMEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCH6l8AwQA
T24xAwQBVDYyMAwDBABemqEDBAJemqADBADBJSsDBALCN+AwDAMEAMKprQMEAMKp
rgMEAMK0MTANBgkqhkiG9w0BAQsFAAOCAQEAWFRFnQ6IrizMzF74k8oKnVbjP9G5
rjt14AsNLdXqIh52lOEBaGOb0N87oqDnysayp08xNLlDCa9TZw/O80pdn0YH+0zu
SUExKKfDbqTkJ2BIqPwwPMbMWjli43WEDqosMb1GB2/ZOW1Xt8XjY9ldXj+dbt4T
bVZO6n7NEvCLqChRPcEQ5EdV+1dgkr+tXZoOwyMOSkkhvrHVy/dZ+iFCNSThGFQh
1s7Y64ybdB6fJb//ew52x3VFKMTNMAeA40vfI++lrHMxUkW+4PCIEU3pNiyCsU38
8zGyk2uYSpFGSCxO6FrgyftTH4qK6n5XNlqANhRSaQC3wBIgH5zmf1zErg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:57 2024 by rpki-client on console-fra.rpki-client.org