Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4B0wuZZ_B3RCiypgcDfMW2GbKIE.roa
File:                     4B0wuZZ_B3RCiypgcDfMW2GbKIE.roa (raw, json)
Hash identifier:          USPj83ikTrK6muxxMHZY6zW/vIuLj5/4zxqpd1SFoEc=
Subject key identifier:   E0:1D:30:B9:96:7F:07:74:42:8B:2A:60:70:37:CC:5B:61:9B:28:81
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E2DEFF8E2D6C4EAC57783CF7925641AFC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4B0wuZZ_B3RCiypgcDfMW2GbKIE.roa
Signing time:             Mon 11 Mar 2024 14:34:45 +0000
ROA not before:           Mon 11 Mar 2024 14:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2.59.255.0/24 maxlen: 24
                          45.129.86.0/23 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          87.121.44.0/24 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          94.154.160.0/23 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.156.10.0/24 maxlen: 24
                          94.156.72.0/23 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.84.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          185.254.37.0/24 maxlen: 24
                          193.37.41.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:ef:f8:e2:d6:c4:ea:c5:77:83:cf:79:25:64:1a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 11 14:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e01d30b9967f0774428b2a607037cc5b619b2881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7c:d0:eb:d8:94:50:81:48:d6:50:c7:df:a1:
                    3a:b9:06:70:67:b1:f6:a7:9d:88:ce:2b:3c:a8:2a:
                    1a:63:56:1d:05:03:55:6b:60:6d:73:c7:4f:31:48:
                    0a:e1:c9:92:bc:b4:c2:ab:8c:4e:de:2e:8e:a5:a8:
                    81:87:07:10:7d:79:8f:2d:d9:4d:5d:33:4f:16:3f:
                    ea:b4:e6:50:b7:f6:3c:d0:00:8e:6f:b3:85:0c:ef:
                    9f:a1:d1:4d:f9:ca:b3:56:39:e8:c7:9e:8f:18:1f:
                    89:36:9f:cd:93:ad:ca:d9:ef:d4:6d:47:ec:02:49:
                    9d:70:61:d7:d0:42:74:ef:14:55:4c:dc:94:da:75:
                    82:28:45:11:dd:30:52:5e:fa:59:49:f3:fd:1d:01:
                    7e:cc:91:12:68:e2:79:8f:c2:71:c7:07:76:be:32:
                    05:e2:f2:61:e0:69:e3:f2:28:f1:df:b5:b0:c5:9e:
                    94:99:24:fa:f1:9d:24:19:75:c9:19:8b:40:7a:93:
                    a4:19:d7:5f:82:cc:80:13:46:74:1a:8c:4f:d4:43:
                    66:26:63:ca:b5:5b:9e:3c:cd:20:8a:03:7d:16:af:
                    a5:e6:b3:ee:de:34:b1:3c:8c:b7:33:4e:b6:82:28:
                    0c:e5:ef:07:b7:78:e0:09:ab:03:51:3e:dc:1c:85:
                    bb:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1D:30:B9:96:7F:07:74:42:8B:2A:60:70:37:CC:5B:61:9B:28:81
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4B0wuZZ_B3RCiypgcDfMW2GbKIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.255.0/24
                  45.129.86.0/23
                  45.151.89.0/24
                  87.120.87.0/24
                  87.121.44.0/23
                  87.121.221.0/24
                  92.119.196.0/23
                  94.154.160.0/22
                  94.156.10.0/24
                  94.156.72.0/23
                  94.156.239.0/24
                  147.78.102.0/24
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.252.176.0/24
                  185.254.37.0/24
                  193.37.41.0/24
                  194.55.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:03:31:79:0d:2c:91:34:1a:08:34:40:63:14:a1:97:b9:a6:
         c4:43:d3:77:c2:5e:90:fc:2a:18:c3:2c:b0:97:30:64:88:f6:
         2d:e2:cd:9f:da:f0:59:85:69:63:b2:10:57:0b:bd:35:90:e5:
         e1:9a:d5:fb:8d:46:a9:61:54:6b:d1:2a:26:6d:68:3c:9f:64:
         08:6b:cb:29:77:a9:63:0b:74:56:4e:c4:f1:e8:a9:f8:49:a3:
         b1:df:c2:11:4d:c1:83:16:37:9e:e3:f6:46:8b:c4:51:41:5f:
         53:bd:8c:27:c6:1c:64:c6:89:9d:3d:26:58:bd:ea:33:5e:a3:
         c7:ed:df:42:fe:ec:f4:13:ad:a1:e4:2a:26:a6:9f:be:77:eb:
         e8:ad:45:e6:a9:79:b8:b2:b4:65:9b:12:bf:59:23:cf:4a:f9:
         63:6f:c5:68:80:3f:0d:b4:bb:8c:42:1b:4a:ec:c2:ab:27:7f:
         bc:66:49:fb:0e:27:73:0d:d7:2f:82:05:56:f9:fc:b2:07:9a:
         0b:bd:53:e9:2d:2d:b0:36:d8:54:94:7b:3f:f2:dc:ad:ea:29:
         b7:76:78:0c:81:b3:b0:b2:a8:ed:4e:50:c3:e2:22:03:ff:6a:
         f3:43:0c:6f:57:83:41:2c:ff:aa:88:97:24:24:f4:38:b5:9e:
         46:e8:04:9c
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAY4t7/ji1sTqxXeDz3klZBr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzExMTQzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDFkMzBiOTk2N2YwNzc0NDI4YjJhNjA3MDM3Y2M1YjYxOWIyODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinzQ69iUUIFI1lDH36E6uQZwZ7H2
p52Izis8qCoaY1YdBQNVa2Btc8dPMUgK4cmSvLTCq4xO3i6OpaiBhwcQfXmPLdlN
XTNPFj/qtOZQt/Y80ACOb7OFDO+fodFN+cqzVjnox56PGB+JNp/Nk63K2e/UbUfs
AkmdcGHX0EJ07xRVTNyU2nWCKEUR3TBSXvpZSfP9HQF+zJESaOJ5j8Jxxwd2vjIF
4vJh4Gnj8ijx37WwxZ6UmST68Z0kGXXJGYtAepOkGddfgsyAE0Z0GoxP1ENmJmPK
tVuePM0gigN9Fq+l5rPu3jSxPIy3M062gigM5e8Ht3jgCasDUT7cHIW7JQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFOAdMLmWfwd0QosqYHA3zFthmyiBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNEIwd3VaWl9CM1JDaXlwZ2NEZk1XMkdiS0lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAAI7
/wMEAS2BVgMEAC2XWQMEAFd4VwMEAVd5LAMEAFd53QMEAVx3xAMEAl6aoAMEAF6c
CgMEAV6cSAMEAF6c7wMEAJNOZgMEAqsWSAMEALLX4AMEALLX7AMEArnYVAMEArna
VAMEALn8sAMEALn+JQMEAMElKQMEAMI34DANBgkqhkiG9w0BAQsFAAOCAQEAJwMx
eQ0skTQaCDRAYxShl7mmxEPTd8JekPwqGMMssJcwZIj2LeLNn9rwWYVpY7IQVwu9
NZDl4ZrV+41GqWFUa9EqJm1oPJ9kCGvLKXepYwt0Vk7E8eip+Emjsd/CEU3BgxY3
nuP2RovEUUFfU72MJ8YcZMaJnT0mWL3qM16jx+3fQv7s9BOtoeQqJqafvnfr6K1F
5ql5uLK0ZZsSv1kjz0r5Y2/FaIA/DbS7jEIbSuzCqyd/vGZJ+w4ncw3XL4IFVvn8
sgeaC71T6S0tsDbYVJR7P/Lcreopt3Z4DIGzsLKo7U5Qw+IiA/9q80MMb1eDQSz/
qoiXJCT0OLWeRugEnA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org